Overview
An Ingress is a collection of rules that enables access to Services within a cluster. You can configure different forwarding rules to allow access from different URLs to different Services within a cluster.
To properly run Ingress resources, the cluster must run an Ingress controller. TKE enables the CLB-based l7-lb-controller
by default in the cluster. It supports HTTP and HTTPS as well as other self-built Ingress controllers in the cluster. You can select different Ingress types based on your business needs.
Notes
- Do not use the same CLB for TKE and CVM.
- For a CLB managed by TKE, you cannot modify its listeners, forward paths, certificates, and backend-bound servers on the CLB console. Changes made on the CLB console will be automatically overwritten by TKE.
- When using an existing CLB:
- You can only use load balancers created through the CLB console, not balancers automatically created by TKE.
- Do not use one CLB for multiple Ingresses.
- Do not use the same CLB for Ingress and Service.
- After you delete an Ingress, the real server bound to the reused CLB will need to be unbound manually.
tag tke-clusterId: cls-xxxx
will be kept for the CLB and will need to be cleared manually.
Operation Guide for Ingresses in the Console
Creating an Ingress
- Log in to the TKE console.
- In the left sidebar, click Cluster to go to the cluster management page.
- Click the cluster ID where the Ingress needs to be created to go to the cluster management page.
- Select Services and Routes -> Ingress to go to the Ingress information page.
- Click Create to go to the Create an Ingress page, as shown in the figure below:

- Set the Ingress parameters based on your actual needs. The key parameters are as follows:
- Ingress name: custom.
- Network type: the default value is
Public network
. Select another network if needed.
- IP version: IPv4 and IPv6 NAT64 are available. Please select based on your actual needs.
- Load balancer: create one automatically or use an existing CLB.
- Namespace: select an option based on your actual needs.
- Listener port: the default listener port is Http:80. Select another port if needed.
If Https:443 is selected, a server certificate must be bound to ensure access security, as shown in the figure below:

For more information, see Certificate Requirements and Certificate Format Conversion.
- Forwarding configuration: set this parameter based on your actual needs.
- Click Create Ingress to create an Ingress.
Updating an Ingress
Updating YAML
- Log in to the TKE console.
- In the left sidebar, click Clusters to go to the cluster management page.
- Click the cluster ID for which you want to update the YAML to go to the cluster management page.
- Select Services and Routes -> Ingress to go to the Ingress information page, as shown in the figure below:

- In the row of the Ingress for which you want to update YAML, click Edit YAML to go to the Update an Ingress page.
- On the Update an Ingress page, edit YAML and click Complete to update YAML.
Updating a forwarding rule
- On the cluster management page, click the cluster ID for which you want to update the YAML to go to the cluster management page.
- Select Services and Routes -> Ingress to go to the Ingress information page, as shown in the figure below:

- In the row of the Ingress for which you want to update the forwarding rule, click Update the forwarding configuration to go to the update the forwarding configuration page, as shown in the figure below:

- Modify the forwarding configuration based on your actual needs and click Update the forwarding configuration to complete the update.
Managing Ingresses Using Kubectl
YAML sample
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: qcloud
name: my-ingress
namespace: default
spec:
rules:
- host: localhost
http:
paths:
- backend:
serviceName: non-service
servicePort: 65535
path: /
- kind: identifies the Ingress resource type.
- metadata: basic information such as Ingress name and Label.
- metadata.annotations: an additional description of the Ingress. You can set additional enhancements for TKE through this parameter.
- spec.rules: the Ingress forwarding rule, which can be configured to implement a simple routing service, domain name-based simple fan-out routing, default domain name for simple routing, and a securely configured routing service.
annotations: create an Ingress for public/private network access using an existing load balancer
If the existing application CLB is idle and you want to use it for an Ingress created by TKE or you want to use the same CLB within the cluster, you can set it using the following annotations:
Note:
Please read the Notes before using it.
metadata:
annotations:
kubernetes.io/ingress.existLbId: lb-6swtxxxx
annotations: create a private network Ingress of the CLB type
If you need to use a private network CLB, set it with the following annotations:
metadata:
annotations:
kubernetes.io/ingress.subnetId: subnet-xxxxxxxx
Notes
If you are using an account with IP bandwidth packages, you need to specify the following two annotations when creating a service accessible to the public network:
Creating an Ingress
- Prepare the Ingress YAML file as instructed by the YAML sample.
- Install kubectl and connect to a cluster. For detailed operations, see Connecting to a Cluster.
- Run the following command to create the Ingress YAML file.
kubectl create -f Ingress YAML filename
For example, to create an Ingress YAML file named “my-ingress.yaml”, run the following command:kubectl create -f my-ingress.yaml
- Run the following command to check whether the Ingress YAML file has been successfully created:
kubectl get ingress
If a message similar to the one below is returned, the Ingress YAML file has been successfully created.NAME HOSTS ADDRESS PORTS AGE
clb-ingress localhost 80 21s
Updating an Ingress
Method 1
Run the following command to update an Ingress:
kubectl edit ingress/[name]
Method 2
- Manually delete the old Ingress.
- Run the following command to recreate an Ingress:
kubectl create/apply
Was this page helpful?