{"id":13739921,"url":"https://github.com/alauda/alb","last_synced_at":"2025-05-07T13:29:38.980Z","repository":{"id":216272828,"uuid":"739208473","full_name":"alauda/alb","owner":"alauda","description":"ALB (Another Load Balancer) is a Kubernetes Gateway powered by OpenResty with years of production experience from Alauda.","archived":false,"fork":false,"pushed_at":"2024-11-24T14:46:03.000Z","size":14663,"stargazers_count":60,"open_issues_count":0,"forks_count":5,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-01-03T07:20:06.782Z","etag":null,"topics":["gateway","ingress","ingress-controller","kubernetes","networking","openresty","operator"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alauda.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-05T02:49:37.000Z","updated_at":"2024-12-18T11:24:25.000Z","dependencies_parsed_at":"2024-01-23T03:27:06.238Z","dependency_job_id":"087b2fb0-3d1f-4ffa-9922-dd3984bc88db","html_url":"https://github.com/alauda/alb","commit_stats":null,"previous_names":["alauda/alb"],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alauda%2Falb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alauda%2Falb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alauda%2Falb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alauda%2Falb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alauda","download_url":"https://codeload.github.com/alauda/alb/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":233347535,"owners_count":18662682,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gateway","ingress","ingress-controller","kubernetes","networking","openresty","operator"],"created_at":"2024-08-03T04:00:39.563Z","updated_at":"2025-05-07T13:29:38.967Z","avatar_url":"https://github.com/alauda.png","language":"Go","funding_links":[],"categories":["Go","API Gateways \u0026 Proxies"],"sub_categories":[],"readme":"# ALB -- Another Load Balancer\n[![go-cov](https://alauda.github.io/alb/badges/go-coverage.svg)](https://alauda.github.io/alb/badges/go-coverage.svg)\n[![lua-cov](https://alauda.github.io/alb/badges/lua-coverage.svg)](https://alauda.github.io/alb/badges/lua-coverage.svg)\n\nALB (Another Load Balancer) is a Kubernetes Gateway powered by [OpenResty](https://github.com/openresty/) with years of production experience from Alauda.\n\n\u003e *Note*: We are in the process of preparing the necessary documentation and refactoring the code for open source. More information and detailed usage will be made available soon.\n\n## Advantages\n\n- **Isolation and Multi-Tenant**: With ALB operator, multiple ALB instances can be created and managed in one cluster. Each tenant can has a group of dedicated ALB instances.\n- **Ingress and Gateway API Support**: Users can flexibly choose between Ingress and Gateway API according to their own preferences.\n- **Flexible User Defined Traffic Rule**: ALB provides a traffic rule DSL that can support more complex traffic matching and distribution scenarios that beyond the capabilities of standard Ingress and Gateway API.\n- **Multiple Protocol Support**: ALB can manage HTTP, HTTPS, TCP and UDP traffic.\n\n## Architecture\n\n![](./docs/_res/architecture.png)\n\n## Quick Start\n\n### Deploy the ALB Operator\n\n1. Create a kind cluster\n2. `helm repo add alb https://alauda.github.io/alb/;helm repo update;helm search repo|grep alb`\n3. `helm install alb-operator alb/alauda-alb2` \n\n### Deploy an ALB Instance\n\n```bash\ncat \u003c\u003cEOF | kubectl apply -f -\napiVersion: crd.alauda.io/v2beta1\nkind: ALB2\nmetadata:\n    name: alb-demo\n    namespace: kube-system\nspec:\n    address: \"172.20.0.5\"  # the ip address of node where alb been deployed\n    type: \"nginx\" \n    config:\n        networkMode: host\n        loadbalancerName: alb-demo\n        projects:\n        - ALL_ALL\n        replicas: 1\nEOF\n```\n\n### Rua a Demo Application\n\n```bash\ncat \u003c\u003cEOF | kubectl apply -f -\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: hello-world\n  labels:\n    k8s-app: hello-world\nspec:\n  replicas: 1 \n  selector:\n    matchLabels:\n      k8s-app: hello-world\n  template:\n    metadata:\n      labels:\n        k8s-app: hello-world\n    spec:\n      terminationGracePeriodSeconds: 60\n      containers:\n      - name: hello-world\n        image: docker.io/crccheck/hello-world:latest \n        imagePullPolicy: IfNotPresent\n---\napiVersion: v1\nkind: Service\nmetadata:\n  name: hello-world\n  labels:\n    k8s-app: hello-world\nspec:\n  ports:\n  - name: http\n    port: 80\n    targetPort: 8000\n  selector:\n    k8s-app: hello-world \n---\napiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n  name: hello-world\nspec:\n  rules:\n  - http:\n      paths:\n      - path: /\n        pathType: Prefix\n        backend:\n          service:\n            name: hello-world\n            port:\n              number: 80\nEOF\n```\n\nNow you visit the app by `curl http://${ip}`\n\n## Advanced Features\n\n### `Frontend` and `Rule`\n\nComplex traffic matching and distribution patterns can be configured by `Frontend` and `Rule`.  \n[syntax of rule's dslx](./docs/feature/rule/rules.md)\n\n```yaml\napiVersion: crd.alauda.io/v1\nkind: Frontend\nmetadata:\n  labels:\n    alb2.cpaas.io/name: alb-demo # required, indicate the ALB instance to which this Frontend belongs to\n  name: alb-demo-00080\n  namespace: kube-system\nspec:\n  backendProtocol: \"\"   # http|https \n  certificate_name: \"\"  # $secret_ns/$secret_name\n  port: 80              \n  protocol: http        # protocol of this Frontend itself\n---\napiVersion: crd.alauda.io/v1\nkind: Rule\nmetadata:\n  labels:\n    alb2.cpaas.io/frontend: alb-demo-00080  # required, indicate the Frontend to which this rule belongs\n    alb2.cpaas.io/name: alb-demo            # required, indicate the ALB to which this rule belongs\n  name: alb-demo-00080-test\n  namespace: kube-system\nspec:\n  backendProtocol: \"\"                       # as same as Frontend\n  certificate_name: \"\"                      # as same as Frontend\n  dslx:                                     # this rule matches url starts with /app-a or /app-b and method is post,and url param's group is vip, and host is *.app.com, and header's location is east-1 or east-2 and has a cookie name is uid, and source IPs come from 1.1.1.1-1.1.1.100\n  - type: METHOD\n    values:\n    - - EQ\n      - POST\n  - type: URL\n    values:\n    - - STARTS_WITH\n      - /app-a\n    - - STARTS_WITH\n      - /app-b\n  - type: PARAM\n    key: group\n    values:\n    - - EQ\n      - vip\n  - type: HOST \n    values:\n    - - ENDS_WITH\n      - .app.com\n  - type: HEADER\n    key: LOCATION \n    values:\n    - - IN\n      - east-1\n      - east-2\n  - type: COOKIE\n    key: uid\n    values:\n    - - EXIST \n  - type: SRC_IP\n    values:\n    - - RANGE\n      - \"1.1.1.1\"\n      - \"1.1.1.100\"\n  enableCORS: false\n  priority: 5                              # the lower the number, the higher the priority\n  serviceGroup:\n    services:\n    - name: hello-world\n      namespace: default\n      port: 80\n      weight: 100\n```\n\n### Ingress Annotations\n\n#### Rewrite Request\n\n```yaml\nalb.ingress.cpaas.io/rewrite-request: |\n{\"headers_remove\":[\"h1\"],\"headers\":{\"a\":\"b\"},\"headers_add\":{\"aa\": [\"bb\",\"cc\"]}}\n```\n\n`headers_remove`: remove the header.\n`headers_add`: append to the header instead of overwrite it.\n`headers`: set the header.\n\n#### Rewrite Response\n\n```yaml\nalb.ingress.cpaas.io/rewrite-response: |\n{\"headers_remove\":[\"h1\"],\"headers\":{\"a\":\"b\"},\"headers_add\":{\"aa\": [\"bb\",\"cc\"]}}\n```\n\n`headers_remove`: remove the header.\n`headers_add`: append to the header instead of overwrite it.\n`headers`: set the header.\n\n#### Annotations Compatible with ingress-nginx\n\n```yaml\nnginx.ingress.kubernetes.io/rewrite-target\nnginx.ingress.kubernetes.io/enable-cors\nnginx.ingress.kubernetes.io/cors-allow-headers\nnginx.ingress.kubernetes.io/cors-allow-origin\nnginx.ingress.kubernetes.io/backend-protocol\nnginx.ingress.kubernetes.io/temporal-redirect\nnginx.ingress.kubernetes.io/permanent-redirect\nnginx.ingress.kubernetes.io/upstream-vhost\nnginx.ingress.kubernetes.io/enable-opentelemetry\nnginx.ingress.kubernetes.io/opentelemetry-trust-incoming-spans\n```\n\n### Container Network\n\nBy default, ALB is deployed as a host network, which has the advantage of direct access via node ip, and the disadvantage that each ALB can only have exclusive access to the node, or you need to manually manage the ALB's ports.\nBut, ALB also supports container network mode deployment and provides external access through Loadbalancer type Service.\n\n```yaml\napiVersion: crd.alauda.io/v2beta1\nkind: ALB2\nmetadata:\n    name: alb-demo\n    namespace: kube-system\nspec:\n    type: \"nginx\" \n    config:\n        networkMode: container           # use container networkmode\n        vip:\n            enableLbSvc: true            # automatically creates a Service of type LoadBalancer and treats the address assigned to the Service as the address of the ALB\n        loadbalancerName: alb-demo\n        nodeSelector:\n          alb-demo: \"true\"\n        projects:\n        - ALL_ALL\n        replicas: 1\n```\n\n### Gateway API\n\nALB supports GatewayAPI(v1.0.0) out of box, just set the `gatewayClassName` to `exclusive-gateway` when creating gateways. \n\n```yaml\napiVersion: gateway.networking.k8s.io/v1\nkind: Gateway\nmetadata:\n  name: g1 \n  namespace: g1 \nspec:\n  gatewayClassName:  exclusive-gateway\n  listeners:\n  - name: http\n    port: 80\n    protocol: HTTP\n    allowedRoutes:\n      namespaces:\n        from: All\n```\n## release-note\n[release-note](./docs/release-note/README.md)\n## features\n[containermode](./docs/feature/containermode/api-containermode-gateway-deploy.md)  \n[ingressclass](./docs/feature/ingressclass/api-ingressclass.md)  \n[rules](./docs/feature/rule/rules.md)  \n[otel](./docs/feature/otel/otel.md)  \n[waf](./docs/feature/modsecurity/modsecurity.en)  \n[auth](./docs/feature/auth/auth.md)  ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falauda%2Falb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falauda%2Falb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falauda%2Falb/lists"}