- Print
- PDF
Setting ALB Ingress Controller
- Print
- PDF
Available in VPC
You can route traffic by connecting Kubernetes Ingress with Load Balancer through ALB Ingress Controller.
When Ingress is created in the Kubernetes system, the ALB Ingress Controller uses the values set at ingress to create a load balancer instance. When an instance is created, the Ingress rule uses the set service's node port as the port value to create a target group and register it to the instance.
If you configure the load balancer of NAVER Cloud Platform created in Kubernetes through the console and API rather than the Kubernetes' Ingress resource, problems may occur in status synchronization. Change of settings for the created load balancer must be done by editing the Ingress resources created in Kubernetes.
Install ALB Ingress Controller
The following describes how to install the ALB Ingress Controller in the cluster and prepare it.
Install the ALB Ingress Controller by executing the command corresponding to the following region.
NoteIf the cluster’s hypervisor is KVM, you can use ALB Ingress Controller without installation since it is included by default.
- alb-ingress-controller is created in the kube-system namespace, and necessary ServiceAccount, ClusterRole, ClusterRoleBinding, and IngressClass are created together.
Korea
kubectl --kubeconfig=$KUBE_CONFIG apply -f https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/main/docs/en/install/pub/install.yaml
- If the version is older than Kubernetes 1.19, install https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/v0.3.1/docs/en/install/pub/install.yaml.
Singapore
kubectl --kubeconfig=$KUBE_CONFIG apply -f https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/main/docs/en/install/pub-sg/install.yaml
- If the version is older than Kubernetes 1.19, install https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/v0.3.1/docs/en/install/pub-sg/install.yaml.
Japan
kubectl --kubeconfig=$KUBE_CONFIG apply -f https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/main/docs/en/install/pub-jp/install.yaml
- If the version is older than Kubernetes 1.19, install https://raw.githubusercontent.com/NaverCloudPlatform/nks-alb-ingress-controller/v0.3.1/docs/en/install/pub-jp/install.yaml.
Add the spec.ingressClassName: alb field to the resources of Ingress.
- If the version is older than Kubernetes 1.19, add the kubernetes.io/ingress.class: alb annotation.
ALB Ingress Controller setting and annotation
Default ALB Ingress Controller setting
The following describes the default setting of the ALB Ingress Controller.
- Service type: NodePort
All servers to be exposed through Ingress should be created as NodePort type. - Default Rule
The Default Rule is applied when there is no matching rule, and it can be set in spec.defaultBackend.
You can't configure rule and use-annotation separately, and a default target group set to Port 80 will be created if not set. - Rule Priority
Priority is determined according to the order of rules defined in Ingress. The topmost rule's priority will be set to 1.
ALB Ingress Controller annotation
You can use annotations in Kubernetes Ingresses and service objects to change settings.
Use the required annotations while referring to the table below. All annotations of the ALB Ingress Controller start with alb.ingress.kubernetes.io/.
Annotation | Default | Applicable resource | Description |
---|---|---|---|
alb.ingress.kubernetes.io/listen-ports | [{"HTTP":80}] ([{"HTTPS":443}] if a certificate number is set) | Ingress | Listener's protocol and port configuration list. Available protocol: HTTP, HTTPS |
alb.ingress.kubernetes.io/description | Automatically Created By NKS | Ingress | Load balancer memo |
alb.ingress.kubernetes.io/ssl-certificate-no | N/A | Ingress | The certificate number of the Certificate Manager to be applied to the listener of which the protocol is HTTPS. Multiple certificates can be registered using a comma as a separator. (You can check the certificate number in Resource Manager's nrn.) (e.g., nrn:PUB:CertificateManager::000:Certificate/External/${certificateNo}) |
alb.ingress.kubernetes.io/ssl-min-version | TLSV10 | Ingress | TLS Protocol version - Configurable versions and values TLS v1.0: TLSV10 TLS v1.1: TLSV11 TLS v1.2: TLSV12 |
alb.ingress.kubernetes.io/enable-http2 | false | Ingress | Whether HTTP/2 of the listener with HTTPS protocol is enabled |
alb.ingress.kubernetes.io/cipher-suite-list | All cipher suites supported by the listener | Ingress | The list of cipher suites supported by the listener (e.g., ["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"]) |
alb.ingress.kubernetes.io/load-balancer-size | small | Ingress | Load balancer's load processing performance settings Configurable values: small, medium, large |
alb.ingress.kubernetes.io/idle-timeout | 60 | Ingress | Load balancer's idle timeout settings |
