Releases: kubernetes-sigs/aws-load-balancer-controller
v1.1.6
Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.6
Changelog since v1.1.5
Action Required:
- This version of controller needs new IAM permissions (Note: only needed when shield related annotation is used)
New Features
- Pod readiness gates (#955, @devkid) Documentation
- Add ALB attribute to configure dropping invalid headers (#1136, @jnevelson)
- Add support for enabling AWS Shield Advanced protection (#1126, @hhamalai)
Other notable changes
- rely on node condition instead of EC2 and add cordon node support (#1172, @M00nF1sh)
- Optimize endpoint reconcile (#1179, @OmerKahani)
- Detect unconditional redirects and ignore any rules defined afterwards (#1162, @tomfotherby)
- Add back aws api cache (#1154, @jescarri)
- Multiple bug fixes and doc enhancements (#1200, @M00nF1sh)
- support to use regional STS when using iam-for-service-accounts (#1198, @M00nF1sh)
- Docs: Duplicate port warning. (#1122, @nitrag)
- Typo in the "alb-ingress-controller.yaml" if env variables are to be used (#1176, @FlorianOtel)
- Fix doc spelling typo (#1148, @slobo)
- Updated the ingress name. (#1190, @tde908)
v1.1.5
Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.5
Changelog since v1.1.4
New Features
32587b3 advanced_routing/weighted_routing support
Other notable changes
25b9705 Rewrite GetClusterSubnets() using EC2 specific API (This enables the controller to run in pure-private VPC with privateLink. Note: this is not complete, there is still a dependency on RGT, so clean up in PurePrivate VPC don't work)
b58bba7 ignore fargate nodes for instance type (This allows instance
target-type when both EC2 node and fargate node presents)
3226ff2 adding cache around wafAPI usage (This fix WAF throttling issues when there are frequently pod/node changes)
acdc3b2 docs(echoserver.md): fix typos
27884d4 docs: update example for ExternalDNS
v1.1.4
Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.4
Note: This version supports EKS on Fargate with mode IP(alb.ingress.kubernetes.io/target-type: ip
)
To run aws-alb-ingress-controller itself as an Fargate based pod:
- The
--aws-vpc-id
and--aws-region
have to be specified in controller YAML. - IAM for pods should be used to grant permission for the controller, Alternatively,
AWS_ACCESS_KEY_ID
/AWS_SECRET_ACCESS_KEY
can be specified in controller YAML(not recommended for production)
Changelog since v1.1.3
New Features
9563e61 Allow load balancing algorithm to be specified
4d1f94c enhance ip mode for non-ec2 nodes
Others
9563e61 Allow load balancing algorithm to be specified
3d77b64 Merge pull request #1067 from tghaas/tghaas-doc-fix
5ce8ded Merge pull request #1079 from azweb76/patch-1
8b2d59c fix ingress example
e30318f fixup docs for load-balancer-attributes
97914ae docs: clarify security group name comes from tag
v1.1.3
Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.3
NOTE: This version is forward-compatible with V2 branch(versions above v1.2.0-alpha.1) and backward-compatible with older versions(versions below v1.1.3). The master branch will continue to be maintained and developed until V2 branch matures.
Changelog since v1.1.2
Action Required
- The SecurityGroup management for worker node have changed, please ensure there are only a single SecurityGroup on worker node ENIs or multiple SecurityGroups but only one of them are tagged with kubernetes.io/cluster/<cluster-name> (This should be default settings on various AWS based k8s installation and is same requirement by Kubernetes AWS cloudProvider). Migration will happen automatically if above requirement meets Details
New Features
- IPV6 CIDR are supported in alb.ingress.kubernetes.io/inbound-cidrs annotation
- Ability to specify AuthenticationRequestExtraParams
- Ability to do concurrent reconciliation
- Forward compatible with version above v1.2.0.alpha.1
Other notable changes
ff7724e upgrade aws-sdk to use iam-for-pods
32a6572 adding cache for cert discovery
d90c340 Update the Travis go version
55f9a02 tag aws resources with v2 style tags to enable migration to v2
f74c746 refactor security group handling to reuse worker node security group instead of creating new one
da9fad5 Switch to use new test framework
a7d83be Switch to use multi stage build for container Remove binary build in ci_e2e_test.sh
443f07d Seperate ipv6 permissions from ipv4
a37776d Added ipv6 suppport to SG
3d8cebe Address PR comments for ipv6 cidr
84daa82 Added support for IPv6 CIDRs in security groups
88f890e add flag to enable concurrent reconciliation.
24cfadd update(docs): fixed markdown code syntax
2cd600c update(docs): added additional instructions
299bb1a update(docs): added additional instructions
ffe4647 update(docs): added additional instructions
31a3bd2 update-docs(create-record-set)
1c72b93 AuthenticationRequestExtraParams authentication action
166df43 Add documentation about configuring WAF
05e6e06 make links relative
36d7920 fix broken link for cognito-ingress-template
4ca5606 add permission to use cognito
2402597 Fix panic when deleting an ALB with no default SG in the VPC
dacad85 enhance certificate auto-discover functionality 1. domains in SAN section of certificate will be matched too 2. If multiple certificate were found for a host, an error will be issued. 3. If none certificate were found for a host, an error will be issued.
