[Yandex Cloud documentation](../../index.md) > [Yandex Application Load Balancer](../index.md) > Tools for Managed Service for Kubernetes > Ingress controller > Resource configuration > Ingress service

# Fields and annotations of the Service resource for the Ingress controller

The `Service` resource represents a [Kubernetes service](../../managed-kubernetes/concepts/index.md#service). For the [Ingress controller](../tools/k8s-ingress-controller/index.md), Application Load Balancer services are backends across which incoming traffic is distributed within a Managed Service for Kubernetes cluster. Services operating as Application Load Balancer backends may be specified in the [Ingress](ingress.md) resource either directly or as part of [HttpBackendGroup](http-backend-group.md) groups.

{% note tip %}

We recommend using the new [Yandex Cloud Gwin](../tools/gwin/index.md) controller instead of an ALB Ingress controller and Gateway API.

{% endnote %}

`Service` is a standard Kubernetes resource. Below, we describe its fields and annotations used by the Application Load Balancer tools for Managed Service for Kubernetes. For resource configuration details, see [this Kubernetes guide](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/).

## Service {#service}

# Service

```yaml
apiVersion: v1
kind: Service
metadata: <ObjectMeta>
spec: <ServiceSpec>
```

#|
|| **Field**     | **Value / Type**   | **Description**           ||
|| `apiVersion` | `v1` |                   **This is a required field**.

Kubernetes API version. ||
|| `kind`       | `Service`              | Resource type.           ||
|| `metadata`   | `ObjectMeta`           | **This is a required field**.

Resource metadata. ||
|| `spec`       | `ServiceSpec`          | **This is a required field**.

Resource specification. ||
|#

{% cut "Example" %}

```yaml
apiVersion: v1
kind: Service
metadata:
  name: alb-demo-1
spec:
  selector:
    app: alb-demo-1
  type: NodePort
  ports:
    - name: http
      port: 80
      protocol: TCP
      nodePort: 30081
```

{% endcut %}

## ObjectMeta {#metadata}

# ObjectMeta

```yaml
name: <string>
annotations:
  ingress.alb.yc.io/protocol: <string>
  ingress.alb.yc.io/transport-security: <string>
  ingress.alb.yc.io/health-checks: <string>
```

#|
|| **Field**     | **Value / Type**    | **Description** ||
|| `name`        | `string`             | **This is a required field**.

[Resource name](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).

This name is not the balancer name in Application Load Balancer. ||
|| `annotations` | `map[string]string`  | **This is a required field**.

Resource annotations. ||
|#

### Annotations (metadata.annotations) {#annotations}

# Annotations

Annotations are collections of `key:value` pairs for assigning metadata to objects. Annotation values always have the `string` data type. For more information on annotations, see [this Kubernetes guide](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).

In Application Load Balancer, annotations are only used in `Service` resources to set up ingress controllers.

You can add the following annotations to `ObjectMeta`:

* **ingress.alb.yc.io/protocol** {#annot-protocol}

   Protocol for connections between the load balancer and backends defined in `Ingress`:

   * `http`: HTTP/1.1. This is a default value.
   * `http2`: HTTP/2.
   * `grpc`: gRPC.

* **ingress.alb.yc.io/transport-security** {#annot-transport-security}

   Encryption protocol for connections between the load balancer and backends specified in `Ingress` directly, without using `HttpBackendGroup`.

   The acceptable value is `tls`: TLS without certificate validation.

   If this annotation is not specified, the load balancer will connect to the backends without encryption.

   This annotation is ignored for grouped backends. When encrypting a connection between a load balancer and grouped backends, configure the encryption via the `spec.backend.tls` field of the `HttpBackendGroup` resource (see the [resource configuration](http-backend-group.md)).

* **ingress.alb.yc.io/health-checks** {#annot-health-checks}

  Parameters for configuring custom application health checks in a cluster. We recommend configuring [health checks](../concepts/backend-group.md#health-checks) for all backends.

  * `http-path`: Path to the application endpoint in the request URI for health checks (only for `http` or `http2` connections to backends). The default value is `/healthz`.

  * `grpc-service-name`: Application gRPC service name for health checks (only for `grpc` connections to backends). If not specified, the entire backend will be health-checked.

  * `port`: Port on the cluster nodes used to check the application's availability. The application will be available for health checks at `http://<node_IP_address>:<port>/<path>`.

  * `healthy-threshold`: Number of consecutive successful checks to consider the application endpoint healthy. The default value is `1`.

  * `unhealthy-threshold`: Number of consecutive failed checks to consider the application endpoint unhealthy. The default value is `1`.

  * `timeout`: Response timeout in seconds. The values range from `1s` to `60s`. The default value is `2s`.

  * `interval`: Interval between health check requests in seconds. The values range from `1s` to `60s`. The default value is `5s`. `interval` must exceed `timeout` by at least one second.

  `port` is a required parameter. If you omit the other parameters, they will be set to their default values.

  The parameters are given as a comma-separated list. Here is an example:

     ```
     ...
     annotations:
       ingress.alb.yc.io/health-checks: port=30103,http-path=/health-1,timeout=10s,interval=20s,healthy-threshold=3,unhealthy-threshold=2
     ...
     ```

## ServiceSpec {#servicespec}

# ServiceSpec

```yaml
type: NodePort
ports:
  - <ServicePort>
  -
```

#|
|| **Field** | **Value / Type** | **Description** ||
|| `type`    | `NodePort`        | **This is a required field**.

Service type.

{% note warning %}

Kubernetes backend services referenced in `Ingress` rules (directly or via `HttpBackendGroup`/`GrpcBackendGroup`), must be of type `NodePort`. For more information about this type, see the relevant [Kubernetes article](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport).

{% endnote %} ||
|| `ports`   | `[]ServicePort`   | **This is a required field**.

List of ports the service is available on. ||
|#

## ServicePort {#ports}

# ServicePort

```yaml
port: <int32>
name: <string>
protocol: <protocol>
nodePort: <int32>
```

#|
|| **Field** | **Value / Type** | **Description** ||
|| `port`    | `int32`      | **This is a required field**.
Number of the port the service is available on.

You can use this number if you designate a service as a backend:

* In `Ingress`, in the `spec.rules.http.paths.backend.service.port.number` field (see the [configuration](ingress.md#backend)).
* In `HttpBackendGroup`, in the `spec.backends.service.port.number` field (see the [configuration](http-backend-group.md)).
||
|| `name` | `string` | Service port name.

You can use this name if you designate a service as a backend:

* In `Ingress`, in the `spec.rules.http.paths.backend.service.port.name` field (see the [configuration](ingress.md#backend)).
* In `HttpBackendGroup`, in the `spec.backends.service.port.name` field (see the [configuration](http-backend-group.md)).
||
|| `protocol` | `TCP` | Port network protocol; `TCP` only. ||
|| `nodePort` | `int32` | Number of the port opened on the cluster nodes where the service is deployed. The load balancer routes traffic to this port, and Kubernetes forwards the traffic to the service on its port in the `port` parameter.

The value matches the backend port in the Application Load Balancer [backend group](../concepts/backend-group.md).
||
|#