使用Ingress创建基于HTTP的ALB

image-20220222100304447

  • 当创建Ingress时,会创建对应的ALB,ALB和Ingress共享生命周期

  • 它工作在7层,支持HTTP/HTTPS协议

在部署Ingress前,要先安装好AWS Load Balancer Controller

将下面内容保存为alb.yaml:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: alb-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/target-type: ip  # 当检查这个annotation时,AWS Load Balancer Controller会创建ALB
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/tags: Environment=dev,Team=test,audo-delete=no
spec:
  rules:
    - http:
        paths:
          - path: /*
            backend:
              serviceName: web-nginx-module
              servicePort: 80

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  namespace: default
  labels:
    app: web-nginx-module
spec:
  replicas: 1
  selector:
    matchLabels:
      app: web-nginx-module
  template:
    metadata:
      labels:
        app: web-nginx-module
    spec:
      containers:
        - name: web-nginx-module
          image: nginx
          ports:
            - containerPort: 80

---
apiVersion: v1
kind: Service
metadata:
  name: web-nginx-module
  namespace: default 
  labels:
    app: web-nginx-module
spec:
  type: NodePort
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
      name: http
  selector:
    app: web-nginx-module

创建:

kubectl apply -f alb.yaml

创建完成后,在控制台看到ALB的详细信息:

image-20220223074956361

访问:

image-20220223075012874

利用Annotation, 可以自定义ALB的各种行为:

Name Type Default Location MergeBehavior
alb.ingress.kubernetes.io/group.name string N/A Ingress N/A
alb.ingress.kubernetes.io/group.order integer 0 Ingress N/A
alb.ingress.kubernetes.io/tags stringMap N/A Ingress,Service Merge
alb.ingress.kubernetes.io/ip-address-type ipv4 | dualstack ipv4 Ingress Exclusive
alb.ingress.kubernetes.io/scheme internal | internet-facing internal Ingress Exclusive
alb.ingress.kubernetes.io/subnets stringList N/A Ingress Exclusive
alb.ingress.kubernetes.io/security-groups stringList N/A Ingress Exclusive
alb.ingress.kubernetes.io/customer-owned-ipv4-pool string N/A Ingress Exclusive
alb.ingress.kubernetes.io/load-balancer-attributes stringMap N/A Ingress Exclusive
alb.ingress.kubernetes.io/wafv2-acl-arn string N/A Ingress Exclusive
alb.ingress.kubernetes.io/waf-acl-id string N/A Ingress Exclusive
alb.ingress.kubernetes.io/shield-advanced-protection boolean N/A Ingress Exclusive
alb.ingress.kubernetes.io/listen-ports json ‘[{“HTTP”: 80}]’ | ‘[{“HTTPS”: 443}]’ Ingress Merge
alb.ingress.kubernetes.io/inbound-cidrs stringList 0.0.0.0/0, ::/0 Ingress Exclusive
alb.ingress.kubernetes.io/certificate-arn stringList N/A Ingress Merge
alb.ingress.kubernetes.io/ssl-policy string ELBSecurityPolicy-2016-08 Ingress Exclusive
alb.ingress.kubernetes.io/target-type instance | ip instance Ingress,Service N/A
alb.ingress.kubernetes.io/backend-protocol HTTP | HTTPS HTTP Ingress,Service N/A
alb.ingress.kubernetes.io/backend-protocol-version string HTTP1 Ingress,Service N/A
alb.ingress.kubernetes.io/target-group-attributes stringMap N/A Ingress,Service N/A
Name Type Default Location MergeBehavior
alb.ingress.kubernetes.io/healthcheck-port integer | traffic-port traffic-port Ingress,Service N/A
alb.ingress.kubernetes.io/healthcheck-protocol HTTP | HTTPS HTTP Ingress,Service N/A
alb.ingress.kubernetes.io/healthcheck-path string / | /AWS.ALB/healthcheck Ingress,Service N/A
alb.ingress.kubernetes.io/healthcheck-interval-seconds integer ‘15’ Ingress,Service N/A
alb.ingress.kubernetes.io/healthcheck-timeout-seconds integer ‘5’ Ingress,Service N/A
alb.ingress.kubernetes.io/healthy-threshold-count integer ‘2’ Ingress,Service N/A
alb.ingress.kubernetes.io/unhealthy-threshold-count integer ‘2’ Ingress,Service N/A
alb.ingress.kubernetes.io/success-codes string ‘200’ | ‘12’ Ingress,Service N/A
alb.ingress.kubernetes.io/auth-type none|oidc|cognito none Ingress,Service N/A
alb.ingress.kubernetes.io/auth-idp-cognito json N/A Ingress,Service N/A
alb.ingress.kubernetes.io/auth-idp-oidc json N/A Ingress,Service N/A
alb.ingress.kubernetes.io/auth-on-unauthenticated-request authenticate|allow|deny authenticate Ingress,Service N/A
alb.ingress.kubernetes.io/auth-scope string openid Ingress,Service N/A
alb.ingress.kubernetes.io/auth-session-cookie string AWSELBAuthSessionCookie Ingress,Service N/A
alb.ingress.kubernetes.io/auth-session-timeout integer ‘604800’ Ingress,Service N/A
alb.ingress.kubernetes.io/actions.${action-name} json N/A Ingress N/A
alb.ingress.kubernetes.io/conditions.${conditions-name} json N/A Ingress N/A