📚 Quick Links
v3.1.0 (requires Kubernetes 1.22+)
Image: public.ecr.aws/eks/aws-load-balancer-controller:v3.1.0
Documentation
Thanks to all our contributors!💜💜💜
⚠️ Action Required
CRD Updates
Action : Please apply the latest CRD definitions
kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller/crds?ref=master"
If using Gateway API feature
- Installation of LBC Gateway API specific CRDs:
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/refs/heads/main/config/crd/gateway/gateway-crds.yaml - Standard Gateway API CRDs:
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.3.0/standard-install.yaml[REQUIRED] - Experimental Gateway API CRDs:
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.3.0/experimental-install.yaml[OPTIONAL: Used for L4 Routes]
🚀 What's New
Gateway API Enhancements
- [ALB Gateway] Port defaulting for scheme - Fixed redirect port handling to comply with Gateway API spec. When port is not specified in HTTPRequestRedirectFilter, the controller correctly defaults to well-known ports (80 for http, 443 for https) based on the redirect scheme.
- [ALB Gateway] Improved regex handling - Corrected regex value handling in Gateway API route matching
- [Gateway] Status hostname normalization - Gateway status hostnames are now normalized to lowercase for consistency
AWS Global Accelerator Controller
- [AGA] Cross-namespace reference support - AGA resources can now reference resources across namespaces, enabling more flexible multi-tenant architectures
🔧 Enhancements and Fixes
- [NLB Gateway] TLS passthrough listener - Fixed TLS listener construction to respect TLS mode configuration. NLB Gateways now support passthrough, termination, and re-encryption modes as defined in Gateway API spec. Note: SNI-based routing is not supported due to AWS NLB dataplane limitations.
- [Ingress] Rule optimizer - Fixed incorrect removal of regex-based listener rules that could cause routing failures
- [HelmUpgrade] Webhook certificate regeneration - Fixed certificate regeneration issues during Helm upgrades. Reintroduce the keepTLSSecret parameter with improved logic that maintains cert-manager compatibility.
- [Gateway] NPE on invalid parameters - Added null pointer protection and enhanced debugging for invalid parameter references
Documentation Updates
- Updated service.beta.kubernetes.io/aws-load-balancer-type annotation documentation
- Moved QUIC documentation to L4 section for better organization
- Updated Helm chart information
Changelog since v3.0.0
- [feat aga] Add cross-namespace reference support for AGA by @shraddhabang in #4547
- fix TLS passthrough listener by @zac-nixon in #4559
- Fix NPE on invalid parameters ref, add more debugging details to accepted status by @zac-nixon in #4562
- add port defaulting for scheme by @zac-nixon in #4568
- move QUIC documentation to l4 by @zac-nixon in #4570
- Fix rule optimizer incorrectly removing regex-based listener rules by @shraddhabang in #4569
- correct regex value handling in gateway api by @zac-nixon in #4577
- Add k8s event for TGB failures by @vishwas121 in #4571
- Update docs for service.beta.kubernetes.io/aws-load-balancer-type annotation by @kellyyan in #4578
- update helm info by @zac-nixon in #4583
- Fix webhook certificate regeneration on Helm upgrades by @shraddhabang in #4581
- Filter RequeueNeeded errors to skip event triggers on TGB controller by @vishwas121 in #4584
- fix(gateway): normalize status hostname to lowercase by @TOGEP in #4591
New Contributors
- @vishwas121 made their first contribution in #4571
- @TOGEP made their first contribution in #4591
Full Changelog: v3.0.0...v3.1.0