[ANNOUNCE] haproxy-ingress v0.15.0-alpha.3
0 views
Skip to first unread message
Joao Morais
Jun 16, 2024, 6:19:02 PM (4 days ago) Jun 16
to haproxy...@googlegroups.com
HAProxy Ingress v0.15.0-alpha.3 is here!
This is the third and last alpha version of the v0.15 branch. We'll
start beta versions soon, when v0.15 will be forked to its own branch,
so v0.16 improvements can start shortly in parallel. Regarding v0.16,
we are planning to make a really short release, mostly dropping old
code base, updating core dependencies, and adding some nice features
we are still missing. From v0.17 and beyond the plan is to continue
with 2 or 3 minor releases per year we used to have.
Find below a list of improvements made since alpha.2.
Exclusive v0.15 changes include:
- Master worker mode is true by default, even if external haproxy is
not configured. In this mode HAProxy Ingress has a few more
configuration options, and it also watches the embedded haproxy
process, restarting it in the case it crashes.
- Integration tests
- Gateway API v1 support
- TCPRoute support, from Gateway API
- New leader election implementation, since leader election provided
by controller-runtime causes outages when controller loses an election
- New documentation theme version: integration without the need of git
submodules, dark theme support, improvements in the design
Other changes already merged to the stable branches:
- Added the steps to configure the embedded HAProxy process to log to
stdout, along with controller, useful on dev or small test
environments. See doc:
https://haproxy-ingress.github.io/v0.15/docs/configuration/keys/#syslog
- Added two distinct helm configurations on the getting started guide:
one that uses a service load balancer, another one that uses http/s
ports assigned to the cluster nodes. See doc:
https://haproxy-ingress.github.io/v0.15/docs/getting-started/
Fixes merged to stable branches:
- Julien fixed the Vary response header, from Cors, when the backend
server returns two or more headers
- tomklapka and Jan implemented a more fine grained response from Coraza WAF
- HAProxy process, when embedded and in master-worker mode, was being
prematurely stopped on rolling updates because it was configured in
the same pid group of the controller
- Fix backend selection, when a more generic wildcard hostname was
being incorrectly chosen, and it collides with a more specific one
which uses mTLS
- Secure backend configuration, like backend protocol and client side
mTLS, can now be configured globally for all ingress resources
- Auth external configuration can now be configured globally
- Make sure https redirect happens before path redirect when app-root
is configured
Dependencies:
- embedded haproxy from 2.6.14 to 2.6.17
- client-go from v0.26.6 to v0.30.2
- controller-runtime from v0.14.6 to v0.18.4
- go from 1.19.11 to 1.22.4
Links and refs of this release:
* Changelog: https://github.com/jcmoraisjr/haproxy-ingress/blob/master/CHANGELOG/CHANGELOG-v0.15.md#v0150-alpha3
* GitHub release:
https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.15.0-alpha.3
* Release date: 2024-06-16
* Helm chart: --version 0.15.0-alpha.3 --devel
* Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.15.0-alpha.3
* Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.15.0-alpha.3
* Embedded HAProxy version: 2.6.17
New features and improvements since v0.15.0-alpha.2:
* Add gateway version v1beta1 [#994] (jcmoraisjr)
* Add a framework for integration tests [#1081] (jcmoraisjr)
* Move leader election to a self managed service [#1087] (jcmoraisjr)
* Status update via merge-patch strategy [#1091] (jcmoraisjr)
* Add Gateway API v1 support [#1102] (jcmoraisjr)
* Update linter [#1104] (jcmoraisjr)
* Add TCPRoute support from Gateway API [#1103] (jcmoraisjr)
