Services expose TKE in clusters based on the layer-4 network. Exposed service types, such as ClusterIP, NodePort, and LoadBalancer, are all based on the access entry of layer-4 network services. They lack layer-7 network capabilities, such as load balancing, SSL, and name-based virtual hosts. An Ingress exposes HTTP and HTTPS services in the layer-7 network and provides common layer-7 network capabilities.
An Ingress is a collection of rules that allow access to services of a cluster. You can configure different forwarding rules to allow different URLs to access different services. To properly run Ingress resources, the cluster must run an Ingress controller. TKE enables the CLB-based TKE Ingress Controller by default in the cluster.
The external service capability of an Ingress depends on resources provided by the CLB. Service resource management is one of the important feature of an Ingress. The following table describes the labels that an Ingress will use for resource lifecycle management.
Label | Description |
---|---|
tke-createdBy-flag = yes |
|
tke-clusterId = <clusterId> |
|
tke-lb-ingress-uuid = <Ingress UUID> |
|
In addition to TKE Ingress Controller provided by Tencent Cloud, the Kubernetes community has various third-party Ingress controllers. These Ingress controllers expose services in the layer-7 network. The Kubernetes community allows you to use the kubernetes.io/ingress.class
annotation to distinguish different Ingress controllers and determine the controller that processes an ingress. TKE Ingress Controller also supports this annotation. The detailed rules and use suggestions are as follows:
kubernetes.io/ingress.class
annotation, TKE Ingress Controller will manage the Ingress.kubernetes.io/ingress.class
annotation and its value is qcloud
, TKE Ingress Controller will manage the Ingress.kubernetes.io/ingress.class
annotation content, TKE Ingress Controller will add the Ingress to or remove it from its management scope based on the annotation content. This operation will create or release an Ingress.Deployment
(kube-system:l7-lb-controller
) replicas in the cluster to 0 to disable the TKE Ingress Controller feature.
Note:
- Before disabling the TKE Ingress Controller feature, ensure that no Ingress is managed by TKE Ingress Controller to prevent CLB release failures.
- If Deletion Protection is enabled or a private connection is used for the CLB, the CLB will not be deleted when services are deleted.
For more information about Ingress-related operations and features, see the following documents:
Was this page helpful?