On this page

Prerequisites
Notes and Constraints
Configuring Header Writing or Deletion for a LoadBalancer Ingress
Returning a Specific Response Body for a LoadBalancer Ingress
Configuring Request Limiting for a LoadBalancer Ingress

Show all

Help Center/ Cloud Container Engine/ User Guide/ Network/ Ingresses/ LoadBalancer Ingresses/ Advanced Setting Examples of LoadBalancer Ingresses/ Configuring Advanced Forwarding Actions for a LoadBalancer Ingress

Configuring Advanced Forwarding Actions for a LoadBalancer Ingress

Updated on 2025-02-18 GMT+08:00

View PDF

Dedicated load balancers offer different forwarding actions to effectively distribute traffic. ELB directs client requests to backend servers based on the specified forwarding rules.

Figure 1 How an advanced forwarding action operates
Click to enlarge

**Table 1** Advanced forwarding actions
Action	Additional Action	Description	Reference	Cluster Version
Forward to a backend server group	None	Default forwarding action of a LoadBalancer ingress. Requests are directly forwarded to backend servers (backend nodes or pods in a cluster) without being processed.	Creating a LoadBalancer Ingress on the Console	No requirements on cluster versions
	Rewrite	Rewrite the request paths.	Configuring URL Rewriting for a LoadBalancer Ingress	v1.23: v1.23.14-r0 or later v1.25: v1.25.9-r0 or later v1.27: v1.27.6-r0 or later v1.28: v1.28.4-r0 or later Other clusters of later versions
	Cross-origin access	Support cross-origin access of resources.	Configuring Cross-Origin Access for LoadBalancer Ingresses	v1.23: v1.23.18-r10 or later v1.25: v1.25.16-r0 or later v1.27: v1.27.16-r0 or later v1.28: v1.28.13-r0 or later v1.29: v1.29.8-r0 or later v1.30: v1.30.4-r0 or later Other clusters of later versions
	Write/Remove header	Write or delete the configured header in a request before accessing the backend server.	Configuring Header Writing or Deletion for a LoadBalancer Ingress
	Limit traffic on requests	Support traffic limit on requests.	Configuring Request Limiting for a LoadBalancer Ingress	v1.27: v1.27.16-r10 or later v1.28: v1.28.15-r0 or later v1.29: v1.29.10-r0 or later v1.30: v1.30.6-r0 or later Other clusters of later versions
Redirect to another listener (redirect HTTP to HTTPS)	None	Forward HTTP access requests to HTTPS listeners.	Redirecting HTTP to HTTPS for a LoadBalancer Ingress	v1.23: v1.23.14-r0 or later v1.25: v1.25.9-r0 or later v1.27: v1.27.6-r0 or later v1.28: v1.28.4-r0 or later Other clusters of later versions
Redirect to another URL	None	Redirect a specific access request to a specified URL and return a 3xx return code.	Configuring URL Redirection for a LoadBalancer Ingress
Return a specific response body	None	Directly return a fixed response and do not continue to forward the response to the backend server.	Returning a Specific Response Body for a LoadBalancer Ingress	v1.25: v1.25.16-r10 or later v1.27: v1.27.16-r10 or later v1.28: v1.28.15-r0 or later v1.29: v1.29.10-r0 or later v1.30: v1.30.6-r0 or later Other clusters of later versions
Return a specific response body	Limit traffic on requests	Support traffic limit on requests.	Configuring Request Limiting for a LoadBalancer Ingress	v1.27: v1.27.16-r10 or later v1.28: v1.28.15-r0 or later v1.29: v1.29.10-r0 or later v1.30: v1.30.6-r0 or later Other clusters of later versions

NOTE:

CCE allows you to configure rewrite, header writing/deletion, and traffic limit on requests based on ELB's advanced forwarding for LoadBalancer ingresses. These functions are coming soon. To use some advanced forwarding actions that are not available on the console yet, submit a service ticket to enable required functions.

Prerequisites

A CCE standard or Turbo cluster is available, and the cluster version meets the requirements.
The cluster can be accessed using kubectl. For details, see Connecting to a Cluster Using kubectl.

Notes and Constraints

This feature is only available when dedicated load balancers are used.
This feature relies on the ELB advanced forwarding policies. Once the ELB advanced forwarding policies are enabled, the forwarding policy priority is not determined by the domain name or path matching. You can customize the forwarding policy priority as needed. For details about the forwarding policy priority, see Forwarding Policy Priorities of LoadBalancer Ingresses.

Configuring Header Writing or Deletion for a LoadBalancer Ingress

Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.

