ALB Ingress Controller configuration

Available in VPC

You can use the ALB Ingress Controller to integrate Kubernetes Ingress with a Load Balancer and route traffic.

When an Ingress is created in the Kubernetes system, the ALB Ingress Controller uses the values defined in the Ingress to create a Load Balancer instance. Once the instance is created, the ALB Ingress Controller creates a target group using the node port of the Service defined in the ingress rules and registers it to the instance.

Caution

A Load Balancer created in Kubernetes on NAVER Cloud Platform is managed as a Kubernetes resource.
If you edit a Load Balancer directly through the console or API, the state synchronization with Kubernetes may not function correctly, potentially causing unexpected issues. Any configuration changes for Load Balancer must be performed by editing the Kubernetes resources.
Technical support is not provided for issues caused by direct changes made through the console or API.

Install ALB Ingress Controller

To prepare the ALB Ingress Controller after installing it in the cluster:

Run the command corresponding to your region to install the ALB Ingress Controller:

Note

Clusters with a KVM hypervisor include the ALB Ingress Controller by default, so you can use it immediately without additional installation.
- The alb-ingress-controller is created in the kube-system namespace, along with the required ServiceAccount, ClusterRole, ClusterRoleBinding, and IngressClass.
- Korea
```
kubectl --kubeconfig=$KUBE_CONFIG apply -f https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/main/docs/en/install/pub/install.yaml
```
  - For Kubernetes versions earlier than 1.19, install https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/v0.3.1/docs/en/install/pub/install.yaml.
- Singapore
```
kubectl --kubeconfig=$KUBE_CONFIG apply -f https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/main/docs/en/install/pub-sg/install.yaml
```
  - For Kubernetes versions earlier than 1.19, install https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/v0.3.1/docs/en/install/pub-sg/install.yaml.
- Japan
```
kubectl --kubeconfig=$KUBE_CONFIG apply -f https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/main/docs/en/install/pub-jp/install.yaml
```
  - For Kubernetes versions earlier than 1.19, install https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/v0.3.1/docs/en/install/pub-jp/install.yaml.
Verify that the ALB Ingress Controller is in the running state.

kubectl --kubeconfig=$KUBE_CONFIG get pods -n kube-system -l app.kubernetes.io/name=alb-ingress-controller

Add the spec.ingressClassName: alb field to the Ingress resources.
- For Kubernetes versions earlier than 1.19, add the kubernetes.io/ingress.class: alb annotation.

ALB Ingress Controller configuration and annotations

Default ALB Ingress Controller configuration

The following describes the default configuration for the ALB Ingress Controller:

Service type: NodePort
All services to be exposed through an Ingress must be created with the NodePort type.
Default Rule
The default rule is applied when no other rules match and can be configured in spec.defaultBackend.
Additional rules or use-annotation settings cannot be configured for the default rule. If a default rule is not configured, a default target group set to port 80 is created.
Rule Priority
Rule priority is determined by the order of rules defined in the Ingress. The first rule in the list is assigned priority 1.

ALB Ingress Controller annotations

You can use annotations on Kubernetes Ingress and service objects to change settings.

Refer to the table below for the required annotations. All ALB Ingress Controller annotations start with alb.ingress.kubernetes.io/.

