Commits • eac1f3c: (Backport v1.2.x)fix: prevent hash collisions while resolving subnets, security groups and AMIs from nodeclass selectors (#8660) (Amanuel Engeda) #8660

Chores • bump upstream karpenter version (#8593) #8593 (Jigisha Patil) Commits • 7f8a83d: (Backport v1.3.x)fix: prevent hash collisions while resolving subnets, security groups and AMIs from nodeclass selectors (#8659) (Amanuel Engeda) #8659

Chores • bump upstream karpenter version (#8594) #8594 (Jigisha Patil) Commits • f23af71: (Backport v1.4.x)fix: prevent hash collisions while resolving subnets, security groups and AMIs from nodeclass selectors (#8658) (Amanuel Engeda) #8658

Bug Fixes • make toolchain failing due to deletion of asciicheck for v1.5.x (#8652) #8652 (Amanuel Engeda) Commits • 0f47193: (Backport v1.5.x)fix: prevent hash collisions while resolving subnets, security groups and AMIs from nodeclass selectors (#8657) (Amanuel Engeda) #8657

Bug Fixes • make toolchain failing due to deletion of asciicheck for v1.6.x (#8653) #8653 (Amanuel Engeda) Chores • bump upstream karpenter version (#8595) #8595 (Jigisha Patil) Commits • 9e59a13: (Backport v1.6.x)fix: prevent hash collisions while resolving subnets, security groups and AMIs from nodeclass selectors (#8656) (Amanuel Engeda) #8656

Bug Fixes • ensure filtered offering is available for capacity blocks (#8518) #8518 (Jason Deal) Commits • bump sigs.k8s.io/karpenter to v1.7.1 (#8500) #8500 (Jason Deal) • 4abf673: (Backport v1.7.x)fix: prevent hash collisions while resolving subnets, security groups and AMIs from nodeclass selectors (#8655) (Amanuel Engeda) #8655

Commits • f913f41: (Backport v1.8.x)fix: prevent hash collisions while resolving subnets, security groups and AMIs from nodeclass selectors (#8654) (Amanuel Engeda) #8654

Commits • 09935d8: (Backport v1.1.x)fix: prevent hash collisions while resolving subnets, security groups and AMIs from nodeclass selectors (#8661) (Amanuel Engeda) #8661

Commits • 8bd9a3d: (Backport v1.0.x)fix: prevent hash collisions while resolving subnets, security groups and AMIs from nodeclass selectors (#8664) (Amanuel Engeda) #8664

What's Changed • feat: allow parallel image pull on more instance types by @fletcherw in https://github.com/awslabs/amazon-eks-ami/pull/2461 • feat(nodeadm): support public ECR authentication by @mselim00 in https://github.com/awslabs/amazon-eks-ami/pull/2153 • Pin NVIDIA Driver version for Isolated regions by @whoix in https://github.com/awslabs/amazon-eks-ami/pull/2472 Full Changelog: https://github.com/awslabs/amazon-eks-ami/compare/v20251007...v20251016

In this post, we explore advanced traffic routing patterns with the Kubernetes Gateway API through a practical Calendar web application example, demonstrating how it streamlines and standardizes application connectivity and service mesh integration in Kubernetes. The post covers three key use cases: exposing applications to external clients through hostname-based routing, implementing canary deployments between microservices using gRPC traffic splitting, and controlling egress traffic to external services with security policies.

