kubernetes-sigs
diff --git a/‎apis/elbv2/v1beta1/targetgroupbinding_types.go‎
Lines changed: 1 addition & 1 deletion b/‎apis/elbv2/v1beta1/targetgroupbinding_types.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎apis/gateway/v1beta1/targetgroupconfig_types.go‎
Lines changed: 8 additions & 6 deletions b/‎apis/gateway/v1beta1/targetgroupconfig_types.go‎
Lines changed: 8 additions & 6 deletions
diff --git a/‎config/crd/bases/elbv2.k8s.aws_targetgroupbindings.yaml‎
Lines changed: 2 additions & 0 deletions b/‎config/crd/bases/elbv2.k8s.aws_targetgroupbindings.yaml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎config/webhook/manifests.yaml‎
Lines changed: 19 additions & 0 deletions b/‎config/webhook/manifests.yaml‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎config/webhook/pod_mutator_patch.yaml‎
Lines changed: 13 additions & 0 deletions b/‎config/webhook/pod_mutator_patch.yaml‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎docs/deploy/configurations.md‎
Lines changed: 2 additions & 2 deletions b/‎docs/deploy/configurations.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/guide/service/annotations.md‎
Lines changed: 15 additions & 1 deletion b/‎docs/guide/service/annotations.md‎
Lines changed: 15 additions & 1 deletion
@@ -142,7 +142,7 @@ type TargetGroupBindingSpec struct {
 
 	// targetGroupProtocol is the Protocol of the TargetGroup. If unspecified, it will be automatically inferred.
 	// +optional
-	// +kubebuilder:validation:Enum=HTTP;HTTPS;TCP;TLS;UDP;TCP_UDP
+	// +kubebuilder:validation:Enum=HTTP;HTTPS;TCP;TLS;UDP;TCP_UDP;QUIC;TCP_QUIC
 	TargetGroupProtocol *elbv2.Protocol `json:"targetGroupProtocol,omitempty"`
 
 	// serviceRef is a reference to a Kubernetes Service and ServicePort.
 
@@ -121,12 +121,14 @@ const (
 type Protocol string
 
 const (
-	ProtocolHTTP    Protocol = "HTTP"
-	ProtocolHTTPS   Protocol = "HTTPS"
-	ProtocolTCP     Protocol = "TCP"
-	ProtocolTLS     Protocol = "TLS"
-	ProtocolUDP     Protocol = "UDP"
-	ProtocolTCP_UDP Protocol = "TCP_UDP"
+	ProtocolHTTP     Protocol = "HTTP"
+	ProtocolHTTPS    Protocol = "HTTPS"
+	ProtocolTCP      Protocol = "TCP"
+	ProtocolTLS      Protocol = "TLS"
+	ProtocolUDP      Protocol = "UDP"
+	ProtocolTCP_UDP  Protocol = "TCP_UDP"
+	ProtocolQUIC     Protocol = "QUIC"
+	ProtocolTCP_QUIC Protocol = "TCP_QUIC"
 )
 
 // +kubebuilder:validation:Enum=HTTP1;HTTP2;GRPC
 
@@ -431,6 +431,8 @@ spec:
                 - TLS
                 - UDP
                 - TCP_UDP
+                - QUIC
+                - TCP_QUIC
                 type: string
               targetType:
                 description: targetType is the TargetType of TargetGroup. If unspecified,
 
@@ -42,6 +42,25 @@ webhooks:
         resources:
           - services
     sideEffects: None
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      service:
+        name: webhook-service
+        namespace: system
+        path: /mutate-v1-pod-server-id
+    failurePolicy: Fail
+    name: quicid.elbv2.k8s.aws
+    rules:
+      - apiGroups:
+          - ""
+        apiVersions:
+          - v1
+        operations:
+          - CREATE
+        resources:
+          - pods
+    sideEffects: None
   - admissionReviewVersions:
       - v1beta1
     clientConfig:
 
@@ -16,3 +16,16 @@ webhooks:
           operator: NotIn
           values:
             - aws-load-balancer-controller
+  - name: quicid.elbv2.k8s.aws
+    namespaceSelector:
+      matchExpressions:
+        - key: elbv2.k8s.aws/quic-server-id-inject
+          operator: In
+          values:
+            - enabled
+    objectSelector:
+      matchExpressions:
+        - key: app.kubernetes.io/name
+          operator: NotIn
+          values:
+            - aws-load-balancer-controller
@@ -2,7 +2,7 @@
 This document primarily covers the runtime configuration options for the AWS Load Balancer Controller. For installation-specific configuration options, see the [Helm chart values documentation](https://github.com/aws/eks-charts/tree/master/stable/aws-load-balancer-controller#configuration).
 
