Alauda Container Platform

ALB Rules

We define a resource called rule, which is used to describe how an alb instance should handle a 7-layer request.

CRD

  spec:
    properties:
      backendProtocol:
        description: backendProtocol defines protocol used by backend servers,
          it could be https/http/grpc
        type: string
      certificate_name:
        description: certificate_name defines certificate used with specified
          hostname in rule at https frontend
        type: string
      corsAllowHeaders:
        description: corsAllowHeaders defines the headers allowed by cors
          when enableCORS is true
        type: string
      corsAllowOrigin:
        description: corsAllowOrigin defines the origin allowed by cors when
          enableCORS is true
        type: string
      description:
        type: string
      domain:
        type: string
      dsl:
        description: used for searching on the UI interface
        type: string
      dslx:
        description: dslx defines the matching criteria
        items:
          properties:
            key:
              type: string
            type:
              type: string
            values:
              items:
                items:
                  type: string
                type: array
              type: array
          type: object
        type: array
      enableCORS:
        description: enableCORS is the switch whether enable cross domain,
          when EnableCORS is false, alb2 transports information to backend
          servers which determine whether allow cross-domain
        type: boolean
      priority:
        description: priority ranges from [1,10], if multiple rules match,
          less value prioritize
        type: integer
      rewrite_base:
        type: string
      rewrite_target:
        type: string
      serviceGroup:
        properties:
          services:
            items:
              properties:
                name:
                  type: string
                namespace:
                  type: string
                port:
                  type: integer
                weight:
                  type: integer
              type: object
            type: array
          session_affinity_attribute:
            type: string
          session_affinity_policy:
            type: string
        type: object
      source:
        description: source is where the frontend or rule came from. It's
          type can be "bind" for those created for service annotations. And
          carries information about ingress when rule is generalized by ingress
        properties:
          name:
            type: string
          namespace:
            type: string
          type:
            type: string
        type: object
      type:
        description: type is deprecated
        type: string
      url:
        type: string
      vhost:
        description: vhost allows user to override the request Host
        type: string
    type: object

dslx

dslx is a domain specific language, it is used to describe the matching criteria.

for example,below rule matches a request that satisfies all the following criteria:

  • url starts with /app-a or /app-b
  • method is post
  • url param's group is vip
  • host is *.app.com
  • header's location is east-1 or east-2
  • has a cookie name is uid
  • source IPs come from 1.1.1.1-1.1.1.100
  dslx:                                     
  - type: METHOD
    values:
    - - EQ
      - POST
  - type: URL
    values:
    - - STARTS_WITH
      - /app-a
    - - STARTS_WITH
      - /app-b
  - type: PARAM
    key: group
    values:
    - - EQ
      - vip
  - type: HOST 
    values:
    - - ENDS_WITH
      - .app.com
  - type: HEADER
    key: LOCATION 
    values:
    - - IN
      - east-1
      - east-2
  - type: COOKIE
    key: uid
    values:
    - - EXIST 
  - type: SRC_IP
    values:
    - - RANGE
      - "1.1.1.1"
      - "1.1.1.100"

Config

In fact,rule .spec.config contains more field.

ON THIS PAGE