1. Understanding the Role of Each Resource

IngressClassParams

A Custom Resource Definition (CRD) used with the AWS Load Balancer Controller. It defines AWS-specific settings for your ALB—like scheme (internet-facing/internal), IP address type (IPv4 or dualstack), tags, and grouping.

Template example:

apiVersion: elbv2.k8s.aws/v1beta1
kind: IngressClassParams
metadata:
  name: alb
spec:
  scheme: internet-facing
  ipAddressType: ipv4
  tags:
    - key: env
      value: dev

This instructs the AWS ALB controller how to configure the load balancer.
(kubernetes-sigs.github.io, AWS Documentation)

IngressClass

A standard Kubernetes object that tells the cluster who manages Ingress resources. It references the IngressClassParams and names the AWS controller responsible for provisioning the ALB.

apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: alb
  annotations:
    ingressclass.kubernetes.io/is-default-class: "true"
spec:
  controller: eks.amazonaws.com/alb
  parameters:
    apiGroup: eks.amazonaws.com
    kind: IngressClassParams
    name: alb

This links your Ingress resources to the right AWS-specific settings.
(AWS Documentation, kubernetes-sigs.github.io)

Ingress

The user-facing Kubernetes object that defines HTTP routing rules—like host, paths, and backend services. It refers to the IngressClass by name (unless one is marked default).

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-app-ingress
spec:
  ingressClassName: alb              # Connects to your IngressClass
  rules:
    - host: myapp.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: my-app-service
                port:
                  number: 80
Code language: PHP (php)

Once applied, AWS provisions an ALB to route traffic as specified.
(AWS Documentation, solo.io)

2. High-Level Flow (Step-by-Step)

Deploy AWS Load Balancer Controller on your cluster via Helm or manifests (not covered here, but essential).
Create IngressClassParams → defines ALB behavior.
Create IngressClass → registers a class that uses the AWS controller and links to the params.
Deploy Ingress resources → use the class to route traffic; AWS controller builds the ALB behind the scenes.
(AWS Documentation, Amazon Web Services, Inc.)

3. Best Beginner Tutorials

AWS Official IngressClass Workflow: A clear, step-by-step guide illustrating exactly these four steps—workload, IngressClassParams, IngressClass, then Ingress. Super beginner-friendly.
(AWS Documentation)
AWS Load Balancer Controller on EKS – Complete Guide: A deep-dive tutorial covering setup of the controller, cluster, and walkthrough of ALB provisioning.
(devopscube.com)
Kubernetes Ingress Fundamentals: For broader understanding of Ingress and how controllers work (like nginx). Excellent for seeing the big picture.
(devopscube.com, tetrate.io)

4. TL;DR Summary

Resource	What it Does
`IngressClassParams`	Configures ALB behavior (scheme, IP type, tags, etc.)
`IngressClass`	Registers a controller and links to params
`Ingress`	Defines routing rules to services; triggers ALB provisioning by the controller

5. Sample YAML Sequence

# 1. IngressClassParams
apiVersion: elbv2.k8s.aws/v1beta1
kind: IngressClassParams
metadata:
  name: alb
spec:
  scheme: internet-facing
  ipAddressType: ipv4

# 2. IngressClass
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: alb
  annotations:
    ingressclass.kubernetes.io/is-default-class: "true"
spec:
  controller: eks.amazonaws.com/alb
  parameters:
    apiGroup: elbv2.k8s.aws
    kind: IngressClassParams
    name: alb

# 3. Ingress (example)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo-ingress
spec:
  ingressClassName: alb
  rules:
    - host: demo.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: demo-svc
                port:
                  number: 80

Here’s a detailed breakdown of the available options in IngressClassParams, the AWS Load Balancer Controller CRD, based on its schema:

Available Fields in `spec` for `IngressClassParams`

Derived from the CRD schema and documentation, here are the supported fields:

Field	Type	Description
`scheme`	`string`	ALB scheme: either `internet-facing` or `internal`.
`ipAddressType`	`string`	IP type: `ipv4` or `dualstack`.
`loadBalancerName`	`string`	Optional. Allows specifying a custom name for the ALB to be created. (Go Packages)
`group`	`object`	Optional. Defines load balancer group parameters—may define group-based behavior. (GitHub, Go Packages)
`Tags`	`map[string][]string`	Optional. Defines subnet tags to select subnets where LB should be created. (Go Packages)
`Subnet selector` (`ids` or `tags`)	`object`	Optional. Allows specifying subnets either by ID or by tags. Only one option is allowed. (GitHub, Go Packages)

Notes & Summary

The core, commonly used fields are scheme and ipAddressType, which allow control over whether your ALB is public or internal and whether it’s IPv4-only or dual-stack.
You also have optional fine-grained controls:
- Naming with loadBalancerName
- Subnet targeting via tags or explicit IDs
- Grouping, if your use case involves grouping strategies.

