v2.17.0 (requires Kubernetes 1.22+)
Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.17.0
Thanks to all our contributors! 😊
Known Issues
Helm Chart 1.17.0 includes duplicated CRD globalaccelerators, causing kustomize render to fail
⚠️ Actions required to use the new AWS Global Accelerator controller
- CRD Updates - If you're upgrading the charts using helm upgrade, you need to update CRDs manually: kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/refs/heads/main/config/crd/aga/aga.k8s.aws_globalaccelerators.yaml
- IAM Policy Updates - Update the controller's IAM policy with Global Accelerator permissions (see IAM Policy)
- RBAC Updates - Apply the latest RBAC definitions for Global Accelerator controller permissions (see RBAC)
- Feature Flag for Global Accelerator - Enable the feature flag
--enable-global-accelerator=true,--feature-gates=EnableRGTAPIto use Accelerator functionality
🚀 What's New
AWS Global Accelerator Support - A new controller that enables declarative management of AWS Global Accelerators directly from Kubernetes using Custom Resource Definitions (CRDs). It allows users to define Global Accelerator resources as Kubernetes manifests, automatically provisioning and managing accelerators, listeners, endpoint groups, and endpoints that reference Kubernetes Ingress, Kubernetes Services, Kubernetes Gateway, and AWS resource ARNs. For more details, check the documentation:
- Introduction of AWS Global Accelerator Controller
- Installation and Prerequisites for AWS Global Accelerator Controller
- Example of using AWS Global Accelerator Controller
Gateway API - GA Release Candidate: The Gateway API implementation in this release is considered a Release Candidate for its General Availability (GA) release planned for next month. We encourage extensive testing in production-like environments and welcome your feedback via GitHub issues to ensure a stable GA release. What's new in this release:
- TCP_UDP Protocol: Complete support for combined TCP_UDP protocol on NLB Gateways with detailed usage guidance
- Per-ParentRef Status: Route status now correctly updates per parentRef instead of per-route
- ReplacePrefixMatch: Enhanced support with documented ALB limitations
- Conformance Report: Generated Gateway API conformance report with detailed test results
- ACM Cert Discovery: Fixed memory leak in ACM certificate discovery
- App Protocol Support: Added support for kubernetes.io/h2c App Protocol
🔧 Enhancements and Fixes
✨ Enhancements
- Cross-Zone Handling: Improved handling for cross-zone disabled ALBs with automatic AZ detection
- Weighted Target Groups: Added support for weighted target groups on NLB listeners
🐛 Bug Fixes
- Helm Template: Fixed
objectSelector.matchExpressionsindentation inwebhook.yaml - Helm Chart: Added
--max-targets-per-target-groupflag support
📚 Documentation
- Prometheus Metrics: Corrected metric names to include
aws_prefix in documentation
Changelog since v2.16.0
- cut v2.17.0 release (#4514, @wweiwei-li)
- fix kustomize build error by correcting webhook name (#4513, @wweiwei-li)
- Fix markdown issue for the FR template (#4507, @guessi)
- bundle AGA crds into standard deployment (#4512, @wweiwei-li)
- Fix IPv6 tests (#4511, @wweiwei-li)
- Fix typo in pod readiness gate doc (#4420, @davidxia)
- add trust store e2e test and script for local testing (#4510, @shuqz)
- correct drift check for mtls listeners (#4505, @zac-nixon)
- handle cross zone disabled for alb (#4496, @shuqz)
- Add missing RBAC permissions for GlobalAccelerator CRD (#4508, @wweiwei-li)
- Run CI test in parallel (#4503, @wweiwei-li)
- Add check for duplicate endpoints (#4502, @wweiwei-li)
- Add condition to AGA IAM policy (#4501, @wweiwei-li)
- refactor app protocol, add support for app protocols that kubernetes + elb supports (#4500, @zac-nixon)
- Add basic aga controller e2e tests (#4485, @wweiwei-li)
- docs(prometheus): metric name should include aws_ prefix (#4443, @samuelmasuy)
- feat: add maxTargetsPerTarget group flag to helm chart (#4408, @mmiller-sh)
- use one instance of acm cert discovery in gateway builder (#4493, @zac-nixon)
- [feat gw-api]conformance report (#4489, @shuqz)
- [feat gw-api]add e2e for gateway status update validation (#4488, @shuqz)
- [feat gw-api]modify route status update per parentRef (#4483, @shuqz)
- NLB weighted target groups (#4484, @zac-nixon)
- [feat aga] Move iam policies into its own file for easy setup (#4486, @shraddhabang)
- [feat aga] Implement auto-discovery feature for supported endpoints (#4476, @shraddhabang)
- [feat aga] Add documentation for AGA controller (#4478, @shraddhabang)
- [feat aga] Implement endpoint management for endpoint groups in accelerator (#4471, @shraddhabang)
- [gw api] Add TCP_UDP for gateway api (#4469, @zac-nixon)
- Support BYOIP (#4475, @wweiwei-li)
- [feat aga] Implement endpoint group management with port override conflict resolution (#4470, @shraddhabang)
- [feat aga] Implement AGA endpoint resource references loading and monitoring (#4458, @shraddhabang)
- Merge AGAController branch into main (#4466, @zac-nixon)
- [feat aga] Add AGA listener support without auto-discovery (#4436, @shraddhabang)
