tencent cloud

Tencent Kubernetes Engine

Release Notes and Announcements
Release Notes
Announcements
Release Notes
Product Introduction
Overview
Strengths
Architecture
Scenarios
Features
Concepts
Native Kubernetes Terms
Common High-Risk Operations
Regions and Availability Zones
Service Regions and Service Providers
Open Source Components
Purchase Guide
Purchase Instructions
Purchase a TKE General Cluster
Purchasing Native Nodes
Purchasing a Super Node
Getting Started
Beginner’s Guide
Quickly Creating a Standard Cluster
Examples
Container Application Deployment Check List
Cluster Configuration
General Cluster Overview
Cluster Management
Network Management
Storage Management
Node Management
GPU Resource Management
Remote Terminals
Application Configuration
Workload Management
Service and Configuration Management
Component and Application Management
Auto Scaling
Container Login Methods
Observability Configuration
Ops Observability
Cost Insights and Optimization
Scheduler Configuration
Scheduling Component Overview
Resource Utilization Optimization Scheduling
Business Priority Assurance Scheduling
QoS Awareness Scheduling
Security and Stability
TKE Security Group Settings
Identity Authentication and Authorization
Application Security
Multi-cluster Management
Planned Upgrade
Backup Center
Cloud Native Service Guide
Cloud Service for etcd
TMP
TKE Serverless Cluster Guide
TKE Registered Cluster Guide
Use Cases
Cluster
Serverless Cluster
Scheduling
Security
Service Deployment
Network
Release
Logs
Monitoring
OPS
Terraform
DevOps
Auto Scaling
Containerization
Microservice
Cost Management
Hybrid Cloud
AI
Troubleshooting
Disk Full
High Workload
Memory Fragmentation
Cluster DNS Troubleshooting
Cluster kube-proxy Troubleshooting
Cluster API Server Inaccessibility Troubleshooting
Service and Ingress Inaccessibility Troubleshooting
Common Service & Ingress Errors and Solutions
Engel Ingres appears in Connechtin Reverside
CLB Ingress Creation Error
Troubleshooting for Pod Network Inaccessibility
Pod Status Exception and Handling
Authorizing Tencent Cloud OPS Team for Troubleshooting
CLB Loopback
API Documentation
History
Introduction
API Category
Making API Requests
Elastic Cluster APIs
Resource Reserved Coupon APIs
Cluster APIs
Third-party Node APIs
Relevant APIs for Addon
Network APIs
Node APIs
Node Pool APIs
TKE Edge Cluster APIs
Cloud Native Monitoring APIs
Scaling group APIs
Super Node APIs
Other APIs
Data Types
Error Codes
TKE API 2022-05-01
FAQs
TKE General Cluster
TKE Serverless Cluster
About OPS
Hidden Danger Handling
About Services
Image Repositories
About Remote Terminals
Event FAQs
Resource Management
Service Agreement
TKE Service Level Agreement
TKE Serverless Service Level Agreement
Contact Us
Glossary
DokumentasiTencent Kubernetes EngineApplication ConfigurationService and Configuration Management Ingress ManagementCLB Type IngressMultiple Ingresses reuse the same CLB

Multiple Ingresses reuse the same CLB

PDF
Mode fokus
Ukuran font
Terakhir diperbarui: 2026-04-01 10:53:51
Tencent Cloud TKE now supports multiple Ingresses sharing the same CLB. To aggregate traffic from multiple Ingresses to a single load balancer entry point, you can add the ingress.cloud.tencent.com/enable-group: 'true' annotation when creating Ingress resources, and use the kubernetes.io/ingress.existLbId: lb-xxxxxxxx annotation to point to the same CLB instance.

