Help & Documentation>Tencent Kubernetes Engine

Ingress Annotation

Last updated: 2023-09-26 14:38:15

On this page:

You can use the following annotations to configure Ingress to enrich CLB capabilities.

Annotation Usage

apiVersion: 
kind: Ingress
metadata:
  annotations:  
    kubernetes.io/ingress.class: "qcloud"
  name: test
........

Annotation Collection

kubernetes.io/ingress.class

Note: Configure the Ingress type. The current component management has not configured this annotation, or the annotation content is a Tencent Cloud Ingress resource.
Use case:
kubernetes.io/ingress.class: "qcloud"


kubernetes.io/ingress.qcloud-loadbalance-id

Note: Read-only annotation, the component provides the LoadBalancerId of the current Ingress-referenced CLB instance.
Use case:
kubernetes.io/ingress.qcloud-loadbalance-id: "lb-3imskkfe"

ingress.cloud.tencent.com/loadbalance-nat-ipv6

Note: This is a read-only annotation. It provides an IPv6 address when the user configures or applies for an NAT IPv6 CLB instance.

ingress.cloud.tencent.com/loadbalance-ipv6

Note: This is a read-only annotation. When users configure or apply for a FullStack IPv6 CLB instance, it provides an IPv6 address.

kubernetes.io/ingress.internetChargeType

Note: The billing type of the load balancer is only supported during creation and cannot be modified afterward. Changing this annotation after creation will have no effect. Specify the billing type of the load balancer when creating it. Please use this annotation in conjunction with the kubernetes.io/ingress.internetMaxBandwidthOut annotation.
Valid values:
TRAFFIC_POSTPAID_BY_HOUR: Postpaid by traffic on an hourly basis.
BANDWIDTH_POSTPAID_BY_HOUR: Postpaid by bandwidth on an hourly basis.
Use case:
kubernetes.io/ingress.internetChargeType: "TRAFFIC_POSTPAID_BY_HOUR"


kubernetes.io/ingress.internetMaxBandwidthOut

Note: CLB bandwidth settings can only be configured at the time of creation and cannot be modified after creation. Modifying this annotation after creation will have no effect. Specify the maximum outbound bandwidth for the CLB when creating it. This is only applicable to public network LBs. It should be used in conjunction with the kubernetes.io/ingress.internetChargeType annotation.
Valid values: Value range: 1-2,048 Mbps.
Use case:
kubernetes.io/ingress.internetMaxBandwidthOut: "2048"

kubernetes.io/ingress.extensiveParameters

Note: This annotation uses the parameters configured when the CLB was created. It can only be configured at the time of creation and cannot be modified after the creation. Refer to Creating a CLB Instance to add custom parameters for the created CLB instance.
Use case:
Creating a NAT64 IPv6 instance: kubernetes.io/ingress.extensiveParameters: '{"AddressIPVersion":"IPV6"}'
Create IPv6 Instance: (The SubnetId is required and an IPv6 CIDR block must be assigned. The MixIpTarget can provide mixed binding capabilities for IPv4 backends. If your backend is not IPv6, please add this configuration) kubernetes.io/ingress.extensiveParameters: '{"AddressIPVersion":"IPv6FullChain","SubnetId": "subnet-fqduxxxx"}'
kubernetes.io/ingress.extensiveParameters: '{"AddressIPVersion":"IPv6FullChain","SubnetId": "subnet-fqduxxxx","MixIpTarget":true}'
Purchasing a CTCC CLB: kubernetes.io/ingress.extensiveParameters: '{"VipIsp":"CTCC"}'
Create in a specified availability zone: kubernetes.io/ingress.extensiveParameters: '{"ZoneId":"ap-guangzhou-1"}'
Customize CLB name during creation: kubernetes.io/ingress.extensiveParameters: '{"LoadBalancerName":"my_custom_lb_name"}'


kubernetes.io/ingress.subnetId

Note: Specify the creation of a private CLB and designate the subnet to which the CLB belongs.
Use case:
kubernetes.io/ingress.subnetId: "subnet-3swgntkk"


kubernetes.io/ingress.existLbId

Note: Specify the use of an existing CLB as the access layer entry resource.
Note
When using an existing CLB, you need to ensure that it does not include other listeners.
Use case:
kubernetes.io/ingress.existLbId: "lb-342wppll"

kubernetes.io/ingress.rule-mix

kubernetes.io/ingress.http-rules

kubernetes.io/ingress.https-rules

Note: Supports mixed protocol configuration, allowing forwarding paths to be simultaneously carried out on both HTTP and HTTPS. Manual redirection rules configuration is also supported.
Use case: For the detailed usage, see Ingress with Mixed HTTP and HTTPS Protocols.


