aws · M00nF1sh · Mar 12, 2025 · Mar 10, 2025 · MartinEmrich · Mar 11, 2025
@@ -1,8 +1,8 @@
 apiVersion: v2
 name: aws-load-balancer-controller
 description: AWS Load Balancer Controller Helm chart for Kubernetes
-version: 1.11.0
-appVersion: v2.11.0
+version: 1.12.0
+appVersion: v2.12.0
 home: https://github.com/aws/eks-charts
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 sources:

@@ -78,7 +78,7 @@ If migrating from ALB ingress controller, grant [additional IAM permissions](htt
 - Additional IAM permissions required, ensure you have granted the [required IAM permissions](https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json).
 - CRDs need to be updated as follows
 ```shell script
-kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller/crds?ref=master"
+kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller//crds?ref=master"
 ```
 - you can run helm upgrade without uninstalling the old chart completely
 
@@ -212,6 +212,7 @@ The default values set by the application itself can be confirmed [here](https:/
 | `ingressClassParams.spec`                      | IngressClassParams defined ingress specifications                                                                                                                                                                                                                                                                                            | {}                                                |
 | `region`                                       | The AWS region for the kubernetes cluster                                                                                                                                                                                                                                                                                                    | None                                              |
 | `vpcId`                                        | The VPC ID for the Kubernetes cluster                                                                                                                                                                                                                                                                                                        | None                                              |
+| `vpcTags`                                      | This is alternative to vpcId. Set this when your pods are unable to use the metadata service to determine VPC automatically.                                                                                                                                                                                                                 | None
 | `awsApiEndpoints`                              | Custom AWS API Endpoints                                                                                                                                                                                                                                                                                                                     | None                                              |
 | `awsApiThrottle`                               | Custom AWS API throttle settings                                                                                                                                                                                                                                                                                                             | None                                              |
 | `awsMaxRetries`                                | Maximum retries for AWS APIs                                                                                                                                                                                                                                                                                                                 | None                                              |

@@ -84,6 +84,15 @@ spec:
                 - dualstack
                 - dualstack-without-public-ipv4
                 type: string
+              ipamConfiguration:
+                description: IPAMConfiguration defines the IPAM settings for a Load
+                  Balancer.
+                properties:
+                  ipv4IPAMPoolId:
+                    description: IPv4IPAMPoolId defines the IPAM pool ID used for
+                      IPv4 Addresses on the ALB.
+                    type: string
+                type: object
               listeners:
                 description: Listeners define a list of listeners with their protocol,
                   port and attributes.
@@ -317,6 +326,15 @@ spec:
           spec:
             description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding
             properties:
+              assumeRoleExternalId:
+                description: IAM Role ARN to assume when calling AWS APIs. Needed
+                  to assume a role in another account and prevent the confused deputy
+                  problem. https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html
+                type: string
+              iamRoleArnToAssume:
+                description: IAM Role ARN to assume when calling AWS APIs. Useful
+                  if the target group is in a different AWS account
+                type: string
               multiClusterTargetGroup:
                 description: MultiClusterTargetGroup Denotes if the TargetGroup is
                   shared among multiple clusters
@@ -494,6 +512,15 @@ spec:
           spec:
             description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding
             properties:
+              assumeRoleExternalId:
+                description: IAM Role ARN to assume when calling AWS APIs. Needed
+                  to assume a role in another account and prevent the confused deputy
+                  problem. https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html
+                type: string
+              iamRoleArnToAssume:
+                description: IAM Role ARN to assume when calling AWS APIs. Useful
+                  if the target group is in a different AWS account
+                type: string
               ipAddressType:
                 description: ipAddressType specifies whether the target group is of
                   type IPv4 or IPv6. If unspecified, it will be automatically inferred.

@@ -10,7 +10,9 @@ metadata:
   labels:
     {{- include "aws-load-balancer-controller.labels" . | nindent 4 }}
 spec:
+  {{ if not .Values.autoscaling.enabled }}
   replicas: {{ .Values.replicaCount }}
+  {{ end }}
   revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
   selector:
     matchLabels:
@@ -68,7 +70,7 @@ spec:
         {{- end }}
         {{- $region := tpl (default "" .Values.region) . }}
         {{- if $region }}
-        - --aws-region={{ .Values.region }}
+        - --aws-region={{ $region }}
         {{- end }}
         {{- $vpcID := tpl (default "" .Values.vpcId) . }}
         {{- if $vpcID }}
@@ -173,6 +175,9 @@ spec:
         {{- if .Values.loadBalancerClass }}
         - --load-balancer-class={{ .Values.loadBalancerClass }}
         {{- end }}
+        {{- if .Values.vpcTags }}
+        - --aws-vpc-tags={{ include "aws-load-balancer-controller.convertMapToCsv" .Values.vpcTags | trimSuffix "," }}
+        {{- end }}
         {{- if or .Values.env .Values.envSecretName }}
         env:
         {{- if .Values.env}}

@@ -19,7 +19,7 @@ webhooks:
       name: {{ template "aws-load-balancer-controller.webhookService" . }}
       namespace: {{ $.Release.Namespace }}
       path: /mutate-v1-pod
-  failurePolicy: Fail
+  failurePolicy: {{ .Values.podMutatorWebhookConfig.failurePolicy }}
   name: mpod.elbv2.k8s.aws
   admissionReviewVersions:
   - v1beta1

@@ -6,7 +6,7 @@ replicaCount: 2
 
 image:
   repository: public.ecr.aws/eks/aws-load-balancer-controller
-  tag: v2.11.0
+  tag: v2.12.0
   pullPolicy: IfNotPresent
 
 imagePullSecrets: []
@@ -353,3 +353,7 @@ serviceMutatorWebhookConfig:
   operations:
   - CREATE
   # - UPDATE
+
+podMutatorWebhookConfig:
+  # whether or not to fail the pod creation if the webhook fails
+  failurePolicy: Ignore
@@ -8,7 +8,7 @@ revisionHistoryLimit: 10
 
 image:
   repository: public.ecr.aws/eks/aws-load-balancer-controller
-  tag: v2.11.0
+  tag: v2.12.0
   pullPolicy: IfNotPresent
 
 runtimeClassName: ""
@@ -91,7 +91,7 @@ configureDefaultAffinity: true
 # nodes, and other user-defined topology domains.
 #
 # more details here: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
-topologySpreadConstraints: {}
+topologySpreadConstraints: []
 
 updateStrategy: {}
   # type: RollingUpdate
@@ -161,6 +161,10 @@ region:
 # The VPC ID for the Kubernetes cluster. Set this manually when your pods are unable to use the metadata service to determine this automatically
 vpcId:
 
+# This is alternative to vpcId. Set this when your pods are unable to use the metadata service to determine VPC automatically.
+vpcTags: {}
+# Name: tagValue
+
 # Custom AWS API Endpoints (serviceID1=URL1,serviceID2=URL2)
 awsApiEndpoints:
 
@@ -426,6 +430,11 @@ serviceMutatorWebhookConfig:
   - CREATE
     # - UPDATE
 
+# podMutatorWebhookConfig contains configurations specific to the service mutator webhook
+podMutatorWebhookConfig:
+  # whether or not to fail the pod creation if the webhook fails
+  failurePolicy: Ignore
+
 # serviceTargetENISGTags specifies AWS tags, in addition to the cluster tags, for finding the target ENI SG to which to add inbound rules from NLBs.
 serviceTargetENISGTags: