All Products
Search

This Product

    Container Compute Service:Use ALB Ingresses

    Document Center

    Container Compute Service:Use ALB Ingresses

    Last Updated:Jan 30, 2026

    Application Load Balancer (ALB) Ingresses provide a fully managed Layer 7 load balancing solution for Container Service for Kubernetes (ACK) clusters. Unlike NGINX Ingresses, ALB Ingresses require no manual maintenance—they automatically detect changes in Ingress resources and distribute traffic based on predefined routing rules. ALB Ingresses also include automatic scaling to handle traffic fluctuations while maintaining system stability.

    How ALB Ingresses work

    ALB Ingresses use the following key components:

    Component

    Description

    ALB Ingress controller

    A control plane component that watches for changes in Ingress and AlbConfig resources via the Kubernetes API server. It dynamically updates the ALB instance based on routing rules. Unlike the NGINX Ingress controller, it manages the ALB instance but does not handle data plane traffic directly.

    AlbConfig

    A CustomResourceDefinition (CRD) that defines the ALB instance configuration, including edition and listeners. Each AlbConfig corresponds to one ALB instance.

    IngressClass

    Defines the association between an Ingress and an AlbConfig.

    Ingress

    A resource object that defines external traffic routing rules and access control. The ALB Ingress controller monitors Ingress changes and updates the ALB instance accordingly.

    Traffic flow

    When you create an ALB Ingress:

    1. The ALB Ingress controller detects changes to Ingress and AlbConfig resources.

    2. The controller translates path mappings and services into ALB routing rules and server groups.

    3. The ALB instance processes incoming traffic and forwards requests to backend pods proxied by Services.

    Benefits

    ALB Ingresses outperform NGINX Ingresses in these scenarios:

    Scenario

    ALB Ingress advantage

    Persistent connections

    ALB Ingresses apply configuration changes through hot reloads, ensuring persistent connections are not interrupted. NGINX Ingresses must reload processes, which may temporarily close connections and cause service interruptions.

    High concurrency

    Each ALB instance supports tens of millions of connections through Alibaba Cloud's network management platform. NGINX Ingresses support fewer sessions and require manual scaling.

    High QPS

    Each ALB instance supports up to one million QPS with automatic scaling. NGINX Ingresses rely on cluster resources and may experience performance bottlenecks.

    Large workload fluctuations

    ALB uses pay-as-you-go billing with automatic scaling. Fewer Load Balancer Capacity Units (LCUs) are consumed during off-peak hours. NGINX requires manual resource reservation.

    High availability

    Use ACK One to create ALB multi-cluster gateways for active zone-redundancy and geo-redundancy.

    Limitations

    • The ALB Ingress controller requires ACK clusters version 1.18 or later.

    • When using the Flannel network plugin, backend Services of ALB Ingresses support only NodePort and LoadBalancer types—ClusterIP Services are not supported.

    • For ALB quotas and limits, see ALB quotas.

    Prerequisites

    Before you begin, ensure that you have:

    • An ACK managed, ACK dedicated, or ACK Serverless cluster running Kubernetes 1.18 or later

    • At least two vSwitches in different zones within your VPC

    • kubectl configured to connect to your cluster (see Kubeconfig file management)

    Step 1: Install the ALB Ingress controller

    You can install the ALB Ingress controller when creating a cluster or add it to an existing one.

    Option A: Install during cluster creation

    1. Log on to the ACK console and click Create Kubernetes Cluster.

    2. Disable Auto Mode to access the step-by-step configuration wizard.

    3. Complete the Component Configurations and Node Pool Configurations steps.

    4. In Component Configurations, find the Ingress section and select ALB Ingress.

    5. Select the ALB instance option that meets your requirements and complete cluster creation.

      Option

      Description

      New

      Creates a pay-as-you-go, standard ALB instance in the cluster's VPC with a default HTTP listener on port 80. Automatically creates the associated AlbConfig and IngressClass resources.

      Existing

      Uses an existing ALB instance (must be standard or WAF-enabled edition, in the same VPC, and not associated with another cluster). Automatically creates the associated AlbConfig and IngressClass.

      None

      Installs only the ALB Ingress controller. You must manually create AlbConfig and IngressClass resources later.

