Skip to content

Releases: kubernetes-sigs/aws-load-balancer-controller

v1.1.6

23 Mar 07:34
95ee2ac
Compare
Choose a tag to compare

Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.6

Changelog since v1.1.5

Action Required:

  • This version of controller needs new IAM permissions (Note: only needed when shield related annotation is used)

New Features

Other notable changes

v1.1.5

14 Jan 11:33
2560c81
Compare
Choose a tag to compare

Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.5

Changelog since v1.1.4

New Features

32587b3 advanced_routing/weighted_routing support

Other notable changes

25b9705 Rewrite GetClusterSubnets() using EC2 specific API (This enables the controller to run in pure-private VPC with privateLink. Note: this is not complete, there is still a dependency on RGT, so clean up in PurePrivate VPC don't work)
b58bba7 ignore fargate nodes for instance type (This allows instance target-type when both EC2 node and fargate node presents)
3226ff2 adding cache around wafAPI usage (This fix WAF throttling issues when there are frequently pod/node changes)
acdc3b2 docs(echoserver.md): fix typos
27884d4 docs: update example for ExternalDNS

v1.1.4

02 Dec 07:32
b42cd80
Compare
Choose a tag to compare

Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.4

Note: This version supports EKS on Fargate with mode IP(alb.ingress.kubernetes.io/target-type: ip)
To run aws-alb-ingress-controller itself as an Fargate based pod:

  1. The --aws-vpc-id and --aws-region have to be specified in controller YAML.
  2. IAM for pods should be used to grant permission for the controller, Alternatively,AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY can be specified in controller YAML(not recommended for production)

Changelog since v1.1.3

New Features

9563e61 Allow load balancing algorithm to be specified
4d1f94c enhance ip mode for non-ec2 nodes

Others

9563e61 Allow load balancing algorithm to be specified
3d77b64 Merge pull request #1067 from tghaas/tghaas-doc-fix
5ce8ded Merge pull request #1079 from azweb76/patch-1
8b2d59c fix ingress example
e30318f fixup docs for load-balancer-attributes
97914ae docs: clarify security group name comes from tag

v1.1.3

16 Sep 18:26
6101b02
Compare
Choose a tag to compare

Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.3

NOTE: This version is forward-compatible with V2 branch(versions above v1.2.0-alpha.1) and backward-compatible with older versions(versions below v1.1.3). The master branch will continue to be maintained and developed until V2 branch matures.

Changelog since v1.1.2

Action Required

  1. The SecurityGroup management for worker node have changed, please ensure there are only a single SecurityGroup on worker node ENIs or multiple SecurityGroups but only one of them are tagged with kubernetes.io/cluster/<cluster-name> (This should be default settings on various AWS based k8s installation and is same requirement by Kubernetes AWS cloudProvider). Migration will happen automatically if above requirement meets Details

New Features

  1. IPV6 CIDR are supported in alb.ingress.kubernetes.io/inbound-cidrs annotation
  2. Ability to specify AuthenticationRequestExtraParams
  3. Ability to do concurrent reconciliation
  4. Forward compatible with version above v1.2.0.alpha.1

Other notable changes

  1. Performance improvement for discover ACM certs

ff7724e upgrade aws-sdk to use iam-for-pods
32a6572 adding cache for cert discovery
d90c340 Update the Travis go version
55f9a02 tag aws resources with v2 style tags to enable migration to v2
f74c746 refactor security group handling to reuse worker node security group instead of creating new one
da9fad5 Switch to use new test framework
a7d83be Switch to use multi stage build for container Remove binary build in ci_e2e_test.sh
443f07d Seperate ipv6 permissions from ipv4
a37776d Added ipv6 suppport to SG
3d8cebe Address PR comments for ipv6 cidr
84daa82 Added support for IPv6 CIDRs in security groups
88f890e add flag to enable concurrent reconciliation.
24cfadd update(docs): fixed markdown code syntax
2cd600c update(docs): added additional instructions
299bb1a update(docs): added additional instructions
ffe4647 update(docs): added additional instructions
31a3bd2 update-docs(create-record-set)
1c72b93 AuthenticationRequestExtraParams authentication action
166df43 Add documentation about configuring WAF
05e6e06 make links relative
36d7920 fix broken link for cognito-ingress-template
4ca5606 add permission to use cognito
2402597 Fix panic when deleting an ALB with no default SG in the VPC
dacad85 enhance certificate auto-discover functionality 1. domains in SAN section of certificate will be matched too 2. If multiple certificate were found for a host, an error will be issued. 3. If none certificate were found for a host, an error will be issued.
28834c2 Add support for shared subnets
e7656b6 fix unit test
491164b Add idle_timeout.timeout_seconds annotation docs
58f6733 Fix extra hyphen in ingress-controller example
8065bb8 Scopes must be space-separated list
51dda47 Update ingress docs for authentication
6038b2d fixed formatting issues and added page to mkdocs.yml
0a74112 Added configuration page for ALB Ingress Controller with Cognito Auth

