ALB Ingress controller release information - Container Service for Kubernetes

ALB Ingress is an Ingress controller that is based on the Alibaba Cloud Application Load Balancer (ALB) service. It provides a unified entry point for services in a cluster. This topic describes usage notes and release notes for the ALB Ingress controller.

Usage notes

For more information about the ALB Ingress controller, see ALB Ingress management.
For more information about how to install the ALB Ingress controller, see Manage the ALB Ingress controller and Create and use an ALB Ingress to expose services.
Due to security restrictions in ACK managed clusters, you cannot install ALB Ingress controller v2.12.0-aliyun.1 or earlier in ACK managed clusters created after May 2024. To ensure optimal performance and stability, install the latest version of the component.

Release notes

January 2026

Version number

Modification Time

Modifications

Impact

v2.19.0

2026-01-07

This version is in phased release.

New features:

Hot reloading of Secrets is supported when you specify defaultCertificate using a Secret.
You can configure an Ingress with a combination of rate limiting + fixed response/redirection + forwarding actions.

Optimizations:

The error message that is returned when a listener fails to be created because a certificate has expired is optimized.
Optimized controller tuning performance.
The validation capability of the webhook is enhanced to check the following items:
- The format of the SourceIP field in custom forwarding conditions.
- Whether the value of the AclType field is black or white.
- An Ingress backend that specifies service.name but not service.port.
A check is added to the webhook to determine whether an Ingress is of the ALB type.

Bug fixes:

The issue that tags on an ALB instance cannot be cleared when the tags field is completely deleted from the AlbConfig is fixed.
The issue that deleting a Service may cause the controller process to panic in extreme scenarios is fixed.

This upgrade does not affect your services.

July 2025

Version number	Last Modified	What's changed	Impact
v2.18.0-aliyun.1	2025-07-04	Instance managed mode is enabled by default. For ALB instances that are automatically created using an AlbConfig, you cannot modify the listener and forwarding rule configurations in the ALB console. This restriction applies only to new ALB instances that are created after you upgrade to this version. Existing and reused instances are not affected. You can manually specify the default certificate in an AlbConfig using `defaultCertificate`. The priority sorting logic for forwarding rules is optimized, and the global uniqueness constraint on `order` is removed. Only the security-hardened mode for ECS metadata is supported. The issue that the controller may panic due to throttling when you query asynchronous tasks is fixed. The issue that the ACL takes effect on only one listener when HTTPS and QUIC listeners share the same port is fixed. A fixed waiting interval is used when `readinessGate` waits for unready pods. The validation logic in the admission webhook for forwarding actions that do not include a final action is optimized.	This upgrade does not affect your services.

March 2025

Version number	Modification Time	Change description	Impact
v2.17.2-aliyun.1	2025-03-31	The issue that a "port does not exist" error is reported during server group reconciliation when Ingress rules in multiple namespaces point to services that have the same name but different ports is fixed. The issue that an incorrect parameter is used to query IPv4 addresses in an IPv6 dual-stack cluster is fixed. When you call the API operation to add security groups to or remove security groups from an instance in batches, the maximum number of security groups in a single call is changed from 4 to 9. The API operation is not called if no extra tags need to be added.	This upgrade does not affect your services.
v2.17.1-aliyun.1	2025-03-18	Gateway API 1.1.0 and later are supported.	This upgrade does not affect your services.
v2.16.0-aliyun.1	2025-03-04	Important Starting from this version, persistent connections are enabled by default for newly created backend server groups. Existing backend server groups are not affected. Before you upgrade, confirm whether this change affects your services. Persistent connections are enabled by default for newly created backend server groups. Custom tags for listeners are supported. You can disable the cross-zone feature for backend server groups. Optimizes overall service tuning. The timing for the ReadinessGate feature to update pod statuses is optimized. The pod status is updated after all backend server groups are successfully updated. For a canary release, you must split the traffic into two Ingresses or implement custom forwarding actions. If you add a canary annotation directly to an Ingress, the system reports an error and retains the original forwarding rule.	This upgrade does not affect your services.

January 2025

Version number

Modification Time

Description of changes

Impact

v2.15.2-aliyun.1

2025-01-24

In the XForwardedForConfig of a listener, you can configure XForwardedForProcessingMode to specify the processing mode of the X-Forwarded-For header, and configure XForwardedForHostEnabled to enable the X-Forwarded-Host request header.
The issue that the component fails to start when ValidatingWebhookConfiguration does not exist is fixed.
The issue that the webhook check fails when multiple values are configured for alb.ingress.kubernetes.io/healthcheck-httpcode is fixed.
A check for forwarding actions that do not contain the FinalType type is added.
The calculation method of clientToken when an ALB instance is created is optimized.

