#Bind NIC in ALB

By default, ALB listens on 0.0.0.0 for ipv4 and :: for ipv6. In certain security scenarios, it needs to be bound to a specific network interface card (NIC).

#For Cluster Embedded ALB

By default, an embedded ALB will be deployed in each cluster. In the global cluster, it should be named 'global-alb2', while in other clusters, it should be named 'cpaas-system'.

Replace $CLUSTER and $NIC with the actual cluster and NIC. If you use Alive (Alauda Container Platform Virtual lP Management), you need add alive to the nic list.

kubectl annotate cluster -n cpaas-system $cluster cpaas.io/alb-bind-nic='{"nic":["$NIC","alive"]}'

By default, ALB enables IPv6 in a single-stack cluster. However, when using bindnic, the specified NIC might not have an IPv6 address. In such cases, ALB will still attempt to bind to ::*. As a workaround, you could disable IPv6.

kubectl annotate cluster -n cpaas-system $cluster cpaas.io/alb-enable-ipv6='"false"'

#For User-defined ALB

kubectl patch alb2 -n cpaas-system $ALB -p '{"spec":{"config":{"enableIPV6":"false","bindNIC":"{\"nic\":[\"$NIC\",\"alive\"]}"}}}' --type=merge