 !!!warning "limitation"
-    The v2.0.0+ version of AWSLoadBalancerController currently only support one controller deployment(with one or multiple replicas) per cluster.
+The v2.0.0+ version of AWSLoadBalancerController currently only support one controller deployment(with one or multiple replicas) per cluster.
 
     The AWSLoadBalancerController assumes it's the solo owner of worker node security group rules with `elbv2.k8s.aws/targetGroupBinding=shared` description, running multiple controller deployment will cause these controllers compete with each other updating worker node security group rules.
 
@@ -62,7 +62,7 @@ Currently, you can set only 1 namespace to watch in this flag. See [this Kuberne
 ## Controller command line flags
 
 !!!warning ""
-    The --cluster-name flag is mandatory and the value must match the name of the kubernetes cluster. If you specify an incorrect name, the subnet auto-discovery will not work.
+The --cluster-name flag is mandatory and the value must match the name of the kubernetes cluster. If you specify an incorrect name, the subnet auto-discovery will not work.
 
 | Flag                                                                            | Type                            | Default                                    | Description                                                                                                                                                                   |
 |---------------------------------------------------------------------------------|---------------------------------|--------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 
@@ -65,7 +65,9 @@
 | [service.beta.kubernetes.io/aws-load-balancer-minimum-load-balancer-capacity](#load-balancer-capacity-reservation)   | stringMap                  |                          |
 | [service.beta.kubernetes.io/aws-load-balancer-enable-icmp-for-path-mtu-discovery](#icmp-path-mtu-discovery)          | string                  |                          | If specified, a security group rule is added to the managed security group to allow explicit ICMP traffic for [Path MTU discovery](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html#path_mtu_discovery) for IPv4 and dual-stack VPCs. Creates a rule for each source range if `service.beta.kubernetes.io/load-balancer-source-ranges` is present.                                               |
 | [service.beta.kubernetes.io/aws-load-balancer-enable-tcp-udp-listener](#tcp-udp-listener)                            | boolean                  | false                    | If specified, the controller will attempt to try TCP_UDP Listeners when the service defines a TCP and UDP port on the same port number.                                                                                                                                                                                                                                                                              |
-| [service.beta.kubernetes.io/aws-load-balancer-disable-nlb-sg](#nlb-sg-disable)                            | boolean                  | false                    | If specified, the controller will not create or manage Security Groups for the service.                                                                                                                                                                                                                                                                                                                              |
+| [service.beta.kubernetes.io/aws-load-balancer-disable-nlb-sg](#nlb-sg-disable)                                       | boolean                  | false                    | If specified, the controller will not create or manage Security Groups for the service.                                                                                                                                                                                                                                                                                                                              |
+| [service.beta.kubernetes.io/aws-load-balancer-quic-enabled-ports](#nlb-quic-enabled)                                 | stringList                  |                     | If specified, the controller will upgrade each port specified from UDP to QUIC or TCP_UDP to TCP_QUIC.                                                                                                                                                                                                                                                                                                               |
+
 
 ## Traffic Routing
 Traffic Routing can be controlled with following annotations:
@@ -367,7 +369,19 @@ for proxy protocol v2 configuration.
     ```
     service.beta.kubernetes.io/aws-load-balancer-disable-nlb-sg: "true"
     ```
+    
+  - <a name="nlb-quic-enabled">`service.beta.kubernetes.io/aws-load-balancer-quic-enabled-ports`</a> Upgrades the UDP protocol to QUIC.
 
+    !!!warning ""
+        This annotation only applies to UDP ports. The annotation is ignored when the specified port is NOT UDP based.
+
+    !!!note ""
+        Ensure that the pods belonging to the service have been QUIC enabled. See [QUIC use-case](../use_cases/quic/index.md) for more information.
+
+    !!!example
+    ```
+    service.beta.kubernetes.io/aws-load-balancer-quic-enabled-ports: "443"
+    ```
 
 - <a name="deprecated-attributes"></a>the following annotations are deprecated in v2.3.0 release in favor of [service.beta.kubernetes.io/aws-load-balancer-attributes](#load-balancer-attributes)