This upgrade does not affect your services.

v2.15.0-aliyun.1

2025-01-06

ValidatingWebhook is enabled by default to precheck AlbConfig and Ingress configurations.
AScript programmable scripts can be configured.
The rate-limiting feature supports fixed responses.
The ssl-redirect and rate-limiting features can be used at the same time.
Session persistence for backend server groups supports custom cookies.
You can configure security groups for ALB instances that are created after 00:00:00 on February 25, 2025 (UTC+8).
The error messages for listener conflicts are optimized.
Event notifications are added for when the TLS certificate configuration is inconsistent with the forwarding rule certificate.
A check for the validity of associated resources, such as bandwidth plans, is added.
The gRPC protocol supports certificate configuration through AlbConfig.
The issue that the tag feature in AlbConfig cannot be used after the creator tag feature is enabled is fixed.
The issue that Service reconciliation continuously reports errors in some scenarios is fixed.
The issue that the component crashes when the AlbConfig is incorrectly configured is fixed.

This upgrade does not affect your services.

October 2024

Version number

Modified Time

Changes

Impact

v2.14.1-aliyun.1

2024-10-12

The issue that the HTTPS health check configuration fails is fixed.

This upgrade does not affect your services.

September 2024

Version number

Change Time

Changes

Impact

v2.14.0-aliyun.1

2024-09-10

Health checks for backend server groups support the gRPC protocol.
Slow start can be configured.
Connection draining can be configured.
Session persistence between backend server groups is supported.
The issue that the ReadinessGate status cannot be correctly updated in some cases is fixed.
The error messages for Secrets are optimized.
The reconciliation logic for backend server groups in the configuring state is optimized.
AlbConfig fields are case-insensitive.

This upgrade does not affect your services.

July 2024

Version number

Change time

Modifications

Impact

v2.13.2-aliyun.1

2024-07-23

The issue that the controller crashes due to an incorrect AlbConfig format is fixed.
The issue that weights are incorrectly set when ECS and ECI endpoints are attached in hybrid mode in a Flannel network is fixed.

This upgrade does not affect your services.

May 2024

Version number

Modification Time

Changes

Impact

v2.13.1-aliyun.1

2024-05-10

An event is added for when an AlbConfig is not associated with an Ingress.
The issue that weights may be incorrectly set after an endpoint is updated in a Flannel network plugin is fixed.
The issue that a backend server group fails to be created when a namespace starts with a number or the namespace or service name is too long is fixed.

This upgrade does not affect your services.

February 2024

Version number	Modification Time	Changes	Impact
v2.12.0-aliyun.1	2024-02-05	You can use the `alb.ingress.kubernetes.io/server-group-type: Ip` annotation to use IP-based backend server groups. You can use the `alb.ingress.kubernetes.io/server-group-resource-group-id` annotation to specify the resource group for a backend server group. In a Flannel plugin, weights can be automatically configured for nodes based on the number of pods on each node. Custom forwarding rules support QPS throttling. The IP address allocation mode (addressAllocateMode) is not specified when an ALB instance is created. You can configure trusted IP addresses for the `X-Forwarded-For` header. The issue that some fields in an AlbConfig do not take effect when their values are changed from empty to `false` is fixed.	This upgrade does not affect your services.

November 2023

Version number	Modification time	Changes	Impact
v2.11.1-aliyun.1	2023-11-20	The issue that the controller may crash when IngressClass is not specified is fixed.	This upgrade does not affect your services.

October 2023

Version number	Modification time	Changes	Impact
v2.11.0-aliyun.1	2023-10-31	Important Starting from version `v2.11.0-aliyun.1`, the ALB Ingress controller no longer automatically updates port information in an AlbConfig. You must manually specify the ports to use when you create an AlbConfig. For an example of how to create an AlbConfig, see Create and use an ALB Ingress to expose services. The source IP rate-limiting feature is supported. Tracing Analysis is supported. Access logs support recording custom headers. Mutual authentication can be configured. AlbConfig is no longer automatically updated when Ingress rules are updated. You cannot delete a listener from an AlbConfig if Ingress rules still exist on the listener. The resource deletion behavior when an ALB instance is reused is optimized. The certificate association logic is optimized to support multi-page certificates. The issue that an error occurs when you configure and enable HTTP/2 is fixed. The issue that the controller may crash when a forwarding action is incorrectly configured is fixed. The issue that backend server groups may not be updated promptly when the controller restarts is fixed.	This upgrade does not affect your services.