Annotation	Default	Applicable resource	Description
`alb.ingress.kubernetes.io/listen-ports`	[{"HTTP":80}] (if a certificate number is set: [{"HTTPS":443}])	Ingress	List of listener protocol and port configurations. Supported protocols: HTTP, HTTPS.
`alb.ingress.kubernetes.io/description`	Automatically Created By NKS	Ingress	Load Balancer memo.
`alb.ingress.kubernetes.io/ssl-certificate-no`	N/A	Ingress	Certificate number from Certificate Manager to apply to listeners using the HTTPS protocol. Multiple certificates can be registered, separated by commas. You can find the certificate number in the nrn of Resource Manager. (Example: nrn:PUB:CertificateManager::000:Certificate/External/${certificateNo})
`alb.ingress.kubernetes.io/ssl-min-version`	TLSV10	Ingress	TLS Protocol version. - Configurable versions and values: TLS v1.0: TLSV10 TLS v1.1: TLSV11 TLS v1.2: TLSV12 TLS v1.3: TLSV13
`alb.ingress.kubernetes.io/enable-http2`	false	Ingress	Whether to enable HTTP/2 for HTTPS listeners.
`alb.ingress.kubernetes.io/cipher-suite-list`	All cipher suites supported by the listener	Ingress	List of cipher suites supported by the listener. (Example: ["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"])
`alb.ingress.kubernetes.io/load-balancer-size`	small	Ingress	Configure Load processing performance of the Load Balancer. Configurable values: Small, medium, large, xlarge.
`alb.ingress.kubernetes.io/idle-timeout`	60	Ingress	Idle timeout setting for the Load Balancer.
`alb.ingress.kubernetes.io/network-type`	public	Ingress	Load Balancer network type settings (used only at creation). Supported values: Private, public
`alb.ingress.kubernetes.io/public-ip-instance-no`	N/A	Ingress	Public IP instance number.
`alb.ingress.kubernetes.io/ncloud-load-balancer-retain-public-ip-on-termination`	false	Ingress	Whether to retain public IP when returning the Load Balancer.
`alb.ingress.kubernetes.io/subnet-id`	`lbSubnetNo` value of `kube-system` `configmap(ncloud-config)`	Ingress	Dedicated subnet ID for Load Balancer creation (used only at creation).
`alb.ingress.kubernetes.io/actions.${actionName}`	N/A	Ingress	Configuration for using listener rule features (see the description below).
`alb.ingress.kubernetes.io/conditions.${conditionName}`	N/A	Ingress	Configuration for adding conditions to the Host and Path rules in Ingress rules (see the description below).
`alb.ingress.kubernetes.io/enable-access-log`	false	Ingress	Enable access log collection (Cloud Log Analytics subscription required).
`alb.ingress.kubernetes.io/load-balancer-name`	N/A	Ingress	Load Balancer name (applied only at creation). Naming rules: 3-30 characters, letters/numbers/- only, must start with a letter.
`alb.ingress.kubernetes.io/ssl-redirect`	N/A	Ingress	Configure port for SSL redirect.
`alb.ingress.kubernetes.io/listener-acl-id.{port}`	N/A	Ingress	ACL ID to apply to the listener.
`alb.ingress.kubernetes.io/algorithm-type`	round-robin	Ingress, Service	Configure load balancing algorithm for target group. Supported values: round-robin, least-connection, source-ip-hash
`alb.ingress.kubernetes.io/unhealthy-threshold-count`	2	Ingress, Service	Healthy check failure threshold count.
`alb.ingress.kubernetes.io/healthy-threshold-count`	2	Ingress, Service	Healthy check success threshold count.
`alb.ingress.kubernetes.io/healthcheck-port`	TargetGroup port	Ingress, Service	Health check port.
`alb.ingress.kubernetes.io/healthcheck-path`	'/'	Ingress, Service	Health check URL path.
`alb.ingress.kubernetes.io/healthcheck-interval-seconds`	30	Ingress, Service	Health check interval (seconds).
`alb.ingress.kubernetes.io/healthcheck-protocol`	HTTP	Ingress, Service	Health check protocol: HTTP, HTTPS.
`alb.ingress.kubernetes.io/backend-protocol`	HTTP	Ingress, Service	Target group protocol: HTTP, HTTPS.
`alb.ingress.kubernetes.io/enable-sticky-session`	false	Ingress, Service	Enable sticky session for the target group.
`alb.ingress.kubernetes.io/enable-acl-operator`	false	Ingress, Service	Whether to delegate ACL-related features to the ACL-operator. Built-in acl features are disabled when activated.

alb.ingress.kubernetes.io/actions.${actionName}: You can configure additional listener rule features by providing a JSON-formatted string that follows the actions model. To apply the annotation, set service.name of the ingress rule to ${actionName} and set service.port.name to use-annotation.

Properties	Type	Description
`type`	string	Define the action type. Supported values: `targetGroup`, `redirection`
`targetGroup`	object	Used when the action type is set to targetGroup.
`targetGroup.targetGroups`	array	List of services to forward traffic to.
`targetGroup.targetGroups[n].serviceName`	string	service name
`targetGroup.targetGroups[n].servicePort`	number	service port
`targetGroup.enableStickySession`	boolean	Whether to enable sticky sessions. Default: false
`redirection`	object	Used when the action type is set to redirection.
`redirection.host`	string	Default: #{host}
`redirection.path`	string	Default: /#{path}
`redirection.query`	string	Default: #{query}
`redirection.port`	string	Redirection port.
`redirection.protocol`	string	Supported protocols: HTTP, HTTPS. Default: #{protocol}
`redirection.statusCode`	number	Supported codes: 301, 302

alb.ingress.kubernetes.io/conditions.${conditionName}: You can configure additional conditions beyond the Host and Path rules defined in the Ingress by providing a JSON-formatted string that follows the conditions model. These conditions are applied to the service with a serviceName that matches ${conditionName} in the ingress rule.

Properties	Type	Description
`field`	string	Define conditions to add. Supported values: `hostHeader`, `pathPattern`, `httpHeader`
`hostHeader`	object	Used when the condition field is set to hostHeader.
`hostHeader.values`	array	List of hosts.
`hostHeader.values[n]`	string	Host value.
`pathPattern`	object	Used when the condition field is set to pathPattern.
`pathPattern.values`	array	List of paths.
`pathPattern.values[n]`	string	Path value.
`httpHeader`	object	Used when the condition field is set to httpHeader.
`httpHeader.key`	string	Header key value.
`httpHeader.values`	array	List of header values.

Example codes

For more detailed examples of the ALB Ingress Controller, see ALB Ingress Controller use cases.