diff --git a/docs/content/en/docs/packages/cluster-autoscaler/v9.47.0.md b/docs/content/en/docs/packages/cluster-autoscaler/v9.47.0.md
new file mode 100644
index 000000000000..21ede6836b76
--- /dev/null
+++ b/docs/content/en/docs/packages/cluster-autoscaler/v9.47.0.md
@@ -0,0 +1,43 @@
+---
+title: "v9.47.0"
+linkTitle: "v9.47.0"
+weight: 30
+aliases:
+ /docs/reference/packagespec/cluster-autoscaler/v9.47.0/
+description: >
+---
+
+### Configuring Cluster Autoscaler in EKS Anywhere package spec
+
+| Parameter | Description | Default |
+|---|---|---|
+|**General**|||
+| cloudProvider | Cluster Autoscaler cloud provider. This should always be clusterapi.
Example:
cloudProvider: "clusterapi"
| "clusterapi"
+| autoDiscovery.clusterName | Name of the kubernetes cluster this autoscaler package should autoscale.
Example:
autoDiscovery.clusterName: "mgmt-cluster"
| false
+| clusterAPIMode | Where Cluster Autoscaler should look for a kubeconfig to communicate with the cluster it will manage. See https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/clusterapi/README.md#connecting-cluster-autoscaler-to-cluster-api-management-and-workload-clusters
Example:
clusterAPIMode: "incluster-kubeconfig"
| "incluster-incluster"
+| clusterAPICloudConfigPath | Path to kubeconfig for connecting to Cluster API Management Cluster, only used if `clusterAPIMode=kubeconfig-kubeconfig or incluster-kubeconfig`
Example:
clusterAPICloudConfigPath: "/etc/kubernetes/value"
| "/etc/kubernetes/mgmt-kubeconfig"
+| extraVolumeSecrets | Additional volumes to mount from Secrets.
Example:
extraVolumeSecrets: {}| {}
+| extraArgs | Additional arguments to configure. See [upstream](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-the-parameters-to-ca)| None |
+
+### Example
+```yaml
+apiVersion: packages.eks.amazonaws.com/v1alpha1
+kind: Package
+metadata:
+ name: generated-cluster-autoscaler
+ namespace: eksa-packages-
+spec:
+ packageName: cluster-autoscaler
+ targetNamespace: default
+ config: |-
+ cloudProvider: "clusterapi"
+ autoDiscovery:
+ clusterName: ""
+ extraArgs:
+ scale-down-delay-after-add: 2m
+ scale-down-delay-after-failure: 3m
+ scale-down-unneeded-time: 2m
+```
+
+---
+
diff --git a/docs/content/en/docs/packages/credential-provider-package/v0.4.8.md b/docs/content/en/docs/packages/credential-provider-package/v0.4.8.md
new file mode 100644
index 000000000000..d877cbdb767f
--- /dev/null
+++ b/docs/content/en/docs/packages/credential-provider-package/v0.4.8.md
@@ -0,0 +1,102 @@
+---
+title: "v0.4.8"
+linkTitle: "v0.4.8"
+weight: 30
+aliases:
+ /docs/reference/packagespec/credential-provider-package/v0.4.8/
+description: >
+---
+
+### Configuring Credential Provider Package in EKS Anywhere package spec
+
+#### Example
+
+The following is the sample configuration for the credential provider package that is installed by default with the package controller.
+Please refer to [Credential Provider Package with IAM Roles Anywhere.]({{< relref "iam_roles_anywhere" >}})
+
+If you are using proxy, please also set `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` under proxy configuration.
+
+```yaml
+apiVersion: packages.eks.amazonaws.com/v1alpha1
+kind: Package
+metadata:
+ name: ecr-credential-provider-package
+ namespace: eksa-packages-
+ annotations:
+ "helm.sh/resource-policy": keep
+ "anywhere.eks.aws.com/internal": "true"
+spec:
+ packageName: credential-provider-package
+ targetNamespace: eksa-packages
+ config: |-
+ proxy:
+ HTTP_PROXY: ""
+ HTTPS_PROXY: ""
+ NO_PROXY: ""
+ tolerations:
+ - key: "node-role.kubernetes.io/master"
+ operator: "Exists"
+ effect: "NoSchedule"
+ - key: "node-role.kubernetes.io/control-plane"
+ operator: "Exists"
+ effect: "NoSchedule"
+ sourceRegistry: public.ecr.aws/eks-anywhere
+ credential:
+ - matchImages:
+ - 783794618700.dkr.ecr.us-west-2.amazonaws.com
+ profile: "default"
+ secretName: aws-secret
+ defaultCacheDuration: "5h"
+```
+
+In this example, the credential provider will use the secret provided in aws-secret (created automatically on cluster creation) to authenticate to the repository from which curated package images are pulled. Tolerations were also added so that the control plane nodes would also be configured with authentication.
