2026-04-26T06:09:24.357Z阿里云负载均衡云原生
使用阿里云负载均衡的有福啦!快速掌握ALB Ingress 高级用法
阿里云 ALB Ingress 高级用法
在Kubernetes集群中,ALB Ingress对集群服务(Service)中外部可访问的API对象进行管理,提供七层负载均衡能力。本文介绍如何使用阿里云ALB Ingress将来自不同域名或URL路径的请求转发给不同的后端服务器组、将HTTP访问重定向至HTTPS以及实现灰度发布等功能。
- 请求方向注解
alb.ingress.kubernetes.io/backend-keepalive: 'true'
alb.ingress.kubernetes.io/connection-drain-enabled: 'true'
alb.ingress.kubernetes.io/connection-drain-timeout: '300'
alb.ingress.kubernetes.io/cors-allow-credentials: 'true'
alb.ingress.kubernetes.io/cors-allow-headers: >-
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Forwarded-For
alb.ingress.kubernetes.io/cors-allow-methods: 'GET, PUT, POST, OPTIONS'
alb.ingress.kubernetes.io/cors-allow-origin: '*'
alb.ingress.kubernetes.io/cors-expose-headers: '*'
alb.ingress.kubernetes.io/cors-max-age: '172800'
alb.ingress.kubernetes.io/enable-cors: 'true'
alb.ingress.kubernetes.io/enable-ipv6: 'true'
alb.ingress.kubernetes.io/listen-ports: '[{"QUIC": 443},{"HTTPS": 443}]'
alb.ingress.kubernetes.io/slow-start-duration: '30'
alb.ingress.kubernetes.io/slow-start-enabled: 'true'
连接优雅中断
alb.ingress.kubernetes.io/connection-drain-enabled: ‘true’ alb.ingress.kubernetes.io/connection-drain-timeout: ‘300’跨域配置
alb.ingress.kubernetes.io/cors-allow-credentials: ‘true’alb.ingress.kubernetes.io/cors-allow-methods: ‘GET, PUT, POST, DELETE, PATCH, OPTIONS’
alb.ingress.kubernetes.io/cors-allow-origin: ‘*’ alb.ingress.kubernetes.io/cors-expose-headers: ‘*’ alb.ingress.kubernetes.io/cors-max-age: ‘172800’ alb.ingress.kubernetes.io/enable-cors: ‘true’开启服务组ipv6挂载和HTTP3
alb.ingress.kubernetes.io/enable-ipv6: ‘true’ alb.ingress.kubernetes.io/listen-ports: ‘[{“QUIC”: 443},{“HTTPS”: 443}]’后端慢启动
alb.ingress.kubernetes.io/slow-start-duration: ’30’ alb.ingress.kubernetes.io/slow-start-enabled: ‘true’会话保持
alb.ingress.kubernetes.io/sticky-session-type: ‘Insert’ alb.ingress.kubernetes.io/cookie-timeout: 86400后端长链接
alb.ingress.kubernetes.io/backend-keepalive: ‘true’
响应方向自定义响应头,需要单独创建一个Ingress 作为响应配置
1)自定义响应头,以下是常用的浏览器安全头,可直接使用
alb.ingress.kubernetes.io/actions.service-name: |
alb.ingress.kubernetes.io/actions.website-service: |
[
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "Access-Control-Allow-Headers",
"value": "*",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "Access-Control-Allow-Method",
"value": "POST, OPTIONS, GET",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "X-Frame-Options",
"value": "ALLOW-FROM https://*.demo.com",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "X-Content-Type-Options",
"value": "nosniff",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "X-Download-Options",
"value": "closed",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "X-XSS-Protection",
"value": "1; mode=block",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "X-Pacific-Timestamp",
"value": "$time_iso8601",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "Strict-Transport-Security",
"value": "max-age=31536000; includeSubDomains",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "Content-Security-Policy",
"value": "frame-ancestors 'self' https://*.demo.com",
"valueType": "UserDefined"
}
},
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "Cache-Control",
"value": "no-cache",
"valueType": "UserDefined"
}
}
]
alb.ingress.kubernetes.io/rule-direction.service-name: Response
spec:
ingressClassName: alb
rules:
- host: demo.com
http:
paths:
- backend:
service:
name: service-name
port:
name: use-annotation
path: /
pathType: Prefix
- alb.ingress.kubernetes.io/actions.service-name
注解中的service-name,需要和spec.rules里面的service-name 名字一样
- 删除spec.rules 里的Port字段,添加 name: use-annotation
- 请求方向自定义请求头,添加到对应的ALB Ingress 配置里面
alb.ingress.kubernetes.io/actions.demo-service: |
[
{
"type": "InsertHeader",
"InsertHeaderConfig": {
"key": "X-Download-Options",
"value": "closed",
"valueType": "UserDefined"
}
}
]
- 接口请求头中会带上自定义的header,通过F12查看
