v2.2.4

Release notes for Cluster API Provider AWS (CAPA) v2.2.4

Documentation

Changelog since v2.2.2

There is no v2.2.3 release due to an issue with the release.

Changes by Kind

Support

• Bump CAPI to v1.5.2 (#4526, @Ankitasw)

Bug or Regression

• Fixed a bug with the sigs.k8s.io/cluster-api-provider-aws-last-applied-tags annotation that could cause excessive metadata values on AWSMachines. (#4535, @Ankitasw)
• Make kpromo versioned consistent (#4542, @richardcase)

Uncategorized

• Additional ingress rules for control plane (#4524, @fiunchinho)
• Availability zone status is correctly set when using BYO NLBs, fixing an issue where control plane nodes were only created in a single AZ (#4498, @k8s-infra-cherrypick-robot)
• Change generated nodegroup IAM role name from -nodegroup-iam-service-role_<cluster-name>-<nodegroup-name> to <cluster-name>-<nodegroup-name>_nodegroup-iam-service-role (#4516, @k8s-infra-cherrypick-robot)
• Fix how NAT gateways IPs are saved in the status field (#4520, @k8s-infra-cherrypick-robot)

The images for this release are:

registry.k8s.io/cluster-api-aws/cluster-api-aws-controller:v2.2.4

Thanks to all our contributors.

Dependencies

Added

• cloud.google.com/go/apigeeregistry: v0.6.0
• cloud.google.com/go/apikeys: v0.6.0
• github.com/adrg/xdg: v0.4.0
• github.com/golang-jwt/jwt/v4: v4.4.2
• github.com/golangplus/bytes: v1.0.0
• github.com/golangplus/fmt: v1.0.0
• github.com/golangplus/testing: v1.0.0
• github.com/google/s2a-go: v0.1.3
• sigs.k8s.io/kustomize/cmd/config: v0.11.1
• sigs.k8s.io/kustomize/kustomize/v5: v5.0.1

