Mastering Kubernetes Ingress: From Basics to MSE Cloud Native Gateway
This article explains why Kubernetes clusters need an ingress point, compares NodePort, LoadBalancer, and Ingress solutions, introduces Ingress Providers, details Nginx and Alibaba Cloud MSE Ingress Controllers, and provides a step‑by‑step tutorial for deploying services and Ingress resources on an ACK cluster.
Kubernetes clusters isolate internal services from external clients, so an entry point—an ingress—is required to expose services outside the cluster. The three common approaches are NodePort, LoadBalancer, and Ingress, with Ingress operating at layer 7 and supporting virtual‑host and path‑based routing.
Ingress abstracts external traffic management, allowing a single Ingress Provider to implement routing rules for many services, reducing port usage and enabling centralized access control, observability, and logging.
The widely used Nginx Ingress Controller consists of a controller that watches Ingress resources via the API server and generates Nginx configuration files, which are reloaded without restarting the data plane.
Alibaba Cloud’s MSE Ingress Controller extends the standard Ingress model with hot‑update, multi‑cluster management, lower cost, and built‑in security and monitoring. It can listen to Ingress resources from multiple ACK clusters and apply routing rules instantly.
Prerequisites
An MSE Cloud Native Gateway instance
An ACK (Alibaba Cloud Kubernetes) cluster
Step 1: Bind ACK cluster and enable Ingress listening
In the MSE console, navigate to Service Management → Source Management, associate the ACK cluster, enable listening for Kubernetes Ingress, and configure the IngressClass and target namespace.
Step 2: Deploy a sample service
apiVersion: v1
kind: Service
metadata:
name: httpbin
labels:
app: httpbin
service: httpbin
spec:
ports:
- name: http
port: 8000
targetPort: 80
selector:
app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpbin
spec:
replicas: 1
selector:
matchLabels:
app: httpbin
template:
metadata:
labels:
app: httpbin
spec:
containers:
- image: mse-gw-demo-registry.cn-hangzhou.cr.aliyuncs.com/gw/httpbin
imagePullPolicy: IfNotPresent
name: httpbin
ports:
- containerPort: 80Step 3: Create an Ingress resource
For ACK versions prior to 1.19:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-demo
spec:
rules:
- host: test.com
http:
paths:
- path: /ip
backend:
serviceName: httpbin
servicePort: 8000For ACK 1.19 and later:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-demo
spec:
rules:
- host: test.com
http:
paths:
- path: /ip
pathType: Exact
backend:
service:
name: httpbin
port:
number: 8000Step 4: Access the service
Obtain the gateway IP from the MSE console and test with curl: curl -H "host: test.com" 47.97.127.61/ip Expected JSON response:
{
"origin": "x.x.x.x"
}Step 5: Verify domain and routing configuration
The MSE console displays the registered domain and the routing rules derived from the Ingress manifest.
By using MSE Ingress Controller, traffic is routed efficiently, multi‑cluster ingress is supported, and configuration updates take effect instantly without restarting the data plane, providing a robust and cost‑effective solution for cloud‑native applications.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Alibaba Cloud Native
We publish cloud-native tech news, curate in-depth content, host regular events and live streams, and share Alibaba product and user case studies. Join us to explore and share the cloud-native insights you need.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.