kubernetes-sigs/aws-load-balancer-controller v2.2.0

on GitHub

v2.2.0 (requires Kubernetes 1.16+)

Documentation

Image: docker.io/amazon/aws-alb-ingress-controller:v2.2.0

Thanks to all our contributors! 😊

Action Required

1. New IAM Permissions needed: sample policy, sample policy for cn, sample policy for gov-cloud
2. New RBAC permissions needed (included in latest yaml/helm chart)
3. CRD/Webhook updates needed (included in latest yaml/helm chart)
4. breaking change: NLB will be provisioned as internal by default. Annotation service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing need to be explicitly specified on the service to provision an internet-facing NLB. (existing NLBs managed by this controller are not affected).
5. breaking change: Ingresses rules referencing non-existing Service/Action will be replaced by fixed 503 responses instead of preventing Ingress from reconcile.
6. breaking change: Tags specified via --default-tags controller flag will takes highest priority.

What's new

1. NLB Instance mode
2. service.beta.kubernetes.io/aws-load-balancer-private-ipv4-addresses annotation to configure private static IPs for an internal NLB
3. IngressClassParams CRD to restrict LoadBalancer settings across multiple Ingresses
4. alb.ingress.kubernetes.io/ssl-redirect annotation to simplify HTTP-To-HTTPS redirect configuration
5. Ingress PathType
6. Resource Tagging for Listener and ListenerRules
7. Ability to specify custom load balancer name for ALB/NLB
8. Ability to select backend nodes by labels for Ingress/Service/TargetGroupBinding
9. Ability to provision ALB on LocalZone
10. Ability to opt-out management for certain tags via controller flags
11. Ability to customize webhook's certificate locations via controller flags
12. Ability to specify default SSL policy via controller flags

Enhancements

1. Better handling for Ingress rules referencing non-existing Service.
2. Use objectSelector for pod mutator webhook
3. Upgraded to v1 API for webhook and CRD

Bug Fixes

1. Fixed the default certificate selection for ALB/Ingress(#1836)
2. Fixed issues around legacy readinessGate removal(#1782 )

Changelog since v2.1.3

• resolve VPC CIDRs for UDP protocol (#2008, @kishorj)
• Doc updates for NLB instance mode support (#2007, @kishorj)
• add event handler for ingressClass&ingressClassParams events (#1991, @M00nF1sh)
• filter redundant health check SG rules (#2006, @kishorj)
• allow invalid ingressClass for update events without ingressClass change. (#2005, @M00nF1sh)
• Docs update about IngressClass & new controller-level flags (#2002, @M00nF1sh)
• remove deprecated apiVersion (#1850, @ngoyal16)
• Add unit tests for VPC resolver (#2004, @kishorj)
• Update Installation manifests (CRD/Webhook/Controller) (#2000, @M00nF1sh)
• update site_name (#1982, @mikutas)
• Add flags to set server key and certificate (#1983, @lxlxok)
• Add docs around how does the AWS LB controller work with legacy cloud provider (#1988, @kolorful)
• Limit HealthCheckNodePort to service type LoadBalancer (#1980, @kishorj)
• doc update for non-EKS installs (#1979, @kishorj)
• add support for tags in ingressClassParams (#1976, @M00nF1sh)
• add rbac to read IngressClassParams (#1977, @M00nF1sh)
• add support for external-managed-tags & prefer defaultTags (#1970, @M00nF1sh)
• tolerate misconfiguration that references non-exists service or action (#1967, @M00nF1sh)
• Sort targetGroup Attrs (#1971, @kishorj)
• enforce LB attributes according to IngressClassParams (#1969, @M00nF1sh)
• Provision internal NLB by default (#1964, @kishorj)
• Use objectSelector for pod mutator webhook (#1958, @kishorj)
• docs: update Subnet discovery with optional tag (#1943, @kreempuff)
• Fix new tagging ARNs in aws-cn IAM policy (#1944, @rifelpet)
• Resource tagging for Listener and Rules (#1887, @kishorj)
• Fixed an issue where mergedTLSCerts would be sorted. (#1863, @yutachaos)
• fix flaky throttle test (#1923, @M00nF1sh)
• adjust mocks generation (#1922, @M00nF1sh)
• add support for local zone (#1920, @M00nF1sh)
• Support custom ALB name via annotation (#1899, @kishorj)
• gRPC docs (#1901, @brianannis)
• add support for IngressClassParams's group settings (#1913, @M00nF1sh)
• Additional e2e tests for service (#1898, @kishorj)
• Highlight the need to tag subnets (#1904, @isqrd)
• Adding a note about the preservation of ALB (#1919, @nataizya-s)
• Add IAM policy for US GovCloud (#1912, @1riggs)
• add validating webhook for ingress_class_params (#1902, @M00nF1sh)
• Update installation instructions (#1896, @kishorj)
• Update nlb target type annotation (#1894, @kishorj)
• improve missing service handling for targetGroupBinding (#1888, @M00nF1sh)
• Updating the default resource tag documentation to reference the correct tag name (#1889, @georgew5656)
• Support target node labels for ingress (#1874, @kishorj)
• Add e2e tests for NLB instance mode (#1860, @kishorj)
• set default log level to info (#1877, @kishorj)
• Add a flag to set the default SSL Policy (#1881, @laurovenancio)
• Add support for specifying the load balancer's name via annotation (#1880, @rifelpet)
• Fixed race condition test (#1866, @yutachaos)
• Doc update for attribute reset (#1869, @mikhailadvani)
• IngressClassParams support (#1849, @M00nF1sh)
• Add support for NLB instance mode (#1832, @kishorj)
• Change check for remove regacy readiness gate (#1844, @cw-sakamoto)
• add support for ssl-redirect annotation (#1837, @M00nF1sh)
• Add support for NodeSelector in TargetGroupBindings (#1785, @Smirl)
• add support for Ingress pathType (#1772, @M00nF1sh)
• Add support for specifying PrivateIpv4Address via annotation (#1762, @Smirl)

ECR images

• 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 558608220178.dkr.ecr.me-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 590381155156.dkr.ecr.eu-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 602401143452.dkr.ecr.ap-northeast-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 602401143452.dkr.ecr.ap-northeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 602401143452.dkr.ecr.ap-northeast-3.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 602401143452.dkr.ecr.ap-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 602401143452.dkr.ecr.ap-southeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 602401143452.dkr.ecr.ca-central-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 602401143452.dkr.ecr.eu-central-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 602401143452.dkr.ecr.eu-north-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 602401143452.dkr.ecr.eu-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 602401143452.dkr.ecr.eu-west-3.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 602401143452.dkr.ecr.sa-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 602401143452.dkr.ecr.us-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 602401143452.dkr.ecr.us-east-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 602401143452.dkr.ecr.us-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 800184023465.dkr.ecr.ap-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 877085696533.dkr.ecr.af-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.2.0
• 918309763551.dkr.ecr.cn-north-1.amazonaws.com.cn/amazon/aws-load-balancer-controller:v2.2.0
• 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-load-balancer-controller:v2.2.0