Introduction to Cloud Container Service ALB Ingress Controller provides fully managed Ingress traffic management without operation and maintenance based on Application Load Balancer (Application Load Balancer). Relying on the Alibaba Cloud Container Service Kubernetes product, compatible with Nginx Ingress semantics, with the ability to configure and manage complex business routing, automatic certificate discovery, observable traffic entry, support for multiple application layer protocols (QUIC, etc.), with large-scale seven-layer traffic Processing power allows users to easily handle cloud-native application traffic management.
Author: Yuan Yi
Review and proofreading: Xiyang, Haizhu
Editing & Typesetting:
background
As cloud-native applications become microservices and serverless, users need to face requirements such as configurable complex routing rules, support for multiple application layer protocols (HTTP, HTTPS, QUIC, etc.), security of service access, and observability of traffic . The traditional four-layer SLB Ingress can no longer meet these demands.
Alibaba Cloud Container Service ALB Ingress Controller provides fully managed Ingress traffic management without operation and maintenance based on Application Load Balancer (Application Load Balancer). Relying on the Alibaba Cloud Container Service Kubernetes product, compatible with Nginx Ingress semantics, with the ability to configure and manage complex business routing, automatic certificate discovery, observable traffic entry, support for multiple application layer protocols (QUIC, etc.), with large-scale seven-layer traffic Processing power allows users to easily handle cloud-native application traffic management.
ALB product
Application Load Balancer (ALB) is a load balancing service launched by Alibaba Cloud specifically for application layer load scenarios such as HTTP, HTTPS, and QUIC. It has super elasticity and large-scale seven-layer traffic processing capabilities.
ALB Features
- elastic auto-scaling: ALB provides both domain name and VIP (Virtual IP address), supports traffic distribution to multiple cloud servers to expand the service capacity of the application system, and improves the availability of the application system by eliminating single points of failure. ALB allows you to customize the combination of availability zones, and supports elastic scaling within the availability zone to avoid resource bottlenecks in a single availability zone.
- advanced protocol support: ALB supports the application transmission protocol QUIC. In mobile Internet application scenarios such as real-time audio and video, interactive live broadcast, and games, the access speed is faster and the transmission link is more secure and reliable. ALB also supports the gRPC framework, which enables efficient API communication between massive microservices.
- Content-based advanced routing: ALB supports multiple rules based on HTTP headers, cookies, HTTP request methods to identify specific business traffic, and forward it to different back-end servers. At the same time, ALB also supports advanced operations such as redirection, rewriting, and custom HTTPS headers.
- security blessing : * *ALB comes with Distributed Denial of Service (DDoS) protection, and one-click integration of Web Application Firewall (WAF). At the same time, ALB supports full-link HTTPS encryption, which can realize HTTPS interaction with the client or back-end server; supports efficient and secure encryption protocols such as TLS 1.3, oriented to encryption-sensitive businesses, and meets the needs of Zero-Trust's new generation of security technology architecture; support Pre-made security policies, you can customize security policies.
- Cloud native applications: In the cloud-native era, the PaaS platform will sink to the infrastructure and become a part of the cloud. With the gradual maturity of cloud native, many industries, such as the Internet, finance, and enterprises, choose cloud native deployment when building new businesses, or implement cloud native transformation of existing businesses. ALB is deeply integrated with Alibaba Cloud Container Service for Kubernetes (ACK) and is the official cloud native Ingress gateway of Alibaba Cloud.
- Flexible and flexible billing: ALB provides public network capabilities through elastic public IP (Elastic IP Address, EIP) and shared bandwidth, and realizes flexible public network billing; at the same time, it adopts more advanced and more suitable for elastic business peaks. Pricing scheme based on capacity unit (LCU).
Cloud Container Service ALB Ingress Controller
Alibaba Cloud Container Service ALB Ingress Controller is based on ALB (Application Load Balancer) to provide a more powerful Ingress traffic management method, compatible with Nginx Ingress, and has the ability to handle complex business routing and automatic certificate discovery. It supports HTTP, HTTPS, and QUIC protocols fully meet the requirements for ultra-flexible and large-scale seven-layer traffic processing capabilities in cloud-native application scenarios.
Realization principle
The ALB Ingress Controller monitors the changes of kubernetes Ingress resources through the API Server, and dynamically generates Albconfig (Albconfig is the CRD resource provided in the ALB Ingress Controller for ALB instance configuration), and then creates ALB instances, listeners, routing and forwarding rules, and backends in sequence Server group. Service, Ingress and Albconfig in Kubernetes have the following relationships:
- Service is an abstraction of the real back-end service, and a Service can represent multiple same back-end services.
- Ingress is a reverse proxy rule used to specify which Service the HTTP/HTTPS request should be forwarded to. For example: according to the different Host and URL path in the request, the request is forwarded to different Service.
- Albconfig is the CRD resource provided in the ALB Ingress Controller. ALBConfig CRD is used to configure ALB instances and monitors. One Albconfig corresponds to one ALB instance.
Product advantages
Rich forwarding features
- Forwarding based on Header and Cookie
- Domain name URL forwarding: It supports traffic scheduling based on different domain names and URLs to improve the flexibility of the application system.
High flexibility and large throughput
For load balancing instances, the first cloud computing vendor to propose performance guarantees.
- Performance-guaranteed instances: Introduced performance-guaranteed instances to achieve performance isolation between different instances and provide performance guarantees under corresponding specifications.
- Large performance specifications: For high performance requirements, provide large specifications of load balancing instances to solve performance bottlenecks.
For cloud-native applications
- Based on native Kubernetes Ingress
- Naturally supports Alibaba Cloud Container Service Kubernetes products
- Compatible with Nginx Ingress semantics
Safer and more reliable
- Component hosting, high availability and free operation and maintenance
- Certificate management: automatic discovery of certificates.
application scenario
The scenarios currently supported by ALB include highly resilient Internet scenarios, low-latency scenarios in the audio-visual industry, and cloud-native application scenarios.
summary
Currently, Alibaba Cloud Container Service ALB Ingress Controller has been open for public testing. Users can directly deploy ALB Ingress Controller through the container service console. It supports ACK managed version, ACK proprietary version, and Serverless Kubernetes.
Click here for more product related information:
related links:
1) Introduction to ALB Ingress:
https://help.aliyun.com/document\_detail/284514.html
2) ALB introduction:
https://help.aliyun.com/document\_detail/197202.html
Copyright Notice: content of this article is contributed spontaneously by Alibaba Cloud real-name registered users, and the copyright belongs to the original author. The Alibaba Cloud Developer Community does not own its copyright and does not assume corresponding legal responsibilities. For specific rules, please refer to the "Alibaba Cloud Developer Community User Service Agreement" and the "Alibaba Cloud Developer Community Intellectual Property Protection Guidelines". If you find suspected plagiarism in this community, fill in the infringement complaint form to report it. Once verified, the community will immediately delete the suspected infringing content.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。