aws-load-balancer-controller: v2.17.0 (#1285)

wweiwei-li · web-flow · commit b9f90671dca7 · 2025-12-19T13:10:13.000-08:00
diff --git a/stable/aws-load-balancer-controller/Chart.yaml b/stable/aws-load-balancer-controller/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
 name: aws-load-balancer-controller
 description: AWS Load Balancer Controller Helm chart for Kubernetes
-version: 1.16.0
-appVersion: v2.16.0
+version: 1.17.0
+appVersion: v2.17.0
 home: https://github.com/aws/eks-charts
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 sources:
diff --git a/stable/aws-load-balancer-controller/README.md b/stable/aws-load-balancer-controller/README.md
@@ -265,6 +265,7 @@ The default values set by the application itself can be confirmed [here](https:/
 | `enableManageBackendSecurityGroupRules`        | If enabled, controller will manage security group rules                                                                                                                                                               | `false`                                           |
 | `backendSecurityGroup`                         | Backend security group to use instead of auto created one if the feature is enabled                                                                                                                                                                                                                                                          | ``                                                |
 | `disableRestrictedSecurityGroupRules`          | If disabled, controller will not specify port range restriction in the backend security group rules                                                                                                                                                                                                                                          | `false`                                           |
+| `maxTargetsPerTargetGroup`                   | Specifies the maximum number of targets that the controller will attempt to add to a given ELB instance. If unset, no limits are applied. | `0` |
 | `objectSelector.matchExpressions`              | Webhook configuration to select specific pods by specifying the expression to be matched                                                                                                                                                                                                                                                     | None                                              |
 | `objectSelector.matchLabels`                   | Webhook configuration to select specific pods by specifying the key value label pair to be matched                                                                                                                                                                                                                                           | None                                              |
 | `serviceMonitor.enabled`                       | Specifies whether a service monitor should be created, requires the ServiceMonitor CRD to be installed                                                                                                                                                                                                                                       | `false`                                           |
diff --git a/stable/aws-load-balancer-controller/crds/aga-crds.yaml b/stable/aws-load-balancer-controller/crds/aga-crds.yaml
@@ -17,7 +17,7 @@ spec:
   - additionalPrinterColumns:
     - description: The Global Accelerator name
       jsonPath: .spec.name
-      name: NAME
+      name: ACCELERATOR-NAME
       type: string
     - description: The Global Accelerator DNS name
       jsonPath: .status.dnsName
@@ -264,6 +264,9 @@ spec:
                         - fromPort
                         - toPort
                         type: object
+                        x-kubernetes-validations:
+                        - message: FromPort must be less than or equal to ToPort
+                          rule: self.fromPort <= self.toPort
                       maxItems: 10
                       minItems: 1
                       type: array
diff --git a/stable/aws-load-balancer-controller/crds/crds.yaml b/stable/aws-load-balancer-controller/crds/crds.yaml
diff --git a/stable/aws-load-balancer-controller/crds/gateway-crds.yaml b/stable/aws-load-balancer-controller/crds/gateway-crds.yaml
@@ -561,13 +561,18 @@ spec:
                     protocolPort:
                       description: protocolPort is identifier for the listener on
                         load balancer. It should be of the form PROTOCOL:PORT
-                      pattern: ^(HTTP|HTTPS|TLS|TCP|UDP)?:(6553[0-5]|655[0-2]\d|65[0-4]\d{2}|6[0-4]\d{3}|[1-5]\d{4}|[1-9]\d{0,3})?$
+                      pattern: ^(HTTP|HTTPS|TLS|TCP|UDP|TCP_UDP)?:(6553[0-5]|655[0-2]\d|65[0-4]\d{2}|6[0-4]\d{3}|[1-5]\d{4}|[1-9]\d{0,3})?$
                       type: string
                     sslPolicy:
                       description: sslPolicy is the security policy that defines which
                         protocols and ciphers are supported for secure listeners [HTTPS
                         or TLS listener].
                       type: string
+                    targetGroupStickiness:
+                      description: targetGroupStickiness [Network LoadBalancer] enables
+                        sticky routing for requests when using a listener configured
+                        with weighted target groups.
+                      type: boolean
                   required:
                   - protocolPort
                   type: object
diff --git a/stable/aws-load-balancer-controller/crds/kustomization.yaml b/stable/aws-load-balancer-controller/crds/kustomization.yaml
@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - crds.yaml
+- aga-crds.yaml
diff --git a/stable/aws-load-balancer-controller/templates/deployment.yaml b/stable/aws-load-balancer-controller/templates/deployment.yaml
@@ -112,6 +112,12 @@ spec:
         {{- if .Values.targetgroupbindingMaxExponentialBackoffDelay }}
         - --targetgroupbinding-max-exponential-backoff-delay={{ .Values.targetgroupbindingMaxExponentialBackoffDelay }}
         {{- end }}
+        {{- if .Values.globalAcceleratorMaxConcurrentReconciles }}
+        - --globalaccelerator-max-concurrent-reconciles={{ .Values.globalAcceleratorMaxConcurrentReconciles }}
+        {{- end }}
+        {{- if .Values.globalAcceleratorMaxExponentialBackoffDelay }}
+        - --globalaccelerator-max-exponential-backoff-delay={{ .Values.globalAcceleratorMaxExponentialBackoffDelay }}
+        {{- end }}
         {{- if .Values.lbStabilizationMonitorInterval }}
         - --lb-stabilization-monitor-interval={{ .Values.lbStabilizationMonitorInterval }}
         {{- end }}
@@ -181,6 +187,9 @@ spec:
         {{- if .Values.vpcTags }}
         - --aws-vpc-tags={{ include "aws-load-balancer-controller.convertMapToCsv" .Values.vpcTags | trimSuffix "," }}
         {{- end }}
+        {{- if .Values.maxTargetsPerTargetGroup }}
+        - --max-targets-per-target-group={{ .Values.maxTargetsPerTargetGroup }}
+        {{- end }}
         {{- if or .Values.env .Values.envSecretName }}
         env:
         {{- if .Values.env}}
diff --git a/stable/aws-load-balancer-controller/templates/webhook.yaml b/stable/aws-load-balancer-controller/templates/webhook.yaml
@@ -80,10 +80,10 @@ webhooks:
     {{ end }}
   objectSelector:
     matchExpressions:
-      - key: app.kubernetes.io/name
-        operator: NotIn
-        values:
-          - {{ include "aws-load-balancer-controller.name" . }}
+    - key: app.kubernetes.io/name
+      operator: NotIn
+      values:
+        - {{ include "aws-load-balancer-controller.name" . }}
     {{- if .Values.objectSelector.matchExpressions }}
     {{- toYaml .Values.objectSelector.matchExpressions | nindent 4 }}
     {{- end }}
@@ -326,6 +326,36 @@ webhooks:
     - ingresses
   sideEffects: None
 {{- end }}
+{{- if .Values.controllerConfig.featureGates.GlobalAcceleratorController }}
+- clientConfig:
+    {{- if not $.Values.enableCertManager }}
+    caBundle: {{ $tls.caCert }}
+    {{- end }}
+    service:
+      name: {{ template "aws-load-balancer-controller.webhookService" . }}
+      namespace: {{ $.Release.Namespace }}
+      path: /validate-aga-k8s-aws-v1beta1-globalaccelerator
+      port: 443
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: vglobalaccelerator.aga.k8s.aws
+  admissionReviewVersions:
+  - v1beta1
+  namespaceSelector: {}
+  objectSelector: {}
+  rules:
+  - apiGroups:
+    - aga.k8s.aws
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - globalaccelerators
+  sideEffects: None
+  timeoutSeconds: 10
+{{- end }}
 ---
 {{- if not $.Values.enableCertManager }}
 apiVersion: v1
diff --git a/stable/aws-load-balancer-controller/test.yaml b/stable/aws-load-balancer-controller/test.yaml
@@ -6,7 +6,7 @@ replicaCount: 2
 
 image:
   repository: public.ecr.aws/eks/aws-load-balancer-controller
-  tag: v2.16.0
+  tag: v2.17.0
   pullPolicy: IfNotPresent
 
 imagePullSecrets: []
@@ -292,6 +292,9 @@ backendSecurityGroup:
 # disableRestrictedSecurityGroupRules specifies whether to disable creating port-range restricted security group rules for traffic
 disableRestrictedSecurityGroupRules:
 
+# maxTargetsPerTargetGroup specifies the maximum number of targets that the controller will attempt to add to a given ELB instance
+maxTargetsPerTargetGroup:
+
 # controllerConfig specifies controller configuration
 controllerConfig:
   # featureGates set of key: value pairs that describe AWS load balance controller features
@@ -356,4 +359,4 @@ serviceMutatorWebhookConfig:
 
 podMutatorWebhookConfig:
   # whether or not to fail the pod creation if the webhook fails
-  failurePolicy: Ignore
+  failurePolicy: Ignore
diff --git a/stable/aws-load-balancer-controller/values.yaml b/stable/aws-load-balancer-controller/values.yaml
@@ -8,7 +8,7 @@ revisionHistoryLimit: 10
 
 image:
   repository: public.ecr.aws/eks/aws-load-balancer-controller
-  tag: v2.16.0
+  tag: v2.17.0
   pullPolicy: IfNotPresent
 
 runtimeClassName: ""
@@ -253,6 +253,12 @@ targetgroupbindingMaxConcurrentReconciles:
 # Maximum duration of exponential backoff for targetGroupBinding reconcile failures
 targetgroupbindingMaxExponentialBackoffDelay:
 
+# Maximum number of concurrently running reconcile loops for GlobalAccelerator objects
+globalAcceleratorMaxConcurrentReconciles:
+
+# Maximum duration of exponential backoff for GlobalAccelerator reconcile failures
+globalAcceleratorMaxExponentialBackoffDelay:
+
 # Interval at which the controller monitors the state of load balancer after creation for stabilization
 lbStabilizationMonitorInterval:
 
@@ -371,6 +377,9 @@ backendSecurityGroup:
 # disableRestrictedSecurityGroupRules specifies whether to disable creating port-range restricted security group rules for traffic
 disableRestrictedSecurityGroupRules:
 
+# maxTargetsPerTargetGroup specifies the maximum number of targets that the controller will attempt to add to a given ELB instance
+maxTargetsPerTargetGroup:
+
 # controllerConfig specifies controller configuration
 controllerConfig:
   # featureGates set of key: value pairs that describe AWS load balance controller features
@@ -385,7 +394,7 @@ controllerConfig:
   # NLBHealthCheckAdvancedConfig: true
   # ALBSingleSubnet: false
   # LBCapacityReservation: true
-  # AGAController: false
+  # GlobalAcceleratorController: false
   # EnhancedDefaultBehavior: false
   # EnableDefaultTagsLowPriority: false
   # ALBTargetControlAgent: false
