From 6c90223b44b23fd79d161f60c668c846d8e53c73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hu=E1=BB=B3nh=20L=C3=AA=20Nh=E1=BA=A5t=20Ngh=C4=A9a?= Date: Thu, 4 Sep 2025 17:35:58 +0700 Subject: [PATCH] docs: add SubnetDiscoveryByReachability feature gate to values.yaml and feature-gates table --- docs/deploy/configurations.md | 32 ++++++++++--------- helm/aws-load-balancer-controller/values.yaml | 1 + 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/docs/deploy/configurations.md b/docs/deploy/configurations.md index 629ef73f4c..919e6156f6 100644 --- a/docs/deploy/configurations.md +++ b/docs/deploy/configurations.md @@ -170,18 +170,20 @@ If running on EC2, the default values are obtained from the instance metadata se ### Feature Gates There are a set of key=value pairs that describe AWS load balancer controller features. You can use it as flags `--feature-gates=key1=value1,key2=value2` -|Features-gate Supported Key | Type | Default Value | Description | -|---------------------------------------|---------------------------------|--------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| ListenerRulesTagging | string | true | Enable or disable tagging AWS load balancer listeners and rules | -| WeightedTargetGroups | string | true | Enable or disable weighted target groups | -| ServiceTypeLoadBalancerOnly | string | false | If enabled, controller will be limited to reconciling service of type `LoadBalancer` | -| EndpointsFailOpen | string | true | Enable or disable allowing endpoints with `ready:unknown` state in the target groups. | -| EnableServiceController | string | true | Toggles support for `Service` type resources. | -| EnableIPTargetType | string | true | Used to toggle support for target-type `ip` across `Ingress` and `Service` type resources. | -| EnableRGTAPI | string | false | If enabled, the tagging manager will describe resource tags via RGT APIs, otherwise via ELB APIs. In order to enable RGT API, `tag:GetResources` is needed in controller IAM policy. | -| SubnetsClusterTagCheck | string | true | Enable or disable the check for `kubernetes.io/cluster/${cluster-name}` during subnet auto-discovery | -| NLBHealthCheckAdvancedConfiguration | string | true | Enable or disable advanced health check configuration for NLB, for example health check timeout | -| ALBSingleSubnet | string | false | If enabled, controller will allow using only 1 subnet for provisioning ALB, which need to get whitelisted by ELB in advance | -| NLBSecurityGroup | string | true | Enable or disable all NLB security groups actions including frontend sg creation, backend sg creation, and backend sg modifications. This same behavior is able to be applied to an individual service by using the annotation `aws-load-balancer-disable-nlb-sg` | -| LBCapacityReservation | string | true | Enable or disable the capacity reservation feature on ALB and NLB | -| EnableTCPUDPListenerType | string | false | Enable or disable creation of TCP_UDP type listeners. This value can be overriden at the Service level by the annotation `service.beta.kubernetes.io/aws-load-balancer-enable-tcp-udp-listener` | + +|Features-gate Supported Key | Type | Default Value | Description | +|---------------------------------------|---------|---------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| ListenerRulesTagging | string | true | Enable or disable tagging AWS load balancer listeners and rules | +| WeightedTargetGroups | string | true | Enable or disable weighted target groups | +| ServiceTypeLoadBalancerOnly | string | false | If enabled, controller will be limited to reconciling service of type `LoadBalancer` | +| EndpointsFailOpen | string | true | Enable or disable allowing endpoints with `ready:unknown` state in the target groups. | +| EnableServiceController | string | true | Toggles support for `Service` type resources. | +| EnableIPTargetType | string | true | Used to toggle support for target-type `ip` across `Ingress` and `Service` type resources. | +| EnableRGTAPI | string | false | If enabled, the tagging manager will describe resource tags via RGT APIs, otherwise via ELB APIs. In order to enable RGT API, `tag:GetResources` is needed in controller IAM policy. | +| SubnetsClusterTagCheck | string | true | Enable or disable the check for `kubernetes.io/cluster/${cluster-name}` during subnet auto-discovery | +| NLBHealthCheckAdvancedConfiguration | string | true | Enable or disable advanced health check configuration for NLB, for example health check timeout | +| ALBSingleSubnet | string | false | If enabled, controller will allow using only 1 subnet for provisioning ALB, which need to get whitelisted by ELB in advance | +| NLBSecurityGroup | string | true | Enable or disable all NLB security groups actions including frontend sg creation, backend sg creation, and backend sg modifications. This same behavior is able to be applied to an individual service by using the annotation `aws-load-balancer-disable-nlb-sg` | +| LBCapacityReservation | string | true | Enable or disable the capacity reservation feature on ALB and NLB | +| EnableTCPUDPListenerType | string | false | Enable or disable creation of TCP_UDP type listeners. This value can be overriden at the Service level by the annotation `service.beta.kubernetes.io/aws-load-balancer-enable-tcp-udp-listener` | +| SubnetDiscoveryByReachability | string | true | Automatically discover all subnets in the VPC and classify them as public/private based on route table configuration (route to Internet Gateway → public, route via NAT/TGW/VPC endpoint → private). Can be disabled with this flag. | \ No newline at end of file diff --git a/helm/aws-load-balancer-controller/values.yaml b/helm/aws-load-balancer-controller/values.yaml index 24786605df..cc3a228012 100644 --- a/helm/aws-load-balancer-controller/values.yaml +++ b/helm/aws-load-balancer-controller/values.yaml @@ -375,6 +375,7 @@ controllerConfig: # NLBHealthCheckAdvancedConfig: true # ALBSingleSubnet: false # LBCapacityReservation: true + # SubnetDiscoveryByReachability: true # auto-discover subnet public/private via route tables certDiscovery: allowedCertificateAuthorityARNs: "" # empty means all CAs are in scope