All Products
Search

This Product

    Container Service for Kubernetes:Use an existing Server Load Balancer instance to expose an application

    Document Center

    Container Service for Kubernetes:Use an existing Server Load Balancer instance to expose an application

    Last Updated:Mar 26, 2026

    Attach an existing Classic Load Balancer (CLB) or Network Load Balancer (NLB) instance to a Kubernetes LoadBalancer Service to expose your application without provisioning a new load balancer. This approach is useful when you need to preserve a fixed IP address, share a load balancer across multiple Services, or expose TCP and UDP traffic on the same port.

    To access the application from outside the cluster, use <SLB-IP>:<Service port> or the SLB domain name. To access it from within the cluster, use <Service name>:<Service port>.

    Prerequisites

    Before you begin, ensure that you have:

    Important

    When creating an ACK cluster, do not select Install Ingresses if you plan to reuse an existing SLB instance. After the cluster is created, manually specify the existing instance. See Create and manage a CLB instance and Create and manage an NLB instance.

    Notes and constraints

    Review the following before proceeding.

    Listener behavior by cloud-controller-manager version

    When you attach an existing SLB instance to a Service, listener configuration depends on the cloud-controller-manager version:

    • v1.9.3.59-ge3bc999-aliyun and later: cloud-controller-manager does not configure listeners by default. Add the annotation service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners: "true" to let ACK manage listeners, or configure listening rules manually on the SLB instance.

    • Earlier than v1.9.3.59-ge3bc999-aliyun: cloud-controller-manager automatically creates and manages backend server groups and ensures that all listeners—including those configured manually—are associated with those groups.

    Check the cloud-controller-manager version

    • Console: In the ACK console, go to your cluster's Operations > Add-ons page. On the Core Components tab, find the version listed next to Cloud Controller Manager.

    • kubectl (ACK dedicated clusters only):

      kubectl get pod -n kube-system -o yaml | grep image: | grep cloud-con | uniq

    Usage limits

    Step 1: Deploy an application

    This example deploys a stateless NGINX application as the backend for the LoadBalancer Service.

    Use the ACK console

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, find your cluster and click its name. In the left-side pane, choose Workloads > Deployments.

    3. On the Deployments page, click Create from Image and configure the Deployment:

      1. On the Basic Information page, set Name to my-nginx and click Next.

      2. On the Container page, configure the image and port:

        Parameter Value
        Image Name Click Select images. On the Artifact Center tab, search for nginx and select openanolis/nginx. Click Select Image Tag, set a tag, and click OK.
        Port Name: nginx, Container Port: 80

      3. On the Advanced page, keep the defaults and click Create.

    Use kubectl

    1. Create a file named my-nginx.yaml with the following content:

      apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-nginx        # Deployment name
  labels:
    app: nginx
spec:
  replicas: 2           # Number of pod replicas
  selector:
    matchLabels:
      app: nginx        # Must match the selector in the Service
  template:
    metadata:
      labels:
        app: nginx
    spec:
    #  nodeSelector:
    #    env: test-team
      containers:
      - name: nginx
        image: anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6
        ports:
        - containerPort: 80

    2. Deploy the application:

      kubectl apply -f my-nginx.yaml

    3. Verify the Deployment is ready:

      kubectl get deployment my-nginx

      Expected output:

      NAME       READY   UP-TO-DATE   AVAILABLE   AGE
my-nginx   2/2     2            2           50s

    Step 2: Create a LoadBalancer Service

    Create a LoadBalancer Service that points to the existing SLB instance.

    Use the ACK console

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, find your cluster and click its name. In the left-side pane, choose Network > Services.

    3. On the Services page, click Create. In the Create Service dialog box, configure the following parameters:

      Parameter Description Example
      Name Name of the Service my-nginx-svc
      Service Type Select SLB, set SLB Type to CLB, and choose Use Existing Resource. Select a CLB instance from the drop-down list. If the instance has no listeners configured yet, select Overwrite Existing Listeners. SLB > CLB > Use Existing Resource
      External Traffic Policy Local routes traffic only to pods on the current node. Cluster routes traffic to pods across all nodes. Local
      Backend The application to associate with the Service Name: app, Value: nginx
      Port Mapping Maps the Service port to the container port Service port: 80, Container port: 80, Protocol: TCP
      Annotations Add annotations to configure the SLB instance. See Use annotations to configure CLB instances and Use annotations to configure NLB instances. N/A

    4. Click OK. After the Service is created, click its name to open the details page. In the Overview section, click the External IP (for example, 39.106.XX.XX:80) to verify the application is accessible.

      image

    Use kubectl

    1. Create a file named my-nginx-svc.yaml with the following content:

      Field Description
      metadata.annotations alibaba-cloud-loadbalancer-id specifies the existing SLB instance ID. alibaba-cloud-loadbalancer-force-override-listeners: 'true' lets ACK create and manage listeners on the instance. Omit this annotation to preserve the existing listener configuration.
      spec.selector Selects the pods to receive traffic. Must match the matchLabels in the Deployment (app: nginx).
      spec.ports.port The Service port exposed on the cluster IP. Access the Service within the cluster at clusterIP:port.
      spec.ports.targetPort The port on the backend pod. kube-proxy forwards traffic from port to targetPort on each pod. 
      apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: ${YOUR_LB_ID}                      # Replace with your SLB instance ID
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners: 'true'       # Set to true for a new instance with no listeners configured
  labels:
    app: nginx
  name: my-nginx-svc
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx            # Must match the labels on the backend pods
  type: LoadBalancer

