Skip to content

v2.7.0

Compare
Choose a tag to compare
@shraddhabang shraddhabang released this 01 Feb 02:37
· 103 commits to main since this release
ed00c81

v2.7.0 (requires Kubernetes 1.22+)

Documentation

Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.7.0
Thanks to all our contributors! 😊

Action required

We've updated the reference IAM policies to explicitly add the elasticloadbalancing:DescribeTrustStores permission for describing the trust stores resources to use the new mTLS feature for ingresses on controller. load balancer and listener resources. We recommend updating your controller IAM policies with the new permissions for your existing installations as well.

Whats new

  • Introducing the support for (mTLS) Mutual Transport Layer Security on Ingress through AWS LB Controller. Its delivers mTLS feature by integrating the trust stores into listener management. The customer will be able to set the desired mTLS mode and will be able to provide the existing trust store Name/ARN (they have created through CLI/Console) through new annotations for Ingress. To use this feature, you need to update the IAM policy to add elasticloadbalancing:DescribeTrustStores permission
  • Add a controller flag --service-target-eni-security-group-tags to allow users to specify additional tags that should be used when the controller looks for the security group to use when adding ingress rules for NLB targets
  • Adding support for default readiness probe for controller. Please note that the installation of older image tags against the latest helm chart version (1.7.0 or later) will fail due to this new addition of readiness probe.

Enhancement and Fixes

  • Support for EKS pod identities
  • Helm chart enhancements: add webhook readiness check; add revisionHistoryLimit
  • Helm chart field to enable HPA. The main purpose of enable HPA is to survive load induced failure by the calls to the aws-load-balancer-webhook-service
  • Documentation enhancements

Changelog since v2.6.2