Changed

• cloud.google.com/go/accessapproval: v1.5.0 → v1.6.0
• cloud.google.com/go/accesscontextmanager: v1.4.0 → v1.7.0
• cloud.google.com/go/aiplatform: v1.27.0 → v1.37.0
• cloud.google.com/go/analytics: v0.12.0 → v0.19.0
• cloud.google.com/go/apigateway: v1.4.0 → v1.5.0
• cloud.google.com/go/apigeeconnect: v1.4.0 → v1.5.0
• cloud.google.com/go/appengine: v1.5.0 → v1.7.1
• cloud.google.com/go/area120: v0.6.0 → v0.7.1
• cloud.google.com/go/artifactregistry: v1.9.0 → v1.13.0
• cloud.google.com/go/asset: v1.10.0 → v1.13.0
• cloud.google.com/go/assuredworkloads: v1.9.0 → v1.10.0
• cloud.google.com/go/automl: v1.8.0 → v1.12.0
• cloud.google.com/go/baremetalsolution: v0.4.0 → v0.5.0
• cloud.google.com/go/batch: v0.4.0 → v0.7.0
• cloud.google.com/go/beyondcorp: v0.3.0 → v0.5.0
• cloud.google.com/go/bigquery: v1.44.0 → v1.50.0
• cloud.google.com/go/billing: v1.7.0 → v1.13.0
• cloud.google.com/go/binaryauthorization: v1.4.0 → v1.5.0
• cloud.google.com/go/certificatemanager: v1.4.0 → v1.6.0
• cloud.google.com/go/channel: v1.9.0 → v1.12.0
• cloud.google.com/go/cloudbuild: v1.4.0 → v1.9.0
• cloud.google.com/go/clouddms: v1.4.0 → v1.5.0
• cloud.google.com/go/cloudtasks: v1.8.0 → v1.10.0
• cloud.google.com/go/compute: v1.15.1 → v1.20.1
• cloud.google.com/go/contactcenterinsights: v1.4.0 → v1.6.0
• cloud.google.com/go/container: v1.7.0 → v1.15.0
• cloud.google.com/go/containeranalysis: v0.6.0 → v0.9.0
• cloud.google.com/go/datacatalog: v1.8.0 → v1.13.0
• cloud.google.com/go/dataflow: v0.7.0 → v0.8.0
• cloud.google.com/go/dataform: v0.5.0 → v0.7.0
• cloud.google.com/go/datafusion: v1.5.0 → v1.6.0
• cloud.google.com/go/datalabeling: v0.6.0 → v0.7.0
• cloud.google.com/go/dataplex: v1.4.0 → v1.6.0
• cloud.google.com/go/dataproc: v1.8.0 → v1.12.0
• cloud.google.com/go/dataqna: v0.6.0 → v0.7.0
• cloud.google.com/go/datastore: v1.10.0 → v1.11.0
• cloud.google.com/go/datastream: v1.5.0 → v1.7.0
• cloud.google.com/go/deploy: v1.5.0 → v1.8.0
• cloud.google.com/go/dialogflow: v1.19.0 → v1.32.0
• cloud.google.com/go/dlp: v1.7.0 → v1.9.0
• cloud.google.com/go/documentai: v1.10.0 → v1.18.0
• cloud.google.com/go/domains: v0.7.0 → v0.8.0
• cloud.google.com/go/edgecontainer: v0.2.0 → v1.0.0
• cloud.google.com/go/essentialcontacts: v1.4.0 → v1.5.0
• cloud.google.com/go/eventarc: v1.8.0 → v1.11.0
• cloud.google.com/go/filestore: v1.4.0 → v1.6.0
• cloud.google.com/go/functions: v1.9.0 → v1.13.0
• cloud.google.com/go/gaming: v1.8.0 → v1.9.0
• cloud.google.com/go/gkebackup: v0.3.0 → v0.4.0
• cloud.google.com/go/gkeconnect: v0.6.0 → v0.7.0
• cloud.google.com/go/gkehub: v0.10.0 → v0.12.0
• cloud.google.com/go/gkemulticloud: v0.4.0 → v0.5.0
• cloud.google.com/go/gsuiteaddons: v1.4.0 → v1.5.0
• cloud.google.com/go/iam: v0.8.0 → v0.13.0
• cloud.google.com/go/iap: v1.5.0 → v1.7.1
• cloud.google.com/go/ids: v1.2.0 → v1.3.0
• cloud.google.com/go/iot: v1.4.0 → v1.6.0
• cloud.google.com/go/kms: v1.6.0 → v1.10.1
• cloud.google.com/go/language: v1.8.0 → v1.9.0
• cloud.google.com/go/lifesciences: v0.6.0 → v0.8.0
• cloud.google.com/go/logging: v1.6.1 → v1.7.0
• cloud.google.com/go/longrunning: v0.3.0 → v0.4.1
• cloud.google.com/go/managedidentities: v1.4.0 → v1.5.0
• cloud.google.com/go/maps: v0.1.0 → v0.7.0
• cloud.google.com/go/mediatranslation: v0.6.0 → v0.7.0