+
+The secret can exist in two forms: either a base64 encoding of a credential config or individual keys for fields.
+
+Example credential
+```
+[default]
+aws_access_key_id=EXAMPLE_ACCESS_KEY
+aws_secret_access_key=EXAMPLE_SECRET_KEY
+region=us-west-2
+```
+
+##### Example secret with separate keys
+```
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aws-secret
+ namespace: eksa-packages
+data:
+ AWS_ACCESS_KEY_ID: "QUtJQUlPU0ZPRE5ON0VYQU1QTEUK"
+ AWS_SECRET_ACCESS_KEY: "d0phbHJYVXRuRkVNSS9LN01ERU5HL2JQeFJmaUNZRVhBTVBMRUtFWQo="
+ REGION: dXMtd2VzdC0yCg==
+```
+
+##### Example secret in config form
+```
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aws-secret
+ namespace: eksa-packages
+data:
+ config: W2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkPUFLSUFJT1NGT0ROTjdFWEFNUExFCmF3c19zZWNyZXRfYWNjZXNzX2tleT13SmFsclhVdG5GRU1JL0s3TURFTkcvYlB4UmZpQ1lFWEFNUExFS0VZCnJlZ2lvbj11cy13ZXN0LTI=
+type: Opaque
+```
+
+#### Configurable parameters and default values under `spec.config`
+
+| Parameter | Description | Default |
+|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------|
+| **General** | | |
+| image.pullPolicy | Specifies image pull policy: `IfNotPresent`, `Always`, `Never`. | `"IfNotPresent"` |
+| tolerations | [Kubernetes tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) for pod scheduling | `{}` |
+| **Credential** | | |
+| credential | List of credential providers for authenticating with ECR. Currently only one is supported | credential:
- secretName: "aws-secret"
matchImages: []
defaultCacheDuration: "1h"
profile: "default
|
+| secretName | Name of secret that contains the aws credentials | `"aws-secret"` |
+| profile | AWS Profile for secretName | `"default"` |
+| matchImages | List of strings used to match against images. See [here](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/#configure-image-matching) for more info
Example to match against any account across multiple regions for ECR:
`"*.dkr.ecr.*.amazonaws.com"` | `"[]"` |
+| defaultCacheDuration | Duration the kubelet will cache credentials in-memory. For ECR it is recommended to keep this value less then 12 hours. | `"5h"` |
+
diff --git a/docs/content/en/docs/packages/metallb/v0.14.9.md b/docs/content/en/docs/packages/metallb/v0.14.9.md
index 10538b265d77..70944e9b55b8 100644
--- a/docs/content/en/docs/packages/metallb/v0.14.9.md
+++ b/docs/content/en/docs/packages/metallb/v0.14.9.md
@@ -53,6 +53,7 @@ spec:
| L2Advertisements[] | A list of Layer 2 advertisements. See **L2Advertisement**. | None | False |
| BGPAdvertisements[] | A list of BGP advertisements. See **BGPAdvertisement**. | None | False |
| BGPPeers[] | A list of BGP peers. See **BGPPeer**. | None | False |
+| speaker | A list of speaker flag/parameter. See **speaker** | None | False |
|---|---|---|---|
|**IPAddressPool** | A list of IP address ranges over which MetalLB has authority. You can list multiple ranges in a single pool and they will all share the same settings. Each range can be either a CIDR prefix, or an explicit start-end range of IPs.|||
| name | Name for the address pool. | None | True |
@@ -83,3 +84,21 @@ spec:
| sourceAddress | Source address to use when establishing the session. | None | False |
| password | Authentication password for routers enforcing TCP MD5 authenticated sessions. | None | False |
| passwordSecret | passwordSecret is a reference to the authentication secret for BGP Peer. The secret must be of type 'kubernetes.io/basic-auth' and the password stored under the "password" key. Example:
passwordSecret:
name: mySecret
namespace: metallb-system
| None | False|
+|---|---|---|---|
+|**speaker**| announcing the services via L2 or BGP |||
+| ignoreExcludeLB | ignore the exclude-from-external-load-balancers node label for service announcements. [More details](https://metallb.universe.tf/troubleshooting/index.html#metallb-is-not-advertising-my-service-from-my-control-plane-nodes-or-from-my-single-node-cluster) | False | False |
+
+#### Example
+```yaml
+apiVersion: packages.eks.amazonaws.com/v1alpha1
+kind: Package
+metadata:
+ name: mylb
+ namespace: eksa-packages-
+spec:
+ packageName: metallb
+ targetNamespace: metallb-system
+ config: |
+ speaker:
+ ignoreExcludeLB: true
+```
\ No newline at end of file
diff --git a/docs/content/en/docs/packages/packagelist.md b/docs/content/en/docs/packages/packagelist.md
index 906cdf959145..840ee5ee55c2 100644
--- a/docs/content/en/docs/packages/packagelist.md
+++ b/docs/content/en/docs/packages/packagelist.md
@@ -12,7 +12,7 @@ description: >
|----------------------------|----------------------------|---------------------------|-----------------------------|
| [ADOT]({{< relref "./adot" >}}) | ADOT Collector is an AWS distribution of the OpenTelemetry Collector, which provides a vendor-agnostic solution to receive, process and export telemetry data. | [v0.43.1]({{< relref "./adot/v0.43.1.md" >}}) | https://github.com/aws-observability/aws-otel-collector |
| [Cert-manager]({{< relref "./cert-manager" >}}) | Cert-manager is a certificate manager for Kubernetes clusters. | [v1.16.4]({{< relref "./cert-manager/v1.16.4.md" >}}) | https://github.com/cert-manager/cert-manager |
-| [Cluster Autoscaler]({{< relref "./cluster-autoscaler" >}}) | Cluster Autoscaler is a component that automatically adjusts the size of a Kubernetes Cluster so that all pods have a place to run and there are no unneeded nodes. | [v9.46.6]({{< relref "./cluster-autoscaler/v9.46.6.md" >}}) | https://github.com/kubernetes/autoscaler |
+| [Cluster Autoscaler]({{< relref "./cluster-autoscaler" >}}) | Cluster Autoscaler is a component that automatically adjusts the size of a Kubernetes Cluster so that all pods have a place to run and there are no unneeded nodes. | [v9.47.0]({{< relref "./cluster-autoscaler/v9.47.0.md" >}}) | https://github.com/kubernetes/autoscaler |
| [Emissary Ingress]({{< relref "./emissary" >}}) | Emissary Ingress is an open source `Ingress` supporting API Gateway + Layer 7 load balancer built on Envoy Proxy. | [v3.9.1]({{< relref "./emissary/v3.9.1.md" >}}) | https://github.com/emissary-ingress/emissary/ |
| [Harbor]({{< relref "./harbor" >}}) | Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. | [v2.12.2]({{< relref "./harbor/v2.12.2.md" >}})| https://github.com/goharbor/harbor
https://github.com/goharbor/harbor-helm |
| [MetalLB]({{< relref "./metallb" >}}) | MetalLB is a virtual IP provider for services of type `LoadBalancer` supporting ARP and BGP. | [v0.14.9]({{< relref "./metallb/v0.14.9.md" >}}) | https://github.com/metallb/metallb/ |
diff --git a/docs/content/en/docs/packages/whatsnew/changelog.md b/docs/content/en/docs/packages/whatsnew/changelog.md
index e7ab2c62952e..aa2c3f7e8c88 100644
--- a/docs/content/en/docs/packages/whatsnew/changelog.md
+++ b/docs/content/en/docs/packages/whatsnew/changelog.md
@@ -5,6 +5,16 @@ weight: 7
description: >
Changelog for Curated packages release
---
+## Package Bundle Release (08-19-2025)
+#### Changed
+- Upgrade helm version `3.14.3` to `3.18.4`
+- Credential-Provider-Package `0.4.6` to `0.4.8`
+ - Enable proxy configuration [#1216](https://github.com/aws/eks-anywhere-packages/pull/1216)
+- Cluster-Autoscaler `9.46.6` to `9.47.0` for Kubernetes version 1.33
+- Metallb
+ - Enable configuration for flag `ignoreExcludeLB`
+
+
## Package Bundle Release (05-22-2025)
#### Changed