Must-Knows

When multiple Ingresses share the same CLB, sharing the CLB with Service is not supported.
This feature must be enabled when an Ingress is created. For existing Ingresses, it currently cannot be enabled retroactively.
Reusing CLBs automatically created by TKE CLB Ingress is not supported.
Please note that multiple Ingresses sharing the same CLB may create more listeners or forwarding rules, and CLB has quota limits at the account and instance levels. To avoid reaching the limit and affecting Ingress synchronization, contact the load balancing team submit a ticket to plan reasonable quotas.
Warning:
When multiple Ingresses share the same CLB, configuration conflicts will cause the Ingress Controller to suspend reconciliation and report errors. To avoid affecting Ingress synchronization rules and configurations, monitor your Ingresses and handle errors promptly!

Prerequisites

Ensure that the Service/Ingress Controller version in the cluster is ≥ v2.10.0 and running in the converged mode (where Ingress Controller has been merged into the Service Controller component). If not met, submit a ticket to contact the TKE team for an upgrade.
Note:
Service/Ingress Controller Version: In the TKE cluster, navigate to the kube-system namespace and check the VERSION parameter in the configmap tke-service-controller-config and tke-ingress-controller-config to obtain the version information of the respective components.
Converged Version Note: When the EnableIngressController parameter in tke-service-controller-config is set to 'true', it indicates that the converged version mode is enabled.

Usage

Multiple Ingresses can share the same listener (port) or domain name, but each "domain name + URL path" rule combination must be unique.
Multiple Ingresses across namespaces (Namespace) can share the same CLB.
Some features are not supported in reuse scenarios, and related errors will be indicated in Ingress events/annotations.
Note:
The annotation ingress.cloud.tencent.com/enable-group: 'true' must be specified together with kubernetes.io/ingress.existLbId: lb-xxxxxxxx when the Ingress is created. Adding the annotation to an existing Ingress will not enable the feature.

Prerequisites

Log in to Tencent Cloud CLB purchase page, and purchase CLB instances on demand.

Example

Example 1: Ingresses across namespaces using different listeners
Example 2: Ingress enables manual redirection
Example 3: Different Ingresses reuse the same listener
apiVersion: v1
kind: Namespace
metadata:
  name: ns1
---
apiVersion: v1
kind: Namespace
metadata:
  name: ns2
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    ingress.cloud.tencent.com/listen-ports: '[{"HTTP": 80}]'
    kubernetes.io/ingress.existLbId: lb-xxxxxxxx # should be replaced with your own clb id
    ingress.cloud.tencent.com/enable-group: 'true' # must be specified at ingress creation time
  name: nginx-ingress-1
  namespace: ns1
spec:
  rules:
    - http:
        paths:
          - backend:
              service:
                name: nginx-service
                port:
                  number: 80
            path: /
            pathType: ImplementationSpecific
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    ingress.cloud.tencent.com/listen-ports: '[{"HTTP": 81}]'
    kubernetes.io/ingress.existLbId: lb-xxxxxxxx # should be replaced with your own clb id
    ingress.cloud.tencent.com/enable-group: 'true'
  name: nginx-ingress-2
  namespace: ns2
spec:
  rules:
    - http:
        paths:
          - backend:
              service:
                name: nginx-service
                port:
                  number: 80
            path: /
            pathType: ImplementationSpecific
apiVersion: v1
kind: Namespace
metadata:
  name: ns1
---
apiVersion: v1
kind: Namespace
metadata:
  name: ns2
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    ingress.cloud.tencent.com/listen-ports: '[{"HTTP": 80}]'
    kubernetes.io/ingress.existLbId: lb-xxxxxxxx # should be replaced with your own clb id
    ingress.cloud.tencent.com/enable-group: 'true' # must be specified together with kubernetes.io/ingress.existLbId when creating a new ingress
    kubernetes.io/ingress.http-rules: '[{"host":"example.com","path":"/api","backend":{"serviceName":"anyserver","servicePort":"80"}},{"host":"example.com","path":"/tmp","rewrite":{"port":80,"host":"example.com","path":"/api"}}]'
    kubernetes.io/ingress.https-rules: "null"
    kubernetes.io/ingress.rule-mix: "true"
  name: nginx-ingress-1
  namespace: ns1
spec:
  rules:
    - http:
        paths:
          - backend:
              service:
                name: nginx-service
                port:
                  number: 80
            path: /
            pathType: ImplementationSpecific
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    ingress.cloud.tencent.com/listen-ports: '[{"HTTP": 80}]'
    kubernetes.io/ingress.existLbId: lb-xxxxxxxx # should be replaced with your own clb id
    ingress.cloud.tencent.com/enable-group: 'true'
  name: nginx-ingress-2
  namespace: ns2
spec:
  rules:
    - http:
        paths:
          - backend:
              service:
                name: nginx-service
                port:
                  number: 80
            path: /home
            pathType: ImplementationSpecific