• cloud.google.com/go/memcache: v1.7.0 → v1.9.0
• cloud.google.com/go/metastore: v1.8.0 → v1.10.0
• cloud.google.com/go/monitoring: v1.8.0 → v1.13.0
• cloud.google.com/go/networkconnectivity: v1.7.0 → v1.11.0
• cloud.google.com/go/networkmanagement: v1.5.0 → v1.6.0
• cloud.google.com/go/networksecurity: v0.6.0 → v0.8.0
• cloud.google.com/go/notebooks: v1.5.0 → v1.8.0
• cloud.google.com/go/optimization: v1.2.0 → v1.3.1
• cloud.google.com/go/orchestration: v1.4.0 → v1.6.0
• cloud.google.com/go/orgpolicy: v1.5.0 → v1.10.0
• cloud.google.com/go/osconfig: v1.10.0 → v1.11.0
• cloud.google.com/go/oslogin: v1.7.0 → v1.9.0
• cloud.google.com/go/phishingprotection: v0.6.0 → v0.7.0
• cloud.google.com/go/policytroubleshooter: v1.4.0 → v1.6.0
• cloud.google.com/go/privatecatalog: v0.6.0 → v0.8.0
• cloud.google.com/go/pubsub: v1.27.1 → v1.30.0
• cloud.google.com/go/pubsublite: v1.5.0 → v1.7.0
• cloud.google.com/go/recaptchaenterprise/v2: v2.5.0 → v2.7.0
• cloud.google.com/go/recommendationengine: v0.6.0 → v0.7.0
• cloud.google.com/go/recommender: v1.8.0 → v1.9.0
• cloud.google.com/go/redis: v1.10.0 → v1.11.0
• cloud.google.com/go/resourcemanager: v1.4.0 → v1.7.0
• cloud.google.com/go/resourcesettings: v1.4.0 → v1.5.0
• cloud.google.com/go/retail: v1.11.0 → v1.12.0
• cloud.google.com/go/run: v0.3.0 → v0.9.0
• cloud.google.com/go/scheduler: v1.7.0 → v1.9.0
• cloud.google.com/go/secretmanager: v1.9.0 → v1.10.0
• cloud.google.com/go/security: v1.10.0 → v1.13.0
• cloud.google.com/go/securitycenter: v1.16.0 → v1.19.0
• cloud.google.com/go/servicecontrol: v1.5.0 → v1.11.1
• cloud.google.com/go/servicedirectory: v1.7.0 → v1.9.0
• cloud.google.com/go/servicemanagement: v1.5.0 → v1.8.0
• cloud.google.com/go/serviceusage: v1.4.0 → v1.6.0
• cloud.google.com/go/shell: v1.4.0 → v1.6.0
• cloud.google.com/go/spanner: v1.41.0 → v1.45.0
• cloud.google.com/go/speech: v1.9.0 → v1.15.0
• cloud.google.com/go/storagetransfer: v1.6.0 → v1.8.0
• cloud.google.com/go/talent: v1.4.0 → v1.5.0
• cloud.google.com/go/texttospeech: v1.5.0 → v1.6.0
• cloud.google.com/go/tpu: v1.4.0 → v1.5.0
• cloud.google.com/go/trace: v1.4.0 → v1.9.0
• cloud.google.com/go/translate: v1.4.0 → v1.7.0
• cloud.google.com/go/video: v1.9.0 → v1.15.0
• cloud.google.com/go/videointelligence: v1.9.0 → v1.10.0
• cloud.google.com/go/vision/v2: v2.5.0 → v2.7.0
• cloud.google.com/go/vmmigration: v1.3.0 → v1.6.0
• cloud.google.com/go/vmwareengine: v0.1.0 → v0.3.0
• cloud.google.com/go/vpcaccess: v1.5.0 → v1.6.0
• cloud.google.com/go/webrisk: v1.7.0 → v1.8.0
• cloud.google.com/go/websecurityscanner: v1.4.0 → v1.5.0
• cloud.google.com/go/workflows: v1.9.0 → v1.10.0
• cloud.google.com/go: v0.105.0 → v0.110.0
• github.com/alessio/shellescape: v1.4.1 → v1.4.2
• github.com/aws/amazon-vpc-cni-k8s: v1.13.2 → v1.14.1
• github.com/cncf/xds/go: 06c439d → 32f1caf
• github.com/coredns/corefile-migration: v1.0.20 → v1.0.21
• github.com/coreos/go-systemd/v22: v22.3.2 → v22.4.0
• github.com/docker/docker: v20.10.24+incompatible → v24.0.5+incompatible
• github.com/emicklei/go-restful/v3: v3.10.1 → v3.10.2
• github.com/envoyproxy/go-control-plane: v0.10.3 → v0.11.0
• github.com/envoyproxy/protoc-gen-validate: [v0.9.1 → v0.10.0](https://github.com/envoyproxy/protoc-gen-validate/compare...

