v2.5.4

v2.5.4 (requires Kubernetes 1.22+)

Documentation

Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.5.4
Thanks to all our contributors! 😊

Fixes

• Fixed a bug in the eventhandler that was ignoring the update event triggered by --sync-period and preventing the auto-reconciliation of the controller. From this version, the controller will reconcile all the resources even if there is no change in manifest, per the default interval of 10hr. For more information, please refer to the doc

Changelog since v2.5.3

• doc enhancement for waf addons and reconciliation (#3281, @oliviassss)
• update protobuf to the latest version (#3274, @oliviassss)
• fix the bug that evenhanlder ignores the update per sync-period (#3280, @oliviassss)

v2.5.3

v2.5.3 (requires Kubernetes 1.22+)

Documentation

Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.5.3
Thanks to all our contributors! 😊

Enhancement

• Update go dependencies and base image to address CVEs
• Drop the support for policy/v1beta1 of PodDisruptionBudget, since the k8s 1.22+ supports policy/v1
• Drop the support for cert-manager.io/v1alpha2, and explicitly set to cert-manager.io/v1

Fixes

• Update k8s.io/client-go to v0.26.5 to fix the promethus-adapter issue that causes the client-go to crash in k8s 1.27

Changelog since v2.5.2

• update to go 1.20.5 (#3253, @oliviassss)
• Update dependency and base image (#3239, @oliviassss)
• update aws partition in test script and add iam policy for iso regions (#3246, @oliviassss)
• Remove policy/v1beta1 since the min supported k8s version supports policy/v1 (#3230, @rdrgmnzs)
• chore: Added dependabot (#3228, @ellistarn)
• fix typo in test script (#3226, @oliviassss)
• Fix formatting (#3219, @hsusanoo)
• Explicitly setting CertManager APIVersion to V1 (#3189, @hawkesn)

v2.5.2

v2.5.2 (requires Kubernetes 1.22+)

Documentation

Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.5.2

Thanks to all our contributors! 😊

Enhancement

• Added support for the AWS Resource Group API which can be enabled via the feature flag EnableRGTAPI, disabled by default. This feature allows the tagging manager to utilize RGT APIs to filter matching Load Balancers and Target Group resources, and is helpful when there are numerous resources. RGT feature is not available for private clusters. If you intend to enable this feature, you need to do the following:
  • set --feature-gates=EnableRGTAPI=true in controller command line flag or helm value --set controllerConfig.featureGates.EnableRGTAPI=true during chart install/upgrade
  • add additional permission to the IAM policy used by the controller

  { 
   "Effect": "Allow", 
   "Action": [ 
       "tag:GetResources" 
   ], 
   "Resource": "*" 
  }
  

• Refactor backend SG provider, controller deletes backend SG when not required without waiting for all ingresses to be deleted.

Fixes

• Check both sdkLS and resLS sslpolicy for nil when updating extra certs for listeners

Changelog since v2.5.1

• update go.sum (#3206, @oliviassss)
• cut v2.5.2 release (#3205, @oliviassss)
• Fix typo in mkdocs.yml file (#3202, @Dragotic)
• check both sdkLS and resLS sslpolicy for nil (#3196, @oliviassss)
• Support AWS RGT APIs with feature flag (#3186, @oliviassss)
• cherry-pick: Support AWS RGT APIs with feature flag (#3186) (#3193, @oliviassss)
• refactor backend SG provider (#2836, @kishorj)
• add objectSelector to the new controller webhooks (#3165, @kishorj)
• chore(aws-load-balancer-controller): update all controllerConfig.featureGates samples default values (#3161, @kahirokunn)

v2.5.1

v2.5.1 (requires Kubernetes 1.22+)

Documentation

Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.5.1

Thanks to all our contributors! 😊

Action Required

• 🚨 🚨 🚨We've updated the controller manifests, so either use helm upgrade or apply the new manifest. The new controller image from the patch release is not compatible with manifests from v2.4.x or earlier releases
• 🚨 🚨 🚨We have made the LBC the default controller for service type LoadBalancer by adding a mutating webhook. You can disable the feature by setting the helm chart value enableServiceMutatorWebhook to false. You will no longer be able to provision new Classic Load Balancer (CLB) from your kubernetes service unless you disable this feature.

Please refer to the v2.5.0 release notes for further details.

Bug fixes

• Fix ingress validator to handle ingress rules without http paths, issue #3158

Changelog since v2.5.0

• cut v2.5.1 release (#3160, @kishorj)
• chore(aws-load-balancer-controller): add all controllerConfig.featureGates samples (#3156, @kahirokunn)
• Fix validator for ingress rules without http paths (#3159, @kishorj)
• update doc for 2.5 (#3154, @oliviassss)

v2.5.0

v2.5.0 (requires Kubernetes 1.22+)

Documentation

Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.5.0

Thanks to all our contributors! 😊

Action Required

🚨 🚨 🚨 The v2.5.0 ingress validator is not able to handle ingress rules without HTTP path due to bug #3158. If your ingress rules don't have the http paths defined, do not upgrade to v2.5.0 release.

• 🚨 🚨 🚨We've updated the controller manifests, so either use helm upgrade or apply the new manifest. The new controller image is not compatible with manifests from earlier releases, so we don't recommend editing existing deployment and updating the image tag.
• 🚨 🚨 🚨We have made the LBC the default controller for service type LoadBalancer by adding a mutating webhook. Therefore, from v2.5.0, it is required to use k8s 1.22 or later to support the spec.loadBalancerClass. This controller creates an internal NLB by default. You need to specify the annotation service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing on your service if you want to create an internet-facing NLB for your service.
• We have added subnets, InboundCIDRs and SSLPolicy fields in IngressClassParams. If you are upgrading the chart via helm upgrade, you need to update the IngressClassParams CRD manually by running kubectl apply -k "http://github.com/aws/eks-charts/stable/aws-load-balancer-controller//crds?ref=master"

Whats new

• The AWS LBC provides a mutating webhook for service resources to set the spec.loadBalancerClass field for service of type LoadBalancer on create. This makes the AWS LBC the default controller for service of type LoadBalancer. You can disable this feature and revert to set CCM as the default by setting the helm chart value enableServiceMutatorWebhook to false. You will no longer be able to provision new Classic Load Balancer (CLB) from your kubernetes service unless you disable this feature. Existing CLB will continue to work fine.
• You can set the default target type for the load balancer target groups. For helm chart, you can specify the defaultTargetType value during chart install/upgrade.
• Fields subnets, InboundCIDRs and SSLPolicy in IngressClassParams

Enhancements

• Update controller runtime
• Add a validation step on service annotation service.beta.kubernetes.io/aws-load-balancer-ssl-ports
• Handle the validation error on ingress annotation alb.ingress.kubernetes.io/conditions.${conditions-name}
• Enable EndpointsFailOpen by default
• Allow multiple TLS certificate for the same host for ALB during certificate discovery
• Migrate to ConfigMap leases for the leader election
• Documentation enhancement

Changelog since v2.4.7

• rename configuration value to enableServiceMutatorWebhook (#3142, @jerryhe1999)
• Add docker-push-w-buildx make target (#3135, @ivyostosh)
• Add the service mutator webhook manifest to make the controller default for service of type LoadBalancer (#3139, @jerryhe1999)
• Subnet discovery documentation edits (#3128, @jimdial-aws)
• NLB documentation edits (#3129, @jimdial-aws)
• documentation enhacement (#3136, @oliviassss)
• fix installation.md rendering (#3127, @oliviassss)
• update iam policy version to 2.4.7 (#3123, @oliviassss)
• update eksctl and default eks versions (#3120, @kishorj)
• Added alternate policies and other edits. (#3121, @jimdial-aws)
• add test coverage for endPointSlices (#3119, @oliviassss)
• Add webhook for claiming load balancers without LoadBalancerClass (#2925, @olemarkus)
• Update ko to v0.13.0 (#3115, @kishorj)
• Update module dependencies (#3114, @kishorj)
• Added ssl-ports validation in case unused ports are introduced in the aws-load-balancer-ssl-ports annotation (#3067, @ahrakos)
• update to discovery.k8s.io/v1 (#3072, @kishorj)
• docs: add a new page about security groups management (#2988, @prasadkatti)
• Add InboundCIDRs field to IngressClassParams (#3089, @johngmyers)
• Add SSLPolicy field to IngressClassParams (#3025, @johngmyers)
• enable EndpointsFailOpen by default (#3078, @kishorj)
• Update the default container base image (#3075, @kishorj)
• update recommended IAM policy template (#3068, @jdn5126)
• update to discovery.k8s.io/v1 (#3072, @kishorj)
• Validate Ingress condition annotations (#2735, @r-erema)
• Fix conciseLogger's incorrect call to variadic func (#3066, @johngmyers)
• Verify CRDs are up to date in merge check (#3022, @johngmyers)
• Refactor model builder test (#3024, @johngmyers)
• Remove constrains of multiple TLS on certificate auto-discovery (#3028, @jerryhe1999)
• fix: check default ingclass when ingclass is nill (#2963, @yasinlachiny)
• Add subnets field to IngressClassParams (#2945, @johngmyers)
• Verify generated files are up to date in merge check (#3007, @johngmyers)
• Update module dependencies (#2998, @johngmyers)
• Add johngmyers as reviewer (#2999, @johngmyers)
• helm: add "defaultTargetType" values setting (#2990, @johngmyers)
• Update module dependencies (#2994, @johngmyers)
• Fix typo in 'Subnet Discovery' (#2996, @KENNYSOFT)
• Build image with ko (#2955, @johngmyers)
• Start migration to leases for leader election (#2993, @johngmyers)
• Upgrade aws-sdk-go to v1.44.184 (#2992, @johngmyers)
• Replace inet.af/netaddr with net/netip (#2987, @jerryhe1999)
• Add —default-target-type flag (#2840, @johngmyers)
• Add GitHub Action for tagging releases and creating release branches (#2881, @johngmyers)

v2.4.7

v2.4.7 (requires Kubernetes 1.19+)

Documentation

Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.4.7

Thanks to all our contributors! 😊

Action Required

🚨 🚨 🚨 We've updated the reference IAM policies to explicitly add the AddTag permission for creating load balancer and listener resources. We recommend updating your controller IAM policies with the new permissions for existing installations as well.

Whats new

• This patch release updates the controller to use discovery.k8s.io/v1 version of EndpointSlice for compatibility with k8s 1.25 and later releases. Starting this patch release, the controller will be able to support EndpointSlice in k8s 1.21 and later clusters only.
• We have also updated the reference IAM policies to explicitly allow the AddTag permission for the ELBv2 CreateTargetGroup and CreateLoadBalancer. You will have to update the existing controller IAM permissions if you encounter the AccessDenied errors for the elbv2 APIs

Changelog since v2.4.6

• update IAM policy template (#3046, @kishorj, @jdn5126, @Apollorion)
• update to discovery.k8s.io/v1 (#3073, @kishorj)

v2.4.6

v2.4.6 (requires Kubernetes 1.19+)

Documentation

Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.4.6

Thanks to all our contributors! 😊

Whats new

1. This release introduces new annotation service.beta.kubernetes.io/aws-load-balancer-healthcheck-success-codes to configure the HTTP success codes for NLB target group health check for http/https healthcheck protocol
2. Controller doesn't delete existing NLB target group to reconfigure health check configuration with default configuration. You can revert to the earlier behavior by setting the feature gate NLBHealthCheckAdvancedConfiguration to false
3. Controller configures the NLB target group health check timeout based on the annotation service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout. You can disable this by setting the feature gate NLBHealthCheckAdvancedConfiguration to false

Changelog since v2.4.5

• add example of blue/green deployment (#2911, @geoffcline)
• Ability to reconfigure NLB target group health check (#2967, @kishorj)
• Replace "SSL" with "TLS" where possible in documentation (#2962, @johngmyers)
• docs: update contibutor docs (#2961, @prasadkatti)
• Update eksctl and eks default versions for e2e tests (#2960, @kishorj)
• Update index.md (#2959, @Kostavro)
• docs: fix gRPCServer example (#2954, @prasadkatti)
• update controller-gen to v0.11.1 (#2953, @kishorj)
• fix typos in doc about self managed lb (#2947, @Kostavro)
• docs: make external-dns optional in echoserver walkthrough (#2950, @prasadkatti)
• fix: typo in synthesizer test (#2941, @yasinlachiny)
• use multi-arch image for service e2e test (#2943, @kishorj)
• Update installation.md (nit) (#2937, @mtulio)
• move test images to ecr public (#2935, @kishorj)
• Use public ECR repository by default (#2907, @kishorj)
• fix: health check timeout for services/NLB (#2899, @project0)
• update external dns manifest and docs (#2895, @kishorj)
• update external dns manifest url (#2892, @kishorj)
• update go packages and dependencies (#2887, @kishorj)
• update filename from the set-version script (#2889, @kishorj)
• Stop restricting branches for unit test action (#2879, @johngmyers)
• Improve echo server example documentation (#2853, @kevin85421)
• Fix consistency of version references in documentation, etc. (#2880, @johngmyers)
• Documentation update to warn of Access Control bypass when conversion from IPv4 to IPv6 on NLBs (#2868, @wilief)
• Fix to use a code block in the guide of ingress annotations (#2877, @hadusam)
• Fix typo of a comment in pkg/networking/subnet_resolver.go (#2876, @hadusam)

v2.4.5

v2.4.5 (requires Kubernetes 1.19+)

Documentation

Image: docker.io/amazon/aws-alb-ingress-controller:v2.4.5

Thanks to all our contributors! 😊

Fixes

• Fix webhookNamespaceSelectors in HelmChart (#2816, @mikutas)

Changelog since v2.4.4

• Infer VPCID from controller's nodeName when running with cloud controller manager (#2824, @olemarkus )
• Query IMDS over IPv6 when controller pod don't have IPv4 addresses (#2453, @johngmyers)
• Upgrade controller-runtime to v0.9.7 (#2833, @jdn5126 )
• Upgrade Golang to v1.19.3 (#2871, @M00nF1sh )
• Maintain helm chart test.yaml file (#2872, @BobDu )
• Install correct ginkgo version and pass no color to script (#2839, @jdn5126 )
• Upgrade ginkgo version; address go fmt(#2835, @jdn5126 )
• Fix misspelling in documentation(#2871, @yiyu0x)
• Fix documentation about alpn-policy (#2831, @BouchaaraAdil)

ECR images

• 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 558608220178.dkr.ecr.me-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 590381155156.dkr.ecr.eu-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 602401143452.dkr.ecr.ap-northeast-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 602401143452.dkr.ecr.ap-northeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 602401143452.dkr.ecr.ap-northeast-3.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 602401143452.dkr.ecr.ap-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 602401143452.dkr.ecr.ap-southeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 602401143452.dkr.ecr.ca-central-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 602401143452.dkr.ecr.eu-central-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 602401143452.dkr.ecr.eu-north-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 602401143452.dkr.ecr.eu-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 602401143452.dkr.ecr.eu-west-3.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 602401143452.dkr.ecr.sa-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 602401143452.dkr.ecr.us-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 602401143452.dkr.ecr.us-east-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 602401143452.dkr.ecr.us-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 800184023465.dkr.ecr.ap-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 877085696533.dkr.ecr.af-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.5
• 918309763551.dkr.ecr.cn-north-1.amazonaws.com.cn/amazon/aws-load-balancer-controller:v2.4.5
• 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-load-balancer-controller:v2.4.5

v2.4.4

v2.4.3 (requires Kubernetes 1.19+)

Documentation

Image: docker.io/amazon/aws-alb-ingress-controller:v2.4.4

Thanks to all our contributors! 😊

What's new

1. A new Service annotation service.beta.kubernetes.io/aws-load-balancer-ipv6-addresses, which allows to customize the IPv6 addresses on NLB.
2. A new Helm chart flag ingressClassConfig.default, which allows to set the default provided alb IngressClass as default IngressClass in cluster.
3. A new Helm chart flag cluster.dnsDomain, which allows to set customized dnsDomain other than the default cluster.local
4. A new Helm chart flag controllerConfig.featureGates, which allows to set --feature-gates flag on controller Deployment.

Fixes

1. Fix error handling during LoadBalancer deletion.

Changelog since v2.4.3

• cut v2.4.4 release (#2815, @M00nF1sh)
• configure default client-side throttle for ELBv2 APIs (#2810, @kishorj)
• upgrade to golang 1.18.6 (#2808, @M00nF1sh)
• Fix typo (#2798, @yiyu0x)
• Fix webhook port value (#2795, @vi-credo)
• add support for configure static IPv6 addresses on NLB (#2790, @M00nF1sh)
• feat: add default ingressclass annotation ✨ (#2756, @meysam81)
• fix error handling of load balancer deletion (#2783, @bitoku)
• Sticky weighted routing (#2740, @hanyhesham)
• Update to golang 1.18 (#2774, @kishorj)
• add guide on using a self managed (or existing) load balancer (#2765, @geoffcline)
• Allow configuring the actual cluster DNS domain for the TLS certificate (#2770, @stephan2012)
• Allow configuring the controller feature gates in helm chart (#2776, @khizunov)
• refine docs about NLB (#2780, @M00nF1sh)
• Fix documentation typo s/Amzon/Amazon/ (#2773, @jalessio)

ECR images

• 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 558608220178.dkr.ecr.me-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 590381155156.dkr.ecr.eu-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 602401143452.dkr.ecr.ap-northeast-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 602401143452.dkr.ecr.ap-northeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 602401143452.dkr.ecr.ap-northeast-3.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 602401143452.dkr.ecr.ap-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 602401143452.dkr.ecr.ap-southeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 602401143452.dkr.ecr.ca-central-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 602401143452.dkr.ecr.eu-central-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 602401143452.dkr.ecr.eu-north-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 602401143452.dkr.ecr.eu-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 602401143452.dkr.ecr.eu-west-3.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 602401143452.dkr.ecr.sa-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 602401143452.dkr.ecr.us-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 602401143452.dkr.ecr.us-east-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 602401143452.dkr.ecr.us-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 800184023465.dkr.ecr.ap-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 877085696533.dkr.ecr.af-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.4
• 918309763551.dkr.ecr.cn-north-1.amazonaws.com.cn/amazon/aws-load-balancer-controller:v2.4.4
• 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-load-balancer-controller:v2.4.4

v2.4.3

v2.4.3 (requires Kubernetes 1.19+)

Documentation

Image: docker.io/amazon/aws-alb-ingress-controller:v2.4.3

Thanks to all our contributors! 😊

What's new

1. This release introduces a new feature gate SubnetsClusterTagCheck, if set to false the controller ignores the cluster tag kubernetes.io/cluster/${cluster-name} during subnet auto-discovery. This featureGate is set to true by default, you can disable via the controller flag --feature-gates=SubnetsClusterTagCheck=false.
2. A new feature gate EnableIPTargetType, if set to false, disables IP target support.
3. Allow negative and duplicate group.orders for ingress group
4. Update the base container image
5. Helm chart changes

Fixes

1. Set correct precedence for ingress rules in case of multiple matches
2. enhance handling for InvalidIngressClass case
3. fix failures during upgrade when using the default provided IngressClass and IngressClassParam
4. CVE-2022-28948

Changelog since v2.4.2

• enhance handling for InvalidIngressClass case (#2750, @M00nF1sh)
• add docs for NLB TLS termination (#2680, @geoffcline)
• revise install guide (#2704, @geoffcline)
• bump chart version to 1.4.3 (#2746, @M00nF1sh)
• add HELM support for aws-api-throttle (#2745, @M00nF1sh)
• use a dedicated config to disable default pod affinity (#2743, @kishorj)
• fix failures during upgrade when using the default provided IngressClass and IngressClassParam [#2732, @M00nF1sh]
• Helm: Add field for Webhook namespace selector (#2724, @Volatus)
• Update go pkg dependencies (#2742, @kishorj)
• Enhance client side throttling information (#2739, @orsenthil)
• e2e test changes to support china regions (#2723, @cgchinmay)
• Update default cluster version for e2e tests (#2659, @kishorj)
• Do not set caBundle for webhooks if CertManager is used (#2649, @mikael-lindstrom)
• Fix Dockerfile go dependency caching (#2626, @hintofbasil)
• Add docs for example of gRPC health check success codes (#2700, @ugwis)
• docs: update versions in instructions to match official AWS docs (#2714, @Volatus)
• Fixed typo: Listner => Listener (#2712, @PrajwalBorkar)
• Add clusterName as debug info for troubleshooting (#2696, @guessi)
• Updated run-e2e-test script to remove eksctl iamserviceaccount creation (#2664, @cgchinmay)
• Fix for failing Ingress tests (#2658, @cgchinmay)
• Add support to disable cluster tag check during subnet auto-discovery (#2635, @oliviassss)
• Added EnableIPTargetType flag to controller (#2587, @thejasn)
• Allow negative and duplicate group.orders (#2634, @jtdoepke)
• Migrate to ginkgo v2 (#2639, @cgchinmay)
• Add imagePullSecrets option to ServiceAccount in helm chart (#2624, @BrianKopp)
• feat: add optional service monitor namespace (#2609, @shalom-cyera)
• helm: Add additionalLabels to all components (#2618, @jdheyburn)
• fix log level (#2598, @mikutas)
• helm: add deployment annotation (#2611, @krrrr38)
• Format clusterSecretsPermissions.allowAllSecrets (#2620, @orsenthil)
• [minor] - print the env variable name in the output (#2610, @orsenthil)
• Sort ingress rules by path length and pathType (#2409, @oliviassss)
• helm chart update ; adding support to set affinity in podSpec to the empty map (#2576, @stensonb)
• adding optional support for topologySpreadConstraints to helm chart (#2575, @stensonb)
• separate target for helm chart crds generation (#2577, @kishorj)
• [Doc] Update migrate_v1_v2 document (#2573, @yws-ss)
• Auto generate CRDs for the Helm chart (#2517, @kishorj)
• fix default value in the service annotation doc (#2569, @kishorj)
• Misc minor fixes to docs (#2568, @prasadkatti)
• fix formatting (#2567, @prasadkatti)
• minor fix (#2566, @prasadkatti)
• docs cleanup in ingress spec (#2565, @prasadkatti)

ECR images

• 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 558608220178.dkr.ecr.me-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 590381155156.dkr.ecr.eu-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 602401143452.dkr.ecr.ap-northeast-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 602401143452.dkr.ecr.ap-northeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 602401143452.dkr.ecr.ap-northeast-3.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 602401143452.dkr.ecr.ap-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 602401143452.dkr.ecr.ap-southeast-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 602401143452.dkr.ecr.ca-central-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 602401143452.dkr.ecr.eu-central-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 602401143452.dkr.ecr.eu-north-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 602401143452.dkr.ecr.eu-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 602401143452.dkr.ecr.eu-west-3.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 602401143452.dkr.ecr.sa-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 602401143452.dkr.ecr.us-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 602401143452.dkr.ecr.us-east-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 602401143452.dkr.ecr.us-west-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 800184023465.dkr.ecr.ap-east-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 877085696533.dkr.ecr.af-south-1.amazonaws.com/amazon/aws-load-balancer-controller:v2.4.3
• 918309763551.dkr.ecr.cn-north-1.amazonaws.com.cn/amazon/aws-load-balancer-controller:v2.4.3
• 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-load-balancer-controller:v2.4.3