[ANNOUNCE] haproxy-ingress v0.15.0-beta.1
9 views
Skip to first unread message
Joao Morais
Mar 22, 2025, 6:04:26 PMMar 22
to haproxy...@googlegroups.com
HAProxy Ingress v0.15.0-beta.1 is here!
This is the first beta version of the v0.15 branch, having important
stability changes and vulnerability fixes since alpha.3. The main
branch now is open for v0.16 development, including but not limited to
code cleanup, better Gateway API support, and quic/h3.
Find below a list of improvements made since alpha.3.
Exclusive v0.15 changes include:
* Robert found a misbehavior on status update, due to a misconfigured
leader election. A controller instance that lost leader didn't start
an election, so didn't have a chance to be the leader anymore.
* Gateway API now supports multiple certificates on a single Gateway Listener.
Other changes already merged to the stable branches:
* Controller now retries to apply a haproxy reload in the case of a
failure. Older controller versions didn't retry because all the
failures are related with misconfiguration, but since master-worker
and external modes are options, other network or socket related issues
might happen.
* TCP services now supports a list of TLS certificates.
Fixes merged to stable branches:
* Robson, Moacir and Fabio found a memory leak on Gateway API
reconciliation. Depending on the changes being applied, an older in
memory representation of the load balancer state is referenced by the
new one, creating a chain of old representations not having a chance
to be collected by GC.
* rdavyd found an endpoint configuration overwrite in the case the
same service, or a distinct service with the same endpoints are added
in a single rule of a single HTTPRoute on Gateway API.
* All known vulnerable components were updated, like go's stdlib and
golang.org/x/crypto
Dependencies:
* embedded haproxy from 2.6.17 to 2.6.21
* client-go from v0.30.2 to v0.32.3
* controller-runtime from v0.18.4 to v0.20.3
* go from 1.22.4 to 1.23.7, having //go:debug default=go1.19 for
backward compatibility (legacy controller)
Links and refs of this release:
* Changelog: https://github.com/jcmoraisjr/haproxy-ingress/blob/master/CHANGELOG/CHANGELOG-v0.15.md#v0150-beta1
* GitHub release:
https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.15.0-beta.1
* Release date: 2025-03-22
* Helm chart: --version 0.15.0-beta.1 --devel
* Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.15.0-beta.1
* Image (Docker Hub): docker.io/jcmoraisjr/haproxy-ingress:v0.15.0-beta.1
* Embedded HAProxy version: 2.6.21
New features and improvements since v0.15.0-alpha.3:
* Bump golang.org/x/crypto from 0.24.0 to 0.27.0 [d768c6e]
* Update client-go and controller-runtime dependencies [#1168] (jcmoraisjr)
* Bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0 [d949e8e]
* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.3 [47b7542]
* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 [19d1d95]
* bump dependencies [#1206] (jcmoraisjr)
* Bump golang.org/x/net from 0.30.0 to 0.33.0 [#1207]
* configure test matrix for haproxy and kubernetes [#1208] (jcmoraisjr)
* update dependencies [f9240c6] (Joao Morais)
* Support list of server crt on tls tcp service [#1171] (jcmoraisjr)
* change integration tests from random ports to sequential [#1209] (jcmoraisjr)
* update docsy to v0.11.0 [29ce839] (Joao Morais)
* modernize work queue implementation [#1213] (jcmoraisjr)
* update dependencies [#1221] (jcmoraisjr)
* update go from 1.23.6 to 1.23.7 [fe1f6aa] (Joao Morais)
* change reconciler to a custom type [#1222] (jcmoraisjr)
* improve metrics doc and configuration [#1223] (jcmoraisjr)
* adjust backward compatible debug default version [3259854] (Joao Morais)
* update k8s dependencies [#1229] (jcmoraisjr)
* allow multiple certificates [#1029] (zanettea)
Chart improvements since v0.15.0-alpha.2:
* Allow adding annotations on the ServiceAccount [#82] (fredrik-w)
* Set securityContext for haproxy init container [#84] (phihos)
* update registry of default backend image [#87] (jcmoraisjr)
* Enable deploying external HPA [#89] (gdziwoki)
* add gateway status update authorization [#90] (jcmoraisjr)
* Add controller.extraServices list [#86] (hedgieinsocks)
Fixes since v0.15.0-alpha.3:
* keep restarting leader election [#1210] (jcmoraisjr)
* fix panic if gw does not have a valid class [#1211] (jcmoraisjr)
* fix memory leak on gateway reconciliation [#1212] (jcmoraisjr)
* retry reload haproxy if failed [#1214] (jcmoraisjr)
* add endpoints even if duplicated [#1224] (jcmoraisjr)
This is the first beta version of the v0.15 branch, having important
stability changes and vulnerability fixes since alpha.3. The main
branch now is open for v0.16 development, including but not limited to
code cleanup, better Gateway API support, and quic/h3.