v2.2.2

Release notes for Cluster API Provider AWS (CAPA) v2.2.2

Documentation

Changelog since v2.2.1

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

• A new required permission must be added to your controllers policy by running clusterawsadm bootstrap iam create-cloudformation-stack again (or can manually add elasticloadbalancing:SetSubnets permission to controllers policy). (#4413, @k8s-infra-cherrypick-robot)

Changes by Kind

Support

• Customize golang version when compiling our binaries and images (#4410, @wyike)

Bug Fixes

• Availability zone status is correctly set when using BYO NLBs, fixing an issue where control plane nodes were only created in a single AZ (#4498, @k8s-infra-cherrypick-robot)
• Fix control plane LB ingress rules so that kubelet can access the API (#4496, @k8s-infra-cherrypick-robot)
• Generate release notes using Kubernetes tooling (#4478, @k8s-infra-cherrypick-robot)

The images for this release are: registry.k8s.io/cluster-api-aws/cluster-api-aws-controller:v2.2.2

Thanks to all our contributors.

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v2.0.3

Release notes for Cluster API Provider AWS (CAPA) v2.0.3

Documentation

Changelog since v2.0.2

What's Changed

🐛 Bug Fixes

• fix: resolve secrets when generating eks userdata (backport #4285) by @faiq in #4288

🌱 Others

• [release-2.0] fix: building release-binaries fails by @k8s-infra-cherrypick-robot in #4311
• [release-2.0] Reconcile EKSConfig correctly for MachinePool and other Owner kinds by @Ankitasw in #4353
• [release-2.0] [E2E] Fix kubernetes version for EKS upgrade tests by @k8s-infra-cherrypick-robot in #4355
• [release-2.0] Move all E2E test templates to use external CCM and CSI by @k8s-infra-cherrypick-robot in #4352
• Bump docker/distribution to v2.8.2 and golang.org/x/net to v0.7.0 by @wyike in #4400
• Customize golang version by @wyike in #4412

Full Changelog: v2.0.2...v2.0.3

The image for this release is: registry.k8s.io/cluster-api-aws/cluster-api-aws-controller:v2.0.3

Thanks to all our contributors!

v2.2.1

Release notes for Cluster API Provider AWS (CAPA) v2.2.1

Documentation

Changelog since v2.2.0

What's Changed

🌱 Others

• [release-2.2] Update metadata.yaml by @Ankitasw in #4383
• [release-2.2] chore: update metedata.yaml with the release series by @k8s-infra-cherrypick-robot in #4389
• Customize golang version by @wyike in #4410

Full Changelog: v2.2.0...v2.2.1

The image for this release is: registry.k8s.io/cluster-api-aws/cluster-api-aws-controller:v2.2.1

Thanks to all our contributors!

v2.2.0

Release notes for Cluster API Provider AWS (CAPA) v2.2.0

Documentation

Changelog since v2.1.4

What's Changed

🚀 Features

• feat: Include controller IAM for instance metadata operations by @dntosas in #4255
• Remove CAPA tagging from unmanaged network resources by @Ankitasw in #4130
• Feature: add default behaviour for clusterawsadm bootstrap iam print-policy by @Atharva-Shinde in #4249
• ✨ Add support to specify PlacementGroup Name in instances by @vincepri in #4273
• 4046 - Add AssumeRole and update appropriate tests by @ryan-dyer-sp in #4132
• Additional ingress rules for control plane by @alexander-demicev in #4228
• Allow customization of ingress rules in control plane LB security group by @fiunchinho in #4304
• feat: add support for EKS addon configuration by @synthe102 in #4346

🐛 Bug Fixes

• Set httpPutResponseHopLimit to 2 when creating instances by @wyike in #4250
• Zero csi driver aws credentials to fallback to use instance profile role by @wyike in #4262
• fix: remove modification of networkinterface for ipv6 by @Skarlso in #4264
• fix: correct the enum types for protocol values by @Skarlso in #4287
• fix: resolve secrets when generating eks userdata by @faiq in #4285
• fix: remove set nodes role by @faiq in #4292
• Requque when awsmachine is pending by @wyike in #4300
• fix: the quickstart guide needs update for external cloud provider by @Skarlso in #4301
• Fix EKSControlPlaneReconciliationFailed when OIDC already exists by @iamjanr in #4017
• check TagUmanagedNetworkResources feature gate before tagging subnets for LBs by @Jacobious52 in #4341
• Pass right SGs for IsExternallyManaged on creation by @enxebre in #4362
• Use default arch x86_64 for AMI lookup if ec2:DescribeInstanceTypes permission is missing by @muraee in #4347
• 🐛 compare string value of protocol in health check instead of pointer by @faiq in #4360
• Drop unwanted SGs when calling attachSecurityGroupsToNetworkInterface by @enxebre in #4363

