HAProxy Kubernetes Ingress Controller Documentation 1.5

Changelog

Version 1.5.6 - 2021-04-29

Changes:

  • BUG/MEDIUM: Fix nil pointer dereference in EventEndpoints

  • BUG/MINOR: Controller should populate refreshed maps.

  • BUILD/MINOR: check-commit: pin version of image

  • BUILD/MINOR: check-commit: trigger only on pull requests

  • BUILD/MINOR: ci: update check-commit msg action

  • BUG/MINOR: Fix incorrect parsing of certificate file name

  • BUG/MINOR: enable ingress multi configurations for same path and distinct path types

Version 1.5.5 - 2021-04-12

Changes:

  • BUG/MINOR: Fix address parsing in proxy-protocol annotation

  • BUG/MEDIUM: certs refresh: fix nil pointer dereference

  • BUG/MINOR: Fix regression when loading multiple cert formats

  • BUG/MINOR: fix blacklist and proxy protocol duplication

  • BUG/MINOR: fix whitelist duplication

  • TEST/MAJOR: e2e: update test application and README

  • TEST/MINOR: e2e test: increase tickDuration for rate-limiting

  • TEST/MINOR: e2e rate-limiting: adjust thresholds

  • BUG/MINOR: fix secret type in default certificate management

  • BUG/MINOR: rate-limiting: preserve counters after reload

Version 1.5.4 - 2021-03-20

Changes:

  • MINOR: emit a warning if Main ConfigMap is not found

  • MINOR: Add debug logs to trace reload related actions

  • OPTIM/MINOR: decrease log severity of verbose logs from debug to trace

  • BUG/MINOR: don’t reload when the order of map entries change in HAProxy map files.

Version 1.5.3 - 2021-03-10

Changes:

  • BUG/MINOR: tcp-services: add additional input validation to avoid nil pointer dereference

  • REORG: contract “Service” to “Svc” in IngressPath fields

  • REORG: endpoints: getEndpoints() now returns errors instead of logging them

  • BUG/MINOR: Fix failure in port lookup when servicePort different from containerPort.

  • TEST/MINOR: port_discovery: adjust http port to make test more accurate

  • BUILD: Fix gitlab-ci linting directive

  • DOC/MINOR: Document building External Ingress Controller

  • DOC/MINO: Improve tcp-services doc

Version 1.5.2 - 2021-03-05

Changes:

  • BUG/MINOR: Fix regression regarding k8s servicePort lookup

  • TEST: Add e2e test for servicePort discovery

  • BUG/MEDIUM: sslPassthrough: “accept tcp rule” stops rules processing.

  • BUG/MEDIUM: incorrect http rules configuration with SSLPassthrough

  • TEST: https: Add more SSLPassthrough tests

  • TEST/MEDIUM: Seperate sequential and parallel e2e tests

  • TEST: Cleanup unused code

  • TEST: Reorg set header test

  • TEST: Reorg send proxy test

  • TEST: Reorg rate limiting test

  • TEST: Reorg ingress match test

  • TEST: Reorg https tests

  • TEST: Reorg source ip test

  • TEST: Reorg basic auth test

  • TEST: Reorg IngressClass test

  • TEST: Reorg endpoints-update

  • TEST/MAJOR: Boilerplate code to reorg e2e tests and use testify/suite

  • TEST/MEDIUM: Change tests path from deploy/kind/tests to deploy/tests/e2e

  • BUG/MINOR: healthz: listen on IPv6 too

  • BUG/MEDIUM: stats frontend: listen IPv6 if possible

  • BUILD/MINOR: gitlab-ci: update test lint stages

  • BUG/MEDIUM: drop dynamic map update

  • BUG/MEDIUM: haproxy rules should be mapped to ingress.Namespace+ingress.Name

  • MINOR: Make src-ip-header annotation available by Ingress

  • BUG/MEDIUM: services: don’t create frontend if corresponding default_backend is not ready