August 2023

Version number	Modification Time	Changes	Impact
v2.10.0-aliyun.1	2023-08-15	You can add hash values to an Ingress and AlbConfig to prevent unexpected changes when the ALB Ingress controller restarts. The exposure of anomalous activities is optimized. The reconciliation behavior in scenarios where reserved fields are used is optimized. The issue that the cache is not synchronized after an Ingress resource is deleted is fixed. The issue that node event handling is interrupted is fixed. The synchronization logic of backend server groups is optimized.	This upgrade does not affect your services.

July 2023

Version number	Modification Time	Change description	Impact
v2.9.0-aliyun.1	2023-07-11	API throttling is avoided when a Service concurrently reconciles multiple backend server groups. Service reconciliation events are exposed. The use of the `ssl-redirect` annotation is optimized. The SM version is filtered out during automatic certificate discovery. The issue related to the reconciliation of cookieConfig in custom forwarding rules is fixed. The issue that the controller crashes if the `http` field of an Ingress is not configured is fixed. The issue that an upgrade or downgrade fails if multiple actions are configured for an Ingress is fixed.	This upgrade does not affect your services.

June 2023

Version number	Modification Time	Changes	Impact of changes
v2.8.3-aliyun.1	2023-06-05	Fixed an issue where server tuning failed to retry. The issue that the key setting in a custom forwarding rule is invalid is fixed.	This upgrade does not affect your services.

May 2023

Version number	Modified Time	Changes	Impact
v2.8.2-aliyun.1	2023-05-25	The issue that forwarding rules may be deleted when a pod restarts is fixed. The deletion logic for adjusting Internet Shared Bandwidth packages has been removed. Updates to the network type are temporarily disabled.	This upgrade does not affect your services.
v2.8.1-aliyun.1	2023-05-09	The managed component supports using multiple replicas for high availability by default. You can specify a resource group when you create an ALB instance. Health checks support multiple status codes. Consistent hashing for backend server groups is supported. The `use-regex` annotation is supported. You can specify a single zone. You can update the network type of an instance. You can attach an Internet Shared Bandwidth instance. Asynchronous API operation calls are optimized. Error prompts are optimized. The issue that the default certificate is inconsistent with the console and is repeatedly set is fixed.	This upgrade does not affect your services.

March 2023

Version number	Modification Time	Description	Change Impact
v2.7.0-aliyun.1	2023-03-14	The reconciliation process and rule priority are optimized to improve the rule synchronization speed. Event notifications are optimized. You can directly reconcile a Service to a backend server group. You can directly associate an ACL resource ID. HTTPS and QUIC can be deployed on the same port. Custom actions support multiple server groups and rewrites, and are case-insensitive. The priority of a certificate configured using a Secret is higher than that of an AlbConfig. Hard-coded timeouts are eliminated. The Gzip compression configuration error is fixed.	This upgrade does not affect your services.

December 2022

Version number	Modification Time	Changes	Impact of the change
v2.6.0-aliyun.1	2022-12-23	Custom tags for ALB resources are supported. Event notifications are optimized. The issue that Ingress deletion is blocked is fixed. Finalizers are not added to support non-blocking deletion. The issue related to IPv6 network type changes is fixed. The issue that Ingress certificates are repeatedly discovered is fixed. The issue that backend server group tags are incorrect during a canary release is fixed.	This upgrade does not affect your services.

November 2022

Version number	Last Modified	Changing content	Impact
v2.5.0-aliyun.1	2022-11-23	Secret certificate uploads are supported. Custom headers and cookies are supported. Set an ACL whitelist. The listener processing logic is optimized: listener errors are isolated from reconciliation, and errors on listener 443 do not affect reconciliation on port 80.	This upgrade does not affect your services.

August 2022

Version number	Modification Time	Changes	Impact
v2.4.0-aliyun.1	2022-08-10	Cross-domain is supported. Persistent connections to backend servers are supported. The listener deletion processing logic is optimized.	This upgrade does not affect your services.

June 2022

Version number	Modification Time	Content Changes	Impact
v2.3.0-aliyun.1	2022-06-23	Annotations are supported to replace the load balancing algorithm of a backend server group. For more information, see Specify the load balancing algorithm for a backend server group. The issue related to listener protocols is fixed.	This upgrade does not affect your services.

April 2022

Version number	Modification Time	Modify content	Impact
v2.2.0-aliyun.1	2022-04-13	Rewrite is supported. You can configure annotations to use the rewrite feature. For more information, see Configure rewrite. The TCP health check protocol is supported. SYN handshake messages are sent to detect whether a server port is alive. For more information, see Configure health checks. You can specify a TLS security policy. When you configure an HTTPS listener in an AlbConfig, you can specify a TLS security policy. For more information, see Specify a TLS security policy.	This upgrade does not affect your services.