A Kubernetes controller for Elastic Load Balancers
Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.7.2 Thanks to all our contributors! π
Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.7.1 Thanks to all our contributors! π
EnableRGTAPI
shall provide even better performance)Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.7.0 Thanks to all our contributors! π
We've updated the reference IAM policies to explicitly add the elasticloadbalancing:DescribeTrustStores
permission for describing the trust stores resources to use the new mTLS feature for ingresses on controller. load balancer and listener resources. We recommend updating your controller IAM policies with the new permissions for your existing installations as well.
elasticloadbalancing:DescribeTrustStores
permission--service-target-eni-security-group-tags
to allow users to specify additional tags that should be used when the controller looks for the security group to use when adding ingress rules for NLB targetsImage: public.ecr.aws/eks/aws-load-balancer-controller:v2.6.2 Thanks to all our contributors! π
Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.6.1 Thanks to all our contributors! π
Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.6.0 Thanks to all our contributors! π
inbound-cidrs
and listen-ports
. If the users want to attach existing frontend SG to the NLB, they can explicitly specify via annotation service.beta.kubernetes.io/aws-load-balancer-security-groups
service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules: true/false
KeyAlgorithmRsa1024,
KeyAlgorithmRsa2048,
KeyAlgorithmRsa3072,
KeyAlgorithmRsa4096,
KeyAlgorithmEcPrime256v1,
KeyAlgorithmEcSecp384r1,
KeyAlgorithmEcSecp521r1,
nlb.md
. (#3257, @Gacko)Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.5.4 Thanks to all our contributors! π
--sync-period
and preventing the auto-reconciliation of the controller. From this version, the controller will reconcile all the resources even if there is no change in manifest, per the default interval of 10hr. For more information, please refer to the doc
Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.5.3 Thanks to all our contributors! π
policy/v1beta1
of PodDisruptionBudget, since the k8s 1.22+ supports policy/v1
cert-manager.io/v1alpha2
, and explicitly set to cert-manager.io/v1
k8s.io/client-go
to v0.26.5 to fix the promethus-adapter issue that causes the client-go to crash in k8s 1.27Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.5.2
Thanks to all our contributors! π
EnableRGTAPI
, disabled by default. This feature allows the tagging manager to utilize RGT APIs to filter matching Load Balancers and Target Group resources, and is helpful when there are numerous resources. RGT feature is not available for private clusters. If you intend to enable this feature, you need to do the following:
--feature-gates=EnableRGTAPI=true
in controller command line flag or helm value --set controllerConfig.featureGates.EnableRGTAPI=true
during chart install/upgrade{
"Effect": "Allow",
"Action": [
"tag:GetResources"
],
"Resource": "*"
}
Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.5.1
Thanks to all our contributors! π
enableServiceMutatorWebhook
to false
. You will no longer be able to provision new Classic Load Balancer (CLB) from your kubernetes service unless you disable this feature.
Please refer to the v2.5.0 release notes for further details.