1. Background

  • There is an ACK cluster
  • Successfully deployed Nginx ingress controller and bound to the public network SLB

Note: The Kubernetes cluster created through the Alibaba Cloud Container Service Management Console will automatically deploy a set of Nginx Ingress Controllers during initialization, which is mounted on the public network SLB instance by default.

2. Configuration

1. Create an intranet LB

Alibaba Cloud Console, create an intranet SLB and bind it to VPC

2. Configure Nginx ingress controller

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

# my-nginx-ingress-slb-intranet.yaml
# intranet nginx ingress slb service
apiVersion: v1
kind: Service
metadata:
# The service here is named nginx-ingress-lb-intranet.
name: nginx-ingress-lb-intranet
namespace: kube-system
labels:
app: nginx-ingress-lb-intranet
annotations:
# Indicates that the SLB instance address type is a private network type.
service.beta.kubernetes.io/alicloud-loadbalancer-address-type: intranet
# Change to your private network SLB instance ID.
service.beta.kubernetes.io/alicloud-loadbalancer-id: <YOUR_INTRANET_SLB_ID>
# Whether to automatically create an SLB port listener (will overwrite the existing port listener), you can also manually create a port listener.
#service.beta.kubernetes.io/alicloud-loadbalancer-force-override-listeners: 'false' spec: type: LoadBalancer # route traffic to other nodes externalTrafficPolicy: "Cluster" ports: - port: 80 name: http targetPort: 80 - port: 443 name: https targetPort: 443 selector: # select app=ingress-nginx pods app: ingress-nginx '`` Create service Resources: ```shell kubectl apply -f my-nginx-ingress-slb-intranet.yaml ``` Get service resources: ```shell # kubectl -n kube-system get svc | grep nginx-ingress-lb nginx-ingress-lb LoadBalancer 172.21.15.148 39.107.xxx.xxx 80:32076/TCP,443:30803/TCP 433d
nginx-ingress-lb-intranet LoadBalancer 172.21.5.0 172.17.193.181 80:32282/TCP,443:30507/TCP 1d

When a service is exposed externally through Ingress, the service can be accessed through the public SLB, and other services under the same VPC can also directly access the service through the private SLB.

  1. Create ingress service After configuring ingress controller, no special configuration is required for ingress creation, which is exactly the same as creating ingress before, as shown in the following example:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

# Source: prometheusalert/templates/ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: RELEASE-NAME-prometheusalert
labels:
app.kubernetes.io/name: prometheusalert
helm.sh/chart: prometheusalert-1.0.0
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/version: "1.2.0"
app.kubernetes.io/managed-by: Helm
spec:
rules:
- host: "palert.con.sdi"
http:
paths:
- path: /
backend:
serviceName: RELEASE-NAME-prometheusalert
servicePort: 8080

For the intranet domain name, directly resolve it to the intranet SLB address (here 172.17.193.181).

Reference: Alibaba Cloud Document