First alpha release for V2 branch

15 Jul 20:30
Compare
Choose a tag to compare
Pre-release

The V2 branch contains massive refactor to support IngressGroup feature,

Docker Image: amazon/aws-alb-ingress-controller:v1.2.0-alpha.1
Instructions for install and IngressGroup feature: #914

Caution

  • Do not use this release in production yet.
  • This release is not backwards compatible with current v1.1.2 release(old ALB/TargetGroup for Ingress won't be reused), we'll release a glue version(likely v1.1.3) to enable seamless upgrades.

v1.1.2

01 Mar 02:26
cc1c597
Compare
Choose a tag to compare

Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.2

Changelog since v1.1.1

Action Required

  1. New IAM permission needed: ec2:DescribeNetworkInterfaces (The full set of required IAM permission is available in iam-policy.json)

New Features

  1. Auto select certificates based on ingress hostname(#864) (note: HTTPS listener must be explicitly requested via alb.ingress.kubernetes.io/listen-ports to enable this feature)

Other notable changes

  1. Register out-of-vpc targets using 'all' AZ setting
  2. E2E framework & test cases for mode instance and mode IP
  3. Remove cache on AWS API calls
  4. Fix error msg for internet LB subnet tagging requirement
  5. Bug fix for hanging when delete managed securityGroup
  6. Bug fix for detect WAF Regional service availablity
  7. Doc update for cognito sample
  8. Doc improvement
  9. Doc improvement
  10. Doc improvement

v1.1.1

19 Jan 01:36
87bef3e
Compare
Choose a tag to compare

Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.1

Changelog since v1.1.0

Action Required

  1. If you manually added multiple certificates to ALB listeners before, you needs to add the additional certificate via alb.ingress.kubernetes.io/certificate-arn annotation(otherwise, these additional certificates will be removed during reconcile)
  2. Additional IAM Permission are needed:
  • elasticloadbalancing:AddListenerCertificates
  • elasticloadbalancing:RemoveListenerCertificates
  • elasticloadbalancing:DescribeListenerCertificates

New Features

  1. Support for multiple SSL certificates
  2. Installation via kustomize

v1.1.0

15 Jan 22:53
72962fc
Compare
Choose a tag to compare

v1.0.1

06 Dec 01:32
ebac62d
Compare
Choose a tag to compare

v1.0.0

19 Nov 18:06
60383d8
Compare
Choose a tag to compare

v1.0.0

Documentation

Docker Image: 894847497797.dkr.ecr.us-west-2.amazonaws.com/aws-alb-ingress-controller:v1.0.0

Changelog since 1.0-beta.7

Action Required

  • change annotation security-group-inbound-cidr to inbound-cidr(#733, @M00nF1sh)
  • annotation ignore-host-header is removed. Please remove it from your ingress.(Host condition will only be applied if you have specified host in your ingress spec)
  • IAM policy have been changed. Please refer iam-policy.json
  • --ingress-class flag behavior has changed: (note: --ingress-class=alb is set in helm chart/example yaml by default)
    • new behavior:
      • If --ingress-class=xxx flag is set, only ingress with kubernetes.io/ingress.class: xxx annotation will be targeted.
      • If --ingress-class=xxx flag is not set, both ingress without kubernetes.io/ingress.class or with kubernetes.io/ingress.class: alb will be targeted.
    • old behavior:
      • If --ingress-class=xxx flag is set, and xxx is not alb, only ingress with kubernetes.io/ingress.class: xxx annotation will be targeted.
      • if --ingress-class flag is not set, or set as --ingress-class=alb, both ingress without kubernetes.io/ingress.class or with kubernetes.io/ingress.class: alb will be targeted.

Other notable changes