tencent cloud

Feedback

Overview

Last updated: 2022-12-13 18:23:37

    Services expose TKE in clusters based on the layer-4 network. Exposed service types, such as ClusterIP, NodePort, and LoadBalancer, are all based on the access entry of layer-4 network services. They lack layer-7 network capabilities, such as load balancing, SSL, and name-based virtual hosts. An Ingress exposes HTTP and HTTPS services in the layer-7 network and provides common layer-7 network capabilities.

    Basic Ingress Concepts

    An Ingress is a collection of rules that allow access to services of a cluster. You can configure different forwarding rules to allow different URLs to access different services. To properly run Ingress resources, the cluster must run an Ingress controller. TKE enables the CLB-based TKE Ingress Controller by default in the cluster.

    Ingress Lifecycle Management

    The external service capability of an Ingress depends on resources provided by the CLB. Service resource management is one of the important feature of an Ingress. The following table describes the labels that an Ingress will use for resource lifecycle management.

    LabelDescription
    tke-createdBy-flag = yes
    • Indicates that the resource was created by TKE. When an Ingress with this label is deleted, the corresponding resources are also deleted.
    • When an Ingress without this label is destroyed, only the CLB listener is deleted and the CLB will not be deleted.
    tke-clusterId = <clusterId>
    • Identifies the cluster that uses the resource.
    • When the Ingress is deleted, the corresponding label (with correct ClusterId) will be deleted.
    tke-lb-ingress-uuid = <Ingress UUID>
    • Identifies the Ingress that uses the resource.
    • Currently, an Ingress cannot reuse a CLB with other Ingresses. If you specify that an Ingress use an existing CLB but the label value is incorrect, the request will be rejected.
    • When the Ingress is deleted, the corresponding label (with correct Ingress UUID) will be deleted.

    Ingress Controller Usage Method

    In addition to TKE Ingress Controller provided by Tencent Cloud, the Kubernetes community has various third-party Ingress controllers. These Ingress controllers expose services in the layer-7 network. The Kubernetes community allows you to use the kubernetes.io/ingress.class annotation to distinguish different Ingress controllers and determine the controller that processes an ingress. TKE Ingress Controller also supports this annotation. The detailed rules and use suggestions are as follows:

    • When an Ingress does not have the kubernetes.io/ingress.class annotation, TKE Ingress Controller will manage the Ingress.
    • When an Ingress has the kubernetes.io/ingress.class annotation and its value is qcloud, TKE Ingress Controller will manage the Ingress.
    • When an Ingress modifies the kubernetes.io/ingress.class annotation content, TKE Ingress Controller will add the Ingress to or remove it from its management scope based on the annotation content. This operation will create or release an Ingress.
    • When TKE Ingress Controller is not required, you can change the number of Deployment (kube-system:l7-lb-controller) replicas in the cluster to 0 to disable the TKE Ingress Controller feature.
      Note:

      • Before disabling the TKE Ingress Controller feature, ensure that no Ingress is managed by TKE Ingress Controller to prevent CLB release failures.
      • If Deletion Protection is enabled or a private connection is used for the CLB, the CLB will not be deleted when services are deleted.

    Ingress Operations

    For more information about Ingress-related operations and features, see the following documents:

    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support