alb.ingress.kubernetes.io/network-type | public | Ingress | Set the network type for the load balancer (use only when creating) Private: private, public: public |
alb.ingress.kubernetes.io/public-ip-instance-no | N/A | Ingress | Public IP instance number |
alb.ingress.kubernetes.io/ncloud-load-balancer-retain-public-ip-on-termination | false | Ingress | Whether to preserve public IP when returning a load balancer |
alb.ingress.kubernetes.io/subnet-id | kube-system configmap(ncloud-config) 's lbSubnetNo value | Ingress | ID of the dedicated subnet for creating load balancers (only used at creation) |
alb.ingress.kubernetes.io/actions.${actionName} | N/A | Ingress | Settings to use features of listener rules (see the explanation below) |
alb.ingress.kubernetes.io/conditions.${conditionName} | N/A | Ingress | Settings for applying additional conditions to the Ingress rule's host and path conditions (see the explanation below) |
alb.ingress.kubernetes.io/enable-access-log | false | Ingress | Access log collection settings (need to apply for a subscription for the Cloud Log Analytics product) |
alb.ingress.kubernetes.io/load-balancer-name | N/A | Ingress | The name of the load balancer (applied only on creation) Naming convention: 3 to 30 characters in length; only English letters/numbers/'-' are allowed; start with an English letter |
alb.ingress.kubernetes.io/ssl-redirect | N/A | Ingress | SSL Redirect target port setting |
alb.ingress.kubernetes.io/algorithm-type | round-robin | Ingress, Service | Target group's load balancing algorithm settings Configurable values: round-robin, least-connection, source-ip-hash |
alb.ingress.kubernetes.io/unhealthy-threshold-count | 2 | Ingress, Service | Health check failure threshold |
alb.ingress.kubernetes.io/healthy-threshold-count | 2 | Ingress, Service | Health check success threshold |
alb.ingress.kubernetes.io/healthcheck-port | TargetGroup port | Ingress, Service | Health check port |
alb.ingress.kubernetes.io/healthcheck-path | '/' | Ingress, Service | Health check URL path |
alb.ingress.kubernetes.io/healthcheck-interval-seconds | 30 | Ingress, Service | Health check interval (seconds) |
alb.ingress.kubernetes.io/healthcheck-protocol | HTTP | Ingress, Service | Health check protocol HTTP, HTTPS |
alb.ingress.kubernetes.io/backend-protocol | HTTP | Ingress, Service | Target group protocol HTTP, HTTPS |
alb.ingress.kubernetes.io/enable-sticky-session | false | Ingress, Service | Target group's sticky session settings |
alb.ingress.kubernetes.io/actions.${actionName}
: additional functions of the Listener Rule can be set by writing a string in the JSON format according to theactions
model. Set the service.name of the rule set to the Ingress you want to use as${actionName}
and set service.port.name as use-annotation to have the annotation applied.
Property | Type | Description |
---|---|---|
type | string | Define the type of action Configurable values: targetGroup , redirection |
targetGroup | object | Use when an action's type is set to targetGroup |
targetGroup.targetGroups | array | List of services to deliver traffic |
targetGroup.targetGroups[n].serviceName | string | service name |
targetGroup.targetGroups[n].servicePort | number | service port |
targetGroup.enableStickySession | boolean | Sticky session activation status Default value: false |
redirection | object | Use when an action's type is set to redirection |
redirection.host | string | Default value: #{host} |
redirection.path | string | Default value: #{path} |
redirection.query | string | Default value: #{query} |
redirection.port | string | Redirection port Default value: #{port} |
redirection.protocol | string | Configurable protocols: HTTP, HTTPS Default value: #{protocol} |
redirection.statusCode | number | Configurable codes: 301, 302 |
alb.ingress.kubernetes.io/conditions.${conditionName}
: in addition to the Host and Path conditions defined in Ingress, other conditions can be additionally set by writing a string in the JSON format according to theconditions
model. These conditions will be applied to the service with the serviceName that matches the${conditionName}
in the Ingress rule.
Property | Type | Description |
---|---|---|
field | string | Define conditions to add Available values hostHeader , pathPattern , httpHeader |
hostHeader | object | Use when the condition's field is set to hostHeader |
hostHeader.values | array | Host list |
hostHeader.values[n] | string | Host value |
pathPattern | object | Use when the condition's field is set to pathPattern |
pathPattern.values | array | Path list |
pathPattern.values[n] | string | Path value |
httpHeader | object | Use when the condition's field is set to httpHeader |
httpHeader.key | string | Header key value |
httpHeader.values | array | Header value list |
Example codes
For more detailed example of ALB Ingress Controller, see ALB Ingress Controller examples.