HAProxy Kubernetes Ingress Controller Documentation 1.4


The changelog shows you an in-depth list of changes included in this version of HAProxy Kubernetes Ingress Controller.

Version 1.4.13 - 2021-01-07


  • MINOR: preserve order of http/tcp rules of same type

  • BUG/MEDIUM: Sync BackendSwitching when a namespace is deleted

  • BUG/MINOR: Endpoints: trigger a reload if dynamic update fails

Version 1.4.12 - 2020-12-20


  • REORG/MEDIUM: Use array instead of map for endpoints

  • BUG/MEDIUM: Endpoints: remove duplicate entries in haproxy backend

Version 1.4.11 - 2020-12-18


  • BUG/MAJOR: fix nil pointer derefence

  • BUG/MINOR: Revert d792481622

  • BUG/MEDIUM: Endpoints: addresses should be passed by value to PortEndpoints

  • MINOR: Drop max-server-slots annotation

  • MEDIUM: endpoints: provide min and max annotations for server-slots

  • REORG/MINOR: Endpoints: remove AddrsUsed field

  • BUG/MEDIUM: endpoints state is not synced when they scale down to zero

  • BUG/MINOR: Remove lowercasing on paths

  • BUG/MINOR: wrong cookie name used in server lines

  • BUG/MINOR: Removed secrets are not deleted from store

  • MINOR: api: avoid a nil pointer dereference with APIStartTransaction

  • BUG/MEDIUM: all backend servers are deleted when there are more servers than server-slots

  • BUG/MINOR: ExternalName Service: No need for server slots provisioning

Version 1.4.10 - 2020-11-20


  • MINOR: Fix incorrect string formatting in some logs

  • MINOR: Add global annotation: hard-stop-after

  • BUILD: upgrade to config-parser v3

  • BUG/MEDIUM: endpoints: Mixing addresses related to different ports

  • REFACTOR/MAJOR: endpoints: refactoring and introducing server-slots annotation.

  • CLEANUP: endpoints: remove some over-engineered code and uncessary pointers

  • OPTIM/MINOR: No need to return Error to the main loop

Version 1.4.9 - 2020-10-26


  • BUG/MINOR: update HAProxy rules when ssl-redirect-code annotation is updated.

  • DOC: SSL section reviewed

  • BUG/MINOR: SSL redirection does not handle Ingress deletion

  • REORG: Check Ingress rules are not empty before handling Annotations

  • MINOR: align inspect-delay on timeout-client instead of timeout-connect

  • BUG/MINOR: Move Ingress annotations set-host and path-rewrite to frontends

  • MINOR: backend switching: use variables instead of sample fetches.

  • BUG/MINOR: Make tcp inspect-delay timeout match “timeout connect”

Version 1.4.8 - 2020-10-05


  • MINOR: HAProxy rules: use “beg” match pattern instead of “sub”

  • MINOR: use “lower” converter when defining HAProxy variables

  • MEDIUM: frontend annotations: Expand ingress matching to include path

  • MINOR: update haproxy set-var rules

  • BUG/MINOR: don’t overwrite Ingress rules with same host

  • BUILD/MINOR: increase Go version to 1.15

  • BUG/MINOR: Require controller update when configmaps are deleted

Version 1.4.7 - 2020-09-15


  • BUG/MINOR: k8s: be more resilient to api errors (ee)

  • MINOR: Reload HAProxy when creating new server slots

  • BUG/MEDIUM: Unavailable TargetPort should not yield an error and prevent processing backend servers

  • BUG/MEDIUM: Preserve source IP when chaining frontends.

  • OPTIM/MAJOR: Add hard-stop-after in default config

  • BUG/MEDIUM: Enabling ssl-passthrough may break ssl offloading

Version 1.4.6 - 2020-07-23


  • FEATURE/MINOR: maps: check for modification withouth content creation

  • BUG/MINOR: annotations: exclude deleted hosts from map files.

  • BUG/MINOR: Revert: annotations: fix issues with key generating from inappropriate data.

  • OPTIM/MINOR: increasing Kubernetes informe cache resync period

  • BUG/MAJOR: monitor: reset hadChanges after successful update

  • BUG/MEDIUM: maps: sort rows before generating content

  • BUG/MINOR: annotations: don’t write deleted hosts to map file

  • BUG/MINOR: annotations: skip rules if not rules are set on ingress

  • CLEANUP: maps: rename hosts to rows.

  • FEATURE/MINOR: whitelist/blacklist: use map files instead of inline list

  • BUG/MINOR: annotations: fix issues with key generating from inappropriate data.

  • BUG/MINOR: maps: Fix issues with file removal.