📖 Documentation

• chore: update release notes by @Skarlso in #4254

🌱 Others

• build(deps): bump github.com/aws/aws-lambda-go from 1.40.0 to 1.41.0 by @dependabot in #4248
• build(deps): bump sigs.k8s.io/kustomize/api from 0.13.2 to 0.13.3 by @dependabot in #4252
• 🐛 Allow the defaulting of InstanceMetadataOptions to go through for AWSMachineTemplates by @yastij in #4256
• build(deps): bump golang.org/x/crypto from 0.8.0 to 0.9.0 by @dependabot in #4259
• build(deps): bump sigs.k8s.io/kustomize/api from 0.13.3 to 0.13.4 by @dependabot in #4261
• Use dl.k8s.io instead of kubernetes-release bucket by @askulkarni2 in #4263
• Bump CAPI to v1.4.2 by @Ankitasw in #4244
• build(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible in /hack/tools by @dependabot in #4267
• build(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 in /hack/tools by @dependabot in #4266
• E2E tests for AlternativeGCStrategy by @wyike in #4210
• build(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible by @dependabot in #4265
• e2e: add elasticfilesystem:TagResource action by @xmudrii in #4272
• build(deps): bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5 by @dependabot in #4270
• Set IMDSv2 as optional by @wyike in #4274
• build(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.7 by @dependabot in #4277
• build(deps): bump sigs.k8s.io/aws-iam-authenticator from 0.6.9 to 0.6.10 by @dependabot in #4276
• build(deps): bump sigs.k8s.io/promo-tools/v3 from 3.5.2 to 3.6.0 in /hack/tools by @dependabot in #4282
• add IRSA for self-managed clusters proposal by @luthermonson in #4164
• build(deps): bump github.com/mikefarah/yq/v4 from 4.33.3 to 4.34.1 in /hack/tools by @dependabot in #4297
• build(deps): bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 by @dependabot in #4302
• fix: building release-binaries fails by @richardcase in #4306
• build(deps): bump github.com/itchyny/gojq from 0.12.12 to 0.12.13 in /hack/tools by @dependabot in #4312
• build(deps): bump github.com/aws/amazon-vpc-cni-k8s from 1.12.5 to 1.13.0 by @dependabot in #4313
• build(deps): bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0 by @dependabot in #4318
• build(deps): bump github.com/onsi/gomega from 1.27.7 to 1.27.8 by @dependabot in #4319
• E2E tests for AlternativeGCStrategy by @wyike in #4328
• build(deps): bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #4330
• chore: Bump CAPI to v1.4.3 by @Ankitasw in #4321
• build(deps): bump golang.org/x/text from 0.9.0 to 0.10.0 by @dependabot in #4337
• [E2E] Enable EventBridge in the tests by @Ankitasw in #4100
• build(deps): bump golang.org/x/crypto from 0.9.0 to 0.10.0 by @dependabot in #4338
• build(deps): bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 by @dependabot in #4343
• build(deps): bump github.com/aws/amazon-vpc-cni-k8s from 1.13.0 to 1.13.2 by @dependabot in #4349
• build(deps): bump github.com/onsi/ginkgo/v2 from 2.10.0 to 2.11.0 by @dependabot in #4350
• build(deps): bump sigs.k8s.io/kind from 0.18.0 to 0.20.0 in /hack/tools by @dependabot in #4348
• Use public.ecr.aws for golang image by @ameukam in #4365
• chore: remove usage of script to install golangci-lint by @richardcase in #4367
• Do not return error if secret does not exist by @enxebre in #3805
• build(deps): bump golang.org/x/text from 0.10.0 to 0.11.0 by @dependabot in #4376
• build(deps): bump google.golang.org/grpc from 1.52.0 to 1.53.0 by @dependabot in #4381
• build(deps): bump golang.org/x/crypto from 0.10.0 to 0.11.0 by @dependabot in #4382
• Switch to constants for asg not found events, simplify asg lookup by @cnmcavoy in https://github.com/kubernetes-sigs/clu...