    Option B: Install on an existing cluster

    1. Log on to the ACK console. In the left navigation pane, click Clusters.

    2. Click the name of your cluster to enter the cluster details page.

    3. In the left navigation pane, click Add-ons.

    4. Click the Networking tab, find ALB Ingress Controller and click Install.

    5. Select the ALB instance option (New, Existing, or None) and click OK.

    Step 2: Deploy a sample application

    Deploy a sample Nginx application to test the ALB Ingress configuration.

    Console

    1. In the ACK console, find your cluster and click its name.

    2. In the left navigation pane, choose Workloads > Deployments.

    3. Click Create from YAML. Set Sample Template to Custom and paste the following YAML:

    apiVersion: apps/v1
kind: Deployment
metadata:
  name: coffee
  namespace: default
spec:
  replicas: 2
  selector:
    matchLabels:
      app: coffee
  template:
    metadata:
      labels:
        app: coffee
    spec:
      containers:
        - name: coffee
          image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginxdemos:latest
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: coffee-svc
  namespace: default
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  selector:
    app: coffee
  type: ClusterIP

    1. Click Create. Verify that the pod status shows Running.

    kubectl

    1. Create a file named coffee-deployment-service.yaml with the YAML content shown above.

    2. Deploy the application:

      kubectl apply -f coffee-deployment-service.yaml

    3. Verify the pods are running:

      kubectl get pod -l app=coffee

      Expected output:

      NAME                      READY   STATUS    RESTARTS   AGE
coffee-84bd6*****-*****   1/1     Running   0          4m22s
coffee-84bd6*****-*****   1/1     Running   0          4m22s

    Step 3: Create an ALB Ingress

    Create an Ingress resource to route external traffic to your application. This example routes requests for demo.example.com/coffee to the coffee-svc Service.

    Note

    To use an ALB Ingress in an ACK dedicated cluster, first grant the required permissions to the ALB Ingress controller.

    Console

    1. In the left navigation pane, choose Network > Ingresses.

    2. Select the default namespace and click Create Ingress.

    3. Configure the following parameters:

      Parameter

      Value

      Name

      coffee-ingress

      Domain Name

      demo.example.com

      Path

      /coffee

      Rule

      Prefix

      Service

      coffee-svc

      Port

      80

    4. Click OK.

    kubectl

    1. Create a file named coffee-ingress.yaml with the following content:

      apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: coffee-ingress
  namespace: default
spec:
  ingressClassName: alb
  rules:
    - host: demo.example.com
      http:
        paths:
          - path: /coffee
            pathType: Prefix
            backend:
              service:
                name: coffee-svc
                port:
                  number: 80

    2. Create the Ingress:

      kubectl apply -f coffee-ingress.yaml

    Path matching rules

    PathType

    Behavior

    Prefix

    Matches based on URL path prefix. For example, /coffee matches /coffee/1 and /coffee/buy/1, but not /cof or /coffeebuy/1.

    Exact

    Matches the URL path exactly. For /coffee, only requests to exactly /coffee are matched.

    ImplementationSpecific

    Behavior depends on the Ingress controller. For ALB, this is equivalent to Exact match.

    Step 4: Verify the ALB Ingress

    After creating the Ingress, it takes about 10 seconds to take effect.

    1. Obtain the ALB endpoint: 

      kubectl get ingress coffee-ingress

      Expected output: 

      NAME             CLASS   HOSTS              ADDRESS                                   PORTS   AGE
coffee-ingress   alb     demo.example.com   alb-xxxxxx.cn-hangzhou.alb.aliyuncs.com   80      2m

    2. Test the Ingress with curl: 

      curl -H "Host: demo.example.com" http://<ALB-ADDRESS>/coffee

      A successful response with HTTP status code 200 indicates the ALB Ingress is working correctly.

    Note

    If the endpoint information does not appear, click the Ingress name in the console and check the Events tab to troubleshoot.

    What's next

    After setting up a basic ALB Ingress, you can configure advanced features:

    • HTTPS and TLS: Configure HTTPS listeners with automatic certificate discovery

    • Canary releases: Use annotations to implement traffic splitting for gradual rollouts

    • Session persistence: Configure sticky sessions for stateful applications

    • Health checks: Customize health check parameters for backend services

    • QUIC protocol: Enable QUIC for improved performance on mobile networks

    For advanced configuration options, see Advanced ALB Ingress configurations.

    Related topics