  • BUILD/MEDIUM: k8s: upgrade k8s client to v0.18.5

  • BUG/MINOR: use lower-case letters for log-format variables

  • BUG/MINOR: tls secrets: check that both the key and the crt are not empty

  • BUG/MEDIUM: Controller won’t reload HAProxy as it should be when application endpoints are updated

  • BUILD/MEDIUM: Use latest 2.1 tag for the haproxy docker image

  • MINOR: remove deprecated “http-use-htx” from stats section

  • MINOR: removing replicas from DaemonSet

  • BUG/MEDIUM: Fix unmatched acl in response-set-header

Version 1.4.5 - 2020-06-02


  • MINOR: Add automatic H2 support for backends when enabling ssl on backend server lines

  • BUG/MINOR: global-annotations: fix incorrect reload assignement

  • REORG/MINOR: global-annotations: use switch statement when possible

  • MEDIUM: Add logging messages for debug

  • BUG/MAJOR: client-native: activate file validation

  • MINOR: Ignore empty fields in syslog params

  • REORG/MEDIUM: Move config-parser usage for global annotations to HAProxy API package

  • REORG/MAJOR: Move HAProxy API code to haproxy package

  • BUILD/MEDIUM: upgrade haproxy packages to v2

  • BUG/MINOR: logs: remove empty lines

Version 1.4.4 - 2020-05-07


  • BUG/MINOR: ingress: warn about ingress misconfiguration

  • CLEANUP: cleanup startup logs

  • BUG/MINOR: Don’t ignore server annotations with EMPTY status when updating backend server

  • MINOR: Add support for ExternalName services

  • DOC: Group logging options in same section

  • DOC: grouping global options in same section

  • MINOR: Add default options: http-server-close, http-keep-alive, dontlognull, logasap

  • OPTIM/MINOR: refactor ActiveTransactionHasChanges in global annotations

  • BUILD: HAProxy: update to version 2.1.4

  • DOC/MINOR: Fix wrong link for community slack

  • BUILD: Update check-commit action to v1.1.1

  • CLEANUP/MINOR: log: remove LogErr and PanicErr

  • MAJOR: add log levels

  • BUG/MAJOR: configmap: always create configmap

  • MINOR: move ConfigMap to controller namespace in k8s deploy file

  • MEDIUM: Make configMap optional

  • BUILD: Update check-commit actoin to v1.1.0

  • BUILD/MINOR: Fix Linting error in commit 1ce463d70d2

  • OPTIM/MINOR: Ignore the port part when matching for HTTP redirects

  • DOC: Add timeouts documentation

  • MINOR: Add client-fin and server-fin timeouts

  • BUG/MINOR: Fix incorrect restart/reload handling with globalAnnotation

  • minor: Fixed typo in filename: haproxy-ingress-daemonset.yaml.

  • DOC: typos on docblock and docs

  • OPTIM/MINOR: controller: configurable controller sync period

  • BUILD: Update github workflow to add check-commit action

  • BUG/MINOR: Fix setupTestEnv to cope with haproxy config dir changes

  • MEDIUM: Make controller handles directly HAProxy process instead of relying on init.d script

  • MINOR: Provide HAProxyCfgDir as a default place for HAProxy configuration

  • FEATURE/MEDIUM: Add response-set-header config and functionality.

  • REORG: Low risk, renamed FrontendHTTPRules to FrontendHTTPReqRules.

  • DOC/MINOR: readme: Typo on HAProxy Community Slack link

  • BUG/MINOR: Fix incorrect reload check with syslog-server annotation

  • MINOR: Sort backendSwitching rules across different ingresses

  • BUG/MEDIUM: fix set-var parsing bug in config-parser

  • BUILD: Update linter to v1.24.0

  • BUG/MEDIUM: Fix deprecated actions in tcp-request rule

Version 1.4.3 - 2020-04-14


  • BUILD: Upgrade Golang version to 1.14.2

  • MINOR: Ignore the port part when matching hosts against ingress rules

  • BUG/MINOR: Missed client-native update required for rewrite-path

  • MINOR: Add path-rewrite annotation

  • MINOR: Add set-host annotation

  • MEDIUM: Add support for http-request rules in the backend

  • REORG: Prefix “Frontend” word to fields holding HTTP rules.

  • REORG: Put service related code in a seperate file

  • REORG: Move Backend and Server configuration in HAProxy package

  • BUILD: Use config-parser v2.0

  • CLEANUP/MEDIUM: Use same reload flag

  • REFACTOR/MINOR: refactor global annotations

  • MINOR: Add log-format annotation to customize HTTP traffic logging

  • BUG/MINOR: Propagate ADDED status of ingress to its tls secrets

  • BUG/MINOR: Updated of default TLS secret are ignored.

