Login
      Contents x
      Set ALB Ingress Controller
        • Print
        • PDF
        Contents

        Set ALB Ingress Controller

          • Print
          • PDF
          Article summary

          Available in VPC

          You can route traffic by connecting Kubernetes Ingress with Load Balancer through ALB Ingress Controller.

          When Ingress is created in the Kubernetes system, ALB Ingress Controller uses the values set at Ingress to create a Load Balancer instance. When an instance is created, the Ingress Rule uses the set service's node port as the port value to create a target group and register it to the instance.

          Caution
          • NAVER Cloud Platform's Load Balancer, created in Kubernetes, is managed by the resources of Kubernetes.
          • If you edit Load Balancer yourself through the console or API, the status synchronization may not be performed normally, causing unexpected issues. If you need to change the Load Balancer settings, make sure to proceed it by editing the Kubernetes resources.
          • Technical support is not provided for any problems occurred from directly changing it through the console or API.

          Install ALB Ingress Controller

          The following describes how to install the ALB Ingress Controller in the cluster and prepare it:

          1. Install the ALB Ingress Controller by executing the command corresponding to the following region:

            Note

            If the cluster’s hypervisor is KVM, you can use ALB Ingress Controller without installation since it is included by default.

            • alb-ingress-controller is created in the kube-system namespace, and necessary ServiceAccount, ClusterRole, ClusterRoleBinding, and IngressClass are created together.

            • Korea

              kubectl --kubeconfig=$KUBE_CONFIG apply -f https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/main/docs/install/pub/install.yaml
              • If the version is older than Kubernetes 1.19, install https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/v0.3.1/docs/install/pub/install.yaml.

            • Singapore

              kubectl --kubeconfig=$KUBE_CONFIG apply -f https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/main/docs/install/pub-sg/install.yaml
              • If the version is older than Kubernetes 1.19, install https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/v0.3.1/docs/install/pub-sg/install.yaml.

            • Japan

              kubectl --kubeconfig=$KUBE_CONFIG apply -f https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/main/docs/install/pub-jp/install.yaml
              • If the version is older than Kubernetes 1.19, install https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/v0.3.1/docs/install/pub-jp/install.yaml.

          2. Add the spec.ingressClassName: alb field to the resources of Ingress.

            • If the version is older than Kubernetes 1.19, add the kubernetes.io/ingress.class: alb annotation.

          ALB Ingress Controller setting and annotation

          Default ALB Ingress Controller setting

          The following describes the default setting of the ALB Ingress Controller:

          • Service type: NodePort
            All servers to be exposed through Ingress should be created as NodePort type.
          • Default Rule
            The Default Rule is applied when there is no matching rule, and it can be set in spec.defaultBackend.
            You cannot configure rules and use-annotations separately, and a default target group set to Port 80 will be created if not set.
          • Rule Priority
            Priority is determined according to the order of rules defined in Ingress. The topmost rule's priority will be set to 1.

          ALB Ingress Controller annotation

          You can use annotations in Kubernetes Ingresses and service objects to change settings.

          Use the required annotations while referring to the following table: All annotations of the ALB Ingress Controller start with alb.ingress.kubernetes.io/.