# Example: Different Ingresses reuse the same CLB listener, each using a different domain
# Note:
#   - Two Ingresses are in different namespaces (ns1 and ns2)
#   - Reuse the same CLB (specified by kubernetes.io/ingress.existLbId)
#   - Reuse the same listener ports (80 and 8080)
#   - Each routes traffic using a different domain
#     - The Ingress in ns1 uses the domain: app1.example.com
#     - The Ingress in ns2 uses the domain: app2.example.com

apiVersion: v1
kind: Namespace
metadata:
  name: ns1
---
apiVersion: v1
kind: Namespace
metadata:
  name: ns2
---
# Ingress 1: uses the domain app1.example.com
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    ingress.cloud.tencent.com/listen-ports: '[{"HTTP": 80}]'
    ingress.cloud.tencent.com/enable-group: 'true'
    kubernetes.io/ingress.existLbId: lb-xxxxxxxx  # should be replaced with your own lbid
  name: app1-ingress
  namespace: ns1
spec:
  rules:
  - host: app1.example.com
    http:
      paths:
      - backend:
          service:
            name: app1-server
            port:
              number: 80
        path: /
        pathType: Prefix
---
# Ingress 2: uses the domain app2.example.com (reuses the same CLB and listener)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    ingress.cloud.tencent.com/listen-ports: '[{"HTTP": 80}]'
    ingress.cloud.tencent.com/enable-group: 'true'
    kubernetes.io/ingress.existLbId: lb-xxxxxxxx  # should be replaced with your own lbid (same as above)
  name: app2-ingress
  namespace: ns2
spec:
  rules:
  - host: app2.example.com
    http:
      paths:
      - backend:
          service:
            name: app2-server
            port:
              number: 80
        path: /
        pathType: Prefix
---
# ns1's Service
apiVersion: v1
kind: Service
metadata:
  name: app1-server
  namespace: ns1
  labels:
    app: app1-server
spec:
  ports:
    - name: http
      port: 80
      targetPort: 80
  selector:
    app: app1-server
  type: NodePort
---
# ns1's Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
  name: app1-server
  namespace: ns1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: app1-server
  template:
    metadata:
      labels:
        app: app1-server
    spec:
      containers:
        - image: ccr.ccs.tencentyun.com/paas/anyserver
          name: anyserver
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: metadata.name
---
# ns2's Service
apiVersion: v1
kind: Service
metadata:
  name: app2-server
  namespace: ns2
  labels:
    app: app2-server
spec:
  ports:
    - name: http
      port: 80
      targetPort: 80
  selector:
    app: app2-server
  type: NodePort
---
# ns2's Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
  name: app2-server
  namespace: ns2
spec:
  replicas: 1
  selector:
    matchLabels:
      app: app2-server
  template:
    metadata:
      labels:
        app: app2-server
    spec:
      containers:
        - image: ccr.ccs.tencentyun.com/paas/anyserver
          name: anyserver
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: metadata.name

