Aws Alb Ingress Controller Versions Save

A Kubernetes controller for Elastic Load Balancers

v2.5.2

1 year ago

v2.5.2 (requires Kubernetes 1.22+)

Documentation

Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.5.2

Thanks to all our contributors! 😊

Enhancement

  • Added support for the AWS Resource Group API which can be enabled via the feature flag EnableRGTAPI, disabled by default. This feature allows the tagging manager to utilize RGT APIs to filter matching Load Balancers and Target Group resources, and is helpful when there are numerous resources. RGT feature is not available for private clusters. If you intend to enable this feature, you need to do the following:
    • set --feature-gates=EnableRGTAPI=true in controller command line flag or helm value --set controllerConfig.featureGates.EnableRGTAPI=true during chart install/upgrade
    • add additional permission to the IAM policy used by the controller
    { 
 "Effect": "Allow", 
 "Action": [ 
     "tag:GetResources" 
 ], 
 "Resource": "*" 
}
  • Refactor backend SG provider, controller deletes backend SG when not required without waiting for all ingresses to be deleted.

Fixes

  • Check both sdkLS and resLS sslpolicy for nil when updating extra certs for listeners

Changelog since v2.5.1

  • update go.sum (#3206, @oliviassss)
  • cut v2.5.2 release (#3205, @oliviassss)
  • Fix typo in mkdocs.yml file (#3202, @Dragotic)
  • check both sdkLS and resLS sslpolicy for nil (#3196, @oliviassss)
  • Support AWS RGT APIs with feature flag (#3186, @oliviassss)
  • cherry-pick: Support AWS RGT APIs with feature flag (#3186) (#3193, @oliviassss)
  • refactor backend SG provider (#2836, @kishorj)
  • add objectSelector to the new controller webhooks (#3165, @kishorj)
  • chore(aws-load-balancer-controller): update all controllerConfig.featureGates samples default values (#3161, @kahirokunn)

v2.5.1

1 year ago

v2.5.1 (requires Kubernetes 1.22+)

Documentation

Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.5.1

Thanks to all our contributors! 😊

Action Required

  • 🚨 🚨 🚨We've updated the controller manifests, so either use helm upgrade or apply the new manifest. The new controller image from the patch release is not compatible with manifests from v2.4.x or earlier releases
  • 🚨 🚨 🚨We have made the LBC the default controller for service type LoadBalancer by adding a mutating webhook. You can disable the feature by setting the helm chart value enableServiceMutatorWebhook to false. You will no longer be able to provision new Classic Load Balancer (CLB) from your kubernetes service unless you disable this feature.

Please refer to the v2.5.0 release notes for further details.

Bug fixes

  • Fix ingress validator to handle ingress rules without http paths, issue #3158

Changelog since v2.5.0

  • cut v2.5.1 release (#3160, @kishorj)
  • chore(aws-load-balancer-controller): add all controllerConfig.featureGates samples (#3156, @kahirokunn)
  • Fix validator for ingress rules without http paths (#3159, @kishorj)
  • update doc for 2.5 (#3154, @oliviassss)

v2.5.0

1 year ago

v2.5.0 (requires Kubernetes 1.22+)

Documentation

Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.5.0

Thanks to all our contributors! 😊

Action Required

🚨 🚨 🚨 The v2.5.0 ingress validator is not able to handle ingress rules without HTTP path due to bug #3158. If your ingress rules don't have the http paths defined, do not upgrade to v2.5.0 release.

