github kubernetes-sigs/aws-load-balancer-controller v3.0.0
on GitHub

8 hours ago

📚 Quick Links

v3.0.0 (requires Kubernetes 1.22+)

Image: public.ecr.aws/eks/aws-load-balancer-controller:v3.0.0

Documentation

Thanks to all our contributors!💜💜💜

🎉 Gateway API is Now GA!

We are excited to announce that Gateway API support is now Generally Available (GA) in AWS Load Balancer Controller v3.0.0! This milestone marks the production-ready status of Gateway API features for managing AWS Application Load Balancers and Network Load Balancers through the Kubernetes Gateway API. We encourage you to try it out and welcome any feedback via GitHub Issues.
For more gateway api details, please refer to our live doc.

⚠️ Action Required

Webhook Certificate Issue

  • Issue: #4359 attempted to fix a race condition in webhook certificate renewal but introduced a critical bug. The aws-load-balancer-tls Secret persists but the Certificate that owned and renewed it was removed, causing eventual certificate expiration and webhook TLS failures (#4541). This prevents the controller from updating target group bindings and can lead to outages. This bug impacts users deploying with Helm and utilizing the enableCertManager=true flag.
  • Action for users staying on older versions: Set keepTLSSecret=false in your helm chart to mitigate the issue
  • Action for users upgrading to v3.0.0: No action required - the fix is included in this release

🔧 Enhancements and Fixes

  • Helm Chart Version Alignment: Helm chart version now aligns with LBC version. Previously, LBC v2.x used Helm chart v1.x (e.g., LBC v2.17 = Helm v1.17). Starting with v3.0.0, both versions match.
  • Gateway Deletion: Removed route count check when deleting gateways, allowing deletion of gateways with attached routes (#4549)
  • Subnet Ordering: Fixed subnet order preservation when using aws-load-balancer-subnets annotation - now maintains requested order instead of non-deterministic ordering (#4504)
  • AZ Mismatch Fix: Fixed orphaned targets issue caused by AvailabilityZone mismatch in refreshUnhealthyTargets - targets are now properly deregistered regardless of cached AZ (#4544)
  • NLB Target Group Limit: Fixed target group association limit error for weighted configs by including base service UID in target group name generation (#4540)
  • Listener Error Propagation: Fixed target group tuple error messages not being propagated to end users (#4545)
  • Webhook Certificate: Reverted race condition fix in webhook certificate renewal that caused issues (#4542)

📋 Full Changelog

  • Revert "fix: Race condition in webhook certificate renewal with cert-… by @zac-nixon in #4542
  • Fix NLB target group association limit issue for weighted configs by @shraddhabang in #4540
  • Fix AZ mismatch in refreshUnhealthyTargets causing orphaned targets by @MinhNguyen-at in #4544
  • Update model_build_listener.go by @zac-nixon in #4545
  • Fix: preserve requested order for subnets when using aws-load-balancer-subnets annotation by @nelsen129 in #4504
  • Remove KeepTLS parameter in helm chart by @zac-nixon in #4548
  • [gateway api] remove route count check for deleting gateway by @zac-nixon in #4549
  • [feat gateway-api]update gw api doc by @shuqz in #4550
  • cut v3.0.0 release by @shuqz in #4551

New Contributors

Full Changelog: v2.17.1...v3.0.0

Check out latest releases or
releases around kubernetes-sigs/aws-load-balancer-controller v3.0.0

Don't miss a new aws-load-balancer-controller release

NewReleases is sending notifications on new releases.

Get notifications