Create a YAML file named ingress-test.yaml. The file name can be customized.

vi ingress-test.yaml

An example YAML file of an ingress created using an existing load balancer is as follows:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/elb.class: performance
    kubernetes.io/elb.id: 034baaf0-40e8-4e39-b0d9-bf6e5b883cf9
    kubernetes.io/elb.port: "80"
    # Configure header writing or deletion for the Service named test-service.
    kubernetes.io/elb.actions.test-service: |
      [{
          "type": "InsertHeader",
          "InsertHeaderConfig": {
              "key": "aa",
              "value_type": "USER_DEFINED",
              "value": "aa"
          }
      },
      {
          "type": "InsertHeader",
          "InsertHeaderConfig": {
              "key": "bb",
              "value_type": "SYSTEM_DEFINED",
              "value": "ELB-ID"
          }
      },
      {
          "type": "InsertHeader",
          "InsertHeaderConfig": {
              "key": "cc",
              "value_type": "REFERENCE_HEADER",
              "value": "cc"
          }
      },
      {
          "type": "RemoveHeader",
          "RemoveHeaderConfig": {
              "key": "dd"
          }
      },
      {
          "type": "RemoveHeader",
          "RemoveHeaderConfig": {
              "key": "ee"
          }
      }]      
  name: test
  namespace: default
spec:
  ingressClassName: cce
  rules:
    - http:
        paths:
          - backend:
              service:
                name: test-service
                port:
                  number: 8888
            path: /
            pathType: ImplementationSpecific
            property:
              ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH

**Table 2** Annotations for advanced forwarding actions
Parameter	Type	Description
kubernetes.io/elb.actions.${svc_name}	String	Configure an advanced forwarding action for an ingress. ${svc_name} indicates the Service name, which can contain a maximum of 51 characters. If the annotation value is set to [], all advanced forwarding actions will be deleted. The value of the annotation for configuring header writing or deletion is a JSON string array. For details, see Table 3. For example: [{"type":"InsertHeader","InsertHeaderConfig":{"key":"aa","value_type":"USER_DEFINED","value":"aa"}}]

**Table 3** Parameters for rewriting a header
Parameter	Description	Example
type	Type of header rewriting. Options: InsertHeader: indicates that the header will be written. This field must be used with InsertHeaderConfig. RemoveHeader: indicates that the header will be deleted. This field must be used with RemoveHeaderConfig. NOTE: For advanced forwarding actions, you can add a maximum of five header writing or deletion configurations to an annotation.	None
InsertHeaderConfig	Indicates that the header will be written. This parameter is used only when type is set to InsertHeader. key: key of the rewritten header. A key consists of 1 to 40 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. A key cannot contain any of the following characters (case-insensitive): connection, upgrade, content-length, transfer-encoding, keep-alive, te, host, cookie, remoteip, authority, x-forwarded-host, x-forwarded-for, x-forwarded-for-port, x-forwarded-tls-certificate-id, x-forwarded-tls-protocol, x-forwarded-tls-cipher, x-forwarded-elb-ip, x-forwarded-port, x-forwarded-elb-id, x-forwarded-elb-vip, x-real-ip, x-forwarded-proto, x-nuwa-trace-ne-in, or x-nuwa-trace-ne-out value_type: type of the header to be written. If the header is deleted, this parameter becomes invalid. Options: USER_DEFINED: custom header REFERENCE_HEADER: header referenced by a user SYSTEM_DEFINED: header defined by the system value: value of the header to be written. If the header is deleted, this parameter becomes invalid. If value_type is set to SYSTEM_DEFINED, the value can only be CLIENT-PORT, CLIENT-IP, ELB-PROTOCOL, ELB-ID, ELB-PORT, ELB-EIP, or ELB-VIP.	{ "type": "InsertHeader", "InsertHeaderConfig": { "key": "aa", "value_type": "USER_DEFINED", "value": "aa" } }
RemoveHeaderConfig	Indicates that the header will be deleted. This parameter is used only when type is set to RemoveHeader. key: key of the deleted header. A key consists of 1 to 40 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. A key cannot contain any of the following characters (case-insensitive): connection, upgrade, content-length, transfer-encoding, keep-alive, te, host, cookie, remoteip, authority, x-forwarded-host, x-forwarded-for, x-forwarded-for-port, x-forwarded-tls-certificate-id, x-forwarded-tls-protocol, x-forwarded-tls-cipher, x-forwarded-elb-ip, x-forwarded-port, x-forwarded-elb-id, x-forwarded-elb-vip, x-real-ip, x-forwarded-proto, x-nuwa-trace-ne-in, or x-nuwa-trace-ne-out	{ "type": "RemoveHeader", "RemoveHeaderConfig": { "key": "ee" } }

Create an ingress.
```
kubectl create -f ingress-test.yaml
```
If information similar to the following is displayed, the ingress has been created:
```
ingress/ingress-test created
```

Check the created ingress.

kubectl get ingress

If information similar to the following is displayed, the ingress has been created:

NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
ingress-test  cce      *         121.**.**.**     80      10s

Returning a Specific Response Body for a LoadBalancer Ingress

Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.