  • 🚨 🚨 🚨We've updated the controller manifests, so either use helm upgrade or apply the new manifest. The new controller image is not compatible with manifests from earlier releases, so we don't recommend editing existing deployment and updating the image tag.
  • 🚨 🚨 🚨We have made the LBC the default controller for service type LoadBalancer by adding a mutating webhook. Therefore, from v2.5.0, it is required to use k8s 1.22 or later to support the spec.loadBalancerClass. This controller creates an internal NLB by default. You need to specify the annotation service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing on your service if you want to create an internet-facing NLB for your service.
  • We have added subnets, InboundCIDRs and SSLPolicy fields in IngressClassParams. If you are upgrading the chart via helm upgrade, you need to update the IngressClassParams CRD manually by running kubectl apply -k "http://github.com/aws/eks-charts/stable/aws-load-balancer-controller//crds?ref=master"

Whats new

  • The AWS LBC provides a mutating webhook for service resources to set the spec.loadBalancerClass field for service of type LoadBalancer on create. This makes the AWS LBC the default controller for service of type LoadBalancer. You can disable this feature and revert to set CCM as the default by setting the helm chart value enableServiceMutatorWebhook to false. You will no longer be able to provision new Classic Load Balancer (CLB) from your kubernetes service unless you disable this feature. Existing CLB will continue to work fine.
  • You can set the default target type for the load balancer target groups. For helm chart, you can specify the defaultTargetType value during chart install/upgrade.
  • Fields subnets, InboundCIDRs and SSLPolicy in IngressClassParams

Enhancements

  • Update controller runtime
  • Add a validation step on service annotation service.beta.kubernetes.io/aws-load-balancer-ssl-ports
  • Handle the validation error on ingress annotation alb.ingress.kubernetes.io/conditions.${conditions-name}
  • Enable EndpointsFailOpen by default
  • Allow multiple TLS certificate for the same host for ALB during certificate discovery
  • Migrate to ConfigMap leases for the leader election
  • Documentation enhancement

Changelog since v2.4.7

  • rename configuration value to enableServiceMutatorWebhook (#3142, @jerryhe1999)
  • Add docker-push-w-buildx make target (#3135, @ivyostosh)
  • Add the service mutator webhook manifest to make the controller default for service of type LoadBalancer (#3139, @jerryhe1999)
  • Subnet discovery documentation edits (#3128, @jimdial-aws)
  • NLB documentation edits (#3129, @jimdial-aws)
  • documentation enhacement (#3136, @oliviassss)
  • fix installation.md rendering (#3127, @oliviassss)
  • update iam policy version to 2.4.7 (#3123, @oliviassss)
  • update eksctl and default eks versions (#3120, @kishorj)
  • Added alternate policies and other edits. (#3121, @jimdial-aws)
  • add test coverage for endPointSlices (#3119, @oliviassss)
  • Add webhook for claiming load balancers without LoadBalancerClass (#2925, @olemarkus)
  • Update ko to v0.13.0 (#3115, @kishorj)
  • Update module dependencies (#3114, @kishorj)
  • Added ssl-ports validation in case unused ports are introduced in the aws-load-balancer-ssl-ports annotation (#3067, @ahrakos)
  • update to discovery.k8s.io/v1 (#3072, @kishorj)
  • docs: add a new page about security groups management (#2988, @prasadkatti)
  • Add InboundCIDRs field to IngressClassParams (#3089, @johngmyers)
  • Add SSLPolicy field to IngressClassParams (#3025, @johngmyers)
  • enable EndpointsFailOpen by default (#3078, @kishorj)
  • Update the default container base image (#3075, @kishorj)
  • update recommended IAM policy template (#3068, @jdn5126)
  • update to discovery.k8s.io/v1 (#3072, @kishorj)
  • Validate Ingress condition annotations (#2735, @r-erema)
  • Fix conciseLogger's incorrect call to variadic func (#3066, @johngmyers)
  • Verify CRDs are up to date in merge check (#3022, @johngmyers)
  • Refactor model builder test (#3024, @johngmyers)
  • Remove constrains of multiple TLS on certificate auto-discovery (#3028, @jerryhe1999)
  • fix: check default ingclass when ingclass is nill (#2963, @yasinlachiny)
  • Add subnets field to IngressClassParams (#2945, @johngmyers)
  • Verify generated files are up to date in merge check (#3007, @johngmyers)
  • Update module dependencies (#2998, @johngmyers)
  • Add johngmyers as reviewer (#2999, @johngmyers)
  • helm: add "defaultTargetType" values setting (#2990, @johngmyers)
  • Update module dependencies (#2994, @johngmyers)
  • Fix typo in 'Subnet Discovery' (#2996, @KENNYSOFT)
  • Build image with ko (#2955, @johngmyers)
  • Start migration to leases for leader election (#2993, @johngmyers)
  • Upgrade aws-sdk-go to v1.44.184 (#2992, @johngmyers)
  • Replace inet.af/netaddr with net/netip (#2987, @jerryhe1999)
  • Add β€”default-target-type flag (#2840, @johngmyers)
  • Add GitHub Action for tagging releases and creating release branches (#2881, @johngmyers)