  • BUG/MEDIUM: servicePort should be resolved before constructing backendName

  • BUG/MEDIUM: http rules: ineffectual delete operation when refreshing rules

  • MEDIUM: map file: flush content to disk

  • MINOR: Add tracing logs

  • BUG/MINOR: Don’t mix controller logger and k8s client logger

  • OPTIM/MEDIUM: Don’t watch multiple Ingress APIs at the same time

  • BUG/MINOR: maps: use Warningf instead of Warning

  • MINOR: external mode: if stock haproxy.cfg not found check in config-dir

  • DOC: Document External Controller mode

  • REORG/MINOR: rename OutOfCluster controller arg to External

  • MINOR: log panic errors in kubernetes.go

  • BUILD: gitlab-ci: use CI registry via CI_REGISTRY_GO env variable

  • BUILD/MINOR: linter Fix ‘maligned’ check

  • BUG/MINOR: Delete certificates as soon as tls secrets are deleted

  • OPTIM/MINOR: Don’t process Ingress with DELETED status

Version 1.5.1 - 2021-02-03

Changes:

  • BUG/MEDIUM: need to reload when failing dynamic map update

  • BUILD/MINOR: Update Client-Native module

  • MINOR: controller: handle graceful shutdown

  • OPTIM/MINOR: Enable readiness endpoint after first config sync

  • REORG/MINOR: use client-native to configure bind lines

  • BUG/MINOR: Add haproxy txn.base var to stats frontend

  • BUG/MINOR: fix source map file of acl in proxy protocol

  • BUILD/MINOR: deploy files: fix typo in ingressclasses name

  • DOC: Set active_version to 1.5

  • BUG/MINOR: Don’t fail if ExternalName Service is not resolving

  • BUG/MAJOR: clean controller state even when HAProxy sync fails

  • DOC: Add CORS annotations

  • MEDIUM: Add CORS support via HAProxy response rules

  • REORG/MINOR: Frontend annotations: reorg handlers

  • DOC/MEDIUM: Fixed doc formatting

  • REORG/MEDIUM: haproxy rules: handle Ingress ACL at the api client level

  • BUG/MEDIUM: don’t clear ruleIDs buffer when handling ingress rules

  • DOC: fix typos in –configmap-errorfile argument

  • DOC: add auth-realm annotation

  • MINOR: add auth-realm annotation

  • MINOR: basic-auth: ignoring last character ‘\n’ in password

  • MINOR: basic-auth: keep haproxy auth rule even if auth-secret is not available

  • REVERT: commit 2ebd7ef4008fb42d251e9fa8627bfe0c17d5079c

  • BUILD/MINOR: update check-commit action

  • DOC/MEDIUM: Replaced <pre> tags with Markdown code blocks. Put code keyword backticks around some keywords. Improved grammar in a few descriptions. Changed the ‘auth-secret’ definition so that the description of the values is under the values key instead of the description key. This makes the table where we show the description only more succinct. For ‘auth-type’ and ‘auth-secret’, the example now shows both of these keys together because they are dependant upon one another.

  • DOC/MINOR: Edit config-snippet description

  • DOC: recover –configmap-errorfile doc lost in b1d44b902

  • BUG/MEDIUM: avoid nil pointer dereference in k8s versions < 1.14

Version 1.5.0-rc2 - 2021-01-13

Changes:

  • BUG/MINOR: avoid nil pointer dereference in basic-auth handling

  • DOC: add documentation of request-redirect and request-redirect-code annotations

  • MINOR: Add HTTP redirection with annotation “request-redirect”

  • DOC: Add more details about basic-auth

  • OPTIM/MINOR: basic-auth optimizations

  • BUG/MINOR: basic-auth: haproxy needs to be reloaded after credentials update

  • CLEANUP/MINOR: haproxy module: remove unused code left from refactor in 80839ac88

  • CLEANUP/MINOR: cleanup when handling deleted ingress annotations

  • DOC: Update cookie persistence description

  • REORG/MINOR: simplify handling of cookie persistence

  • BUILD/MEDIUM: e2e tests: use k8s versions ‘v1.19.3’, ‘v1.18.6’, ‘v1.17.5’.

  • BUILD/MINOR: update RBAC in deploy files to fetch ingressclasses

  • TEST: Add IngressClass e2e test

  • BUG/MEDIUM: Fixing IngressClass support

  • MINOR: Rely on APIResourceList for Ingress API Discovery

  • TEST/MEDIUM: Set waitDuration to 15s and tickDuration to 2s

  • REORG/MINOR: haproxy rules: handle RuleIDs inside haproxy module

  • REORG/MINOR: split annotations.go in different files

  • CLEANUP/MINOR: remove cfgsnippet code left from refactor on 80839ac88

  • DOC: add ssl-redirect-port annotation documentation

  • MINOR: HTTPS redirection port freely adjustable in HTTP to HTTPS redirection.

  • DOC: split config-snippet into global and backend declinations

  • REORG/MAJOR: refactor global and backend annotations

  • MINOR: HandleTLSSecret returns an error type instead of store.Status

  • CLEANUP/MINOR: Maps: Remove unused code

  • DOC: server-ca/server-crt/server-proto documentation

  • MEDIUM: add server-ca and server-crt annotations.

  • REFACTOR/MEDIUM: refactor secrets handling code and move it to haproxy package

  • MINOR: Servers: add server-proto annotation

  • MINOR: formatting startup logs

  • BUG/MINOR: Endpoints: trigger a reload if dynamic update fails

  • MINOR: use numbers instead of random string in server names

  • REORG/MEDIUM: Use array instead of map for endpoints

  • DOC: add scale-server-slots annotation

  • MEDIUM: endpoints: don’t limit haproxy backend scaling

  • REORG/MINOR: Endpoints: remove AddrsUsed field

  • BUG/MEDIUM: Endpoints: addresses should be passed by value to PortEndpoints

  • BUG/MEDIUM: endpoints state is not synced when they scale down to zero

  • BUG/MINOR: Prevent aligning of backends for externalName services

  • MINOR: replace shell processes with system calls

  • MAJOR: build: using by default GODEBUG=madvdontneed=1

  • DOC: Update documentation link

Version 1.5.0-rc1 - 2020-12-09

Changes:

  • BUG/MINOR: Don’t fail if ExternalName Service is not resolving

  • BUG/MAJOR: clean controller state even when HAProxy sync fails

  • DOC: Add CORS annotations

  • MEDIUM: Add CORS support via HAProxy response rules

  • REORG/MINOR: Frontend annotations: reorg handlers

  • DOC/MEDIUM: Fixed doc formatting

  • REORG/MEDIUM: haproxy rules: handle Ingress ACL at the api client level

  • BUG/MEDIUM: don’t clear ruleIDs buffer when handling ingress rules

  • DOC: fix typos in –configmap-errorfile argument

  • DOC: add auth-realm annotation

  • MINOR: add auth-realm annotation

  • MINOR: basic-auth: ignoring last character ‘\n’ in password

  • MINOR: basic-auth: keep haproxy auth rule even if auth-secret is not available

  • REVERT: commit 2ebd7ef4008fb42d251e9fa8627bfe0c17d5079c

  • BUILD/MINOR: update check-commit action

  • DOC/MEDIUM: Replaced <pre> tags with Markdown code blocks. Put code keyword backticks around some keywords. Improved grammar in a few descriptions. Changed the ‘auth-secret’ definition so that the description of the values is under the values key instead of the description key. This makes the table where we show the description only more succinct. For ‘auth-type’ and ‘auth-secret’, the example now shows both of these keys together because they are dependant upon one another.