          AnnotationDefaultApplicable resourceDescription
          alb.ingress.kubernetes.io/listen-ports[{"HTTP":80}] ([{"HTTPS":443}] if a certificate number is set)IngressListener's protocol and port configuration list.
          Available protocol: HTTP and HTTPS
          alb.ingress.kubernetes.io/descriptionAutomatically Created By NKSIngressLoad Balancer memo
          alb.ingress.kubernetes.io/ssl-certificate-noN/AIngressThe certificate number of the Certificate Manager to be applied to the listener of which the protocol is HTTPS. Multiple certificates can be registered using a comma as a separator.
          (You can check the certificate number in Resource Manager's nrn.)
          (for example: nrn:PUB:CertificateManager::000:Certificate/External/${certificateNo})
          alb.ingress.kubernetes.io/ssl-min-versionTLSV10IngressTLS Protocol version
          - Configurable versions and values
          TLS v1.0: TLSV10
          TLS v1.1: TLSV11
          TLS v1.2: TLSV12
          alb.ingress.kubernetes.io/enable-http2falseIngressWhether HTTP/2 of the listener with the HTTPS protocol is enabled
          alb.ingress.kubernetes.io/cipher-suite-listAll cipher suites supported by the listenerIngressThe list of cipher suites supported by the listener
          (for example: ["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"])
          alb.ingress.kubernetes.io/load-balancer-sizesmallIngressLoad balancer's load processing performance settings
          Configurable values: small, medium, large, and xlarge
          alb.ingress.kubernetes.io/idle-timeout60IngressLoad balancer's Idle Timeout settings
          alb.ingress.kubernetes.io/network-typepublicIngressSet the network type for the load balancer (use only when creating)
          Private: private, public: public
          alb.ingress.kubernetes.io/public-ip-instance-noN/AIngressPublic IP instance number
          alb.ingress.kubernetes.io/ncloud-load-balancer-retain-public-ip-on-terminationfalseIngressWhether to preserve public IP when returning a load balancer
          alb.ingress.kubernetes.io/subnet-idkube-system configmap(ncloud-config)'s lbSubnetNo valueIngressID of the dedicated subnet for creating load balancers (only used at creation)
          alb.ingress.kubernetes.io/actions.${actionName}N/AIngressSettings to use features of listener rules (see the following explanation)
          alb.ingress.kubernetes.io/conditions.${conditionName}N/AIngressSettings for applying additional conditions to the Ingress rule's host and path conditions (see the following explanation)
          alb.ingress.kubernetes.io/enable-access-logfalseIngressAccess log collection settings (need to apply for a subscription for the Cloud Log Analytics product)
          alb.ingress.kubernetes.io/load-balancer-nameN/AIngressThe name of the load balancer (applied only on creation)
          Naming convention: 3 to 30 characters in length; only English letters/numbers/'-' are allowed; start with an English letter
          alb.ingress.kubernetes.io/ssl-redirectN/AIngressSSL Redirect target port setting
          alb.ingress.kubernetes.io/algorithm-typeround-robinIngress, ServiceTarget group's load balancing algorithm settings
          Configurable values: round-robin, least-connection, and source-ip-hash
          alb.ingress.kubernetes.io/unhealthy-threshold-count2Ingress, ServiceHealth Check failure threshold
          alb.ingress.kubernetes.io/healthy-threshold-count2Ingress, ServiceHealth Check success threshold
          alb.ingress.kubernetes.io/healthcheck-portTargetGroup portIngress, ServiceHealth Check port
          alb.ingress.kubernetes.io/healthcheck-path'/'Ingress, ServiceHealth Check URL path
          alb.ingress.kubernetes.io/healthcheck-interval-seconds30Ingress, ServiceHealth Check interval (seconds)
          alb.ingress.kubernetes.io/healthcheck-protocolHTTPIngress, ServiceHealth Check protocol
          HTTP, HTTPS
          alb.ingress.kubernetes.io/backend-protocolHTTPIngress, ServiceTarget Group's protocol
          HTTP, HTTPS
          alb.ingress.kubernetes.io/enable-sticky-sessionfalseIngress, ServiceTarget Group's Sticky Session settings
          • alb.ingress.kubernetes.io/actions.${actionName}: additional functions of the Listener Rule can be set by writing a string in the JSON format according to the actions model. Set the service.name of the rule set to the Ingress you want to use as ${actionName} and set service.port.name as use-annotation to have the annotation applied.
          PropertyTypeDescription
          typestringDefine the type of action
          Configurable values: targetGroup and redirection
          targetGroupobjectUse when an action's type is set to targetGroup
          targetGroup.targetGroupsarrayList of services to deliver traffic
          targetGroup.targetGroups[n].serviceNamestringservice name
          targetGroup.targetGroups[n].servicePortnumberservice port
          targetGroup.enableStickySessionbooleanSticky Session activation status
          Default value: false
          redirectionobjectUse when an action's type is set to redirection
          redirection.hoststringDefault value: #{host}
          redirection.pathstringDefault value: #{path}
          redirection.querystringDefault value: #{query}
          redirection.portstringRedirection port
          Default value: #{port}
          redirection.protocolstringConfigurable protocols: HTTP and HTTPS
          Default value: #{protocol}
          redirection.statusCodenumberConfigurable codes: 301 and 302
          • alb.ingress.kubernetes.io/conditions.${conditionName}: in addition to the Host and Path conditions defined in Ingress, other conditions can be additionally set by writing a string in the JSON format according to the conditions model. These conditions will be applied to the service with the serviceName that matches the ${conditionName} in Ingress Rule.
          PropertyTypeDescription
          fieldstringDefine conditions to add
          Available values hostHeader, pathPattern, and httpHeader
          hostHeaderobjectUse when the condition's field is set to hostHeader
          hostHeader.valuesarrayHost list
          hostHeader.values[n]stringHost value
          pathPatternobjectUse when the condition's field is set to pathPattern
          pathPattern.valuesarrayPath list
          pathPattern.values[n]stringPath value
          httpHeaderobjectUse when the condition's field is set to httpHeader
          httpHeader.keystringHeader key value
          httpHeader.valuesarrayHeader value list

          Example codes

          For more detailed example of ALB Ingress Controller, see ALB Ingress Controller use cases.

          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout