Skip to content

Introduction to NLB using AWS Load Balancer Controller

By default, kubernetes service resources of type LoadBalancer gets reconciled by the kubernetes controller built into the CloudProvider component of the kube-controller-manager or the cloud-controller-manager (a.k.a. the in-tree controller).

In order to let AWS Load Balancer Controller (LBC) manage the reconciliation for kubernetes services resources of type LoadBalancer, you need to offload the reconciliation from in-tree controller to AWS Load Balancer Controller explicitly.

You can offload the reconciliation to AWS Load Balancer Controller in two ways:

  1. By specifying the spec.loadBalancerClass and set it to
  2. By specifying the annotation and set it to external or nlb-ip

The AWS Load Balancer Controller manages kubernetes services in a compatible way with the legacy aws cloud provider. The annotation or spec.loadBalancerClass is used to determine which controller reconciles the service.

If spec.loadBalancerClass is set or the annotation value is nlb-ip or external, legacy cloud provider ignores the service resource (provided it has the correct patch) so that the AWS Load Balancer controller can take over. For all other values of the annotation, the legacy cloud provider will handle the service.


The annotation should be specified during service creation and not edited later. The value nlb-ip is deprecated and might be removed later. Use the value external instead.

NLB Target Type

You must provide annotation if you are using annotation to offload the reconciliation to AWS Load Balancer Controller.

If you configure spec.loadBalancerClass, the defaults to instance.