  • DOC/MINOR: Edit config-snippet description

  • DOC: recover –configmap-errorfile doc lost in b1d44b902

  • BUG/MEDIUM: avoid nil pointer dereference in k8s versions < 1.14

  • BUG/MINOR: avoid nil pointer dereference in basic-auth handling

  • DOC: add documentation of request-redirect and request-redirect-code annotations

  • MINOR: Add HTTP redirection with annotation “request-redirect”

  • DOC: Add more details about basic-auth

  • OPTIM/MINOR: basic-auth optimizations

  • BUG/MINOR: basic-auth: haproxy needs to be reloaded after credentials update

  • CLEANUP/MINOR: haproxy module: remove unused code left from refactor in 80839ac88

  • CLEANUP/MINOR: cleanup when handling deleted ingress annotations

  • DOC: Update cookie persistence description

  • REORG/MINOR: simplify handling of cookie persistence

  • BUILD/MEDIUM: e2e tests: use k8s versions ‘v1.19.3’, ‘v1.18.6’, ‘v1.17.5’.

  • BUILD/MINOR: update RBAC in deploy files to fetch ingressclasses

  • TEST: Add IngressClass e2e test

  • BUG/MEDIUM: Fixing IngressClass support

  • MINOR: Rely on APIResourceList for Ingress API Discovery

  • TEST/MEDIUM: Set waitDuration to 15s and tickDuration to 2s

  • REORG/MINOR: haproxy rules: handle RuleIDs inside haproxy module

  • REORG/MINOR: split annotations.go in different files

  • CLEANUP/MINOR: remove cfgsnippet code left from refactor on 80839ac88

  • DOC: add ssl-redirect-port annotation documentation

  • MINOR: HTTPS redirection port freely adjustable in HTTP to HTTPS redirection.

  • DOC: split config-snippet into global and backend declinations

  • REORG/MAJOR: refactor global and backend annotations

  • MINOR: HandleTLSSecret returns an error type instead of store.Status

  • CLEANUP/MINOR: Maps: Remove unused code

  • DOC: server-ca/server-crt/server-proto documentation

  • MEDIUM: add server-ca and server-crt annotations.

  • REFACTOR/MEDIUM: refactor secrets handling code and move it to haproxy package

  • MINOR: Servers: add server-proto annotation

  • MINOR: formatting startup logs

  • BUG/MINOR: Endpoints: trigger a reload if dynamic update fails

  • MINOR: use numbers instead of random string in server names

  • REORG/MEDIUM: Use array instead of map for endpoints

  • DOC: add scale-server-slots annotation

  • MEDIUM: endpoints: don’t limit haproxy backend scaling

  • REORG/MINOR: Endpoints: remove AddrsUsed field

  • BUG/MEDIUM: Endpoints: addresses should be passed by value to PortEndpoints

  • BUG/MEDIUM: endpoints state is not synced when they scale down to zero

  • BUG/MINOR: Prevent aligning of backends for externalName services

  • MINOR: replace shell processes with system calls

  • MAJOR: build: using by default GODEBUG=madvdontneed=1

  • DOC: Update documentation link

Version 1.5.0 - 2021-01-21

Changes:

  • BUG/MINOR: Don’t fail if ExternalName Service is not resolving

  • BUG/MAJOR: clean controller state even when HAProxy sync fails

  • DOC: Add CORS annotations

  • MEDIUM: Add CORS support via HAProxy response rules

  • REORG/MINOR: Frontend annotations: reorg handlers

  • DOC/MEDIUM: Fixed doc formatting

  • REORG/MEDIUM: haproxy rules: handle Ingress ACL at the api client level

  • BUG/MEDIUM: don’t clear ruleIDs buffer when handling ingress rules

  • DOC: fix typos in –configmap-errorfile argument

  • DOC: add auth-realm annotation

  • MINOR: add auth-realm annotation

  • MINOR: basic-auth: ignoring last character ‘\n’ in password

  • MINOR: basic-auth: keep haproxy auth rule even if auth-secret is not available

  • REVERT: commit 2ebd7ef4008fb42d251e9fa8627bfe0c17d5079c

  • BUILD/MINOR: update check-commit action

  • DOC/MEDIUM: Replaced <pre> tags with Markdown code blocks. Put code keyword backticks around some keywords. Improved grammar in a few descriptions. Changed the ‘auth-secret’ definition so that the description of the values is under the values key instead of the description key. This makes the table where we show the description only more succinct. For ‘auth-type’ and ‘auth-secret’, the example now shows both of these keys together because they are dependant upon one another.