v2.4.7

1 year ago

v2.4.7 (requires Kubernetes 1.19+)

Documentation

Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.4.7

Thanks to all our contributors! 😊

Action Required

🚨 🚨 🚨 We've updated the reference IAM policies to explicitly add the AddTag permission for creating load balancer and listener resources. We recommend updating your controller IAM policies with the new permissions for existing installations as well.

Whats new

  • This patch release updates the controller to use discovery.k8s.io/v1 version of EndpointSlice for compatibility with k8s 1.25 and later releases. Starting this patch release, the controller will be able to support EndpointSlice in k8s 1.21 and later clusters only.
  • We have also updated the reference IAM policies to explicitly allow the AddTag permission for the ELBv2 CreateTargetGroup and CreateLoadBalancer. You will have to update the existing controller IAM permissions if you encounter the AccessDenied errors for the elbv2 APIs

Changelog since v2.4.6

  • update IAM policy template (#3046, @kishorj, @jdn5126, @Apollorion)
  • update to discovery.k8s.io/v1 (#3073, @kishorj)

v2.4.6

1 year ago

v2.4.6 (requires Kubernetes 1.19+)

Documentation

Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.4.6

Thanks to all our contributors! 😊

Whats new

  1. This release introduces new annotation service.beta.kubernetes.io/aws-load-balancer-healthcheck-success-codes to configure the HTTP success codes for NLB target group health check for http/https healthcheck protocol
  2. Controller doesn't delete existing NLB target group to reconfigure health check configuration with default configuration. You can revert to the earlier behavior by setting the feature gate NLBHealthCheckAdvancedConfiguration to false
  3. Controller configures the NLB target group health check timeout based on the annotation service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout. You can disable this by setting the feature gate NLBHealthCheckAdvancedConfiguration to false

Changelog since v2.4.5

  • add example of blue/green deployment (#2911, @geoffcline)
  • Ability to reconfigure NLB target group health check (#2967, @kishorj)
  • Replace "SSL" with "TLS" where possible in documentation (#2962, @johngmyers)
  • docs: update contibutor docs (#2961, @prasadkatti)
  • Update eksctl and eks default versions for e2e tests (#2960, @kishorj)
  • Update index.md (#2959, @Kostavro)
  • docs: fix gRPCServer example (#2954, @prasadkatti)
  • update controller-gen to v0.11.1 (#2953, @kishorj)
  • fix typos in doc about self managed lb (#2947, @Kostavro)
  • docs: make external-dns optional in echoserver walkthrough (#2950, @prasadkatti)
  • fix: typo in synthesizer test (#2941, @yasinlachiny)
  • use multi-arch image for service e2e test (#2943, @kishorj)
  • Update installation.md (nit) (#2937, @mtulio)
  • move test images to ecr public (#2935, @kishorj)
  • Use public ECR repository by default (#2907, @kishorj)
  • fix: health check timeout for services/NLB (#2899, @project0)
  • update external dns manifest and docs (#2895, @kishorj)
  • update external dns manifest url (#2892, @kishorj)
  • update go packages and dependencies (#2887, @kishorj)
  • update filename from the set-version script (#2889, @kishorj)
  • Stop restricting branches for unit test action (#2879, @johngmyers)
  • Improve echo server example documentation (#2853, @kevin85421)
  • Fix consistency of version references in documentation, etc. (#2880, @johngmyers)
  • Documentation update to warn of Access Control bypass when conversion from IPv4 to IPv6 on NLBs (#2868, @wilief)
  • Fix to use a code block in the guide of ingress annotations (#2877, @hadusam)
  • Fix typo of a comment in pkg/networking/subnet_resolver.go (#2876, @hadusam)

v2.4.5

1 year ago

v2.4.5 (requires Kubernetes 1.19+)

