v3.2.0 Release Notes
๐ Quick Links
v3.2.0 (requires Kubernetes 1.22+)
Image: public.ecr.aws/eks/aws-load-balancer-controller:v3.2.0
Thanks to all our contributors!๐๐๐
โ ๏ธ Action Required
CRD Updates
Action : Please apply the latest CRD definitions
- kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller/crds?ref=master"
Gateway API updates
๐จ This release moves the Gateway API version from 1.3 to 1.5. For NLB Gateway users, this means that TLSRoute has been moved to the v1 API and is no longer served in the Alpha API version. It is recommended to install the experimental version of the TLSRoute to ensure zero downtime upgrades. ๐จ
- Installation of LBC Gateway API specific CRDs: kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/refs/heads/main/config/crd/gateway/gateway-crds.yaml
- If using only ALB Gateway
- Standard Gateway API CRDs: kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.5.0/standard-install.yaml
- If using NLB Gateway
- Experimental Gateway API CRDs: kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.3.0/experimental-install.yaml [Required: Used for L4 Routes]
๐จDeprecations
- --aws-vpc-tag-key is now deprecated and ignored. All tags from --aws-vpc-tags are always used for VPC lookup. This flag will be removed in a future release.
๐จBreaking Changes
- If you were passing multiple tags via --aws-vpc-tags but your VPC only matched a subset of them, the controller will now fail to find the VPC since all tags are used as filters. Update your VPC tags or your --aws-vpc-tags value to ensure they match.
๐ What's New
Gateway API Features
- Update to Gateway API v1.5.0
- Autodetect Gateway resources. No more feature flag flipping! The feature flags are still available to turn off the Gateway API feature.
- Introduce ListenerSet resources
Ingress Features
- Add Frontend NLB attributes annotation
๐ง Enhancements and Fixes
- [Bug fix] Fixed subnet resolution when subnets having conflicting name tags.
- [Bug fix] Fixed multi tag VPC look ups.
- [Bug fix] Normalize ingress DNS name to lower case.
- [Bug fix] Prevent nil pointer when assigning endpoints to WAF / Shield clients.
- [Enhancement] Configurable re-queue time for Target Group Bindings.
- [Enhancement] Automatically skip aws: system tags during tag reconcilation.
- [Enhancement] Backfill concurrency controls in Helm chart.
- [Enhancement] Adding namespace selectors to Service and Ingress webhooks.
Documentation Updates
- Add cert expiry best practices
- Add more AGA examples
- Update label selector documentation
What's Changed
- update golang.org/x/net/ to resolve cves by @zac-nixon in #4608
- add auto detection of gateway api resources by @zac-nixon in #4602
- feat(ingress): add frontend-nlb-attribtues annotation for ingress by @swarner1033 in #4380
- Update documents for TargetGroupBinding and Helm Installation with ArgoCD by @zac-nixon in #4610
- Fix subnet resolution when multiple subnets share the same Name tag by @bjhaid in #4588
- add sorting after describeSubnet and update contribute instruction by @shuqz in #4612
- Upgrade to v1.5 of Gateway API by @zac-nixon in #4613
- [feat gw-api]add gateway and gatewayclass level tgc support by @shuqz in #4611
- fix route status reconciler for gw v1.5 upgrade by @zac-nixon in #4615
- ListenerSet event handler by @zac-nixon in #4616
- Add flag supporting configurable targetgroupbinding requeue duration by @cezarsa in #4617
- add target optimizer field to gateway documentation by @zac-nixon in #4619
- add listenerset, fix bug with route reconciler, add proper unit tests by @zac-nixon in #4620
- add cert expiry best practice by @zac-nixon in #4622
- [feat i2g]setup cli and framework by @shuqz in #4621
- Add missing feature gates to docs and fix search bar by @swibrow in #4618
- [feat aga] Add additional examples for usecases by @shraddhabang in #4623
- [Gateway API] ListenerSet Loader by @zac-nixon in #4625
- add ingress webhook validator selectors to helm chart by @zac-nixon in #4626
- Skip AWS system tags during tag reconciliation by @wweiwei-li in #4628
- [Gateway API] Validate ListenerSet listeners by @zac-nixon in #4629
- [feat i2g]implement annotation translate by @shuqz in #4630
- Expose some missing max-concurrency flags in Helm chart by @cezarsa in #4637
- [Gateway API] Support attaching routes from listeners originating from a ListenerSet by @zac-nixon in #4639
- [feat i2g]add translate for use-annotation by @shuqz in #4642
- [Gateway API] ListenerSet status updater by @zac-nixon in #4645
- fix: Allowing namespace selectors for mservice webhook by @wesbrownfavor in #4646
- add listener set docs by @zac-nixon in #4647
- Change default client-side rate-limiter to correctly match ELBv2 api limits by @cezarsa in #4641
- Fix multi-tag VPC lookup by @shraddhabang in #4638
- Update LabelSelector reference to v1.32 by @saivenkateshi in #4635
- resolve parent ref gateway whenever listener is used by @zac-nixon in #4650
- Fix ingress and service controllers to normalize dns name by @bobert-2 in #4655
- Fix FindLoadBalancerByDNSName to be case-insensitive by @bobert-2 in #4657
- fixes from listenerset conformance testing by @zac-nixon in #4660
- Fix: skip empty ExternalId in AssumeRole for cross-account TGB by @devanshpoplii in #4659
- fix: guard BaseEndpoint assignment for wafregional and shield clients by @kahirokunn in #4658
- Refactor Gateway API tests into modules by @zac-nixon in #4661
- update base image by @zac-nixon in #4664
- implement conditions and transforms translation by @shuqz in #4653
- add calculate attached listenerset unit test by @zac-nixon in #4665
New Contributors
- @bjhaid made their first contribution in #4588
- @cezarsa made their first contribution in #4617
- @swibrow made their first contribution in #4618
- @wesbrownfavor made their first contribution in #4646
- @saivenkateshi made their first contribution in #4635
- @devanshpoplii made their first contribution in #4659
Full Changelog: v3.1.0...v3.2.0