[ANNOUNCE] haproxy-ingress v0.15.0-beta.2
0 views
Skip to first unread message
Joao Morais
Aug 15, 2025, 10:51:22 AMAug 15
to haproxy...@googlegroups.com
HAProxy Ingress v0.15.0-beta.2 is here!
This is the second and last beta version of the v0.15 branch. Find
below a list of improvements made since beta.1.
Exclusive v0.15 changes include:
* Robert Paschedag found an event queue misbehavior when controller
looses the leader and acquire it again later. This was preventing
Status update and ACME check events to happen.
* Kara reported that controller pod listing is misbehaving on some
deployments that uses DaemonSet. This prevents ingress status to be
updated with all node IPs where the controller is running.
* EndpointSlice API were missing in the new controller engine. This is
now the default API used to watch service endpoints, since the
Endpoints API is deprecated in Kubernetes 1.33.
* A race was preventing HAProxy Ingress to stop fast on a rolling
update or scale down event, due to a failure to identify if haproxy is
restarting or has already stopped.
Fixes merged to stable branches:
* An user with update ingress privilege can escalate their own
privilege to the controller one, by exploring the config snippet
annotation if it was not disabled via --disable-config-keywords=*
command-line option. Mitigate this vulnerability by updating
controller version, or disabling config snippet.
* Fixes a panic on controller shutdown due to closing the same
connection twice, if its startup failed the very first reconciliation.
* Fixes a race during haproxy reload, when the controller connects
fast enough via the master socket, finds the old instance still
running and thinks it's the new one already. If this happens, it might
lead to problems in the synchronization of the in-memory model to the
running instance, sometimes making haproxy to reflect an older state.
Dependencies:
* embedded haproxy from 2.6.21 to 2.6.22
* client-go from v0.32.3 to v0.32.8
* controller-runtime from v0.20.3 to v0.20.4
* go from 1.23.7 to 1.23.12
Links and refs of this release:
* Changelog: https://github.com/jcmoraisjr/haproxy-ingress/blob/master/CHANGELOG/CHANGELOG-v0.15.md#v0150-beta2
* GitHub release:
https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.15.0-beta.2
* Release date: 2025-08-15
* Helm chart: --version 0.15.0-beta.2 --devel
* Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.15.0-beta.2
* Image (Docker Hub): docker.io/jcmoraisjr/haproxy-ingress:v0.15.0-beta.2
* Embedded HAProxy version: 2.6.22
New features and improvements since v0.15.0-beta.1:
* add endpointslice api on new controller [#1260] (jcmoraisjr)
* Bump sigs.k8s.io/controller-runtime from 0.20.3 to 0.20.4 [#1232] (dependabot)
* Bump github.com/go-logr/logr from 1.4.2 to 1.4.3 [#1262] (dependabot)
* move to endpointslice by default [#1269] (jcmoraisjr)
* update client-go from v0.32.3 to v0.32.8 [c7b2b5d] (Joao Morais)
* update dependencies [8df7b5b] (Joao Morais)
* update go from 1.23.7 to 1.23.12 [deace06] (Joao Morais)
* update embedded haproxy from 2.6.21 to 2.6.22 [47b145d] (Joao Morais)
* update docsy from v0.11.0 to v0.12.0 [f9e0f8e] (Joao Morais)
Chart improvements since v0.15.0-beta.1:
* Allow custom labels to be added to the controllers
DaemonSet/Deployment [#93] (gezb)
* add permission to replicasets and daemonsets [#94] (jcmoraisjr)
Fixes since v0.15.0-beta.1:
* check if haproxy reloaded already [#1265] (jcmoraisjr)
* ensure that embedded haproxy starts just once [#1266] (jcmoraisjr)
* add context on socket calls [#1267] (jcmoraisjr)
* block attempt to read cluster credentials [#1273] (jcmoraisjr)
* create new event queues when leader is acquired [#1283] (jcmoraisjr)
* read controller pod selector from owner [#1288] (jcmoraisjr)
This is the second and last beta version of the v0.15 branch. Find
below a list of improvements made since beta.1.
Exclusive v0.15 changes include:
* Robert Paschedag found an event queue misbehavior when controller
looses the leader and acquire it again later. This was preventing
Status update and ACME check events to happen.
* Kara reported that controller pod listing is misbehaving on some
deployments that uses DaemonSet. This prevents ingress status to be
updated with all node IPs where the controller is running.
* EndpointSlice API were missing in the new controller engine. This is
now the default API used to watch service endpoints, since the
Endpoints API is deprecated in Kubernetes 1.33.
* A race was preventing HAProxy Ingress to stop fast on a rolling
update or scale down event, due to a failure to identify if haproxy is
restarting or has already stopped.
Fixes merged to stable branches:
* An user with update ingress privilege can escalate their own
privilege to the controller one, by exploring the config snippet
annotation if it was not disabled via --disable-config-keywords=*
command-line option. Mitigate this vulnerability by updating
controller version, or disabling config snippet.
* Fixes a panic on controller shutdown due to closing the same
connection twice, if its startup failed the very first reconciliation.
* Fixes a race during haproxy reload, when the controller connects
fast enough via the master socket, finds the old instance still
running and thinks it's the new one already. If this happens, it might
lead to problems in the synchronization of the in-memory model to the
running instance, sometimes making haproxy to reflect an older state.
Dependencies:
* embedded haproxy from 2.6.21 to 2.6.22
* client-go from v0.32.3 to v0.32.8
* controller-runtime from v0.20.3 to v0.20.4
* go from 1.23.7 to 1.23.12
Links and refs of this release:
* Changelog: https://github.com/jcmoraisjr/haproxy-ingress/blob/master/CHANGELOG/CHANGELOG-v0.15.md#v0150-beta2
* GitHub release:
https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.15.0-beta.2
* Release date: 2025-08-15
* Helm chart: --version 0.15.0-beta.2 --devel
* Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.15.0-beta.2
* Image (Docker Hub): docker.io/jcmoraisjr/haproxy-ingress:v0.15.0-beta.2
* Embedded HAProxy version: 2.6.22
New features and improvements since v0.15.0-beta.1:
* add endpointslice api on new controller [#1260] (jcmoraisjr)
* Bump sigs.k8s.io/controller-runtime from 0.20.3 to 0.20.4 [#1232] (dependabot)
* Bump github.com/go-logr/logr from 1.4.2 to 1.4.3 [#1262] (dependabot)
* move to endpointslice by default [#1269] (jcmoraisjr)
* update client-go from v0.32.3 to v0.32.8 [c7b2b5d] (Joao Morais)
* update dependencies [8df7b5b] (Joao Morais)
* update go from 1.23.7 to 1.23.12 [deace06] (Joao Morais)
* update embedded haproxy from 2.6.21 to 2.6.22 [47b145d] (Joao Morais)
* update docsy from v0.11.0 to v0.12.0 [f9e0f8e] (Joao Morais)
Chart improvements since v0.15.0-beta.1:
* Allow custom labels to be added to the controllers
DaemonSet/Deployment [#93] (gezb)
* add permission to replicasets and daemonsets [#94] (jcmoraisjr)
Fixes since v0.15.0-beta.1:
* check if haproxy reloaded already [#1265] (jcmoraisjr)
* ensure that embedded haproxy starts just once [#1266] (jcmoraisjr)
* add context on socket calls [#1267] (jcmoraisjr)
* block attempt to read cluster credentials [#1273] (jcmoraisjr)
* create new event queues when leader is acquired [#1283] (jcmoraisjr)
* read controller pod selector from owner [#1288] (jcmoraisjr)
Reply all
Reply to author
Forward
0 new messages