Create a YAML file named ingress-test.yaml. The file name can be customized.

vi ingress-test.yaml

An example YAML file of an ingress created using an existing load balancer is as follows:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/elb.class: performance
    kubernetes.io/elb.id: 034baaf0-40e8-4e39-b0d9-bf6e5b883cf9
    kubernetes.io/elb.port: "80"
    # Configure the capability of returning a fixed response body for the Service named test-service.
    kubernetes.io/elb.actions.test-service: |
    [ 
     { 
       "type": "FixedResponse", 
       "fixedResponseConfig": { 
           "contentType": "text/plain", 
           "statusCode": "503",
           "messageBody": "503 error text"  
       } 
     } 
    ]
  name: test
  namespace: default
spec:
  ingressClassName: cce
  rules:
    - http:
        paths:
          - backend:
              service:
                name: test-service
                port:
                  number: 8888
            path: /
            pathType: ImplementationSpecific
            property:
              ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH

**Table 4** Annotations for advanced forwarding actions
Parameter	Type	Description
kubernetes.io/elb.actions.${svc_name}	String	Configure an advanced forwarding action for an ingress. ${svc_name} indicates the Service name, which can contain a maximum of 51 characters. If the annotation value is set to [], all advanced forwarding actions will be deleted. The annotation value of a fixed response is a JSON string array. For details, see Table 5.

**Table 5** Parameters for a fixed response
Parameter	Description	Example
type	The value is fixed at FixedResponse, indicating that a fixed response will be returned. NOTE: For advanced forwarding actions, you can add a maximum of one fixed response configuration to an annotation.	None
fixedResponseConfig	contentType: format of the returned content. The options are text/plain, text/css, text/html, application/javascript, and application/json. statusCode: By default, 2xx, 4xx, and 5xx status codes are supported. (Mandatory) messageBody: Enter 0 to 1024 characters.	{ "type": "FixedResponse", "fixedResponseConfig": { "contentType": "text/plain", "statusCode": "503", "messageBody": "503 error text" } }

Create an ingress.
```
kubectl create -f ingress-test.yaml
```
If information similar to the following is displayed, the ingress has been created:
```
ingress/ingress-test created
```

Check the created ingress.

kubectl get ingress

If information similar to the following is displayed, the ingress has been created:

NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
ingress-test  cce      *         121.**.**.**     80      10s

Configuring Request Limiting for a LoadBalancer Ingress

Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.

Create a YAML file named ingress-test.yaml. The file name can be customized.

vi ingress-test.yaml

An example YAML file of an ingress created using an existing load balancer is as follows:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/elb.class: performance
    kubernetes.io/elb.id: 034baaf0-40e8-4e39-b0d9-bf6e5b883cf9
    kubernetes.io/elb.port: "80"
    # Configure ELB request limiting for the Service named test-service.
    kubernetes.io/elb.actions.test-service: |
    [ 
     { 
       "type": "TrafficLimit", 
       "trafficLimitConfig": { 
           "QPS": 4,
           "perSourceIpQps": 2,
           "burst": 2
       } 
      } 
    ]
  name: test
  namespace: default
spec:
  ingressClassName: cce
  rules:
    - http:
        paths:
          - backend:
              service:
                name: test-service
                port:
                  number: 8888
            path: /
            pathType: ImplementationSpecific
            property:
              ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH

**Table 6** Annotations for advanced forwarding actions
Parameter	Type	Description
kubernetes.io/elb.actions.${svc_name}	String	Configure an advanced forwarding action for an ingress. ${svc_name} indicates the Service name, which can contain a maximum of 51 characters. If the annotation value is set to [], all advanced forwarding actions will be deleted. The value of an annotation for configuring traffic limit is a JSON array. For details, see Table 7.

**Table 7** Parameters for configuring traffic limit
Parameter	Description	Example
type	The value is fixed at TrafficLimit, indicating that traffic limit is enabled for a load balancer. NOTE: For advanced forwarding actions, you can add a maximum of one traffic limit configuration to an annotation.	None
trafficLimitConfig	QPS: the total rate limiting, which specifies the maximum number of QPS. The value ranges from 1 to 100000. If the number of requests reaches the specified value, new requests will be discarded and 503 Service Unavailable will be returned to the client. (Optional) perSourceIpQps: request limiting based on the source IP address of a client. The value ranges from 1 to 100000. If both QPS and perSourceIpQps are configured, the latter value must be smaller than the former. If the number of requests reaches the specified value, new requests will be discarded and 503 Service Unavailable will be returned to the client. (Optional) burst: the size of a burst buffer. The value ranges from 0 to 100000. The burst rate allows for exceeding the average rate temporarily to handle sudden bursts of requests. For instance, if the limit is set to 5 but the burst rate is 10, five more requests can be processed within 1 second. However, if the number of requests exceeds 10, only five requests are allowed within 1 second.	{ "type": "TrafficLimit", "trafficLimitConfig": { "QPS": "4", "perSourceIpQps": "2", "burst": "2" } }

Create an ingress.
```
kubectl create -f ingress-test.yaml
```
If information similar to the following is displayed, the ingress has been created:
```
ingress/ingress-test created
```

Check the created ingress.

kubectl get ingress

If information similar to the following is displayed, the ingress has been created:

NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
ingress-test  cce      *         121.**.**.**     80      10s

Parent Topic: Advanced Setting Examples of LoadBalancer Ingresses

Previous topic: Configuring Advanced Forwarding Rules for a LoadBalancer Ingress

Next topic: Forwarding Policy Priorities of LoadBalancer Ingresses

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot