Skip to content

chore(deps): update dependency kubernetes-sigs/aws-alb-ingress-controller to v2.14.0 #1000

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 16, 2025
Merged

chore(deps): update dependency kubernetes-sigs/aws-alb-ingress-controller to v2.14.0 #1000

merged 1 commit into from
Oct 16, 2025

Conversation

@renovate
Copy link

@renovate renovate bot commented Oct 15, 2025

This PR contains the following updates:

Package Update Change
kubernetes-sigs/aws-alb-ingress-controller minor v2.13.4 -> v2.14.0

Release Notes

kubernetes-sigs/aws-alb-ingress-controller (kubernetes-sigs/aws-alb-ingress-controller)

v2.14.0

Compare Source

Beta Release: Gateway API Layer 7 (L7) Routing for AWS Load Balancer Controller

We are excited to announce the Beta release of Layer 7 (L7) routing support for the Kubernetes Gateway API within the AWS Load Balancer Controller (LBC)!🥳🥳🥳 This highly anticipated feature allows you to provision and manage AWS Application Load Balancers (ALBs) for HTTP, HTTPS, and GRPC traffic directly from your Kubernetes clusters using the extensible Gateway API. Please refer to L7 Gateway API Documentation to learn more.

This beta release focuses on Gateway API features with comprehensive status reporting, advanced authentication, and stability improvements. While we encourage you to test these features extensively in your development environments, please be aware that this is a Beta release and is not yet production-ready. We are actively gathering feedback to finalize stability for official production use. This Beta status applies only to the new Gateway API features. All existing controller functionality for standard Ingress, Service and TargetGroupBinding resources remains stable and is safe for production workflows. Please restrict use of the new Gateway API features to testing and development environments.

📚 Quick Links

v2.14.0 (requires Kubernetes 1.22+)

Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.14.0
Documentation
Thanks to all our contributors!💜💜💜

⚠️ Action Required

EndpointSlices Now Default
CRD Updates
  • Change: We’ve added new fields to both the IngressClassParams and TargetGroupBinding.
  • Action : Please apply the latest CRD definitions: kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller/crds?ref=master"

🚀 What's New in Ingress, Services and TargetGroupBinding

Enhanced Defaulting Flag
  • New: EnhancedDefaultBehavior flag for better annotation lifecycle management
  • Impact: Enable this feature to allow the controller to remove ALPN and mTLS settings by removing the corresponding annotation
CRD Naming Fix
  • Fixed: IngressClassParams singular name: ingressclassparamsingressclassparam
  • Impact: No action required. Both name will be supported, existing customers are not impacted. New customers please use correct name. Resolves SingularConflict errors
Configuration Improvements
  • IngressClassParams Enhancements:
    • Load balancer name specification
    • SSL redirect port configuration
    • WAFv2 ARN/name support
    • PrefixListsIDs backward compatibility
  • Target Group Names: Use names instead of ARNs in forward actions
  • Granular NLB SG: Disable NLB Security Groups at the individual Service, instead of at the controller level.
  • Frontend NLB Tags: Dedicated tagging for frontend NLBs

🚀 What's New in Gateway API

Status Update & Observability
  • Gateway Listener Status: Complete status reporting with all condition types (Conflicted, Accepted, ResolvedRefs, Programmed)
  • Route Status Management: Fixed infinite reconcile loops, proper lifecycle management
  • E2E Status Tests: Comprehensive validation for UDP, TCP, HTTP, gRPC route statuses
  • Target Group Metrics: New aws_target_group_info metric for CloudWatch integration
Advanced Authentication
  • OIDC Support: Complete OpenID Connect integration via ListenerRuleConfiguration
  • Cognito Integration: Complete AWS Cognito integration via ListenerRuleConfiguration
Enhanced Routing
  • gRPC Partially Supported: Complete gRPC routing with header/method matching, E2E tests
  • Source IP Conditions: Advanced source IP matching in rules
  • Multiple Header Values: Support comma-separated header values
  • Hostname Uniqueness: Enforced between gRPC and HTTP routes
Traffic Management
  • Target Group Stickiness: Session affinity support
  • Fixed Response Actions: Custom status codes and response bodies
  • Port-Specific Attributes: Different target group attributes per service port
  • Weighted Target Group Fixes: Improved comparison logic
Infrastructure
  • Gateway API Addons: WAFv2 and Shield support for Gateway API
  • IPv6 Support: Complete IPv6 testing and validation
  • Elastic IP Support: Frontend NLB Elastic IP allocation

🔧 Enhancements and Fixes

Performance & Reliability
  • Go 1.24.6: Security fixes and performance improvements
  • DNS Timeout: Configurable DNS propagation timeout
  • TGB Checkpoints: Fixed check-pointing after accidental service port deletion.
  • Error Metrics: Fixed metric pollution from expected errors
Bug Fixes
  • Weighted Target Groups: Fixed unnecessary rule modifications causing 4XX errors when using Weighted Target Groups.
  • TCP_UDP Security Groups: Proper ingress rule generation for TCP_UDP listeners
  • Backend SG Tags: Automatically sync Security Groups tags on backend Security Groups.
Documentation & Testing
  • Resource Cleanup Guide: Proper deletion order documentation
  • Scaling Documentation: Guidelines for large cluster deployments
  • Comprehensive E2E Tests: gRPC, IPv6, status validation, authentication
  • Error Message Improvements: Clearer guidance for common issues

🌟 Complete Change Log

🥳 New Contributors

Full Changelog: kubernetes-sigs/aws-load-balancer-controller@v2.13.4...v2.14.0

🎯 Provide Your Feedback!

As this is a beta release, your feedback is invaluable! We encourage you to:

Your active participation will help us refine this feature for its General Availability release.

Configuration

📅 Schedule: Branch creation - On day 1 and 15 of the month ( * * 1,15 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from commjoen as a code owner October 15, 2025 07:41
@renovate renovate bot added dependencies Pull requests that update a dependency file renovate labels Oct 15, 2025
@renovate renovate bot requested a review from bendehaan as a code owner October 15, 2025 07:41
@renovate renovate bot force-pushed the renovate/kubernetes-sigs-aws-alb-ingress-controller-2.x branch from 4f645a7 to b089381 Compare October 15, 2025 07:43
@github-actions
Copy link

github-actions bot commented Oct 15, 2025
edited
Loading

🚀 Preview Deployment Ready!

Your pull request has been built and is ready for preview deployment.
Here's how to test your changes:

Container Images Built

  • Balancer: ghcr.io/OWASP/wrongsecrets-balancer:pr-1000
  • Cleaner: ghcr.io/OWASP/cleaner:pr-1000

Quick Deploy with Helm

# Add the wrongsecrets helm repository
helm repo add wrongsecrets https://owasp.org/wrongsecrets-ctf-party
helm repo update

# Deploy with preview images
helm install my-preview wrongsecrets/wrongsecrets-ctf-party \
  --set balancer.repository=ghcr.io/OWASP/wrongsecrets-balancer \
  --set balancer.tag=pr-1000 \
  --set wrongsecretsCleanup.repository=ghcr.io/OWASP/cleaner \
  --set wrongsecretsCleanup.tag=pr-1000 \
  --set imagePullPolicy=Always

# Port forward to access locally
kubectl port-forward service/wrongsecrets-balancer 3000:3000

Deploy with Custom Values

Click to see preview-values.yaml 
balancer:
  repository: ghcr.io/OWASP/wrongsecrets-balancer
  tag: pr-1000

wrongsecretsCleanup:
  repository: ghcr.io/OWASP/cleaner
  tag: pr-1000

# Preview configuration
ingress:
  enabled: true
  hosts:
    - host: >-
        preview-pr-1000.wrongsecrets.local
      paths:
        - "/"
# Save the above values to preview-values.yaml, then:
helm install my-preview wrongsecrets/wrongsecrets-ctf-party \
  -f preview-values.yaml

Deploy with Local Build Scripts

# Clone this PR
git fetch origin pull/1000/head:pr-1000
git checkout pr-1000

# Use the existing deployment script with custom images
./build-and-deploy.sh

Test the Changes

  1. Access the application at http://localhost:3000
  2. Create a team and verify functionality
  3. Test any new features or bug fixes

Container Registry

The preview images are available at:

This preview was automatically generated for PR #1000

@commjoen commjoen merged commit fb44eca into main Oct 16, 2025
14 checks passed
@commjoen commjoen deleted the renovate/kubernetes-sigs-aws-alb-ingress-controller-2.x branch October 16, 2025 03:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@commjoen commjoen Awaiting requested review from commjoen commjoen is a code owner

@bendehaan bendehaan Awaiting requested review from bendehaan bendehaan is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@commjoen