v2.9.0

v2.9.0 (requires Kubernetes 1.22+)

Documentation

Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.9.0
Thanks to all our contributors! 😊

Action required

🚨 🚨 🚨 The v2.9.0 contains a bug which will crash controllers with the account subscribed to AWS shield advanced service as described in #3888, please upgrade to v2.9.2+ for the bug fix if your account has subscribed to AWS shield and your controller has shield service enabled.
We've added a listenerAttributes field to IngressClassParams to support listener attributes for load balancers in the future. Note that there are no listener attributes supported on Application Load Balancers (ALBs) yet. Therefore, this field is currently not used. However, updating CRDs is necessary for future compatibility. If you're upgrading the charts using helm upgrade, you need to update CRDs manually: kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller/crds?ref=master"

AWS NLB now supports configurable TCP idle timeout. We've updated the reference IAM policies to explicitly add the elasticloadbalancing:DescribeListenerAttributes and elasticloadbalancing:ModifyListenerAttributes permissions for describing and modifying this listener attribute for NLB's TCP listener resources on controller.

What's new

• AWS Load Balancer Controller now uses the new AWS SDK Go v2 version. The v2 SDK is designed to make API calls more efficiently, leading to improved performance in your applications. It comes with built-in retry mechanisms which will help us retrying the requests less aggressively. It also includes a variety of built-in backoff strategies, such as exponential backoff. These strategies help to avoid overwhelming the AWS service and give it time to recover from temporary errors.
• Supports listener attributes on load balancers.
  • AWS Network Load Balancer (NLB) now supports configurable TCP idle timeout. This allows you to align the TCP idle timeout value of NLB with clients and target applications. This capability can help reduce TCP connection retries and latency in applications that use long-lived flows, such as telemetry reporting devices, databases, streaming services, and ERP systems.
• Support for allowing multiple security groups with the same Name tag to be resolved for load balancers. The old implementation incorrectly assumed a one-to-one mapping between security group names. This fix allows multiple security groups with the same name to be resolved and attached to load balancers, providing flexible configurations and avoiding errors.
• Support for identifying VPC by tags using a new runtime argument. This is helpful when access to AWS metadata is blocked and the VPC ID is unknown at deploy time.

Enhancement and Fixes

• (Chart): Allow disabling ingress validation via helm flag
• Migrate AWS SDK GO V1 to V2.
• Support vpc- in target group binding vpc-id validation
• Set klog logger to harmonize logging format

Changelog since v2.8.3

• Use the documented .Capabilities.KubeVersion.Version built-in value in the hpa template (#3766, @prasadkatti)
• Migrate aws sdk go v1 to v2 (#3844, @shraddhabang)
• Support listener attributes (#3843, @, @wweiwei-li)
• feat: support vpc- in target group binding vpc-id validation (#3845, @khizunov)
• Allow disabling ingress validation via helm flag (#3847, @sarevalo2002)
• fix: Set klog logger to harmonize logging format (#3833, @mycrEEpy)
• Doc: Fix markdown table (#3832, @linoleparquet)
• [Doc] Update cert-manager GitHub URL (#3842, @capytan)
• bump up base image version (#3854, @oliviassss)
• update mkdocs dependencies (#3803, @M00nF1sh)
• Allow multiple SGs with the same Name tag(#3775, @alloveras)
• Fetch VPC ID from runtime using VPC tags provided via controller flags (#3656, @jeswinkoshyninan)

Full Changelog: v2.8.3...v2.9.0