  • DOC/MINOR: Edit config-snippet description

  • DOC: recover –configmap-errorfile doc lost in b1d44b902

  • BUG/MEDIUM: avoid nil pointer dereference in k8s versions < 1.14

  • BUG/MINOR: avoid nil pointer dereference in basic-auth handling

  • DOC: add documentation of request-redirect and request-redirect-code annotations

  • MINOR: Add HTTP redirection with annotation “request-redirect”

  • DOC: Add more details about basic-auth

  • OPTIM/MINOR: basic-auth optimizations

  • BUG/MINOR: basic-auth: haproxy needs to be reloaded after credentials update

  • CLEANUP/MINOR: haproxy module: remove unused code left from refactor in 80839ac88

  • CLEANUP/MINOR: cleanup when handling deleted ingress annotations

  • DOC: Update cookie persistence description

  • REORG/MINOR: simplify handling of cookie persistence

  • BUILD/MEDIUM: e2e tests: use k8s versions ‘v1.19.3’, ‘v1.18.6’, ‘v1.17.5’.

  • BUILD/MINOR: update RBAC in deploy files to fetch ingressclasses

  • TEST: Add IngressClass e2e test

  • BUG/MEDIUM: Fixing IngressClass support

  • MINOR: Rely on APIResourceList for Ingress API Discovery

  • TEST/MEDIUM: Set waitDuration to 15s and tickDuration to 2s

  • REORG/MINOR: haproxy rules: handle RuleIDs inside haproxy module

  • REORG/MINOR: split annotations.go in different files

  • CLEANUP/MINOR: remove cfgsnippet code left from refactor on 80839ac88

  • DOC: add ssl-redirect-port annotation documentation

  • MINOR: HTTPS redirection port freely adjustable in HTTP to HTTPS redirection.

  • DOC: split config-snippet into global and backend declinations

  • REORG/MAJOR: refactor global and backend annotations

  • MINOR: HandleTLSSecret returns an error type instead of store.Status

  • CLEANUP/MINOR: Maps: Remove unused code

  • DOC: server-ca/server-crt/server-proto documentation

  • MEDIUM: add server-ca and server-crt annotations.

  • REFACTOR/MEDIUM: refactor secrets handling code and move it to haproxy package

  • MINOR: Servers: add server-proto annotation

  • MINOR: formatting startup logs

  • BUG/MINOR: Endpoints: trigger a reload if dynamic update fails

  • MINOR: use numbers instead of random string in server names

  • REORG/MEDIUM: Use array instead of map for endpoints

  • DOC: add scale-server-slots annotation

  • MEDIUM: endpoints: don’t limit haproxy backend scaling

  • REORG/MINOR: Endpoints: remove AddrsUsed field

  • BUG/MEDIUM: Endpoints: addresses should be passed by value to PortEndpoints

  • BUG/MEDIUM: endpoints state is not synced when they scale down to zero

  • BUG/MINOR: Prevent aligning of backends for externalName services

  • MINOR: replace shell processes with system calls

  • MAJOR: build: using by default GODEBUG=madvdontneed=1

  • DOC: Update documentation link

  • BUG/MINOR: Srv annotations: preserve reload status

  • MEDIUM: runtime-maps: dynamic update

  • BUILD/MINOR: client-native: update to latest

  • MEDIUM: remove MapID and use simple string instead

  • MINOR: maps: add preserve flag

  • MINOR: HAProxy Backend: reload only when creating new backends

  • MEDIUM: HAProxy rules: reload only when creating new rules

  • TEST/MINOR: PathTypeExact is not available before k8s 1.18

  • MINOR: Fix linting issues

  • CLEANUP/MINOR: No need for ACL in X-Forwarded-Proto

  • MINOR: Ingres rules: support Prefix PathType.

  • MINOR: Ingress rules: support Host wildcard

  • TEST/MINOR: Test Ingress rules matching

  • CLEANUP/MINOR: maps: remove unused error functions

  • BUILD/MAJOR: unprivileged container: use k8s securityContext

  • BUILD/MINOR: update deploy files to include networking.k8s.io

  • TEST/MINOR: enable HAProxy stdout logging

  • REORG/MINOR: Add missing new lines at the end of some files

  • DOC/MINOR: add example how kind environment can be run

  • CLEANUP/MINOR: kind: lock k8s version to be more consistent

  • CLEANUP/MINOR: rephrase HAProxy config sync log message

  • BUILD/MAJOR: allow go optimisations

  • BUG/MINOR: Remove lowercasing on path

  • BUILD/MEDIUM: Use InitContainers to configure unprivileged ports

  • BUILD/MAJOR: Run ingress controller in Rootless container

  • BUILD/MEDIUM: dockerfile: reducing container image layers with optimization

  • BUILD/MINOR: haproxy: bumping to release 2.3

  • TEST/MINOR: Merge Host and Path ingress match tests

  • TEST/MEDIUM: Use the same deployment image for all tests

  • TEST/MINOR: Add multiple Ingress rules to a new Ingress

  • TEST/MINOR: No need for release parameter

  • TEST/MINOR: Fix some naming issues.

  • BUG/MINOR: Removed secrets are not deleted from store

  • BUG/MINOR: Don’t replicate HAProxy rules

  • MAJOR: change HAProxy rules matching

  • MAJOR: backend switching: use Haproy Map Files

  • BUG/MINOR: The FORWARDED_PROTO rule should be a request rule and not a response one.

  • MINOR: handle multiple default routes

  • MINOR: api: avoid a nil pointer dereference with APIStartTransaction

  • MINOR: use HAProxyBinary variable instead of hardcoded “haproxy”

  • BUG/MEDIUM: all backend servers are deleted when there are more servers than server-slots

  • BUG/MINOR: user defined default backends should be marked on activeBackends.

  • BUG/MINOR: ssl-passthroug: uses incorrend backend name.

  • TEST/MINOR: Check if Namespace exists before creation

  • BUG/MEDIUM: endpoints: set BackendName

  • TEST: Run tests in specific NS

  • REORG/MINOR: handlers: add refresh handler

  • MAJOR: refactor and move Ingress routes related task to a different package.

  • REORG/MAJOR: ingress: use ingressRoute struct storing the context of an IngressPath

  • MINOR: logging: change formatting of few logs

  • DOC/MINOR: backport hard-stop-after annotation to v1.4

  • DOC/MINOR: backport server-slots annotation to v1.4

  • BUG/MEDIUM: endpoints: Mixing addresses related to different ports

  • OPTIM/MEDIUM: restrict backend servers to server-slots value

  • BUILD/MINOR: github: bumping up golangci-lint GitHub action

  • BUILD/MINOR: github: Upgrading KinD action due to deprecation path

  • DOC/MINOR: documenting Basic Authentication Ingress annotations

  • CLEANUP/MINOR: fmt: resolving goimports formating

  • TEST/MINOR: integration test for Basic Auth

  • TEST/MINOR: failing in case of unrecoverable error

  • REORG/MINOR: test: giving more context on kind of Secret creating

  • MEDIUM: frontend: supporting Basic Authentication

  • BUILD/MINOR: increasing golang-ci lint timeout

  • TEST: reorg: avoiding nil pointer dereference and naming uniformity

  • DOC/MINOR: annotation rate-limit-size is handled at Ingress level too

  • DOC: fixing typo on indentation

  • MINOR: HAProxy maps: simplify content management.

