chore: avoid hard-code AWS Load Balancer Controller version

Author: guessi

latest/ug/clusters/private-clusters.adoc

@@ -115,7 +115,7 @@ We recommend that you link:vpc/latest/privatelink/interface-endpoints.html#enabl
 * *EFS storage* - If your Pods use Amazon EFS volumes, then before deploying the <<efs-csi,Store an elastic file system with Amazon EFS>>, the driver's https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/master/deploy/kubernetes/overlays/stable/kustomization.yaml[kustomization.yaml] file must be changed to set the container images to use the same {aws} Region as the Amazon EKS cluster.
 * Route53 does not support {aws} PrivateLink. You cannot manage Route53 DNS records from a private Amazon EKS cluster. This impacts Kubernetes https://github.com/kubernetes-sigs/external-dns[external-dns].
 * If you use the EKS Optimized AMI, you should enable the `ec2` endpoint in the table above. Alternatively, you can manually set the Node DNS name. The optimized AMI uses EC2 APIs to set the node DNS name automatically. 
-* You can use the <<aws-load-balancer-controller,{aws} Load Balancer Controller>> to deploy {aws} Application Load Balancers (ALB) and Network Load Balancers to your private cluster. When deploying it, you should use https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/deploy/configurations/#controller-command-line-flags[command line flags] to set `enable-shield`, `enable-waf`, and `enable-wafv2` to false. https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/ingress/cert_discovery/#discover-via-ingress-rule-host[Certificate discovery] with hostnames from Ingress objects isn't supported. This is because the controller needs to reach {aws} Certificate Manager, which doesn't have a VPC interface endpoint.
+* You can use the <<aws-load-balancer-controller,{aws} Load Balancer Controller>> to deploy {aws} Application Load Balancers (ALB) and Network Load Balancers to your private cluster. When deploying it, you should use https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/deploy/configurations/#controller-command-line-flags[command line flags] to set `enable-shield`, `enable-waf`, and `enable-wafv2` to false. https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/cert_discovery/#discover-via-ingress-rule-host[Certificate discovery] with hostnames from Ingress objects isn't supported. This is because the controller needs to reach {aws} Certificate Manager, which doesn't have a VPC interface endpoint.
 +
 The controller supports network load balancers with IP targets, which are required for use with Fargate. For more information, see <<alb-ingress>> and <<network-load-balancer>>.
 * https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md[Cluster Autoscaler] is supported. When deploying Cluster Autoscaler Pods, make sure that the command line includes `--aws-use-static-instance-list=true`. For more information, see https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md#use-static-instance-list[Use Static Instance List] on GitHub. The worker node VPC must also include the {aws} STS VPC endpoint and autoscaling VPC endpoint.

latest/ug/networking/eks-networking-add-ons.adoc

@@ -43,7 +43,7 @@ This add-on maintains network rules on your Amazon EC2 nodes and enables network
 == Optional {aws} networking add-ons
 
 *{aws} Load Balancer Controller*::
-When you deploy Kubernetes service objects of type `loadbalancer`, the controller creates {aws} Network Load Balancers . When you create Kubernetes ingress objects, the controller creates {aws} Application Load Balancers. We recommend using this controller to provision Network Load Balancers, rather than using the https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/service/annotations/#legacy-cloud-provider[legacy Cloud Provider] controller built-in to Kubernetes. For more information, see the https://kubernetes-sigs.github.io/aws-load-balancer-controller[{aws} Load Balancer Controller] documentation.
+When you deploy Kubernetes service objects of type `loadbalancer`, the controller creates {aws} Network Load Balancers . When you create Kubernetes ingress objects, the controller creates {aws} Application Load Balancers. We recommend using this controller to provision Network Load Balancers, rather than using the https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/service/annotations/#legacy-cloud-provider[legacy Cloud Provider] controller built-in to Kubernetes. For more information, see the https://kubernetes-sigs.github.io/aws-load-balancer-controller[{aws} Load Balancer Controller] documentation.
 
 
 *{aws} Gateway API Controller*::

latest/ug/networking/lbc-helm.adoc

@@ -110,7 +110,7 @@ helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
   --set clusterName=my-cluster \
   --set serviceAccount.create=false \
   --set serviceAccount.name=aws-load-balancer-controller \
-  --version 1.13.0
+  --version 1.14.0
 ----
 