* Add net bind capability to haproxy bin [#1096] (jcmoraisjr)
* Add tests for http header generation [#1115] (jcmoraisjr)
* Update RBAC configuration and docs to include leases resource for
leader election [#1127] (jzinkweg)
* Add ssl-always-follow-redirect option [#1118] (jcmoraisjr)
* Configuration keys:
* ssl-always-follow-redirect
* Add TLS related integration tests [#1132] (jcmoraisjr)
* Cleanup outdated properties of golangci-lint gh actions plugin
[#1140] (Spikhalskiy)
* Upgrade golang from 1.22.2 to 1.22.4 [#1137] (guoard)
* Upgrade embedded haproxy from 2.6.16 to 2.6.17 [#1139] (guoard)
* Change default master-worker config to true [#1134] (jcmoraisjr)
* doc: update docsy from v0.6.0 to v0.10.0 [#1143] (jcmoraisjr)
* Local building improvements [#1135] (jcmoraisjr)
* doc: add haproxy logging to stdout [#1138] (jcmoraisjr)
* update client-go from v0.30.1 to v0.30.2 [0cb2584] (Joao Morais)
* doc: add a light weight version of haproxy ingress logo [#1144] (jcmoraisjr)
* doc: reorg items and improve helm values in getting started [#1145]
(jcmoraisjr)
* update dependencies [914b581] (Joao Morais)
Chart improvements since v0.15.0-alpha.2:
* Add support to disable automountServiceAccountToken [#74] (jr01)
* Use of automount service account on v1.22 and newer [#75] (jcmoraisjr)
* Allow setting the spec.loadBalancerClass of created Services [#77] (mlow)
* Allow controller to patch ingress status [#80] (jcmoraisjr)
* Fix install output message [#81] (jcmoraisjr)
Fixes since v0.15.0-alpha.2:
* Keep all vary header values when adding Origin [#1083] (Jul13nT)
* Fix coraza configuration to use the action variable [#1094]
(tomklapka,JanHolger)
* Fix label generation for node discovery [#1116] (jcmoraisjr)
* Ensure https redirect happens before root redirect [#1117] (jcmoraisjr)
* Allows secure backend configuration from global [#1119] (jcmoraisjr)
* Allows to configure auth-url globally [#1120] (jcmoraisjr)
* Move embedded haproxy process to a distinct pid group [#1136] (jcmoraisjr)
This is the third and last alpha version of the v0.15 branch. We'll
start beta versions soon, when v0.15 will be forked to its own branch,
so v0.16 improvements can start shortly in parallel. Regarding v0.16,
we are planning to make a really short release, mostly dropping old
code base, updating core dependencies, and adding some nice features
we are still missing. From v0.17 and beyond the plan is to continue
with 2 or 3 minor releases per year we used to have.
Find below a list of improvements made since alpha.2.
Exclusive v0.15 changes include:
- Master worker mode is true by default, even if external haproxy is
not configured. In this mode HAProxy Ingress has a few more
configuration options, and it also watches the embedded haproxy
process, restarting it in the case it crashes.
- Integration tests
- Gateway API v1 support
- TCPRoute support, from Gateway API
- New leader election implementation, since leader election provided
by controller-runtime causes outages when controller loses an election
- New documentation theme version: integration without the need of git
submodules, dark theme support, improvements in the design
Other changes already merged to the stable branches:
- Added the steps to configure the embedded HAProxy process to log to
stdout, along with controller, useful on dev or small test
environments. See doc:
https://haproxy-ingress.github.io/v0.15/docs/configuration/keys/#syslog
- Added two distinct helm configurations on the getting started guide:
one that uses a service load balancer, another one that uses http/s
ports assigned to the cluster nodes. See doc:
https://haproxy-ingress.github.io/v0.15/docs/getting-started/
Fixes merged to stable branches:
- Julien fixed the Vary response header, from Cors, when the backend
server returns two or more headers