<p>Amazon Elastic Kubernetes Service (Amazon EKS) Auto Mode is now available in the AWS GovCloud (US-East) and (US-West) regions. This feature fully automates compute, storage, and networking management for Kubernetes clusters. Additionally, EKS Auto Mode now supports FIPS-validated cryptographic modules through its Amazon Machine Images (AMIs) to help customers meet FedRAMP compliance requirements.<br> <br> EKS Auto Mode enables organizations to get Kubernetes conformant managed compute, networking, and storage for any new or existing EKS cluster. Its AMIs include FIPS-compliant cryptographic modules to help meet federal security standards for regulated workloads. EKS Auto Mode manages OS patching and updates, and strengthens security posture through ephemeral compute, making it ideal for workloads that require high security standards. It also dynamically scales EC2 instances based on demand, helping optimize compute costs while maintaining application availability.<br> <br> Amazon EKS Auto Mode is now available in AWS GovCloud (US-East) and (US-West). You can enable EKS Auto Mode in any EKS cluster running Kubernetes 1.29 and above with no upfront fees or commitments—you pay for the management of the compute resources provisioned, in addition to your regular EC2 costs.<br> <br> To get started with EKS Auto Mode, visit the <a href="https://aws.amazon.com/eks/" target="_blank">Amazon EKS product page</a>. For additional details, see the<a href="https://docs.aws.amazon.com/eks/latest/userguide/eks-auto-mode.html" target="_blank"> Amazon EKS User Guide</a> and <a href="https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/whatis.html" target="_blank">AWS GovCloud (US) documentation</a>.</p>

This post was co-written with Frederic Haase and Julian Blau with BASF Digital Farming GmbH. At xarvio – BASF Digital Farming, our mission is to empower farmers around the world with cutting-edge digital agronomic decision-making tools. Central to this mission is our crop optimization platform, xarvio FIELD MANAGER, which delivers actionable insights through a range […]

A Helm chart for AWS EBS CSI Driver

A Helm chart for AWS EBS CSI Driver

In this post, we explore how KubeArmor, an open source container-aware security enforcement system, enhances the security posture of containerized workloads running on EKS Auto Mode clusters. Although EKS Auto Mode significantly streamlines cluster management by automating control plane and node operations, securing the workloads running within the cluster remains a critical user responsibility.