 

latest/ug/networking/lbc-manifest.adoc

@@ -225,11 +225,11 @@ curl -Lo v2_14_0_full.yaml https://github.com/kubernetes-sigs/aws-load-balancer-
 ----
 . Make the following edits to the file.
 +
-.. If you downloaded the `v2_13_3_full.yaml` file, run the following command to remove the `ServiceAccount` section in the manifest. If you don't remove this section, the required annotation that you made to the service account in a previous step is overwritten. Removing this section also preserves the service account that you created in a previous step if you delete the controller.
+.. If you downloaded the `v2_14_0_full.yaml` file, run the following command to remove the `ServiceAccount` section in the manifest. If you don't remove this section, the required annotation that you made to the service account in a previous step is overwritten. Removing this section also preserves the service account that you created in a previous step if you delete the controller.
 +
 [source,shell,subs="verbatim,attributes"]
 ----
-sed -i.bak -e '730,738d' ./v2_13_3_full.yaml
+sed -i.bak -e '764,772d' ./v2_14_0_full.yaml
 ----
 +
 If you downloaded a different file version, then open the file in an editor and remove the following lines.  
@@ -250,7 +250,7 @@ metadata:
 +
 [source,shell,subs="verbatim,attributes"]
 ----
-sed -i.bak -e 's|your-cluster-name|my-cluster|' ./v2_13_3_full.yaml
+sed -i.bak -e 's|your-cluster-name|my-cluster|' ./v2_14_0_full.yaml
 ----
 .. If your nodes don't have access to the Amazon EKS Amazon ECR image repositories, then you need to pull the following image and push it to a repository that your nodes have access to. For more information on how to pull, tag, and push an image to your own repository, see <<copy-image-to-repository>>.
 +
@@ -263,7 +263,7 @@ Add your registry's name to the manifest. The following command assumes that you
 +
 [source,shell,subs="verbatim,attributes"]
 ----
-sed -i.bak -e 's|public.ecr.aws/eks/aws-load-balancer-controller|111122223333.dkr.ecr.region-code.amazonaws.com/eks/aws-load-balancer-controller|' ./v2_13_3_full.yaml
+sed -i.bak -e 's|public.ecr.aws/eks/aws-load-balancer-controller|111122223333.dkr.ecr.region-code.amazonaws.com/eks/aws-load-balancer-controller|' ./v2_14_0_full.yaml
 ----
 .. (Required only for Fargate or Restricted IMDS) 
 +
@@ -287,7 +287,7 @@ spec:
 +
 [source,shell,subs="verbatim,attributes"]
 ----
-kubectl apply -f v2_13_3_full.yaml
+kubectl apply -f v2_14_0_full.yaml
 ----
 . Download the `IngressClass` and `IngressClassParams` manifest to your cluster.
 +
@@ -299,7 +299,7 @@ curl -Lo v2_14_0_ingclass.yaml https://github.com/kubernetes-sigs/aws-load-balan
 +
 [source,shell,subs="verbatim,attributes"]
 ----
-kubectl apply -f v2_13_3_ingclass.yaml
+kubectl apply -f v2_14_0_ingclass.yaml
 ----
 
 

latest/ug/security/cross-service-confused-deputy-prevention.adoc

@@ -22,7 +22,7 @@ If the `aws:SourceArn` value does not contain the account ID, such as an Amazon
 [#cross-service-confused-deputy-cluster-role]
 == Amazon EKS cluster role cross-service confused deputy prevention
 
-An Amazon EKS cluster IAM role is required for each cluster. Kubernetes clusters managed by Amazon EKS use this role to manage nodes and the link:https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/service/annotations/#legacy-cloud-provider[legacy Cloud Provider] uses this role to create load balancers with Elastic Load Balancing for services.
+An Amazon EKS cluster IAM role is required for each cluster. Kubernetes clusters managed by Amazon EKS use this role to manage nodes and the link:https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/service/annotations/#legacy-cloud-provider[legacy Cloud Provider] uses this role to create load balancers with Elastic Load Balancing for services.
 These cluster actions can only affect the same account, so we recommend that you limit each cluster role to that cluster and account.
 This is a specific application of the {aws} recommendation to follow the _principle of least privilege_ in your account.
 

latest/ug/security/iam-reference/cluster-iam-role.adoc

@@ -10,14 +10,14 @@ include::../../attributes.txt[]
 Learn how to create and configure the required {aws} Identity and Access Management role for Amazon EKS clusters to manage nodes and load balancers using managed or custom IAM policies.
 --
 
-An Amazon EKS cluster IAM role is required for each cluster. Kubernetes clusters managed by Amazon EKS use this role to manage nodes and the https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/service/annotations/#legacy-cloud-provider[legacy Cloud Provider] uses this role to create load balancers with Elastic Load Balancing for services.
+An Amazon EKS cluster IAM role is required for each cluster. Kubernetes clusters managed by Amazon EKS use this role to manage nodes and the https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/service/annotations/#legacy-cloud-provider[legacy Cloud Provider] uses this role to create load balancers with Elastic Load Balancing for services.
 