Find below a list of improvements made since alpha.3.
Exclusive v0.15 changes include:
* Robert found a misbehavior on status update, due to a misconfigured
leader election. A controller instance that lost leader didn't start
an election, so didn't have a chance to be the leader anymore.
* Gateway API now supports multiple certificates on a single Gateway Listener.
Other changes already merged to the stable branches:
* Controller now retries to apply a haproxy reload in the case of a
failure. Older controller versions didn't retry because all the
failures are related with misconfiguration, but since master-worker
and external modes are options, other network or socket related issues
might happen.
* TCP services now supports a list of TLS certificates.
Fixes merged to stable branches:
* Robson, Moacir and Fabio found a memory leak on Gateway API
reconciliation. Depending on the changes being applied, an older in
memory representation of the load balancer state is referenced by the
new one, creating a chain of old representations not having a chance
to be collected by GC.
* rdavyd found an endpoint configuration overwrite in the case the
same service, or a distinct service with the same endpoints are added
in a single rule of a single HTTPRoute on Gateway API.
* All known vulnerable components were updated, like go's stdlib and
golang.org/x/crypto
Dependencies:
* embedded haproxy from 2.6.17 to 2.6.21
* client-go from v0.30.2 to v0.32.3
* controller-runtime from v0.18.4 to v0.20.3
* go from 1.22.4 to 1.23.7, having //go:debug default=go1.19 for
backward compatibility (legacy controller)
Links and refs of this release:
* Changelog: https://github.com/jcmoraisjr/haproxy-ingress/blob/master/CHANGELOG/CHANGELOG-v0.15.md#v0150-beta1
* GitHub release:
https://github.com/jcmoraisjr/haproxy-ingress/releases/tag/v0.15.0-beta.1
* Release date: 2025-03-22
* Helm chart: --version 0.15.0-beta.1 --devel
* Image (Quay): quay.io/jcmoraisjr/haproxy-ingress:v0.15.0-beta.1
* Image (Docker Hub): docker.io/jcmoraisjr/haproxy-ingress:v0.15.0-beta.1
* Embedded HAProxy version: 2.6.21
New features and improvements since v0.15.0-alpha.3:
* Bump golang.org/x/crypto from 0.24.0 to 0.27.0 [d768c6e]
* Update client-go and controller-runtime dependencies [#1168] (jcmoraisjr)
* Bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0 [d949e8e]
* Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.3 [47b7542]
* Bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 [19d1d95]
* bump dependencies [#1206] (jcmoraisjr)
* Bump golang.org/x/net from 0.30.0 to 0.33.0 [#1207]
* configure test matrix for haproxy and kubernetes [#1208] (jcmoraisjr)
* update dependencies [f9240c6] (Joao Morais)
* Support list of server crt on tls tcp service [#1171] (jcmoraisjr)
* change integration tests from random ports to sequential [#1209] (jcmoraisjr)
* update docsy to v0.11.0 [29ce839] (Joao Morais)
* modernize work queue implementation [#1213] (jcmoraisjr)
* update dependencies [#1221] (jcmoraisjr)
* update go from 1.23.6 to 1.23.7 [fe1f6aa] (Joao Morais)
* change reconciler to a custom type [#1222] (jcmoraisjr)
* improve metrics doc and configuration [#1223] (jcmoraisjr)
* adjust backward compatible debug default version [3259854] (Joao Morais)
* update k8s dependencies [#1229] (jcmoraisjr)
* allow multiple certificates [#1029] (zanettea)
Chart improvements since v0.15.0-alpha.2:
* Allow adding annotations on the ServiceAccount [#82] (fredrik-w)
* Set securityContext for haproxy init container [#84] (phihos)
* update registry of default backend image [#87] (jcmoraisjr)
* Enable deploying external HPA [#89] (gdziwoki)
* add gateway status update authorization [#90] (jcmoraisjr)
* Add controller.extraServices list [#86] (hedgieinsocks)
Fixes since v0.15.0-alpha.3:
* keep restarting leader election [#1210] (jcmoraisjr)
* fix panic if gw does not have a valid class [#1211] (jcmoraisjr)
* fix memory leak on gateway reconciliation [#1212] (jcmoraisjr)
* retry reload haproxy if failed [#1214] (jcmoraisjr)
* add endpoints even if duplicated [#1224] (jcmoraisjr)
Reply all
Reply to author
Forward
0 new messages