Author: Yuan Yi Review and proofread: Xiyang, Haizhu Editor & typesetting: Wen Yan

background

With the microservization and Serverless of cloud native applications, users need to meet demands such as configurable complex routing rules, support for multiple application layer protocols (HTTP, HTTPS, and QUIC), security of service access, and observability of traffic. The traditional SLB Ingress, which is based on four tiers, can no longer meet these demands.

ALB Ingress Controller Provides full hosting o&M free Ingress traffic management based on Application Load Balancer (ALB). Relying on Alibaba cloud container service Kubernetes products, compatible with Nginx Ingress semantics, has the ability to configure and manage complex business routing, certificate automatic discovery, traffic entry can be observed, while supporting a variety of application layer protocols (QUIC, etc.), with large-scale seven-layer traffic processing capacity, Make it easy for users to manage cloud native application traffic.

Propagated products

Application Load Balancer (ALB) is a Load balancing service launched by Ali Cloud for HTTP, HTTPS, and QUIC Application layer scenarios. It has super elasticity and large-scale layer 7 traffic processing capability.

Propagated properties

Elastic automatic scaling: ALB provides both domain names and Virtual IP addresses (VIPs), and distributes traffic to multiple cloud servers to expand the service capabilities of application systems and improve the availability of application systems by eliminating single points of failure. ALB allows you to customize the combination of available zones and supports elastic scaling across available zones, avoiding single-zone resource bottlenecks.

Advanced protocol support: ALB supports QUIC, which enables faster access and more secure and reliable transmission links in mobile Internet application scenarios such as real-time audio and video, interactive live broadcast and games. ALB also supports gRPC framework, which can realize efficient API communication between massive micro-services.

Advanced content-based routing: ALB supports identifying specific business traffic and forwarding it to different back-end servers based on rules such as HTTP headers, cookies, and HTTP request methods. ALB also supports advanced operations such as redirection, rewriting, and custom HTTPS standards.

Security support: THE ALB provides Distributed Denial of Service (DDoS) protection and integrates with the Web Application Firewall (WAF) with one click. In addition, ALB supports full-link HTTPS encryption, enabling HTTPS interaction with clients or back-end servers. Supports efficient and secure encryption protocols, such as TLS 1.3, for encryption-sensitive services, and meets the requirements of zero-Trust new-generation security technology architecture. Supports prefabricated security policies. You can customize security policies.

Cloud native applications: In the cloud native era, PaaS platforms will sink into the infrastructure and become part of the cloud. As cloud native becomes mature, many industries, such as the Internet, finance, and enterprise, choose cloud native deployment for new services, or carry out cloud original biochemical transformation for existing services. ALB is deeply integrated with Alibaba Cloud Container Service for Kubernetes (ACK), and is the official Cloud native Ingress gateway of Ali Cloud.

Flexible public network accounting: ALB provides public network capabilities through the Elastic IP Address (EIP) and shared bandwidth. A more advanced pricing scheme based on units of capacity (LCU), which is more suitable for elastic business peaks, is also adopted.

Ali Cloud container service ALB Ingress Controller

ALB Ingress Controller is based on Ali Cloud Application Load Balancer (ALB) to provide more powerful Ingress traffic management, compatible with Nginx Ingress, It can process complex service routes and automatically discover certificates, and supports HTTP, HTTPS, and QUIC protocols, fully meeting the requirements for super elasticity and large-scale Layer 7 traffic processing in cloud native application scenarios.

Realize the principle of

The ALB Ingress Controller listens for kubernetes Ingress resources through API Server. Albconfig is dynamically generated (Albconfig is a CRD resource provided in the ALB Ingress Controller for ALB instance configuration), and then ALB instances, listeners, routing and forwarding rules, and back-end server groups are created in sequence. Service, Ingress and Albconfig in Kubernetes have the following relationships:

  • A Service is an abstraction of a real back-end Service, and a Service can represent multiple identical back-end services.

  • Ingress is a reverse proxy rule that specifies which Service HTTP/HTTPS requests should be forwarded to. For example, forwarding requests to different services depending on the Host and URL paths in the request.

  • Albconfig is a CRD resource provided in the ALB Ingress Controller. Albconfig CRD is used to configure ALB instances and listeners. One Albconfig corresponds to one ALB instance.

Product advantage

Rich forwarding features

  • Forward based on Header and Cookie

  • Domain name URL forwarding: Supports traffic scheduling based on domain names and urls, improving the flexibility of application systems.

High elasticity and large throughput

The first cloud vendor to introduce performance assurance for load balancing instances.

  • Performance guarantee instance: Launch performance guarantee instance to realize performance isolation between different instances and provide performance guarantee under corresponding specifications.

  • Ultra high performance: Provides ultra high performance load balancing instances to solve performance bottlenecks.

Cloud oriented native applications

  • Based on native Kubernetes Ingress

  • Natural supports Aliyun container service Kubernetes products

  • Compatible with Nginx Ingress semantics

Safer and more reliable

  • Component hosting, high availability and o&M free

  • Certificate management: Automatically discover certificates.

Application scenarios

The ALB supports highly elastic Internet scenarios, low-latency scenarios in the video and audio industry, and cloud-oriented native application scenarios.

summary

Currently, ALB Ingress Controller, the container service of Ali Cloud, is open for public testing. Users can directly deploy ALB Ingress Controller through the container service console. Support ACK hosted version, ACK proprietary version and Serverless Kubernetes.

Click here to learn more about our products:

Related links:

1) Introduction to ALB Ingress: help.aliyun.com/document_de…

2) Introduction to ALB: help.aliyun.com/document_de…