此篇文章主要介绍如何创建阿里云ACK集群,并部署简单的应用,通过域名进行访问

在阿里云控制平台创建ACK集群,负载均衡架构为ALB Ingress

ACK1

确认完配置,等待创建

ACK2

所有创建过程结束后,如下图
ACK3

通过workbench管理集群:
ACK5

创建测试应用

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-app
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6
        ports:
        - containerPort: 80
        resources:
          requests:
            memory: "128Mi"
            cpu: "100m"
          limits:
            memory: "256Mi"
            cpu: "200m"
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
  namespace: default
spec:
  selector:
    app: nginx
  ports:
  - port: 80
    targetPort: 80
  type: ClusterIP

部署之后
application1
application2

创建 ALB Ingress 规则

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-alb-ingress
  namespace: default
  annotations:
    # 指定使用 ALB Ingress Class(必须)
    alb.ingress.kubernetes.io/switch: "true"
    
    # ALB 实例 ID(可选,不指定则自动创建新 ALB)
    # alb.ingress.kubernetes.io/id: "alb-xxxxxx"
    
    # 监听端口配置
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
    
    # 是否自动创建 HTTPS 证书(使用阿里云 SSL 证书服务)
    alb.ingress.kubernetes.io/certificate-ids: "your-cert-id"  # 可选:已有证书 ID
    
    # 重写配置(可选)
    alb.ingress.kubernetes.io/rewrite-target: /
    
    # 健康检查配置
    alb.ingress.kubernetes.io/healthcheck-path: "/"
    alb.ingress.kubernetes.io/healthcheck-interval-seconds: "2"
    alb.ingress.kubernetes.io/healthy-threshold-count: "3"
    
spec:
  ingressClassName: alb  # 必须使用 alb
  rules:
  - host: www.jsonjsonstart.dpdns.org  # 替换为你的域名
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-service
            port:
              number: 80

ingress1

查看创建的ingress

alicloud:/# kubectl get ingress nginx-alb-ingress 
NAME                CLASS   HOSTS                         ADDRESS   PORTS   AGE
nginx-alb-ingress   alb     www.jsonjsonstart.dpdns.org             80      104s

查看 ALB 控制台
ALB1

访问测试

C:\Users\admin>curl -H "Host: www.jsonjsonstart.dpdns.org" http://alb-n2uzltobvzhbr32cq4.cn-hangzhou.alb.aliyuncsslb.com
C:\Users\admin>curl -H "Host: www.jsonjsonstart.dpdns.org" http://47.97.243.72/ --resolve www.jsonjsonstart.dpdns.org:80:47.97.243.72

将上面的DNS记录配置到自己的域名
由于我这里有一个空闲未使用的域名:jsonjsonstart.dpdns.org,然后到cloudflare平台设置dns记录
dns1

最后通过浏览器访问

result

由于该域名是免费申请的,未在国内备案,所以提示如上,但是验证应用访问是没有问题的

当然域名配置最好配置https:alb.ingress.kubernetes.io/certificate-ids: “your-cert-id”,去阿里云证书管理平台创建或者使用免费的证书机构cert-manager