      Key fields:

    2. Apply the Service:

      kubectl apply -f my-nginx-svc.yaml

    3. Confirm the Service is running and has an external IP:

      kubectl get svc my-nginx-svc

      Expected output:

      NAME           TYPE           CLUSTER-IP    EXTERNAL-IP      PORT(S)        AGE
my-nginx-svc   LoadBalancer   172.21.5.82   39.106.XX.XX     80:30471/TCP   5m

    4. Access the application:

      curl <YOUR-EXTERNAL-IP>    # Replace with the external IP from the previous step

      Expected output:

      <!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
...
</html>

    Manage Services

    Use the ACK console

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, find your cluster and click its name. In the left-side pane, choose Network > Services.

    3. On the Services page, click a Service to view its details, or click Update or Delete in the Actions column.

    Use kubectl

    Update a Service

    kubectl edit service my-nginx-svc

    Alternatively, edit my-nginx-svc.yaml and reapply:

    kubectl apply -f my-nginx-svc.yaml

    View a Service

    kubectl get service my-nginx-svc

    Expected output:

    NAME           TYPE           CLUSTER-IP     EXTERNAL-IP      PORT(S)        AGE
my-nginx-svc   LoadBalancer   172.21.XX.XX   192.168.XX.XX    80:31599/TCP   5m

    Delete a Service

    kubectl delete service my-nginx-svc

    CLB configuration reference

    The following tables describe the parameters available when creating or using an existing CLB instance through the ACK console.

    Create a new CLB instance

    Parameter Description
    Name Name of the CLB instance
    Access Method Public Access or Internal Access
    Billing Method Pay-by-specification or Pay-as-you-go (Pay-by-CU). See CLB billing.
    IP Version IPv4 or IPv6
    Scheduling Algorithm Round Robin (RR) (default): distributes requests to backend servers in sequence. Weighted Round Robin (WRR): servers with higher weights receive more requests.
    Access Control Enable or disable listener-level access control. See Access control.
    Health Check TCP or HTTP. See CLB health checks.
    Others Configure additional settings with annotations. See Use annotations to configure CLB instances.

    Use an existing CLB instance

    Select the instance from the drop-down list and choose whether to enable Overwrite Existing Listeners. See Use an existing CLB instance and forcefully overwrite the listeners of the CLB instance.

    Important

    Review usage limits before reusing a CLB instance. See the Usage notes section of "Considerations for configuring a LoadBalancer Service."

    Advanced settings

    Parameter Description
    Scheduling Algorithm Round Robin (RR) (default) or Weighted Round Robin (WRR)
    Access Control Enable or disable access control for the listener
    Health Check TCP or HTTP. See CLB health checks.
    Others Configure with annotations. See Use annotations to configure CLB instances.

    NLB configuration reference

    The following tables describe the parameters available when creating or using an existing NLB instance through the ACK console.

    Create a new NLB instance

    Parameter Description
    Name Name of the NLB instance
    Access Method Public Access or Internal Access
    Billing Method Pay-as-you-go (Pay-by-CU). See NLB billing.
    IP Version IPv4 or Dual-stack
    Scheduling Algorithm Round-Robin: forwards requests in sequence. Weighted Round-Robin (default): higher-weight servers receive more requests. Source IP Hashing: routes requests from the same source IP to the same backend server. Four-Element Hashing: routes based on source IP, destination IP, source port, and destination port. QUIC ID Hashing: routes requests with the same QUIC ID to the same backend server. Weighted Least Connections: routes based on weights and current connection counts.
    Health Check TCP (default): sends SYN packets to check port availability. Configure Health Check Response Timeout, Health Check Interval, Healthy Threshold, and Unhealthy Threshold. HTTP: sends HEAD or GET requests. Configure Domain Name (Backend Server Internal IP or Custom Domain Name), Path, and Health Check Status Codes (http_2xx, http_3xx, http_4xx, http_5xx; default: http_2xx).
    VPC The cluster's VPC region and VPC ID
    Vswitch Choose a vSwitch in a zone supported by the NLB instance, or create a new one
    Others Configure with annotations. See Use annotations to configure NLB instances.

    Use an existing NLB instance

    Select the instance from the drop-down list and choose whether to enable Overwrite Existing Listeners. See Use an existing NLB instance.

    Important

    Review usage limits before reusing an NLB instance. See the Usage notes section of "Considerations for configuring a LoadBalancer Service."

    Advanced settings

    Parameter Description
    Scheduling Algorithm Same options as the Create NLB instance table above
    Health Check Same options as the Create NLB instance table above
    VPC The cluster's VPC region and VPC ID
    Vswitch Choose a vSwitch in a supported zone, or create a new one
    Others Configure with annotations. See Use annotations to configure NLB instances.

    What's next