[ANNOUNCE] haproxy-ingress v0.14.8
1 view
Skip to first unread message
Joao Morais
Mar 18, 2025, 7:42:14 AMMar 18
to haproxy...@googlegroups.com
HAProxy Ingress v0.14.8 is here!
This release updates the embedded haproxy version, and fixes issues
and vulnerable components found in the v0.14 branch.
* Robson, Moacir and Fabio found a memory leak on Gateway API
reconciliation. Depending on the changes being applied, an older in
memory representation of the load balancer state is referenced by the
new one, creating a chain of old representations not having a chance
to be collected by GC.
* rdavyd found an endpoint configuration overwrite in the case the
same service, or a distinct service with the same endpoints are added
in a single rule of a single HTTPRoute on Gateway API.
* Controller now retries to apply a haproxy reload in the case of a
failure. Older controller versions didn't retry because all the
failures are related with misconfiguration, but since master-worker
and external modes are options, other network or socket related issues
might happen.
TCP services now supports a list of TLS certificates.
* All known vulnerable components were updated, like go's stdlib and
golang.org/x/crypto
Dependencies:
* embedded haproxy from 2.4.26 to 2.4.28
* go from 1.19.13 to 1.23.7, having //go:debug default=go1.19 for
backward compatibility
Links and refs of this release:
* Changelog: https://github.com/jcmoraisjr/haproxy-ingress/blob/master/CHANGELOG/CHANGELOG-v0.14.md#v0148
* GitHub release:
https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.14.8
* Release date: 2025-03-18
* Helm chart: --version 0.14.8
* Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.14.8
* Image (Docker Hub): docker.io/jcmoraisjr/haproxy-ingress:v0.14.8
* Embedded HAProxy version: 2.4.28
Fixes and improvements since v0.14.7:
* bump vulnerable components [0668bf5] (Joao Morais)
* update embedded haproxy from 2.4.26 to 2.4.28 [2ba342c] (Joao Morais)
* Support list of server crt on tls tcp service [#1171] (jcmoraisjr)
* ingress tcp test improvement [37ba454] (Joao Morais)
* fix memory leak on gateway reconciliation [#1212] (jcmoraisjr)
* fix lint [b6b9e24] (Joao Morais)
* retry reload haproxy if failed [#1214] (jcmoraisjr)
* bump vulnerable components [91c51f6] (Joao Morais)
* update go from 1.23.6 to 1.23.7 [e8e8129] (Joao Morais)
* add endpoints even if duplicated [#1224] (jcmoraisjr)
* adjust backward compatible debug default version [5830c78] (Joao Morais)
Chart improvements since v0.14.7:
* Allow adding annotations on the ServiceAccount [#82] (fredrik-w)
* Set securityContext for haproxy init container [#84] (phihos)
* update registry of default backend image [#87] (jcmoraisjr)
* Enable deploying external HPA [#89] (gdziwoki)
* Add controller.extraServices list [#86] (hedgieinsocks)
This release updates the embedded haproxy version, and fixes issues
and vulnerable components found in the v0.14 branch.
* Robson, Moacir and Fabio found a memory leak on Gateway API
reconciliation. Depending on the changes being applied, an older in
memory representation of the load balancer state is referenced by the
new one, creating a chain of old representations not having a chance
to be collected by GC.
* rdavyd found an endpoint configuration overwrite in the case the
same service, or a distinct service with the same endpoints are added
in a single rule of a single HTTPRoute on Gateway API.
* Controller now retries to apply a haproxy reload in the case of a
failure. Older controller versions didn't retry because all the
failures are related with misconfiguration, but since master-worker
and external modes are options, other network or socket related issues
might happen.
TCP services now supports a list of TLS certificates.
* All known vulnerable components were updated, like go's stdlib and
golang.org/x/crypto
Dependencies:
* embedded haproxy from 2.4.26 to 2.4.28
* go from 1.19.13 to 1.23.7, having //go:debug default=go1.19 for
backward compatibility
Links and refs of this release:
* Changelog: https://github.com/jcmoraisjr/haproxy-ingress/blob/master/CHANGELOG/CHANGELOG-v0.14.md#v0148
* GitHub release:
https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.14.8
* Release date: 2025-03-18
* Helm chart: --version 0.14.8
* Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.14.8
* Image (Docker Hub): docker.io/jcmoraisjr/haproxy-ingress:v0.14.8
* Embedded HAProxy version: 2.4.28
Fixes and improvements since v0.14.7:
* bump vulnerable components [0668bf5] (Joao Morais)
* update embedded haproxy from 2.4.26 to 2.4.28 [2ba342c] (Joao Morais)
* Support list of server crt on tls tcp service [#1171] (jcmoraisjr)
* ingress tcp test improvement [37ba454] (Joao Morais)
* fix memory leak on gateway reconciliation [#1212] (jcmoraisjr)
* fix lint [b6b9e24] (Joao Morais)
* retry reload haproxy if failed [#1214] (jcmoraisjr)
* bump vulnerable components [91c51f6] (Joao Morais)
* update go from 1.23.6 to 1.23.7 [e8e8129] (Joao Morais)
* add endpoints even if duplicated [#1224] (jcmoraisjr)
* adjust backward compatible debug default version [5830c78] (Joao Morais)
Chart improvements since v0.14.7:
* Allow adding annotations on the ServiceAccount [#82] (fredrik-w)
* Set securityContext for haproxy init container [#84] (phihos)
* update registry of default backend image [#87] (jcmoraisjr)
* Enable deploying external HPA [#89] (gdziwoki)
* Add controller.extraServices list [#86] (hedgieinsocks)
Reply all
Reply to author
Forward
0 new messages