- tomklapka and Jan implemented a more fine grained response from Coraza WAF
- HAProxy process, when embedded and in master-worker mode, was being
prematurely stopped on rolling updates because it was configured in
the same pid group of the controller
- Fix backend selection, when a more generic wildcard hostname was
being incorrectly chosen, and it collides with a more specific one
which uses mTLS
- Secure backend configuration, like backend protocol and client side
mTLS, can now be configured globally for all ingress resources
- Auth external configuration can now be configured globally
- Make sure https redirect happens before path redirect when app-root
is configured
Dependencies:
- embedded haproxy from 2.6.14 to 2.6.17
- client-go from v0.26.6 to v0.30.2
- controller-runtime from v0.14.6 to v0.18.4
- go from 1.19.11 to 1.22.4
Links and refs of this release:
* Changelog: https://github.com/jcmoraisjr/haproxy-ingress/blob/master/CHANGELOG/CHANGELOG-v0.15.md#v0150-alpha3
* GitHub release:
https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.15.0-alpha.3
* Release date: 2024-06-16
* Helm chart: --version 0.15.0-alpha.3 --devel
* Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.15.0-alpha.3
* Image (Docker Hub): jcmoraisjr/haproxy-ingress:v0.15.0-alpha.3
* Embedded HAProxy version: 2.6.17
New features and improvements since v0.15.0-alpha.2:
* Add gateway version v1beta1 [#994] (jcmoraisjr)
* Add a framework for integration tests [#1081] (jcmoraisjr)
* Move leader election to a self managed service [#1087] (jcmoraisjr)
* Status update via merge-patch strategy [#1091] (jcmoraisjr)
* Add Gateway API v1 support [#1102] (jcmoraisjr)
* Update linter [#1104] (jcmoraisjr)
* Add TCPRoute support from Gateway API [#1103] (jcmoraisjr)
* Add net bind capability to haproxy bin [#1096] (jcmoraisjr)
* Add tests for http header generation [#1115] (jcmoraisjr)
* Update RBAC configuration and docs to include leases resource for
leader election [#1127] (jzinkweg)
* Add ssl-always-follow-redirect option [#1118] (jcmoraisjr)
* Configuration keys:
* ssl-always-follow-redirect
* Add TLS related integration tests [#1132] (jcmoraisjr)
* Cleanup outdated properties of golangci-lint gh actions plugin
[#1140] (Spikhalskiy)
* Upgrade golang from 1.22.2 to 1.22.4 [#1137] (guoard)
* Upgrade embedded haproxy from 2.6.16 to 2.6.17 [#1139] (guoard)
* Change default master-worker config to true [#1134] (jcmoraisjr)
* doc: update docsy from v0.6.0 to v0.10.0 [#1143] (jcmoraisjr)
* Local building improvements [#1135] (jcmoraisjr)
* doc: add haproxy logging to stdout [#1138] (jcmoraisjr)
* update client-go from v0.30.1 to v0.30.2 [0cb2584] (Joao Morais)
* doc: add a light weight version of haproxy ingress logo [#1144] (jcmoraisjr)
* doc: reorg items and improve helm values in getting started [#1145]
(jcmoraisjr)
* update dependencies [914b581] (Joao Morais)
Chart improvements since v0.15.0-alpha.2:
* Add support to disable automountServiceAccountToken [#74] (jr01)
* Use of automount service account on v1.22 and newer [#75] (jcmoraisjr)
* Allow setting the spec.loadBalancerClass of created Services [#77] (mlow)
* Allow controller to patch ingress status [#80] (jcmoraisjr)
* Fix install output message [#81] (jcmoraisjr)
Fixes since v0.15.0-alpha.2:
* Keep all vary header values when adding Origin [#1083] (Jul13nT)
* Fix coraza configuration to use the action variable [#1094]
(tomklapka,JanHolger)
* Fix label generation for node discovery [#1116] (jcmoraisjr)
* Ensure https redirect happens before root redirect [#1117] (jcmoraisjr)
* Allows secure backend configuration from global [#1119] (jcmoraisjr)
* Allows to configure auth-url globally [#1120] (jcmoraisjr)
* Move embedded haproxy process to a distinct pid group [#1136] (jcmoraisjr)
Reply all
Reply to author
Forward
0 new messages