Installing the Application Load Balancer Ingress controller
To balance the load and distribute traffic between Kubernetes applications, use an Yandex Application Load Balancer Ingress controller. It runs the load balancer and the required auxiliary resources when the user creates an Ingress
resource in a Managed Service for Kubernetes cluster.
Getting started
-
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the
--folder-name
or--folder-id
parameter. -
Make sure that the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If any rule is missing, add it.
Make sure you have configured the security groups required for Application Load Balancer as well.
Warning
The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.
-
Create a service account for the ingress controller to run and assign the following roles to it:
alb.editor
: To create the required resources.vpc.publicAdmin
: To manage external connectivity.certificate-manager.certificates.downloader
: To use certificates registered in Yandex Certificate Manager.compute.viewer
: To use Managed Service for Kubernetes cluster nodes in balancer target groups.
-
Create an authorized access key for the service account in JSON format and save it to the
sa-key.json
file:yc iam key create \ --service-account-name <Ingress_controller_service_account_name> \ --output sa-key.json
Installation using Yandex Cloud Marketplace
- Go to the folder page and select Managed Service for Kubernetes.
- Click the cluster name and select the Marketplace
tab. - Under Application available for installation, select ALB Ingress Controller and click Go to install.
- Configure the application:
- Namespace: Select a namespace or create a new one.
- Application name: Specify the app name.
- Folder ID: Specify a folder ID.
- Cluster ID: Specify a cluster ID.
- Service account key: Paste the contents of the
sa-key.json
file.
- Click Install.
- Wait for the application to change its status to
Deployed
.
Installation using a Helm chart
-
Install Helm
v3.7.0 or higher. -
Install kubectl
and configure it to work with the created cluster. -
Install the
jq
utility for piped processing of JSON files.sudo apt update && sudo apt install jq
-
To install a Helm chart
with the Ingress controller, run this command:export HELM_EXPERIMENTAL_OCI=1 && \ cat sa-key.json | helm registry login cr.yandex --username 'json_key' --password-stdin && \ helm pull oci://cr.yandex/yc-marketplace/yandex-cloud/yc-alb-ingress/yc-alb-ingress-controller-chart \ --version v0.2.8 \ --untar && \ helm install \ --namespace <namespace> \ --create-namespace \ --set folderId=<folder_ID> \ --set clusterId=<cluster_ID> \ --set-file saKeySecretKey=sa-key.json \ yc-alb-ingress-controller ./yc-alb-ingress-controller-chart/
Use cases
- Application Load Balancer Ingress controller configuration tutorial.
- Application Load Balancer Ingress controller logging configuration tutorial.
See also
- Description of Ingress controllers in the documentation:
- Restrictions when updating the ALB Ingress Controller.