HAProxy Unified Gateway
Release notes
HAProxy Unified Gateway is a Kubernetes controller that implements the Gateway API specification. The project is available on GitHub as open source.
Version 1.0 Jump to heading
The HAProxy Unified Gateway 1.0 release includes:
Gateway API compliance
Version 1.0 is compliant with these versions of the Gateway API: 1.5.0 experimental, 1.4.0, and 1.3.0.
Support for Gateway API resources
This version supports the following Gateway API resources:
| Resource | Description |
|---|---|
| GatewayClass | Represents a class of Gateways that you can instantiate. When installing HAProxy Unified Gateway, you’ll define a GatewayClass that maps to the HAProxy software. |
| Gateway | Is an instance of a proxy that routes traffic into your Kubernetes cluster. The HAProxy Unified Gateway runs a controller that monitors your cluster for Gateway declarations of class HAProxy, then allocates a proxy for each. A Gateway listens for incoming traffic and relays them to backend applications based on Route rules. |
| HTTPRoute | Sets routing rules for HTTP / HTTPS traffic that was received by a compatible listener on the Gateway. |
| TLSRoute | Sets routing rules for TCP traffic encrypted by TLS that was received by a compatible listener on the Gateway. |
In addition, HAProxy Unified Gateway supports these custom resources:
| Resource | Description |
|---|---|
| HugConf | Defines operational parameters such as logging levels and process-wide settings. |
| HugGate | Links a GatewayClass to an HAProxy configuration. |
| Global | Allows you to set HAProxy global settings. |
| Defaults | Allows you to set HAProxy defaults settings. |
| Backend | Allows you to set HAProxy backend settings. |
Options for routing HTTP
When configuring routing rules for HTTP traffic, you’ll use an HTTPRoute resource. HAProxy Unified Gateway implements these features:
- Hostname-based routing, where traffic is routed based on the requested hostname
- Path-based routing, where traffic is routed based on the URL path
- Weighted traffic splitting, for blue-green deployments or canary deployments
- Path rewriting, to change the requested URL path before sending the request to the backend application
- Session persistence, which overrides load balancing to send requests from the same client to the same backend pod
Options for routing TLS
When configuring routing rules for TLS-encrypted TCP traffic, you’ll use a TLSRoute resource. HAProxy Unified Gateway implements these features:
- End-to-end encryption through SSL passthrough, wherein the Gateway doesn’t decrypt the traffic but passes it straight through to the backend application
- SNI-based routing
Prometheus metrics
You can enable Prometheus metrics to view the real-time health of your HAProxy Unified Gateway installation.
High performance
Server management is handled through the HAProxy Runtime API, which means that when adding and removing servers, we avoid the need for full reloads to update the configuration. This leads to better performance.