  • BUG/MINOR: Ensure that certificate provided via –default-ssl-certificate is used as default certificate

  • REFACTOR/MINOR: Refactor code for HAProxy service start,restart,reload

  • MINOR: Restart HAProxy when logging to stdout

  • MEDIUM: Make use of master-worker mode to reload HAProxy

Version 1.4.2 - 2020-04-02


  • BUILD: HAProxy: update to version 2.0.14

  • BUG/MINOR: Refresh map files after refreshing HAProxy rules

  • MEDIUM: Enable rate-limiting by ingress

  • BUG/MINOR: tcp accept rule in ssl-passthrough frontend is stopping rules evaluation.

  • REFACTOR: Follow up on spec refactor, changing ID to index

  • REFACTOR: Follow up on spec refactor, changing cookie Domain to Domains

Version 1.4.1 - 2020-03-24


  • MINOR: Add blacklisting Acess Control

  • BUG/MEDIUM: default tcp log-format conflicts with ssl-passthrough

  • BUG/MINOR: Check empty sample in RequestCapture before rule modification.

  • BUG/MINOR: Empty Map Files are created whith SSLRedirect

  • BUG/MINOR: Map Refresh does not return correct needReload flag.

  • MINOR: Exit when receiving SIGTERM or SIGUSR1

  • DOC: Add Discussion section in README

  • DOC: Update contributing section

Version 1.4.0 - 2020-03-17


  • CLEANUP/MINOR: lint: resolve import lint errors

  • REORG/MINOR: put logo in assets directory at root level

  • MINOR: Change default logging in order to automatically log Host header for HTTP traffic and SNI for SSL passthrough traffic.

  • BUG/MINOR: Update all related map files upon a HTTP rule change.

  • MINOR: Enable automatic HTTPS redirect when ingress has TLS enabled.

  • BUG/MINOR: Fix status of request rules

  • MINOR: add request-set-header

  • BUG/MINOR: Set activeTransaction when handling global annotations

  • BUG/MEDIUM: Process only ingress objects which ingress.class strictly matches the controller –ingress.class CLI arg.

  • BUG/MINOR: Remove a certificate of a secret in DELETED state

  • REORG/MINOR: reoganize handleSecret

  • BUG/MEDIUM: Update Ingress status when TLS secrets are updated

  • MINOR: Add SSL offload for TCP services.

  • BUG/MINOR: Update default timeouts after startup

  • REORG/MINOR: handle maxconn annotation in default section.

  • DOC: Reorder (alphabetic) and fix scope for some annotations

  • CLEANUP/MINOR: remove unused whitelist-with-rate-limit annotation

  • MEDIUM: Add proxy-protocol support

  • MEDIUM: Reorder HAProxy rules

  • MINOR: Use map files for http-redirect.

  • BUG/MAJOR: Controller keeps reloading HAPRoxy due to incorrect map handling in whitelist rule.

  • REORG/MEDIUM: Refactor map code for request-capture.

  • BUG/MEDIUM: default timeouts are not updated

  • REORG/MINOR: Group annotations by proxy type

  • MINOR: Remove unecessary param in configuration Init

  • CLEANUP: code: refactor rate-limiting whitelisting

  • BUILD: HAProxy: update to version 2.0.13

  • BUG/MINOR: fix formatting bug

  • BUG/MINOR: Check key length in TLS secret to avoid an index out of range error

  • BUG/MEDIUM: Keep processing backend of TCP services even when TCPConfigmap does not change.

  • MINOR: No need to sync service’s targetport

  • REORG/MINOR: Put backend and server code on seprate packages

  • REORG/MAJOR: Put controller’s code on seperate pacakge.

  • DOC/MINOR: Add TCP services documentation

  • MINOR: Handle MODIFIED status of TCP services

  • BUG/MINOR: check ssl-passthrough status when an ingress path is added

  • MINOR: Propagate the ADDED status of an ingress rule to its paths.

  • MINOR: Fix spelling in logging

  • MINOR: Remove ‘incorrect param’ from publish-service flag

  • FEATURE/MINOR: Use request-capture with ssl-passthrough

  • BUG/MEDIUM: Fix priority when using overlapping paths.

  • MEDIUM: Add default backend from ingress objects

  • DOC: controller: add http-request-capture

  • FEATURE/MINOR: http-request capture

  • MINOR: Add support for sticky session via cookie-persistence

  • BUG/MEDIUM: Skip backend switching for tcp services

  • MINOR: Send X-Forwarded-Proto to HTTP backends for TLS clients.

  • MINOR: testing: Add build and linter

  • MINOR: Add “server-ssl” annotation

  • MINOR: Don’t process HTTP annotations in mode TCP

  • BUG/MEDIUM: Sync internal path data when Ingress object is updated

  • MAJOR: Add publish-service feature

  • CLEANUP: Remove unused struct fields

  • CLEANUP: Rewrite of backend switching mechanism and related tasks

  • CLEANUP: use the helper function ParseTime

  • CLEANUP: use the helper function ptrInt64

  • CLEANUP: No need for NativeAPI in the Configuration struct

Next up

Release notes