Example YAML using all available fields:

apiVersion: elbv2.k8s.aws/v1beta1
kind: IngressClassParams
metadata:
  name: alb-custom
spec:
  scheme: internal
  ipAddressType: dualstack
  loadBalancerName: my-custom-alb
  tags:
    env:
      - prod
      - staging
  subnetSelector:
    tags:
      subnet-type: private
Code language: PHP (php)

Why It Matters

scheme & ipAddressType are essential for general behavior.
loadBalancerName helps when you need custom naming (like for tagging or monitoring).
tags and subnetSelector give you control over the network placement of ALB.
group can enable advanced configurations (multi-tenant or grouped routing).

here’s a comprehensive table of commonly used Kubernetes Ingress annotations, especially focusing on AWS Load Balancer Controller (since you’re working with IngressClassParams and ALBs).

🔖 Ingress Annotations & Their Purpose

Annotation	Purpose / Why It’s Used	Example Value
`kubernetes.io/ingress.class`	(Legacy) Specifies which controller should manage the Ingress. Superseded by `spec.ingressClassName`.	`alb`, `nginx`
`alb.ingress.kubernetes.io/scheme`	Defines ALB scheme: public vs private.	`internet-facing`, `internal`
`alb.ingress.kubernetes.io/ip-address-type`	Specifies IP type for the ALB.	`ipv4`, `dualstack`
`alb.ingress.kubernetes.io/target-type`	Configures target type.	`instance`, `ip`
`alb.ingress.kubernetes.io/healthcheck-path`	Path used for target health checks.	`/healthz`
`alb.ingress.kubernetes.io/healthcheck-port`	Port for health checks.	`traffic-port`, `80`
`alb.ingress.kubernetes.io/healthcheck-interval-seconds`	Health check interval.	`30`
`alb.ingress.kubernetes.io/healthcheck-timeout-seconds`	Timeout for each health check request.	`5`
`alb.ingress.kubernetes.io/healthy-threshold-count`	Number of successes before a target is marked healthy.	`2`
`alb.ingress.kubernetes.io/unhealthy-threshold-count`	Number of failures before a target is marked unhealthy.	`2`
`alb.ingress.kubernetes.io/listen-ports`	Defines ALB listener ports.	`[{"HTTP":80},{"HTTPS":443}]`
`alb.ingress.kubernetes.io/certificate-arn`	ACM certificate ARN for HTTPS.	`arn:aws:acm:region:account:certificate/...`
`alb.ingress.kubernetes.io/ssl-policy`	SSL negotiation policy for HTTPS.	`ELBSecurityPolicy-2016-08`
`alb.ingress.kubernetes.io/backend-protocol`	Protocol from ALB → target.	`HTTP`, `HTTPS`, `GRPC`
`alb.ingress.kubernetes.io/actions.<action-name>`	Defines custom actions (redirects, fixed responses).	`{"Type":"redirect","RedirectConfig":{...}}`
`alb.ingress.kubernetes.io/load-balancer-attributes`	Extra LB attributes.	`idle_timeout.timeout_seconds=60`
`alb.ingress.kubernetes.io/waf-acl-arn`	Attach AWS WAF ACL to ALB.	`arn:aws:wafv2:...`
`alb.ingress.kubernetes.io/security-groups`	Assign security groups to ALB.	`sg-12345,sg-67890`
`alb.ingress.kubernetes.io/subnets`	Place ALB in specific subnets.	`subnet-aaa,subnet-bbb`
`alb.ingress.kubernetes.io/target-group-attributes`	Extra target group attributes.	`deregistration_delay.timeout_seconds=30`
`alb.ingress.kubernetes.io/manage-backend-security-group-rules`	Controls whether controller manages SG rules for targets.	`true`, `false`
`alb.ingress.kubernetes.io/load-balancer-name`	Custom ALB name (instead of auto-generated).	`my-app-alb`
`alb.ingress.kubernetes.io/inbound-cidrs`	Restrict inbound traffic to CIDRs.	`0.0.0.0/0,::/0`
`alb.ingress.kubernetes.io/conditions.<svc-name>`	Advanced routing based on headers, query params.	`[{ "field":"http-header", "httpHeaderConfig":{...} }]`
`alb.ingress.kubernetes.io/auth-type`	Enable authentication at ALB.	`cognito`, `oidc`
`alb.ingress.kubernetes.io/auth-idp-cognito`	Define Cognito IdP config.	JSON object
`alb.ingress.kubernetes.io/auth-idp-oidc`	Define OIDC IdP config.	JSON object
`alb.ingress.kubernetes.io/auth-scope`	Scopes for OIDC.	`openid,email`
`alb.ingress.kubernetes.io/auth-session-cookie`	Cookie name for session stickiness.	`AWSELBAuthSessionCookie`
`alb.ingress.kubernetes.io/auth-session-timeout`	Auth session timeout in seconds.	`3600`

⚡ Key Points

Kubernetes-native:
- kubernetes.io/ingress.class (legacy)
- spec.ingressClassName (preferred since v1.18).
AWS ALB-specific:
- All annotations prefixed with alb.ingress.kubernetes.io/....
Grouping:
- Networking: scheme, ip-address-type, subnets, security-groups.
- Routing: listen-ports, backend-protocol, conditions.*, actions.*.
- Health checks: all healthcheck-*.
- Security: waf-acl-arn, inbound-cidrs, auth-*.
- Performance / Ops: load-balancer-attributes, target-group-attributes.

Rajesh Kumar

I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.

Do you want to learn Quantum Computing?

Please find my social handles as below;

Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND