v2.0.0-rc2

Warning: This is not a production release, please don't use it in production !

1. The purpose of this release is to gather early feedbacks about the APIs and usage.
2. If you have find issues or feedbacks, please create an issue with [V2] in title.
3. It's backwards compatible with aws-alb-ingress-controller:v1.1.3+.

Documentation (detailed documentation about new features coming soon)

Image: docker.io/amazon/aws-alb-ingress-controller:v2.0.0-rc2

Install Instructions:

Install CertManager

we now have a pod webhook to automatically inject pod readinessGates, we'll offer a option to install without CertManager in our helm charts

• For Kubernetes 1.16+: kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.2/cert-manager.yaml
• For Kubernetes <1.16: kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.2/cert-manager-legacy.yaml

Install the Controller

1. change your-cluster-name to be real clusterName in https://github.com/kubernetes-sigs/aws-alb-ingress-controller/blob/v2.0.0/config/samples/install_v2_0_0_rc2.yaml#L485
2. apply the yaml

Changelog since v2.0.0-rc1

1. added auto ACM certificate discovery for Ingress hosts.(#1458)
2. added mutating/validating webhook for TargetGroupBinding CRD(#1450)
3. Fix two bug during securityGroup reconcile(#1459)
   • IPv6 CIDR is incorrectly handled in model deployer.
   • added retry without cache if securityGroup cache is out-dated.
4. make container run as non-root and redact OIDC info in logs(#1451)
5. we now offer a more restricted IAM permission: https://github.com/kubernetes-sigs/aws-alb-ingress-controller/blob/v2_ga/docs/install/iam_policy.json

v2.0.0-rc1

Warning: This is not a production release, please don't use it in production !

1. The purpose of this release is to gather early feedbacks about the APIs and usage.
2. If you have find issues or feedbacks, please create an issue with [V2] in title.
3. It's backwards compatible with aws-alb-ingress-controller:v1.1.3+.

Documentation (detailed documentation about new features coming soon)

Image: docker.io/amazon/aws-alb-ingress-controller:v2.0.0-rc1

Install Instructions:

Install CertManager

we now have a pod webhook to automatically inject pod readinessGates, we'll offer a option to install without CertManager in our helm charts

• For Kubernetes 1.16+: kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.2/cert-manager.yaml
• For Kubernetes <1.16: kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.2/cert-manager-legacy.yaml

Install the Controller

1. change your-cluster-name to be real clusterName in https://github.com/kubernetes-sigs/aws-alb-ingress-controller/blob/v2.0.0/config/samples/install_v2_0_0_rc1.yaml#L452
2. apply the yaml

Changelog since v2.0.0-rc0

1. Fixed several bugs around SecurityGroup handling.
2. Added support for WAFRegional/WAFV2/Shield
3. Added a webhook to automatically inject Pod readinessGate

v2.0.0-rc0

Warning: This is not a production release, please don't use it in production !

1. The purpose of this release is to gather early feedbacks about the APIs and usage.
2. If you have find issues or feedbacks, please create an issue with [V2] in title.
3. It's backwards compatible with aws-alb-ingress-controller:v1.1.3+.

Documentation (detailed documentation about new features coming soon)

Image: docker.io/amazon/aws-alb-ingress-controller:v2.0.0-rc0

Install Instructions:

1. change your-cluster-name to be real clusterName in https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v2.0.0/config/samples/install_v2_0_0_rc0.yaml
2. apply the yaml

Features:

1. all existing annotations(in v1) except below are supported(coming soon):
   • alb.ingress.kubernetes.io/waf-acl-id
   • alb.ingress.kubernetes.io/wafv2-acl-arn
   • alb.ingress.kubernetes.io/shield-advanced-protection
2. ingress groups feature described in #914
   • alb.ingress.kubernetes.io/group.name
   • alb.ingress.kubernetes.io/group.order
3. A new controller for Kubernetes Service which will provision NLBs in IP targeting mode.
   • create a normal NodePort Service. (we'll support you use a LoadBalancer type soon)
   • add annotation to your service service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
   • all other NLB related annotations in current kubernetes NLB support
4. A new alpha CRD called TargetGroupBinding to allow you register/deregister targets from TargetGroups.
   • crd schema(subject to change) can be viewed in https://github.com/kubernetes-sigs/aws-alb-ingress-controller/blob/v2_ga/apis/elbv2/v1alpha1/targetgroupbinding_types.go
   • sample use cases:
     • manage your ALB/TargetGroups via cloudFormation/terraform/aws-cdk, which only use this controller to register/deregister targets for it.

v1.1.9

Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.8

Note

• This version is the first multi-arch image, supported platforms:
  • linux/amd64
  • linux/arm64
• This version have no code change compare with v1.1.8. (only change is recompiled with golang v1.15)

Changelog since v1.1.8

Action Required:

N/A

Other notable changes

• Update annotation.md - Incorrect indentation(#1336, @ls-brentsmith)
• Adds note about using named ports to Pod Conditions guide(#1299, @jmriebold)
• Add reminder to stickiness annotation to check target group type(#1315, @ipnextgen)
• refactor makefile & dockerfile to enable multi-arch image(#1363, @M00nF1sh)

v1.1.8

Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.8

Changelog since v1.1.7

Action Required:

N/A

Other notable changes

• fix for pod condition type too long (#1253, @sandeepbhojwani)
• bug fix for #1274 (#1286, @M00nF1sh)
• Check for sufficient available free IP space before marking a subnet as useable (#1235, @cbajumpaa)
• Updates the image version of examples/external-dns.yaml (#1257, @literalice)
• Add pod conditions to live docs (#1270, @clayvan)
• Use external-dns image from docker hub & bitnami. (#1267, @asherf)
• Update cognito setup.md: typo (#1246, @davidlj95)
• Update annotation.md (#1281, @bgsilvait)

v1.1.7

Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.7

Changelog since v1.1.6

Action Required:

• This version of controller needs new IAM permissions
  Note:
  • New IAM permission is required even no wafv2 annotation is used
  • WAFV2 support can be disabled by controller flags--feature-gates=wafv2=false

New Features

• WAFv2 support (#1211, @Vlaaaaaaad)

Other notable changes

• React on pod events for readiness gates (#1214, @bpineau)
• redact OIDC (#1228, @M00nF1sh)
• Strip trailing newlines from OIDC clientId (#1216, @kishorj)
• don't crash on large objets served by recent k8s-api-server (#1213, @bpineau)
• Add the Delete Invalid Headers section to the doc (#1207, @netflash)
• Make options consistent (#1206, @tonglil)

v1.1.6

Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.6

Changelog since v1.1.5

Action Required:

• This version of controller needs new IAM permissions (Note: only needed when shield related annotation is used)

New Features

• Pod readiness gates (#955, @devkid) Documentation
• Add ALB attribute to configure dropping invalid headers (#1136, @jnevelson)
• Add support for enabling AWS Shield Advanced protection (#1126, @hhamalai)

Other notable changes

• rely on node condition instead of EC2 and add cordon node support (#1172, @M00nF1sh)
• Optimize endpoint reconcile (#1179, @OmerKahani)
• Detect unconditional redirects and ignore any rules defined afterwards (#1162, @tomfotherby)
• Add back aws api cache (#1154, @jescarri)
• Multiple bug fixes and doc enhancements (#1200, @M00nF1sh)
• support to use regional STS when using iam-for-service-accounts (#1198, @M00nF1sh)
• Docs: Duplicate port warning. (#1122, @nitrag)
• Typo in the "alb-ingress-controller.yaml" if env variables are to be used (#1176, @FlorianOtel)
• Fix doc spelling typo (#1148, @slobo)
• Updated the ingress name. (#1190, @tde908)

v1.1.5

Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.5

Changelog since v1.1.4

New Features

32587b3 advanced_routing/weighted_routing support

• see forward-multiple-tg example for weighted_routing
• see examples for advanced routing conditions

Other notable changes

25b9705 Rewrite GetClusterSubnets() using EC2 specific API (This enables the controller to run in pure-private VPC with privateLink. Note: this is not complete, there is still a dependency on RGT, so clean up in PurePrivate VPC don't work)
b58bba7 ignore fargate nodes for instance type (This allows instance target-type when both EC2 node and fargate node presents)
3226ff2 adding cache around wafAPI usage (This fix WAF throttling issues when there are frequently pod/node changes)
acdc3b2 docs(echoserver.md): fix typos
27884d4 docs: update example for ExternalDNS

v1.1.4

Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.4

Note: This version supports EKS on Fargate with mode IP(alb.ingress.kubernetes.io/target-type: ip)
To run aws-alb-ingress-controller itself as an Fargate based pod:

1. The --aws-vpc-id and --aws-region have to be specified in controller YAML.
2. IAM for pods should be used to grant permission for the controller, Alternatively,AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY can be specified in controller YAML(not recommended for production)

Changelog since v1.1.3

New Features

9563e61 Allow load balancing algorithm to be specified
4d1f94c enhance ip mode for non-ec2 nodes

Others

9563e61 Allow load balancing algorithm to be specified
3d77b64 Merge pull request #1067 from tghaas/tghaas-doc-fix
5ce8ded Merge pull request #1079 from azweb76/patch-1
8b2d59c fix ingress example
e30318f fixup docs for load-balancer-attributes
97914ae docs: clarify security group name comes from tag

v1.1.3

Documentation
Image: docker.io/amazon/aws-alb-ingress-controller:v1.1.3

NOTE: This version is forward-compatible with V2 branch(versions above v1.2.0-alpha.1) and backward-compatible with older versions(versions below v1.1.3). The master branch will continue to be maintained and developed until V2 branch matures.

Changelog since v1.1.2

Action Required

1. The SecurityGroup management for worker node have changed, please ensure there are only a single SecurityGroup on worker node ENIs or multiple SecurityGroups but only one of them are tagged with kubernetes.io/cluster/<cluster-name> (This should be default settings on various AWS based k8s installation and is same requirement by Kubernetes AWS cloudProvider). Migration will happen automatically if above requirement meets Details

New Features

1. IPV6 CIDR are supported in alb.ingress.kubernetes.io/inbound-cidrs annotation
2. Ability to specify AuthenticationRequestExtraParams
3. Ability to do concurrent reconciliation
4. Forward compatible with version above v1.2.0.alpha.1

Other notable changes

1. Performance improvement for discover ACM certs

ff7724e upgrade aws-sdk to use iam-for-pods
32a6572 adding cache for cert discovery
d90c340 Update the Travis go version
55f9a02 tag aws resources with v2 style tags to enable migration to v2
f74c746 refactor security group handling to reuse worker node security group instead of creating new one
da9fad5 Switch to use new test framework
a7d83be Switch to use multi stage build for container Remove binary build in ci_e2e_test.sh
443f07d Seperate ipv6 permissions from ipv4
a37776d Added ipv6 suppport to SG
3d8cebe Address PR comments for ipv6 cidr
84daa82 Added support for IPv6 CIDRs in security groups
88f890e add flag to enable concurrent reconciliation.
24cfadd update(docs): fixed markdown code syntax
2cd600c update(docs): added additional instructions
299bb1a update(docs): added additional instructions
ffe4647 update(docs): added additional instructions
31a3bd2 update-docs(create-record-set)
1c72b93 AuthenticationRequestExtraParams authentication action
166df43 Add documentation about configuring WAF
05e6e06 make links relative
36d7920 fix broken link for cognito-ingress-template
4ca5606 add permission to use cognito
2402597 Fix panic when deleting an ALB with no default SG in the VPC
dacad85 enhance certificate auto-discover functionality 1. domains in SAN section of certificate will be matched too 2. If multiple certificate were found for a host, an error will be issued. 3. If none certificate were found for a host, an error will be issued.
28834c2 Add support for shared subnets
e7656b6 fix unit test
491164b Add idle_timeout.timeout_seconds annotation docs
58f6733 Fix extra hyphen in ingress-controller example
8065bb8 Scopes must be space-separated list
51dda47 Update ingress docs for authentication
6038b2d fixed formatting issues and added page to mkdocs.yml
0a74112 Added configuration page for ALB Ingress Controller with Cognito Auth