What's Changed • fix license headers by @barney-s in https://github.com/kubernetes-sigs/kro/pull/647 • Switching to the Kubernetes code of conduct by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/649 • Remove some defaulting fields in deployment spec for tests by @barney-s in https://github.com/kubernetes-sigs/kro/pull/650 • Updates for K8s onboarding by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/665 • project file updates for SIG subproject requirements by @jlbutler in https://github.com/kubernetes-sigs/kro/pull/667 • expose leader election namespace in args by @michaelhtm in https://github.com/kubernetes-sigs/kro/pull/664 • feat: add immutable marker by @Soumya-Vaidya in https://github.com/kubernetes-sigs/kro/pull/660 • update owners files to text by @jlbutler in https://github.com/kubernetes-sigs/kro/pull/669 • Update copyright to Kubernetes Authors by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/670 • Add NOTICE file by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/671 • Adding SIG leads by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/672 • Adding required security contact files by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/673 • feat(simpleschema): add support for pattern, minLength, maxLengt, uniqueItems, maxItems and minItems markers by @simonfuhrer in https://github.com/kubernetes-sigs/kro/pull/661 • Update NOTICE by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/676 • chore: remove GitHub Actions stale bot workflow in favor of Prow by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/674 • Updating NOTICE to remove people who signed CLA by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/678 • Mv hack under scripts to reduce Top level folders by @barney-s in https://github.com/kubernetes-sigs/kro/pull/682 • chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/kubernetes-sigs/kro/pull/677 • Chore: refactor logic out of GHA by @justinsb in https://github.com/kubernetes-sigs/kro/pull/681 • Removing after signing CLA by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/684 • Another CLA signing by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/686 • List the SIG and K8s on the website footer. by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/688 • CLA signed - removing from NOTICE by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/687 • Update(01-Installation.md):latest release version url by @tzahimizrahi in https://github.com/kubernetes-sigs/kro/pull/689 • feat: Create applyset for use by instance reconciler by @barney-s in https://github.com/kubernetes-sigs/kro/pull/561 • Add self and this to reserved keywords by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/691 • fix!: use kro-controller as leaderElectionID by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/694 • docs: Update FAQ with instructions for using KRO with ArgoCD by @RafPe in https://github.com/kubernetes-sigs/kro/pull/651 • fix: improve error messages for type mismatches in parser by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/698 • refactor: use domain-based naming for leader election ID by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/699 • fix!: properly shutdown controller manager and dynamic controller by @jakobmoellerdev in https://github.com/kubernetes-sigs/kro/pull/616 • test(core): RGDs all the way down by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/264 • Revert "test(core): RGDs all the way down" by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/701 • Removing michaelhtm from NOTICE - signed CLA by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/703 • chore(tests): properly use SpecContext from Ginkgo by @jakobmoellerdev in https://github.com/kubernetes-sigs/kro/pull/700 • !feat: Reserve item and items as keywords for collections by @ellistarn in https://github.com/kubernetes-sigs/kro/pull/705 • chore: Tidy up lack of parity on dynamic controller interface by @ellistarn in https://github.com/kubernetes-sigs/kro/pull/706 • chore!: remove service account spec and impersonation by @jakobmoellerdev in https://github.com/kubernetes-sigs/kro/pull/704 • chore: Make dynamic controller logging object-type agnostic. by @ellistarn in https://github.com/kubernetes-sigs/kro/pull/707 • fix: Use controllerruntime's namespaced name correctly by @ellistarn in https://github.com/kubernetes-sigs/kro/pull/708 • chore: dropped ATTRIBUTION.md as part of migration to SIG by @ellistarn in https://github.com/kubernetes-sigs/kro/pull/709 • chore: Hydrate goproxy after each push by @ellistarn in https://github.com/kubernetes-sigs/kro/pull/710 • refactor: update all imports and URLs from github.com/kro-run to kubernetes-sigs by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/675 • feat: add concurrency support in applyset operations by @jakobmoellerdev in https://github.com/kubernetes-sigs/kro/pull/712 • chore: docusaurus bump to 3.9.1, update image paths and dependencies in website by @jakobmoellerdev in https://github.com/kubernetes-sigs/kro/pull/716 • ci: upgrade Node.js from 18 to 20 in docs deployment workflow by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/718 • docs: add versioned documentation site for v0.1.0 through v0.4.1 by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/717 • fix: update version label from 'latest' to 'main' in docusaurus configuration by @jakobmoellerdev in https://github.com/kubernetes-sigs/kro/pull/719 • fix website type example typo by @fabianburth in https://github.com/kubernetes-sigs/kro/pull/722 • feat: Add TTL/LRU based caching to schema resolver by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/690 • Remove out-dated governance page from docs site by @jlbutler in https://github.com/kubernetes-sigs/kro/pull/723 • bug: verify existing ownership of CRD managed by ResourceGraphDefinition to prevent conflict by @a-buck in https://github.com/kubernetes-sigs/kro/pull/562 • LSP Setup by @HeeManSu in https://github.com/kubernetes-sigs/kro/pull/612 • Update NOTICE with removal of completed signed agreement by @Rakhmanov in https://github.com/kubernetes-sigs/kro/pull/728 • fix: various controller optimizations for improved performance by @jakobmoellerdev in https://github.com/kubernetes-sigs/kro/pull/725 • Remove reference for S3 bucket, not used in this example by @petrokashlikov in https://github.com/kubernetes-sigs/kro/pull/733 • chore: create scripts to build and push images by @justinsb in https://github.com/kubernetes-sigs/kro/pull/730 • chore: push helm chart alongside image by @justinsb in https://github.com/kubernetes-sigs/kro/pull/731 • Add moar reserved keywords to validation list by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/734 • chore: bump gcb-docker-gcloud to latest version by @justinsb in https://github.com/kubernetes-sigs/kro/pull/735 • chore: run helm using go run by @justinsb in https://github.com/kubernetes-sigs/kro/pull/736 • Update image repository to registry.k8s.io by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/737 New Contributors • @simonfuhrer made their first contribution in https://github.com/kubernetes-sigs/kro/pull/661 • @RafPe made their first contribution in https://github.com/kubernetes-sigs/kro/pull/651 • @a-buck made their first contribution in https://github.com/kubernetes-sigs/kro/pull/562 • @petrokashlikov made their first contribution in https://github.com/kubernetes-sigs/kro/pull/733 Full Changelog: https://github.com/kubernetes-sigs/kro/compare/v0.4.1...v0.5.0

