Configuring Ingress Controller of Container Service for Kubernetes to Use an Intranet SLB Instance

Configure the Nginx Ingress Controller to Use an Intranet SLB Instance Only

If you want to restrict the services in the cluster to only one VPC, modify the configurations of the Nginx Ingress Controller service.

  1. If you set alicloud-loadbalancer-id to specify an existing SLB instance for use, the manually configured listener may be overwritten.
  2. The SLB instance will not be automatically deleted when the kube-system/nginx-ingress-lb service is deleted.
# nginx ingress slb service
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress-lb
namespace: kube-system
labels:
app: nginx-ingress-lb
annotations:
# Set the SLB instance address type to intranet.
service.beta.kubernetes.io/alicloud-loadbalancer-address-type: intranet
# Change the SLB instance ID to that of the intranet SLB instance.
service.beta.kubernetes.io/alicloud-loadbalancer-id: <YOUR_INTRANET_SLB_ID>
# Specify whether to create an SLB port listener automatically or manually. If the listener is created automatically, the original port listener will be overwritten.
#service.beta.kubernetes.io/alicloud-loadbalancer-force-override-listeners: 'true'
spec:
type: LoadBalancer
# route traffic to other nodes
externalTrafficPolicy: "Cluster"
ports:
- port: 80
name: http
targetPort: 80
- port: 443
name: https
targetPort: 443
selector:
# select app=ingress-nginx pods
app: ingress-nginx

Configure the Nginx Ingress Controller to Use Either an Internet or Intranet SLB Instance

In some specific scenarios, you may want services in the cluster to be accessible to both the Internet and the VPC to which the services belong (not through the Internet).

# intranet nginx ingress slb service
apiVersion: v1
kind: Service
metadata:
# Name the service nginx-ingress-lb-intranet.
name: nginx-ingress-lb-intranet
namespace: kube-system
labels:
app: nginx-ingress-lb-intranet
annotations:
# Set the SLB instance address type to intranet.
service.beta.kubernetes.io/alicloud-loadbalancer-address-type: intranet
# Change the SLB instance ID to that of the intranet SLB instance.
service.beta.kubernetes.io/alicloud-loadbalancer-id: <YOUR_INTRANET_SLB_ID>
# Specify whether to create an SLB port listener automatically or manually. If the listener is created automatically, the original port listener will be overwritten.
#service.beta.kubernetes.io/alicloud-loadbalancer-force-override-listeners: 'true'
spec:
type: LoadBalancer
# route traffic to other nodes
externalTrafficPolicy: "Cluster"
ports:
- port: 80
name: http
targetPort: 80
- port: 443
name: https
targetPort: 443
selector:
# select app=ingress-nginx pods
app: ingress-nginx
kubectl -n kube-system get svc | grep nginx-ingress-lb
nginx-ingress-lb LoadBalancer 172.19.9.26 47.96.223.50 80:31456/TCP,443:30016/TCP 5h
nginx-ingress-lb-intranet LoadBalancer 172.19.4.140 192.168.2.88 80:32394/TCP,443:31000/TCP 7m

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com