ingress.cloud.tencent.com/direct-access

Note: Supports Layer 7 direct connection to user load balancing. It is important to note the service dependencies for direct connections under various network conditions.
Use case: For the detailed usage, see Using Services with CLB-to-Pod Direct Access Mode.


ingress.cloud.tencent.com/tke-service-config

Note: Configure CLB-related settings through tke-service-config, including listeners, forwarding rules, and more.
Use case:
ingress.cloud.tencent.com/tke-service-config: "nginx-config". For more information, see Using TkeServiceConfig to Configure CLBs.


ingress.cloud.tencent.com/tke-service-config-auto

Note: This annotation is used to automatically create a TkeServiceConfig resource and provide a configuration template, allowing users to configure as needed.
Use case:
ingress.cloud.tencent.com/tke-service-config-auto: "true" - For more information, refer to Ingress using TkeServiceConfig to configure CLB.

ingress.cloud.tencent.com/rewrite-support

Note:
This annotation can be used to configure manual redirection together with kubernetes.io/ingress.http-rules and kubernetes.io/ingress.https-rules.
This annotation can be used to configure automatic redirection together with ingress.cloud.tencent.com/auto-rewrite.
Use case:
ingress.cloud.tencent.com/rewrite-support: "true"


ingress.cloud.tencent.com/auto-rewrite

Note: Provide automatic redirection capability for HTTP ports. All forwarding rules declared on HTTPS ports will create corresponding redirection rules. This requires the use of the ingress.cloud.tencent.com/rewrite-support annotation to enable redirection management capabilities.
Use case:
ingress.cloud.tencent.com/auto-rewrite: "true"


ingress.cloud.tencent.com/cross-region-id

Note: Ingress cross-region binding feature, specifying the region to access from. This needs to be used in conjunction with kubernetes.io/ingress.existLbId or ingress.cloud.tencent.com/cross-vpc-id.
Use case:
Create a cross-region load balancer: ingress.cloud.tencent.com/cross-region-id: "ap-guangzhou"ingress.cloud.tencent.com/cross-vpc-id: "vpc-646vhcjj"
Bind to an existing load balancer for cross-region access: ingress.cloud.tencent.com/cross-region-id: "ap-guangzhou"kubernetes.io/ingress.existLbId: "lb-342wppll"


ingress.cloud.tencent.com/cross-vpc-id

Note: Ingress cross-domain binding feature, specifying the VPC to be accessed. It can be used in conjunction with the ingress.cloud.tencent.com/cross-region-id annotation to specify VPCs in other regions.
Note
This annotation applies to the CLB created and managed by TKE. It is invalid for scenarios that use the existing CLB.
Use case: Create a cross-region CLB: ingress.cloud.tencent.com/cross-region-id: "ap-guangzhou"ingress.cloud.tencent.com/cross-vpc-id: "vpc-646vhcjj"


ingress.cloud.tencent.com/enable-grace-shutdown

Note: Graceful shutdown support for CLB direct connection mode. When a Pod is deleted, it has a DeletionTimestamp and its status is set to Terminating. At this point, the weight of the CLB to the Pod is adjusted to 0.
Use case: It is only supported in direct access mode and needs to be used together with ingress.cloud.tencent.com/direct-access. For more information on how to use it, please see Graceful Ingress Shutdown.


ingress.cloud.tencent.com/enable-grace-shutdown-tkex

Note: Enable graceful exit for direct connection mode in CLB. Determine whether the endpoints in the Endpoint object are not-ready, and set the weight of not-ready CLB backends to 0.
Use case: It is only supported in direct access mode and needs to be used together with ingress.cloud.tencent.com/direct-access. For more information on how to use it, see Graceful Ingress Shutdown capabilities.


ingress.cloud.tencent.com/security-groups

Note: This annotation allows you to bind security groups to CLB-type Ingress. A single CLB can be bound to up to 5 security groups.
Note:
For more information, see Use Limits of CLB security groups.
Usually, the "Allow Traffic by Default" feature must be enabled, with which the traffic forwarding between CLB and CVM is allowed by default. Traffic coming from the CLB only needs to be verified by the security group bound to the CLB. The annotation is ingress.cloud.tencent.com/pass-to-target.
Use case:
ingress.cloud.tencent.com/security-groups: "sg-xxxxxx,sg-xxxxxx"


ingress.cloud.tencent.com/pass-to-target

Note: This annotation is used to configure the "Allow Traffic by Default" feature for the CLB-type Ingress. The traffic forwarding between CLB and CVM is allowed by default. Traffic coming from the CLB only needs to be verified by the security group bound to the CLB.
Note:
For more information, see Use Limits of CLB security groups.
Usually, the feature of binding a security group is required. The annotation is ingress.cloud.tencent.com/security-groups.
Use case:
ingress.cloud.tencent.com/pass-to-target: "true"
中国站 - English