28834c2 Add support for shared subnets
e7656b6 fix unit test
491164b Add idle_timeout.timeout_seconds annotation docs
58f6733 Fix extra hyphen in ingress-controller example
8065bb8 Scopes must be space-separated list
51dda47 Update ingress docs for authentication
6038b2d fixed formatting issues and added page to mkdocs.yml
0a74112 Added configuration page for ALB Ingress Controller with Cognito Auth
First alpha release for V2 branch
The V2 branch contains massive refactor to support IngressGroup feature,
Docker Image: amazon/aws-alb-ingress-controller:v1.2.0-alpha.1
Instructions for install and IngressGroup feature: #914
Caution
- Do not use this release in production yet.
- This release is not backwards compatible with current v1.1.2 release(old ALB/TargetGroup for Ingress won't be reused), we'll release a glue version(likely v1.1.3) to enable seamless upgrades.
v1.1.2
Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.2
Changelog since v1.1.1
Action Required
- New IAM permission needed: ec2:DescribeNetworkInterfaces (The full set of required IAM permission is available in iam-policy.json)
New Features
- Auto select certificates based on ingress hostname(#864) (note: HTTPS listener must be explicitly requested via
alb.ingress.kubernetes.io/listen-ports
to enable this feature)
Other notable changes
- Register out-of-vpc targets using 'all' AZ setting
- E2E framework & test cases for mode instance and mode IP
- Remove cache on AWS API calls
- Fix error msg for internet LB subnet tagging requirement
- Bug fix for hanging when delete managed securityGroup
- Bug fix for detect WAF Regional service availablity
- Doc update for cognito sample
- Doc improvement
- Doc improvement
- Doc improvement
v1.1.1
Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.1
Changelog since v1.1.0
Action Required
- If you manually added multiple certificates to ALB listeners before, you needs to add the additional certificate via alb.ingress.kubernetes.io/certificate-arn annotation(otherwise, these additional certificates will be removed during reconcile)
- Additional IAM Permission are needed:
- elasticloadbalancing:AddListenerCertificates
- elasticloadbalancing:RemoveListenerCertificates
- elasticloadbalancing:DescribeListenerCertificates
New Features
v1.1.0
Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.0
Changelog since v1.0.1
Action Required
N/A
New Features
- Support authentication via Cognito and OIDC, See docs here
- Support using existing targetGroup as backend, See docs here
- Support using named port to denote healthcheck port
Other notable changes
v1.0.1
v1.0.1
image: docker.io/amazon/aws-alb-ingress-controller:v1.0.1
Changelog since v1.0.0
Action Required
N/A
Other notable changes
v1.0.0
v1.0.0
Docker Image: 894847497797.dkr.ecr.us-west-2.amazonaws.com/aws-alb-ingress-controller:v1.0.0
Changelog since 1.0-beta.7
Action Required
- change annotation
security-group-inbound-cidr
toinbound-cidr
(#733, @M00nF1sh) - annotation
ignore-host-header
is removed. Please remove it from your ingress.(Host condition will only be applied if you have specified host in your ingress spec) - IAM policy have been changed. Please refer iam-policy.json
--ingress-class
flag behavior has changed: (note:--ingress-class=alb
is set in helm chart/example yaml by default)- new behavior:
- If
--ingress-class=xxx
flag is set, only ingress withkubernetes.io/ingress.class: xxx
annotation will be targeted. - If
--ingress-class=xxx
flag is not set, both ingress withoutkubernetes.io/ingress.class
or withkubernetes.io/ingress.class: alb
will be targeted.
- If
- old behavior:
- If
--ingress-class=xxx
flag is set, andxxx
is notalb
, only ingress withkubernetes.io/ingress.class: xxx
annotation will be targeted. - if
--ingress-class
flag is not set, or set as--ingress-class=alb
, both ingress withoutkubernetes.io/ingress.class
or withkubernetes.io/ingress.class: alb
will be targeted.
- If
- new behavior:
Other notable changes
- Refactored whole codebase to improve maintainability and testability.(#650, #651, #653, #654, #664, #674, #694, @bigkraig, @M00nF1sh)
- Adding support for specify default tags at controller level(#711, @jmcarp)
- Adding feature gate for WAF support(#728, @M00nF1sh)
- Allow service of type LoadBalancer for instance target mode(#732, @hatmatter)
- Align tagging support for securityGroups with other resources(#730, @M00nF1sh)
- Fixed bug when handling empty path in ingress spec(#736, @M00nF1sh)
- Resolve VPC ID and AWS Region from ec2metadata during start up(#723, @M00nF1sh)
- Rewriten docs using mkdocs(#737, @M00nF1sh)
- Migrate CI/CD from travis to PROW(#705, @M00nF1sh)