From f817403594fbf2ec426aba5e7e262d16ffb5a16f Mon Sep 17 00:00:00 2001 From: shraddha bang Date: Thu, 6 Nov 2025 14:10:02 -0800 Subject: [PATCH 1/2] [feat aga] Disable AGAController as its in ready yet --- helm/aws-load-balancer-controller/values.yaml | 2 +- mkdocs.yml | 2 -- pkg/config/feature_gates.go | 2 +- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/helm/aws-load-balancer-controller/values.yaml b/helm/aws-load-balancer-controller/values.yaml index 4cc86f0ac..a64963dd0 100644 --- a/helm/aws-load-balancer-controller/values.yaml +++ b/helm/aws-load-balancer-controller/values.yaml @@ -385,7 +385,7 @@ controllerConfig: # NLBHealthCheckAdvancedConfig: true # ALBSingleSubnet: false # LBCapacityReservation: true - # AGAController: true + # AGAController: false # EnhancedDefaultBehavior: false # EnableDefaultTagsLowPriority: false diff --git a/mkdocs.yml b/mkdocs.yml index fb6c7809a..182bb36de 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -39,8 +39,6 @@ nav: - TargetGroupConfiguration: guide/gateway/targetgroupconfig.md - ListenerRuleConfiguration: guide/gateway/listenerruleconfig.md - Specification: guide/gateway/spec.md - - Global Accelerator: - - Specification: guide/globalaccelerator/spec.md - Tasks: - Cognito Authentication: guide/tasks/cognito_authentication.md - SSL Redirect: guide/tasks/ssl_redirect.md diff --git a/pkg/config/feature_gates.go b/pkg/config/feature_gates.go index 9a314f9a7..1c2e7fe7e 100644 --- a/pkg/config/feature_gates.go +++ b/pkg/config/feature_gates.go @@ -72,7 +72,7 @@ func NewFeatureGates() FeatureGates { LBCapacityReservation: true, NLBGatewayAPI: false, ALBGatewayAPI: false, - AGAController: true, + AGAController: false, EnableTCPUDPListenerType: false, EnhancedDefaultBehavior: false, EnableDefaultTagsLowPriority: false, From 84f455106df459a831f473754c7f20e02abfae18 Mon Sep 17 00:00:00 2001 From: shraddha bang Date: Thu, 6 Nov 2025 12:30:54 -0800 Subject: [PATCH 2/2] update controller-gen version --- Makefile | 2 +- config/crd/aga/aga-crds.yaml | 22 +- .../aga/aga.k8s.aws_globalaccelerators.yaml | 22 +- .../elbv2.k8s.aws_ingressclassparams.yaml | 2 +- .../elbv2.k8s.aws_targetgroupbindings.yaml | 2 +- config/rbac/role.yaml | 240 ++---------------- .../crds/aga-crds.yaml | 22 +- .../crds/crds.yaml | 4 +- 8 files changed, 39 insertions(+), 277 deletions(-) diff --git a/Makefile b/Makefile index a2341a38f..2d415e1d9 100644 --- a/Makefile +++ b/Makefile @@ -138,7 +138,7 @@ ifeq (, $(shell which controller-gen)) CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\ cd $$CONTROLLER_GEN_TMP_DIR ;\ go mod init tmp ;\ - go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0 ;\ + go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.19.0 ;\ rm -rf $$CONTROLLER_GEN_TMP_DIR ;\ } CONTROLLER_GEN=$(GOBIN)/controller-gen diff --git a/config/crd/aga/aga-crds.yaml b/config/crd/aga/aga-crds.yaml index adad811f7..04076af7d 100644 --- a/config/crd/aga/aga-crds.yaml +++ b/config/crd/aga/aga-crds.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.19.0 name: globalaccelerators.aga.k8s.aws spec: group: aga.k8s.aws @@ -196,7 +196,6 @@ spec: For example, you can create a port override in which the listener receives user traffic on ports 80 and 443, but your accelerator routes that traffic to ports 1080 and 1443, respectively, on the endpoints. - For more information, see Port overrides in the AWS Global Accelerator Developer Guide: https://docs.aws.amazon.com/global-accelerator/latest/dg/about-endpoint-groups-port-override.html properties: @@ -303,16 +302,8 @@ spec: conditions: description: Conditions represent the current conditions of the GlobalAccelerator. items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -353,12 +344,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/aga/aga.k8s.aws_globalaccelerators.yaml b/config/crd/aga/aga.k8s.aws_globalaccelerators.yaml index adad811f7..04076af7d 100644 --- a/config/crd/aga/aga.k8s.aws_globalaccelerators.yaml +++ b/config/crd/aga/aga.k8s.aws_globalaccelerators.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.19.0 name: globalaccelerators.aga.k8s.aws spec: group: aga.k8s.aws @@ -196,7 +196,6 @@ spec: For example, you can create a port override in which the listener receives user traffic on ports 80 and 443, but your accelerator routes that traffic to ports 1080 and 1443, respectively, on the endpoints. - For more information, see Port overrides in the AWS Global Accelerator Developer Guide: https://docs.aws.amazon.com/global-accelerator/latest/dg/about-endpoint-groups-port-override.html properties: @@ -303,16 +302,8 @@ spec: conditions: description: Conditions represent the current conditions of the GlobalAccelerator. items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -353,12 +344,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/config/crd/bases/elbv2.k8s.aws_ingressclassparams.yaml b/config/crd/bases/elbv2.k8s.aws_ingressclassparams.yaml index 89f4952af..e56242a5e 100644 --- a/config/crd/bases/elbv2.k8s.aws_ingressclassparams.yaml +++ b/config/crd/bases/elbv2.k8s.aws_ingressclassparams.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.19.0 name: ingressclassparams.elbv2.k8s.aws spec: group: elbv2.k8s.aws diff --git a/config/crd/bases/elbv2.k8s.aws_targetgroupbindings.yaml b/config/crd/bases/elbv2.k8s.aws_targetgroupbindings.yaml index 9e3935df1..024dc227b 100644 --- a/config/crd/bases/elbv2.k8s.aws_targetgroupbindings.yaml +++ b/config/crd/bases/elbv2.k8s.aws_targetgroupbindings.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.19.0 name: targetgroupbindings.elbv2.k8s.aws spec: group: elbv2.k8s.aws diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index d31125350..07669c62c 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -17,6 +17,9 @@ rules: - "" resources: - endpoints + - namespaces + - nodes + - pods verbs: - get - list @@ -28,34 +31,11 @@ rules: verbs: - create - patch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - apiGroups: - "" resources: - pods/status + - services/status verbs: - patch - update @@ -69,13 +49,6 @@ rules: - patch - update - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - patch - - update - apiGroups: - discovery.k8s.io resources: @@ -113,6 +86,7 @@ rules: - update - apiGroups: - extensions + - networking.k8s.io resources: - ingresses verbs: @@ -123,6 +97,7 @@ rules: - watch - apiGroups: - extensions + - networking.k8s.io resources: - ingresses/status verbs: @@ -132,53 +107,7 @@ rules: - gateway.k8s.aws resources: - listenerruleconfigurations - verbs: - - get - - list - - patch - - watch -- apiGroups: - - gateway.k8s.aws - resources: - - listenerruleconfigurations/finalizers - verbs: - - patch - - update -- apiGroups: - - gateway.k8s.aws - resources: - - listenerruleconfigurations/status - verbs: - - get - - patch - - update -- apiGroups: - - gateway.k8s.aws - resources: - loadbalancerconfigurations - verbs: - - get - - list - - patch - - watch -- apiGroups: - - gateway.k8s.aws - resources: - - loadbalancerconfigurations/finalizers - verbs: - - patch - - update -- apiGroups: - - gateway.k8s.aws - resources: - - loadbalancerconfigurations/status - verbs: - - get - - patch - - update -- apiGroups: - - gateway.k8s.aws - resources: - targetgroupconfigurations verbs: - get @@ -188,6 +117,8 @@ rules: - apiGroups: - gateway.k8s.aws resources: + - listenerruleconfigurations/finalizers + - loadbalancerconfigurations/finalizers - targetgroupconfigurations/finalizers verbs: - patch @@ -195,6 +126,8 @@ rules: - apiGroups: - gateway.k8s.aws resources: + - listenerruleconfigurations/status + - loadbalancerconfigurations/status - targetgroupconfigurations/status verbs: - get @@ -204,30 +137,8 @@ rules: - gateway.networking.k8s.io resources: - gatewayclasses - verbs: - - get - - list - - patch - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses/finalizers - verbs: - - patch - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - gatewayclasses/status - verbs: - - get - - patch - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - gateways + - referencegrants verbs: - get - list @@ -236,6 +147,7 @@ rules: - apiGroups: - gateway.networking.k8s.io resources: + - gatewayclasses/finalizers - gateways/finalizers verbs: - patch @@ -243,104 +155,13 @@ rules: - apiGroups: - gateway.networking.k8s.io resources: + - gatewayclasses/status - gateways/status - verbs: - - get - - patch - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - grpcroutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - grpcroutes/finalizers - verbs: - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - grpcroutes/status - verbs: - - get - - patch - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes/finalizers - verbs: - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - httproutes/status - verbs: - - get - - patch - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - referencegrants - verbs: - - get - - list - - patch - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - tcproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - tcproutes/finalizers - verbs: - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - tcproutes/status - verbs: - - get - - patch - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - tlsroutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - tlsroutes/finalizers - verbs: - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - tlsroutes/status + - udproutes/status verbs: - get - patch @@ -348,6 +169,10 @@ rules: - apiGroups: - gateway.networking.k8s.io resources: + - grpcroutes + - httproutes + - tcproutes + - tlsroutes - udproutes verbs: - get @@ -356,17 +181,13 @@ rules: - apiGroups: - gateway.networking.k8s.io resources: + - grpcroutes/finalizers + - httproutes/finalizers + - tcproutes/finalizers + - tlsroutes/finalizers - udproutes/finalizers verbs: - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - udproutes/status - verbs: - - get - - patch - - update - apiGroups: - networking.k8s.io resources: @@ -375,20 +196,3 @@ rules: - get - list - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - patch - - update diff --git a/helm/aws-load-balancer-controller/crds/aga-crds.yaml b/helm/aws-load-balancer-controller/crds/aga-crds.yaml index adad811f7..04076af7d 100644 --- a/helm/aws-load-balancer-controller/crds/aga-crds.yaml +++ b/helm/aws-load-balancer-controller/crds/aga-crds.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.19.0 name: globalaccelerators.aga.k8s.aws spec: group: aga.k8s.aws @@ -196,7 +196,6 @@ spec: For example, you can create a port override in which the listener receives user traffic on ports 80 and 443, but your accelerator routes that traffic to ports 1080 and 1443, respectively, on the endpoints. - For more information, see Port overrides in the AWS Global Accelerator Developer Guide: https://docs.aws.amazon.com/global-accelerator/latest/dg/about-endpoint-groups-port-override.html properties: @@ -303,16 +302,8 @@ spec: conditions: description: Conditions represent the current conditions of the GlobalAccelerator. items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -353,12 +344,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/helm/aws-load-balancer-controller/crds/crds.yaml b/helm/aws-load-balancer-controller/crds/crds.yaml index 12b2a1580..cebec6bd8 100644 --- a/helm/aws-load-balancer-controller/crds/crds.yaml +++ b/helm/aws-load-balancer-controller/crds/crds.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.19.0 name: ingressclassparams.elbv2.k8s.aws spec: group: elbv2.k8s.aws @@ -301,7 +301,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.19.0 name: targetgroupbindings.elbv2.k8s.aws spec: group: elbv2.k8s.aws