v2.13.0

v2.13.0 (requires Kubernetes 1.22+)

[PLEASE USE v2.13.2]

Documentation

Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.13.3
Thanks to all our contributors! 😊

Action required

🚨 🚨 🚨

We’ve added new fields to the IngressClassParams CRD. Please apply the latest CRD definitions: kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller/crds?ref=master"

What’s new

• Improved Prometheus metrics!
  • Checkout the new Prometheus metrics. Their documentation can be found here. https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.13/guide/metrics/prometheus. We hope this improves the ability to debug issues using the LBC and monitoring general trends. Please submit an issue if you think we missed an important metric to collect.
• Added support for ALB as a target of NLB to Service objects.
  • We are thrilled to add support for this highly requested, popular NLB / ALB feature. https://aws.amazon.com/blogs/networking-and-content-delivery/application-load-balancer-type-target-group-for-network-load-balancer/
  • Check out the new annotations in the https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.13/guide/ingress/annotations/#enable-frontend-nlb to get started.
• LBC now supports RAM shared VPCs
  • In the v2.12.0 release, LBC added support for cross account Target Groups. However, we missed some critical functionality to support Target Groups using RAM shared VPCs.
  • Using https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.13/guide/targetgroupbinding/targetgroupbinding/#assumerole should seamlessly work for peered and RAM shared VPCs.
• LBC now supports TCP_UDP type Listeners and TargetGroups.
  • TCP_UDP is a popular listener type for AWS NLB, which allows serving both TCP and UDP from the same port. We have backfilled this feature into the LBC.
  • You can enable this feature by specifying a service with TCP and UDP protocols on the same port.
  • In order to enable the feature, please enable the LBC feature flag EnableTCPUDPListener or specify individual services to enable the feature by using the annotation service.beta.kubernetes.io/aws-load-balancer-enable-tcp-udp-listener
• The LBC now supports a very basic Gateway API implementation
  • We have implemented a basic Gateway for both ALB and NLB.
  • See the documentation here https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.13/guide/gateway/gateway/

Enhancement and Fixes

• Added more customization options (TargetType, PrefixListsIDs) to the IngressClassParams CRD.
• Allow for setting PPv2 header at per target group level.
• Refactored Subnet discovery to make LB creation easier.
• Updated to Go 1.24.2 and AL2023 base image to resolve security vulnerabilities.
• Lots of documentation and logging fixes!

Changelog since v2.12.0

• Bump version to 2.13, add documentation for Gateway API (4169, @zac-nixon)
• [gw api] gateway class reconciler, config generation (4163, @zac-nixon)
• [feat gw-api] add support for capacity reservation and add simple logic to process lb configuration (4162, @shuqz)
• Add certs discovery (4159, @wweiwei-li)
• Add support for TCP_UDP to NLB TargetGroups and Listeners (4161, @lyda, @amorey, @zac-nixon)
• [feat: gw api] Add common listener config for gateway api (4160, @shraddhabang)
• bug: fix misformated crd url in CRD cleanup (4157, @Issacwww)
• [feat:gw-api] add support for ServiceExternalTrafficPolicyLocal (4156, @shuqz)
• [feat: gw-api] Creating Target Group + TGB from Gateway spec (4150, @zac-nixon)
• [feat: gw api] Add eventhandler for the gateway resource (4149, @shraddhabang)
• Enable frontend NLB (4126, @wweiwei-li)
• [feat: gw api] subnet discovery that works for both ALB / NLB (4137, @zac-nixon)
• support cli flag to enable manage backend SG rules for ALB (4145, @shuqz)
• chore: change tgb field to lowercase everywhere to avoid logs dropped due to conflict in OS/ES (4143, @94DanielBrown)
• Add TargetType field to IngressClassParams (4029, @mikutas)
• Update security_groups.md (4120, @tucktuck9)
• Update configurations.md (4120, @tucktuck9)
• fix bug in subnet resolver (4114, @M00nF1sh)
• Allow the same certificate to be specified for both the default and SNI certificate (4113, @u-kai)
• Allow override of Certificate resource fields for duration of webhook certs (4105, @usamaahmadkhan)
• Merge pull request #4109 from M00nF1sh/subnet-reachability (4109, @M00nF1sh)
• Update Go to version 1.24.1, update base image to AL2023 (4104, @kellyyan)
• docs: fix broken link to targetgroupbinding CRD page (4101, @ariyonaty)
• Add prometheus metrics (4056, @wweiwei-li)
• [bug fix] handle ram shared VPCs for cross account tgb (4095, @zac-nixon)
• Add PrefixListsIDs field to IngressClassParams (3860, @gdlx)
• Added support for setting Proxy protocol per target group based on ServicePort (4079, @pthak94)
• Added example for multiple certificates to Service annotation (4078, @raghu-manne)
• service healthcheck timeout doc (3945, @phuhung273)
• add missing targets field to de/registered targets log (3898, @applike-ss)