Main changes since v0.12:
- HAProxy upgrade from 2.2 to 2.3.
- Ingress API upgrade from
networking.k8s.io/v1beta1tonetworking.k8s.io/v1. - Partial implementation of Gateway API - doc
- TCP services using ingress resources - doc
- External authetication - doc
- Several new custom configurations - doc
Breaking backward compatibility from v0.12:
- Kubernetes minimal version changed from 1.18 to 1.19.
- External HAProxy minimal version changed from 2.0 to 2.2.
- TLS configuration: v0.12 and older versions add hostnames to the HTTP and HTTPS maps despite the TLS attribute configuration. v0.13 will only add hostnames to the HTTPS map if the Ingress’ TLS attribute lists the hostname, leading to 404 errors on misconfigured clusters. This behavior can be changed with
ssl-always-add-httpsas a global or per hostname configuration, see the configuration doc. - OAuth2:
auth-request.luawas updated and also the haproxy variable name with user’s email address. This update will not impact if neither the Lua script nor theoauth2-headersconfiguration key were changed. - OAuth2 with external HAProxy sidecar: the new Lua script has dependency with
lua-json4which should be installed in the external instance. - Basic Authentication:
auth-typeconfiguration key was deprecated and doesn’t need to be used. This will only impact deployments that configures theauth-secretwithout configuringauth-type- in this scenario v0.12 won’t configure Basic Authentication, but v0.13 will. - SSL passthrough: Hostnames configured as
ssl-passthroughwill now add non root paths/of these hostnames to the HAProxy’s HTTP port. v0.12 and older controller versions log a warning and ignore such configuration. HTTPS requests have no impact.
Reference:
- Release date:
2021-06-16 - Helm chart:
--version 0.13.0-beta.1 --devel - Image (Quay):
quay.io/jcmoraisjr/haproxy-ingress:v0.13.0-beta.1 - Image (Docker):
jcmoraisjr/haproxy-ingress:v0.13.0-beta.1 - Embedded HAProxy version:
2.3.10 - Changelog: v0.13.0-beta.1