Skip to content

v2.8.0
Compare
Choose a tag to compare
@shraddhabang shraddhabang released this 17 May 23:43
· 64 commits to main since this release
v2.8.0
6afa404
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

v2.8.0 (requires Kubernetes 1.22+)

Documentation

Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.8.0
Thanks to all our contributors! 😊

Action required

We have added certificateArn and updated ipAddressType fields in IngressClassParams, and added vpcID field in TargetGroupBinding. If you are upgrading the charts using helm upgrade, you need to update CRDs manually kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller/crds?ref=master"

ALB mTLS is now available in the China partition. We've updated the reference IAM policies to explicitly add the elasticloadbalancing:DescribeTrustStores permission for describing the trust stores resources to use the new mTLS feature for ingresses on controller. If you want to use the ALB mTLS feature in China region, updating your controller IAM policies with the new permissions.

Whats new

  • Support set the certificateArn for Ingress at the IngressClass level. This feature adds new certificateArn to the IngressClassParams Spec to configure the ARN of the certificates for all Ingresses that belong to IngressClass with this IngressClassParams.
  • Support public IPv4 disablement for dualstack customer. This feature adds new ipAddressType enum dualstack-without-public-ipv4 to allow customers to provision load balancers without IPv4s for clients that can connect using just IPv6s. For example, users can choose a dualstack ALB without public IPv4 when setting up a new internet facing ALB, or switch to dualstack without public IPv4 for an existing internet facing ALB by specifying alb.ingress.kubernetes.io/ip-address-type: dualstack-without-public-ipv4 . To set the ipAddressType for ingress at the IngressClass level, add ipAddressType: dualstack-without-public-ipv4 to the IngressClassParams Spec. See AWS Launch What’s New Post about this feature.
  • Support optionally enforcing NLB security groups on PrivateLink traffic. This feature adds new annotation aws-load-balancer-inbound-sg-rules-on-private-link-traffic to configure whether to apply security group rules to traffic sent to the load balancer through AWS PrivateLink.
  • Support for TargetGroupBinding on targets outside the cluster's VPC. This feature adds vpcID to the TargetGroupBinding Spec to allow registration in target groups that are created with in a VPC that is different from the cluster VPC. If the vpcID is unspecified, the controller will fetch the cluster vpcID by default.
  • Support for Specify Managed Prefix List for access control. This feature adds new annotation alb.ingress.kubernetes.io/security-group-prefix-lists and service.beta.kubernetes.io/aws-load-balancer-security-group-prefix-lists to ensure the security group attached to the load balancer can allow access from the specified Managed Prefix List. The annotation will be ignored if alb.ingress.kubernetes.io/security-groups or service.beta.kubernetes.io/aws-load-balancer-security-groups is present.

Enhancement and Fixes

  • (Chart): Add additional service monitor functionality
  • (Chart): Allow passing template values for clusterName, region and vpcId
  • (Chart): Add RuntimeClassName
  • (Chart) Support —load-balancer-class in Helm Chart
  • Provide more customization options for the service mutator webhook
  • Preserve loadBalancerClass on Service updates

Changelog since v2.7.2

Contributors

diversario, andreybutenko, and 12 other contributors
Assets 4
Loading