Documentation

Image: docker.io/amazon/aws-alb-ingress-controller:v2.4.5

Thanks to all our contributors! 😊

Fixes

  • Fix webhookNamespaceSelectors in HelmChart (#2816, @mikutas)

Changelog since v2.4.4

  • Infer VPCID from controller's nodeName when running with cloud controller manager (#2824, @olemarkus )
  • Query IMDS over IPv6 when controller pod don't have IPv4 addresses (#2453, @johngmyers)
  • Upgrade controller-runtime to v0.9.7 (#2833, @jdn5126 )
  • Upgrade Golang to v1.19.3 (#2871, @M00nF1sh )
  • Maintain helm chart test.yaml file (#2872, @BobDu )
  • Install correct ginkgo version and pass no color to script (#2839, @jdn5126 )
  • Upgrade ginkgo version; address go fmt(#2835, @jdn5126 )
  • Fix misspelling in documentation(#2871, @yiyu0x)
  • Fix documentation about alpn-policy (#2831, @BouchaaraAdil)

ECR images

  • 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 558608220178.dkr.ecr.me-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 590381155156.dkr.ecr.eu-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 602401143452.dkr.ecr.ap-northeast-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 602401143452.dkr.ecr.ap-northeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 602401143452.dkr.ecr.ap-northeast-3.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 602401143452.dkr.ecr.ap-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 602401143452.dkr.ecr.ap-southeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 602401143452.dkr.ecr.ca-central-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 602401143452.dkr.ecr.eu-central-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 602401143452.dkr.ecr.eu-north-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 602401143452.dkr.ecr.eu-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 602401143452.dkr.ecr.eu-west-3.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 602401143452.dkr.ecr.sa-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 602401143452.dkr.ecr.us-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 602401143452.dkr.ecr.us-east-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 602401143452.dkr.ecr.us-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 800184023465.dkr.ecr.ap-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 877085696533.dkr.ecr.af-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
  • 918309763551.dkr.ecr.cn-north-1.amazonaws.com.cn/amazon/aws-load-balancer-controller:v2.4.5
  • 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-load-balancer-controller:v2.4.5

v2.4.4

1 year ago

v2.4.3 (requires Kubernetes 1.19+)

Documentation

Image: docker.io/amazon/aws-alb-ingress-controller:v2.4.4

Thanks to all our contributors! 😊

What's new

  1. A new Service annotation service.beta.kubernetes.io/aws-load-balancer-ipv6-addresses, which allows to customize the IPv6 addresses on NLB.
  2. A new Helm chart flag ingressClassConfig.default, which allows to set the default provided alb IngressClass as default IngressClass in cluster.
  3. A new Helm chart flag cluster.dnsDomain, which allows to set customized dnsDomain other than the default cluster.local
  4. A new Helm chart flag controllerConfig.featureGates, which allows to set --feature-gates flag on controller Deployment.

Fixes

  1. Fix error handling during LoadBalancer deletion.

Changelog since v2.4.3

  • cut v2.4.4 release (#2815, @M00nF1sh)
  • configure default client-side throttle for ELBv2 APIs (#2810, @kishorj)
  • upgrade to golang 1.18.6 (#2808, @M00nF1sh)
  • Fix typo (#2798, @yiyu0x)
  • Fix webhook port value (#2795, @vi-credo)
  • add support for configure static IPv6 addresses on NLB (#2790, @M00nF1sh)
  • feat: add default ingressclass annotation ✨ (#2756, @meysam81)
  • fix error handling of load balancer deletion (#2783, @bitoku)
  • Sticky weighted routing (#2740, @hanyhesham)
  • Update to golang 1.18 (#2774, @kishorj)
  • add guide on using a self managed (or existing) load balancer (#2765, @geoffcline)
  • Allow configuring the actual cluster DNS domain for the TLS certificate (#2770, @stephan2012)
  • Allow configuring the controller feature gates in helm chart (#2776, @khizunov)
  • refine docs about NLB (#2780, @M00nF1sh)
  • Fix documentation typo s/Amzon/Amazon/ (#2773, @jalessio)

ECR images

  • 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 558608220178.dkr.ecr.me-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 590381155156.dkr.ecr.eu-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 602401143452.dkr.ecr.ap-northeast-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 602401143452.dkr.ecr.ap-northeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 602401143452.dkr.ecr.ap-northeast-3.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 602401143452.dkr.ecr.ap-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 602401143452.dkr.ecr.ap-southeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 602401143452.dkr.ecr.ca-central-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 602401143452.dkr.ecr.eu-central-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 602401143452.dkr.ecr.eu-north-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 602401143452.dkr.ecr.eu-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 602401143452.dkr.ecr.eu-west-3.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 602401143452.dkr.ecr.sa-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 602401143452.dkr.ecr.us-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 602401143452.dkr.ecr.us-east-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 602401143452.dkr.ecr.us-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 800184023465.dkr.ecr.ap-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 877085696533.dkr.ecr.af-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
  • 918309763551.dkr.ecr.cn-north-1.amazonaws.com.cn/amazon/aws-load-balancer-controller:v2.4.4
  • 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-load-balancer-controller:v2.4.4

v2.4.3

1 year ago

v2.4.3 (requires Kubernetes 1.19+)

Documentation

Image: docker.io/amazon/aws-alb-ingress-controller:v2.4.3

Thanks to all our contributors! 😊

What's new

  1. This release introduces a new feature gate SubnetsClusterTagCheck, if set to false the controller ignores the cluster tag kubernetes.io/cluster/${cluster-name} during subnet auto-discovery. This featureGate is set to true by default, you can disable via the controller flag --feature-gates=SubnetsClusterTagCheck=false.
  2. A new feature gate EnableIPTargetType, if set to false, disables IP target support.
  3. Allow negative and duplicate group.orders for ingress group
  4. Update the base container image
  5. Helm chart changes

Fixes

  1. Set correct precedence for ingress rules in case of multiple matches
  2. enhance handling for InvalidIngressClass case
  3. fix failures during upgrade when using the default provided IngressClass and IngressClassParam
  4. CVE-2022-28948