What's Changed • fix license headers by @barney-s in https://github.com/kubernetes-sigs/kro/pull/647 • Switching to the Kubernetes code of conduct by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/649 • Remove some defaulting fields in deployment spec for tests by @barney-s in https://github.com/kubernetes-sigs/kro/pull/650 • Updates for K8s onboarding by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/665 • project file updates for SIG subproject requirements by @jlbutler in https://github.com/kubernetes-sigs/kro/pull/667 • expose leader election namespace in args by @michaelhtm in https://github.com/kubernetes-sigs/kro/pull/664 • feat: add immutable marker by @Soumya-Vaidya in https://github.com/kubernetes-sigs/kro/pull/660 • update owners files to text by @jlbutler in https://github.com/kubernetes-sigs/kro/pull/669 • Update copyright to Kubernetes Authors by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/670 • Add NOTICE file by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/671 • Adding SIG leads by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/672 • Adding required security contact files by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/673 • feat(simpleschema): add support for pattern, minLength, maxLengt, uniqueItems, maxItems and minItems markers by @simonfuhrer in https://github.com/kubernetes-sigs/kro/pull/661 • Update NOTICE by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/676 • chore: remove GitHub Actions stale bot workflow in favor of Prow by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/674 • Updating NOTICE to remove people who signed CLA by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/678 • Mv hack under scripts to reduce Top level folders by @barney-s in https://github.com/kubernetes-sigs/kro/pull/682 • chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/kubernetes-sigs/kro/pull/677 • Chore: refactor logic out of GHA by @justinsb in https://github.com/kubernetes-sigs/kro/pull/681 • Removing after signing CLA by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/684 • Another CLA signing by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/686 • List the SIG and K8s on the website footer. by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/688 • CLA signed - removing from NOTICE by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/687 • Update(01-Installation.md):latest release version url by @tzahimizrahi in https://github.com/kubernetes-sigs/kro/pull/689 • feat: Create applyset for use by instance reconciler by @barney-s in https://github.com/kubernetes-sigs/kro/pull/561 • Add self and this to reserved keywords by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/691 • fix!: use kro-controller as leaderElectionID by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/694 • docs: Update FAQ with instructions for using KRO with ArgoCD by @RafPe in https://github.com/kubernetes-sigs/kro/pull/651 • fix: improve error messages for type mismatches in parser by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/698 • refactor: use domain-based naming for leader election ID by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/699 • fix!: properly shutdown controller manager and dynamic controller by @jakobmoellerdev in https://github.com/kubernetes-sigs/kro/pull/616 • test(core): RGDs all the way down by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/264 • Revert "test(core): RGDs all the way down" by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/701 • Removing michaelhtm from NOTICE - signed CLA by @bridgetkromhout in https://github.com/kubernetes-sigs/kro/pull/703 • chore(tests): properly use SpecContext from Ginkgo by @jakobmoellerdev in https://github.com/kubernetes-sigs/kro/pull/700 • !feat: Reserve item and items as keywords for collections by @ellistarn in https://github.com/kubernetes-sigs/kro/pull/705 • chore: Tidy up lack of parity on dynamic controller interface by @ellistarn in https://github.com/kubernetes-sigs/kro/pull/706 • chore!: remove service account spec and impersonation by @jakobmoellerdev in https://github.com/kubernetes-sigs/kro/pull/704 • chore: Make dynamic controller logging object-type agnostic. by @ellistarn in https://github.com/kubernetes-sigs/kro/pull/707 • fix: Use controllerruntime's namespaced name correctly by @ellistarn in https://github.com/kubernetes-sigs/kro/pull/708 • chore: dropped ATTRIBUTION.md as part of migration to SIG by @ellistarn in https://github.com/kubernetes-sigs/kro/pull/709 • chore: Hydrate goproxy after each push by @ellistarn in https://github.com/kubernetes-sigs/kro/pull/710 • refactor: update all imports and URLs from github.com/kro-run to kubernetes-sigs by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/675 • feat: add concurrency support in applyset operations by @jakobmoellerdev in https://github.com/kubernetes-sigs/kro/pull/712 • chore: docusaurus bump to 3.9.1, update image paths and dependencies in website by @jakobmoellerdev in https://github.com/kubernetes-sigs/kro/pull/716 • ci: upgrade Node.js from 18 to 20 in docs deployment workflow by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/718 • docs: add versioned documentation site for v0.1.0 through v0.4.1 by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/717 • fix: update version label from 'latest' to 'main' in docusaurus configuration by @jakobmoellerdev in https://github.com/kubernetes-sigs/kro/pull/719 • fix website type example typo by @fabianburth in https://github.com/kubernetes-sigs/kro/pull/722 • feat: Add TTL/LRU based caching to schema resolver by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/690 • Remove out-dated governance page from docs site by @jlbutler in https://github.com/kubernetes-sigs/kro/pull/723 • bug: verify existing ownership of CRD managed by ResourceGraphDefinition to prevent conflict by @a-buck in https://github.com/kubernetes-sigs/kro/pull/562 • LSP Setup by @HeeManSu in https://github.com/kubernetes-sigs/kro/pull/612 • Update NOTICE with removal of completed signed agreement by @Rakhmanov in https://github.com/kubernetes-sigs/kro/pull/728 • fix: various controller optimizations for improved performance by @jakobmoellerdev in https://github.com/kubernetes-sigs/kro/pull/725 • Remove reference for S3 bucket, not used in this example by @petrokashlikov in https://github.com/kubernetes-sigs/kro/pull/733 • chore: create scripts to build and push images by @justinsb in https://github.com/kubernetes-sigs/kro/pull/730 • chore: push helm chart alongside image by @justinsb in https://github.com/kubernetes-sigs/kro/pull/731 • Add moar reserved keywords to validation list by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/734 • chore: bump gcb-docker-gcloud to latest version by @justinsb in https://github.com/kubernetes-sigs/kro/pull/735 • chore: run helm using go run by @justinsb in https://github.com/kubernetes-sigs/kro/pull/736 • Update image repository to registry.k8s.io by @a-hilaly in https://github.com/kubernetes-sigs/kro/pull/737 New Contributors • @simonfuhrer made their first contribution in https://github.com/kubernetes-sigs/kro/pull/661 • @RafPe made their first contribution in https://github.com/kubernetes-sigs/kro/pull/651 • @a-buck made their first contribution in https://github.com/kubernetes-sigs/kro/pull/562 • @petrokashlikov made their first contribution in https://github.com/kubernetes-sigs/kro/pull/733 Full Changelog: https://github.com/kubernetes-sigs/kro/compare/v0.4.1...v0.5.0-rc.1

