Main changes since v0.12:
- HAProxy upgrade from 2.2 to 2.3.
- Ingress API upgrade from
networking.k8s.io/v1beta1
tonetworking.k8s.io/v1
. - Partial implementation of Gateway API - doc
- TCP services using ingress resources - doc
- External authetication - doc
- Several new custom configurations - doc
Breaking backward compatibility from v0.12:
- Kubernetes minimal version changed from 1.18 to 1.19.
- External HAProxy minimal version changed from 2.0 to 2.2.
- TLS configuration: v0.12 and older versions add hostnames to the HTTP and HTTPS maps despite the TLS attribute configuration. v0.13 will only add hostnames to the HTTPS map if the Ingress’ TLS attribute lists the hostname, leading to 404 errors on misconfigured clusters. This behavior can be changed with
ssl-always-add-https
as a global or per hostname configuration, see the configuration doc. - OAuth2:
auth-request.lua
was updated and also the haproxy variable name with user’s email address. This update will not impact if neither the Lua script nor theoauth2-headers
configuration key were changed. - OAuth2 with external HAProxy sidecar: the new Lua script has dependency with
lua-json4
which should be installed in the external instance. - Basic Authentication:
auth-type
configuration key was deprecated and doesn’t need to be used. This will only impact deployments that configures theauth-secret
without configuringauth-type
- in this scenario v0.12 won’t configure Basic Authentication, but v0.13 will. - SSL passthrough: Hostnames configured as
ssl-passthrough
will now add non root paths/
of these hostnames to the HAProxy’s HTTP port. v0.12 and older controller versions log a warning and ignore such configuration. HTTPS requests have no impact.
Reference:
- Release date:
2021-06-16
- Helm chart:
--version 0.13.0-beta.1 --devel
- Image (Quay):
quay.io/jcmoraisjr/haproxy-ingress:v0.13.0-beta.1
- Image (Docker):
jcmoraisjr/haproxy-ingress:v0.13.0-beta.1
- Embedded HAProxy version:
2.3.10
- Changelog: v0.13.0-beta.1