 Before you can create Amazon EKS clusters, you must create an IAM role with either of the following IAM policies:
 
 
 
 * link:aws-managed-policy/latest/reference/AmazonEKSClusterPolicy.html[AmazonEKSClusterPolicy,type="documentation"]
-* A custom IAM policy. The minimal permissions that follow allows the Kubernetes cluster to manage nodes, but doesn't allow the https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/service/annotations/#legacy-cloud-provider[legacy Cloud Provider] to create load balancers with Elastic Load Balancing. Your custom IAM policy must have at least the following permissions:
+* A custom IAM policy. The minimal permissions that follow allows the Kubernetes cluster to manage nodes, but doesn't allow the https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/service/annotations/#legacy-cloud-provider[legacy Cloud Provider] to create load balancers with Elastic Load Balancing. Your custom IAM policy must have at least the following permissions:
 +
 [source,json,subs="verbatim,attributes"]
 ----

latest/ug/workloads/alb-ingress.adoc

@@ -65,7 +65,7 @@ If you're using multiple security groups attached to worker node, exactly one se
 If the subnet role tags aren't explicitly added, the Kubernetes service controller examines the route table of your cluster VPC subnets. This is to determine if the subnet is private or public. We recommend that you don't rely on this behavior. Rather, explicitly add the private or public role tags. The {aws} Load Balancer Controller doesn't examine route tables. It also requires the private and public tags to be present for successful auto discovery.
 
 
-* The https://github.com/kubernetes-sigs/aws-load-balancer-controller[{aws} Load Balancer Controller] creates ALBs and the necessary supporting {aws} resources whenever a Kubernetes ingress resource is created on the cluster with the `kubernetes.io/ingress.class: alb` annotation. The ingress resource configures the ALB to route HTTP or HTTPS traffic to different Pods within the cluster. To ensure that your ingress objects use the {aws} Load Balancer Controller, add the following annotation to your Kubernetes ingress specification. For more information, see https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/ingress/spec/[Ingress specification] on GitHub.
+* The https://github.com/kubernetes-sigs/aws-load-balancer-controller[{aws} Load Balancer Controller] creates ALBs and the necessary supporting {aws} resources whenever a Kubernetes ingress resource is created on the cluster with the `kubernetes.io/ingress.class: alb` annotation. The ingress resource configures the ALB to route HTTP or HTTPS traffic to different Pods within the cluster. To ensure that your ingress objects use the {aws} Load Balancer Controller, add the following annotation to your Kubernetes ingress specification. For more information, see https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/spec/[Ingress specification] on GitHub.
 +
 [source,yaml,subs="verbatim,attributes"]
 ----
@@ -87,7 +87,7 @@ alb.ingress.kubernetes.io/ip-address-type: dualstack
 NOTE: Your Kubernetes service must specify the `NodePort` or `LoadBalancer` type to use this traffic mode.
 ** *IP*
  – Registers Pods as targets for the ALB. Traffic reaching the ALB is directly routed to Pods for your service. You must specify the `alb.ingress.kubernetes.io/target-type: ip` annotation to use this traffic mode. The IP target type is required when target Pods are running on Fargate or Amazon EKS Hybrid Nodes.
-* To tag ALBs created by the controller, add the following annotation to the controller: `alb.ingress.kubernetes.io/tags`. For a list of all available annotations supported by the {aws} Load Balancer Controller, see https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/ingress/annotations/[Ingress annotations] on GitHub.
+* To tag ALBs created by the controller, add the following annotation to the controller: `alb.ingress.kubernetes.io/tags`. For a list of all available annotations supported by the {aws} Load Balancer Controller, see https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/[Ingress annotations] on GitHub.
 * Upgrading or downgrading the ALB controller version can introduce breaking changes for features that rely on it. For more information about the breaking changes that are introduced in each release, see the https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases[ALB controller release notes] on GitHub.
 
 
@@ -164,7 +164,7 @@ eksctl create fargateprofile \
 +
 [source,bash,subs="verbatim,attributes"]
 ----
-kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.14.0/docs/examples/2048/2048_full.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/latest/docs/examples/2048/2048_full.yaml
 ----
 *** *Private*::
 
@@ -173,7 +173,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-bala
 +
 [source,bash,subs="verbatim,attributes"]
 ----
-curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.14.0/docs/examples/2048/2048_full.yaml
+curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/latest/docs/examples/2048/2048_full.yaml
 ----
 .... Edit the file and find the line that says `alb.ingress.kubernetes.io/scheme: internet-facing`.
 .... Change [.replaceable]`internet-facing` to `internal` and save the file.
@@ -189,7 +189,7 @@ kubectl apply -f 2048_full.yaml
 +
 [source,bash,subs="verbatim,attributes"]
 ----
-curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.14.0/docs/examples/2048/2048_full.yaml
+curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/latest/docs/examples/2048/2048_full.yaml
 ----
 ... Open the file in an editor and add the following line to the annotations in the ingress spec.
 +
@@ -237,7 +237,7 @@ image::images/2048.png[2048 sample application,scaledwidth=100%]
 +
 [source,bash,subs="verbatim,attributes"]
 ----
-kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.14.0/docs/examples/2048/2048_full.yaml
+kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/latest/docs/examples/2048/2048_full.yaml
 ----
 ** If you downloaded and edited the manifest, use the following command.
 +