📚 Quick Links v2.14.1 (requires Kubernetes 1.22+) Image: public.ecr.aws/eks/aws-load-balancer-controller:v2.14.1 Documentation Thanks to all our contributors!💜💜💜 What’s new We’re excited to announce support for ALB URL Rewrite! You can use this new feature to transform request URLs using regex patterns (e.g., rewrite /api/v1/users to /users, or ^/api/v1/(.*)$ to /$1). Check out the new use case in our documentation on how to configure your ingress resources to utilize this new capability. For more information about the feature, please see the AWS launch announcement. Enhancement and Fixes • Introduced ALB URL Rewrite support! ( Too many feature request issues to link here ;) ) • Fixed ListenerAttribute string parsing to allow for multiple values. (https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/4363) • Added ability to configure maximum targets per TargetGroupBinding (https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/4360) • Fixed ListenerRule comparison check that incorrectly marks rules as drifted. • New Gateway Route & Listener Statuses • Fixed WAF name retrieval (https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/4388) • Added support for EKS Hybrid nodes (https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/4315) • Added low priority tag additions (https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/4030) • Fixed edge case that prevented Listener modifications if rule limit has been exceeded (https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/4373) • Updated docs for NLB healthchecks (https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/3419) What's Changed • feat: Add flag to limit the max number of targets added to an ELB by @mmiller-sh in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4361 • support comma in string pars value by @shuqz in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4375 • fix e2e tests by @zac-nixon in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4379 • feat(helm): support templating in service account annotations by @samuelmasuy in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4374 • fix sorting when comparing listener rule differences by @zac-nixon in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4382 • [feat gw-api]update gateway status based on observation generation by @shuqz in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4383 • test: replace AWS SDK v1 imports with v2 by @Juneezee in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4364 • fix waf name resolution by @zac-nixon in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4390 • [feat: aga] add AWS Global Accelerator CRD with comprehensive validation by @shraddhabang in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4389 • [feat: aga] add basic framework for AGA controller by @shraddhabang in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4392 • feat: add EKS Hybrid Nodes support by @sanbyk in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4336 • Implement support for URL and Host Header Rewrite for Application Load Balancer by @andreybutenko in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4396 • feat: add feature toggle to allow controller default tags to be overridden by annotation supplied tags by @mwhittington21 in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4384 • Update annotations documentation to include support for named ports in NLB health check configuration by @igor-kupczynski in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4386 • re-enable tls tests with new certs by @zac-nixon in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4397 • fix bad merge conflict resolution by @zac-nixon in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4401 • [bug fix] handle rules exceeded error in listener rule synthesizer by @zac-nixon in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4393 • cut v2.14.1 release by @zac-nixon in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4402 New Contributors • @mmiller-sh made their first contribution in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4361 • @samuelmasuy made their first contribution in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4374 • @Juneezee made their first contribution in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4364 • @sanbyk made their first contribution in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4336 • @mwhittington21 made their first contribution in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4384 • @igor-kupczynski made their first contribution in https://github.com/kubernetes-sigs/aws-load-balancer-controller/pull/4386 Full Changelog: https://github.com/kubernetes-sigs/aws-load-balancer-controller/compare/v2.14.0...v2.14.1