Support Status

Annotation
Description
Whether it is supported (in reuse scenarios)
ingress.cloud.tencent.com/listen-ports
Custom listening port
Supported
ingress.cloud.tencent.com/direct-access
Enable CLB passthrough to Pod
Supported
ingress.cloud.tencent.com/auto-rewrite
Use automatic redirection
Supported
kubernetes.io/ingress.rule-mix
Enable hybrid (http/https) protocol
Supported
kubernetes.io/ingress.http-rules
http protocol
Supported
kubernetes.io/ingress.https-rules
https protocol
Supported
ingress.cloud.tencent.com/enable-grace-deletion
Graceful Deletion of Pod
Supported
ingress.cloud.tencent.com/lb-rs-weight
Customize backend RS weight
Supported
ingress.cloud.tencent.com/tke-service-config
Use manual scaling configuration
Supported
ingress.cloud.tencent.com/pass-to-target
bypass by default
Supported
ingress.cloud.tencent.com/tke-service-config-auto
Use automatically generated scaling configuration
Not supported.
ingress.cloud.tencent.com/rewrite-support
Use manual redirection
Deprecated.

Feature Change Description

The usage and semantics of some annotations have been adjusted while reusing CLB across multiple Ingresses.

Manual redirection

Annotation:ingress.cloud.tencent.com/rewrite-support
Status: Deprecated in the scenario of reusing CLB across multiple Ingresses.
Note: This annotation is deprecated. To modify manual redirection rules for Ingress, simply configure them in kubernetes.io/ingress.http-rules and kubernetes.io/ingress.https-rules without adding this annotation.

Automatic redirection

Annotation: ingress.cloud.tencent.com/auto-rewrite
Change: Adjust the semantics of annotation deletion in the scenario of reusing CLB across multiple Ingresses.
Note: In the scenario of reusing CLB across multiple Ingresses, deleting this annotation or setting its value to false both indicate disabling automatic redirection.

FAQs

Migration issues for existing Ingresses using pre-existing CLBs

Currently not supported to migrate to the reuse scenario by adding the annotation ingress.cloud.tencent.com/enable-group: 'true' to existing Ingresses.

Rules/Configurations conflict issues

When the controller is in normal reconciliation, an example of Ingress annotation is shown below:
ingress.cloud.tencent.com/status.conditions: '[{"type":"Ready","status":"True","lastTransitionTime":"2025-10-07T11:30:53Z","reason":"Success","message":""}]'
If Ingresses reusing the same CLB encounter reconciliation exceptions, the error information will be exposed in annotations, for example:
ingress.cloud.tencent.com/status.conditions: '[{"type":"Ready","status":"False","lastTransitionTime":"2025-10-07T11:35:10Z","reason":"ListenerError","message":"Sync
  ClientError\\nErrorCode: E4403\\nDetails: Group: lb-fgim8ppi. The loadbalancer
  has port conflict in the listeners 80_HTTP.\\nOriginError: ingress ns1/server2
  listener 80_HTTP domain example.com's path / conflict: already owned by ns1/server1\\n"}]'

Scenario support issues

Ingresses reusing CLB are not supported to share the same CLB with Ingresses using existing CLB (without the ingress.cloud.tencent.com/enable-group: 'true' annotation). An error example is shown below:
ingress.cloud.tencent.com/status.conditions: '[{"type":"Ready","status":"False","lastTransitionTime":"2025-10-09T12:29:05Z","reason":"LoadbalancerError","message":"Sync
   ClientError\\nErrorCode: E4406\\nDetails: Group: lb-fgim8ppi. Can not use lb:
   ns1/server1 used by another ingress/multiClusterIngress .\\nOriginError:
   group can't reuse clb with ingress which has existLbId, please process\\n"}]'
Ingresses reusing CLB are currently not supported to share the same CLB with Services. An error example is shown below:
ingress.cloud.tencent.com/status.conditions: '[{"type":"Ready","status":"False","lastTransitionTime":"2025-10-09T12:40:01Z","reason":"LoadbalancerError","message":"Sync
    ClientError\\nErrorCode: E4407\\nDetails: Group: lb-fgim8ppi. Can not use lb:
    lb-fgim8ppi used by another service ns1/svc1.\\nOriginError: ingress managered by group not support reuse clb with service\\n"}]'

Topik sebelumnya: Ingress Certificate ConfigurationTopik selanjutnya: Ingress Annotation

Bantuan dan Dukungan

Apakah halaman ini membantu?

masukan