v2.10.0 (requires Kubernetes 1.22+)
Documentation
Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.10.0
Thanks to all our contributors!
Action required
🚨 🚨 🚨 We’ve added the multiClusterTargetGroup field to the TargetGroupBinding which users can set in order to share target groups among different Kubernetes clusters. Make sure to update the CRD definition in your cluster. If you're upgrading the charts using helm upgrade, you need to update CRDs manually: kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller/crds?ref=master"
ELB has updated their managed policy to include ec2:GetSecurityGroupsForVpc. We have updated the Load Balancer Controller policy to reflect that change. Please be sure to apply the latest IAM policy when upgrading.
What’s new
- AWS Load Balancer Controller now supports MultiCluster target groups. This mode allows users to share target groups among multiple clusters, enabling a wide variety of use cases. For more information checkout the use case documentation
- We’ve added support SageMaker HyperPod clusters. Users can now install the Load Balancer Controller into SageMaker HyperPod clusters in order to get integration with AWS ELB.
- We’ve added integration with a new ELB feature that allows configuring sourceNAT for Dualstack NLBs to allow UDP traffic over IPv6.
Enhancement and Fixes
- Update shield integration to use in-region endpoint rather then always using us-east-1.
- (docs) Fix TLS Ingress annotation documentation for Security policy
- (docs) Fix configuration documentation typos
- (docs) Fix external-dns routing policies link
- Add new ec2:GetSecurityGroupsForVpc permission to LBC policy.
Changelog since v2.9.2
- UDP Support over IPv6 via Dualstack NLBs using SourceNAT configurations (#3926)
- Refactor aws cloud service and introduce a client provider (#3895)
- New Feature: Multi Cluster TargetGroupBinding (#3853)
- add sagemaker-hyperpod compute type to resolve its pods via VPC ENI (#3886)
- Fixed documentation typos (#3885)
- Fix alphabetic order in CRD for verify CRD to run (#3911)
- chore(docs): fix external-dns routing policies link (#3893)
- fix(docs): Update the link to the AWS documentation for the TLS Ingress annotation for Security policy (#3876)
- update the region of shield api (#3920)
- add ec2:GetSecurityGroupsForVpc to account for ELB API changes (#3921)
- BUG FIX: fix log message when target group and cluster are in different VPCs (#3924)