Changelog since v2.4.2

  • enhance handling for InvalidIngressClass case (#2750, @M00nF1sh)
  • add docs for NLB TLS termination (#2680, @geoffcline)
  • revise install guide (#2704, @geoffcline)
  • bump chart version to 1.4.3 (#2746, @M00nF1sh)
  • add HELM support for aws-api-throttle (#2745, @M00nF1sh)
  • use a dedicated config to disable default pod affinity (#2743, @kishorj)
  • fix failures during upgrade when using the default provided IngressClass and IngressClassParam [#2732, @M00nF1sh]
  • Helm: Add field for Webhook namespace selector (#2724, @Volatus)
  • Update go pkg dependencies (#2742, @kishorj)
  • Enhance client side throttling information (#2739, @orsenthil)
  • e2e test changes to support china regions (#2723, @cgchinmay)
  • Update default cluster version for e2e tests (#2659, @kishorj)
  • Do not set caBundle for webhooks if CertManager is used (#2649, @mikael-lindstrom)
  • Fix Dockerfile go dependency caching (#2626, @hintofbasil)
  • Add docs for example of gRPC health check success codes (#2700, @ugwis)
  • docs: update versions in instructions to match official AWS docs (#2714, @Volatus)
  • Fixed typo: Listner => Listener (#2712, @PrajwalBorkar)
  • Add clusterName as debug info for troubleshooting (#2696, @guessi)
  • Updated run-e2e-test script to remove eksctl iamserviceaccount creation (#2664, @cgchinmay)
  • Fix for failing Ingress tests (#2658, @cgchinmay)
  • Add support to disable cluster tag check during subnet auto-discovery (#2635, @oliviassss)
  • Added EnableIPTargetType flag to controller (#2587, @thejasn)
  • Allow negative and duplicate group.orders (#2634, @jtdoepke)
  • Migrate to ginkgo v2 (#2639, @cgchinmay)
  • Add imagePullSecrets option to ServiceAccount in helm chart (#2624, @BrianKopp)
  • feat: add optional service monitor namespace (#2609, @shalom-cyera)
  • helm: Add additionalLabels to all components (#2618, @jdheyburn)
  • fix log level (#2598, @mikutas)
  • helm: add deployment annotation (#2611, @krrrr38)
  • Format clusterSecretsPermissions.allowAllSecrets (#2620, @orsenthil)
  • [minor] - print the env variable name in the output (#2610, @orsenthil)
  • Sort ingress rules by path length and pathType (#2409, @oliviassss)
  • helm chart update ; adding support to set affinity in podSpec to the empty map (#2576, @stensonb)
  • adding optional support for topologySpreadConstraints to helm chart (#2575, @stensonb)
  • separate target for helm chart crds generation (#2577, @kishorj)
  • [Doc] Update migrate_v1_v2 document (#2573, @yws-ss)
  • Auto generate CRDs for the Helm chart (#2517, @kishorj)
  • fix default value in the service annotation doc (#2569, @kishorj)
  • Misc minor fixes to docs (#2568, @prasadkatti)
  • fix formatting (#2567, @prasadkatti)
  • minor fix (#2566, @prasadkatti)
  • docs cleanup in ingress spec (#2565, @prasadkatti)

ECR images

  • 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 558608220178.dkr.ecr.me-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 590381155156.dkr.ecr.eu-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 602401143452.dkr.ecr.ap-northeast-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 602401143452.dkr.ecr.ap-northeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 602401143452.dkr.ecr.ap-northeast-3.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 602401143452.dkr.ecr.ap-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 602401143452.dkr.ecr.ap-southeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 602401143452.dkr.ecr.ca-central-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 602401143452.dkr.ecr.eu-central-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 602401143452.dkr.ecr.eu-north-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 602401143452.dkr.ecr.eu-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 602401143452.dkr.ecr.eu-west-3.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 602401143452.dkr.ecr.sa-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 602401143452.dkr.ecr.us-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 602401143452.dkr.ecr.us-east-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 602401143452.dkr.ecr.us-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 800184023465.dkr.ecr.ap-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 877085696533.dkr.ecr.af-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
  • 918309763551.dkr.ecr.cn-north-1.amazonaws.com.cn/amazon/aws-load-balancer-controller:v2.4.3
  • 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-load-balancer-controller:v2.4.3

v2.4.2

2 years ago

v2.4.2 (requires Kubernetes 1.19+)

Documentation

Image: docker.io/amazon/aws-alb-ingress-controller:v2.4.2

Thanks to all our contributors! 😊

What's new

  • This is a version with minimal changes which merely upgrade the base container image and Golang version.

Changelog since v2.4.1

ECR images

  • 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 558608220178.dkr.ecr.me-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 590381155156.dkr.ecr.eu-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 602401143452.dkr.ecr.ap-northeast-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 602401143452.dkr.ecr.ap-northeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 602401143452.dkr.ecr.ap-northeast-3.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 602401143452.dkr.ecr.ap-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 602401143452.dkr.ecr.ap-southeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 602401143452.dkr.ecr.ca-central-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 602401143452.dkr.ecr.eu-central-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 602401143452.dkr.ecr.eu-north-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 602401143452.dkr.ecr.eu-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 602401143452.dkr.ecr.eu-west-3.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 602401143452.dkr.ecr.sa-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 602401143452.dkr.ecr.us-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 602401143452.dkr.ecr.us-east-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 602401143452.dkr.ecr.us-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 800184023465.dkr.ecr.ap-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 877085696533.dkr.ecr.af-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.2
  • 918309763551.dkr.ecr.cn-north-1.amazonaws.com.cn/amazon/aws-load-balancer-controller:v2.4.2
  • 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-load-balancer-controller:v2.4.2

v2.4.1

2 years ago

v2.4.1 (requires Kubernetes 1.19+)