In this post, we explore how to use AWS Identity and Access Management (IAM) Roles Anywhere, supported by HashiCorp Vault PKI, to facilitate joining EKS Hybrid Nodes to an Amazon EKS Cluster. This solution enables businesses to flexibly make use of compute resources outside of AWS by extending an Amazon Elastic Kubernetes Service (Amazon EKS) data plane beyond the AWS Cloud boundary, addressing use cases focused on data sovereignty, low latency communication, and regulatory compliance.

In this post, we explore the latest Amazon Elastic Kubernetes Service (Amazon EKS) Auto Mode features that enhance security, network control, and performance for enterprise Kubernetes deployments. These new capabilities address critical operational challenges including capacity management, network segmentation, enterprise PKI integration, and comprehensive encryption while maintaining the automated cluster management that makes EKS Auto Mode transformative for development teams.

AWS EBS CSI Driver CHANGELOG See CHANGELOG for full list of changes

A Helm chart for AWS EBS CSI Driver

In this post, we introduce the Slinky Project and explore how it enables organizations to run Slurm workload management within Amazon EKS, combining the deterministic scheduling capabilities of Slurm with Kubernetes' dynamic resource allocation for efficient hybrid workload management. This unified approach allows teams to maximize resource utilization across both batch processing jobs and cloud-native applications without maintaining separate infrastructure silos.