v2.1.4

Release notes for Cluster API Provider AWS (CAPA) v2.1.4

Documentation

Changelog since v2.1.3

What's Changed

🌱 Others

• [release-2.1] fix: remove set nodes role by @k8s-infra-cherrypick-robot in #4307
• [release-2.1] fix: building release-binaries fails by @k8s-infra-cherrypick-robot in #4310

Full Changelog: v2.1.3...v2.1.4
The image for this release is: registry.k8s.io/cluster-api-aws/cluster-api-aws-controller:v2.1.4
Thanks to all our contributors!

v2.1.3

Release notes for Cluster API Provider AWS (CAPA) v2.1.3

Documentation

Changelog since v2.1.2

What's Changed

🌱 Others

• fix: resolve secrets when generating eks userdata (backport #4285 to 2.1) by @faiq in #4289
• Requeue when awsmachine is pending by @k8s-infra-cherrypick-robot in #4303

Full Changelog: v2.1.2...v2.1.3
The image for this release is: registry.k8s.io/cluster-api-aws/cluster-api-aws-controller:v2.1.3
Thanks to all our contributors!

v2.1.2

Release notes for Cluster API Provider AWS (CAPA) v2.1.2

Documentation

Changelog since v2.1.1

What's Changed

🌱 Others

• [release-2.1] Set httpPutResponseHopLimit to 2 when creating instances by @k8s-infra-cherrypick-robot in #4280
• [release-2.1] Set IMDSv2 as optional by @k8s-infra-cherrypick-robot in #4281
• [release-2.1] Zero csi driver aws credentials to fallback to use instance profile role by @k8s-infra-cherrypick-robot in #4279

Full Changelog: v2.1.1...v2.1.2
The image for this release is: registry.k8s.io/cluster-api-aws/cluster-api-aws-controller:v2.1.2
Thanks to all our contributors!

v2.1.1

Release notes for Cluster API Provider AWS (CAPA) v2.1.1

Documentation

Changelog since v2.1.0

What's Changed

🌱 Others

• [release-2.1] feat: Include controller IAM for instance metadata operations by @k8s-infra-cherrypick-robot in #4257
• [release-2.1] 🐛 Allow the defaulting of InstanceMetadataOptions to go through for AWSMachineTemplates by @k8s-infra-cherrypick-robot in #4258

Full Changelog: v2.1.0...v2.1.1
The image for this release is: registry.k8s.io/cluster-api-aws/cluster-api-aws-controller:v2.1.1
Thanks to all our contributors!

v2.1.0

Release notes for Cluster API Provider AWS (CAPA) v2.1.0

Documentation

Changelog since v2.0.2

What's Changed

🚀 Features

• Add ability to use NLBs as control plane load-balancers by @Skarlso in #3804
• Expose Metrics port by @Skarlso in #3941
• Run tests on localhost to increase security and avoid macOS firewall popup dialogs by @AndiDog in #4024
• Configure EC2 instance metadata options by @muraee in #4037
• ✨ support arm64 AMI lookup based on instance type by @charlie-haley in #4054
• feat(release): update image promotion to use kpromo by @richardcase in #4158
• add explicit securityContexts to the controller by @chrischdi in #4104
• added tests for annotations.go by @khareyash05 in #4232
• added reset_test.go by @khareyash05 in #4234

🐛 Bug Fixes

• [E2E] Use k8s version 1.24.4 in conformance test and increase control plane wait timeout for conformance and EKS tests by @Ankitasw in #3823
• Fix lastAppliedTags annotations naming by @dntosas in #3867
• drop /v2/ from api/tests/docs by @yastij in #3890
• Remove suspend process flow from create ASG by @Skarlso in #3864
• fix AWSServiceRoleForAmazonEKSForFargate failed to create on non-aws partitions by @jejer in #3882
• Make the LoadBalancerType optional in the Status by @Skarlso in #3913
• [E2E] Increase service quota for VPC by @Ankitasw in #3896
• Always populate ControlPlaneLoadBalancer type as classic if not provided by user by @Ankitasw in #3917
• Only enable IPv6 if it's already enabled in the config by @Skarlso in #3914
• Add back RBAC for controller identities by @Ankitasw in #3935
• Fix String function receiver for IngressRule which resulted in an unreadable log output by @Skarlso in #3949
• Update LoadBalancerReadyCondition on deletion by @mnitchev in #3871
• Fail creation of machine pool if no subnets matching filters found by @AverageMarcus in #3978
• Ignore EIGW deletion in case of unmanaged VPC by @Skarlso in #3996
• Fix AWS CloudFormation dump after failed suit when there is no bootstrap cluster by @Skarlso in #4002
• Reorder the bootstrapping logic so AWSSession is available in afterSuite by @Skarlso in #4008
• fix(#3980): save the API ELB AZ to NetworkStatus by @thefirstofthe300 in #4000
• Move defaulting before creation of patch helper so that no differences will be detected unnecessarily by @AndiDog in #4025
• Ensure tags on managed VPCs by @Skarlso in #4030
• Ensure empty loadBalancerType field value is handled correctly by @AndiDog in #4033
• Allow user to specify the Name tag value for AWS tags by @AverageMarcus in #3991
• fix: use instance profiles of machine pools and machine deployments for mapping roles by @faiq in #4011
• Fix error condition on eventually by @Skarlso in #4048
• fix: cleanup AWS CloudFormation stack in Test environment by @Skarlso in #4059
• Fix error print statement for ELBv2 listeners test by @johannesfrey in #4060
• fix error validating message by @zirain in #4055
• chore(ref): add more robustness to cloudformation stack create in tests by @Skarlso in #4069
• chore(ref): always clean roles and resources on cf stack failure by @Skarlso in #4076
• chore(ref): add output of error for role deletion by @Skarlso in #4077
• chore(ref): fix error checking in eventually by @Skarlso in #4078
• bug: order of deleting cloud formation resources matters and fix missing GroupName setting from Bootstrap user by @Skarlso in #4079
• [e2e] try it without the event bridge by @Skarlso in #4088
• cleaning up unnecessary object patches by @luthermonson in #4095
• Modify AWSMachine reconciliation behavior to terminate and create instances without blocking by @cnmcavoy in #4092
• Update AWSMachine webhook validate logic on update to be consistent by @cnmcavoy in #3728
• Allow for Self-Managed VPC with a Secondary Subnet for Pods by @luthermonson in #3688
• Add missing configuration to enable the awsmachinetemplate validating webhook by @cnmcavoy in #4117
• Fix awsmanagedcontrolplane doesn’t get reconciled by @kahun in #4007
• Allow external autoscaler for EKS managed node groups by @ionutbalutoiu in #4137
• Fix InstanceMetadataOptions defaults by @muraee in #4147
• Set ASG DesiredCapacity value only if MachinePool replicas is between min and max size of the AWSMachinePool by @Fedosin in #4135
• fix: getting maintainers fails by @richardcase in #4185
• Fix session surviving cluster purge and recreate through cache by @roehrijn in #4162
• fix: adds enum validations to healtcheckprotocol field by @faiq in #4193
• Reconcile EKSConfig correctly for MachinePool and other Owner kinds by @cnmcavoy in #4195
• capa fix hardcoded role arn for aws iam authenticator by @AmitSahastra in #4010
• fix: malformed s3 arn due to incorrect string formatting by @Skarlso in #4224
• fix: automatically append /readyz to http and https health checks by @faiq in #4227

📖 Documentation

• docs: updated Developer Guide with changes to make it more accurate by @rjsadow in #3877
• docs: fix broken bullet points by @nekottyo in #3905
• docs: Update release doc steps by @Ankitasw in #3911
• Update README.md instruction to install clusterawsadm via Homebrew by @Ankitasw in #3937
• docs: fix git-repository-url by @zirain in #4072
• chore: adding release notes section to PR template by @richardcase in #4074
• fix: invalid yaml in multi-tenancy example by @jdockerty in #4098
• [PROPOSAL] add luther as reviewer by @richardcase in #4107

🌱 Others

• test: increased cluster creation timeout for eks e2e by @richardcase in #3878
• chore: bump capi to 1.2.6 by @richardcase in https://github.com/kubernetes-sigs/cluster...