Documentation

Image: docker.io/amazon/aws-alb-ingress-controller:v2.4.1

Thanks to all our contributors! 😊

Action Required

🚨 🚨 🚨 The new HelmChart(version 1.4.1) and installation YAML for v2.4.1+ no longer contain the RBAC permission for controller to access Secret resources by default.

  • If you don't use the authentication via OIDC IDP feature for any Ingresses in cluster, no action is needed.
  • If you do use the authentication via OIDC IDP feature for any Ingress in cluster, you must grant the controller RBAC permission to access Secret resources been referenced. For backwards compatibility, the helm chart provides an option to grant controller RBAC permission to access all Secrets by explicitly setting --set clusterSecretsPermissions.allowAllSecrets=true. However, we recommend configuring separate namespaced Role/RoleBinding to grant controller access to your specific secret resources to strengthen security posture.

What's new

  1. Introduce a new featureGate named EndpointsFailOpen: Once enabled, when all eligible nodes get into "ready: unknown" state due to misconfiguration or outage, the controller will ensure fault-tolerance by registering nodes/pods in unknown state as targets to let load balancer still able to handle traffic. This featureGate is not enabled by default in this version and can be enabled via the controller flag --feature-gates=EndpointsFailOpen=true.
  2. The controller will no longer require permissions for all Secret resources. If the authentication via OIDC IDP feature is used, you must grant the controller RBAC permission to access the referenced Secret resources.

Bug fixes

  1. Fix issue with certificates reconcile so the controller can recover from TooManyCertificates error
  2. Fix race condition between pod readiness gate inject and ingress model update
  3. Restrict webhook server to TLS 1.3
  4. Monitor secrets only if necessary
  5. documentation changes

Changelog since v2.4.0

  • update iam permissions for TGB only configuration (#2554, @kishorj)
  • Update pods with readinessGate as healthy for deleted TGB (#2524, @oliviassss)
  • add support to optionally fail-open when all nodes are been isolated (#2546, @M00nF1sh)
  • monitor secret resources only if necessary (#2550, @kishorj)
  • Upgrade webhook server minimum version to TLS1.3 (#2547, @oliviassss)
  • Clarify cluster tag requirement in docs (#2527, @adammw)
  • remove undesired certificates before adding new ones (#2528, @oliviassss)
  • typo error (#2518, @nimboya)
  • Updated test helper script for e2e tests (#2510, @cgchinmay)
  • Make e2e LB name test work with clusters that have . in the name (#2516, @olemarkus)
  • update docs-publish target to v2.4 (#2513, @kishorj)

ECR images

  • 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 558608220178.dkr.ecr.me-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 590381155156.dkr.ecr.eu-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 602401143452.dkr.ecr.ap-northeast-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 602401143452.dkr.ecr.ap-northeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 602401143452.dkr.ecr.ap-northeast-3.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 602401143452.dkr.ecr.ap-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 602401143452.dkr.ecr.ap-southeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 602401143452.dkr.ecr.ca-central-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 602401143452.dkr.ecr.eu-central-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 602401143452.dkr.ecr.eu-north-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 602401143452.dkr.ecr.eu-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 602401143452.dkr.ecr.eu-west-3.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 602401143452.dkr.ecr.sa-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 602401143452.dkr.ecr.us-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 602401143452.dkr.ecr.us-east-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 602401143452.dkr.ecr.us-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 800184023465.dkr.ecr.ap-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 877085696533.dkr.ecr.af-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.1
  • 918309763551.dkr.ecr.cn-north-1.amazonaws.com.cn/amazon/aws-load-balancer-controller:v2.4.1
  • 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-load-balancer-controller:v2.4.1