  • CLEANUP: haproxy rules: no need for MapID index.

  • REORG: group in same file functions of same logic

  • DOC/MINOR: Fix ambiguous whitelist description

  • TEST/MAJOR: tests: add kind tests to gitlab ci

  • DOC: hard-stop-after annotation

  • MINOR: Add global annotation: hard-stop-after

  • MINOR: typo: various grammatical typo

  • TEST/MINOR: testing set-src-ip and blacklist annotations

  • DOC/MINOR: documenting the src-ip-header global annotation

  • MINOR: adding set source rule as global annotation

  • TEST/MINOR: set-host as Ingress annotation

  • TEST/MINOR: testing set header for request and response

  • TEST/MINOR: Ingress rate limiting (requests, period, custom code)

  • BUG/MEDIUM: access control: fixing rules order

  • BUG/MEDIUM: rate-limite: tracking tables not created

  • BUG/MEDIUM: crash if no controller class provided.

  • MINOR: properly handle transaction dir in test suite

  • BUG/MINOR: deleting frontend rules in f69b22a may leave old rules.

  • MINOR: Add “program” controller arg.

  • MAJOR: Configure an HAProxy instance outside of k8s.

  • MINOR: Setup HAProxy config directory when running out of k8s cluster

  • REORG: make HAProxyCfgDir a global variable

  • BUILD: upgrade to config-parser v3

  • MINOR: Change initial socket path for bind lines

  • REORG: Remove “Set” prefix from global API funcs

  • MINOR: ingress: using GetValueFromAnnotations for ingress class name retrieval

  • BUILD/MINOR: supporting networking.k8s.io ingress and ingressclass

  • MEDIUM: fixing e6dd2b3 and making IngressClass no more mandatory

  • MINOR: ingress: handling exact path matching

  • MINOR: ingress: supporting IngressClass by networking.k8s.io

  • DOC/MINOR: typo on docs and source code

  • MEDIUM: supporting kubernetes 1.19 (networking.k8s.io ingress)

  • OPTIM/MINOR: controller: using struct events channel

  • MINOR: Add stacking errors

  • MAJOR: Refactor HAProxy Rules and move them to a seperate package.

  • REORG: maps: rename key to mapID

  • TEST/MINOR: kind: run create.sh from any directory

  • BUILD: github: too many white-spaces

  • BUILD: github: decoupling lint and commit subject

  • TEST/MAJOR: reorg and fixing various test cases

  • TEST/MINOR: upstream proxy-protocol v1

  • BUILD: Fix linting: capitalized error string

  • BUG/MINOR: endpoints: abort processing when TargetPort not found

  • BUG/MEDIUM: handlers: Configuration should be passed by reference

  • BUG/MEDIUM: ssl-passthrough confilicts with ssl-offloading

  • BUG: ssl offloading, Fix typo in offloading condition introduced in 91bccbe

  • BUG/MAJOR: fixing ssl offloading regression introduced in db51a5dbb6

  • BUG/MINOR: ssl: using user addresses on passthrough activation

  • MINOR: using config-parser for bind options init

  • BUG/MINOR: frontend: not reloading after binding init

  • CLEANUP/MINOR: logs: non polluting logs for useless details

  • DOC: documenting changes introduced with db51a5db

  • BUG/MINOR: update HAProxy rules when ssl-redirect-code annotation is updated.

  • DOC: SSL section reviewed

  • BUG/MINOR: SSL redirection does not handle Ingress deletion

  • REORG: Check Ingress rules are not empty before handling Annotations

  • MINOR: align inspect-delay on timeout-client instead of timeout-connect

  • CLEANUP: tests: using more expressive name for test client

  • MINOR: tests: tls/ssl redirect

  • MINOR: tests: testing HTTPS frontend

  • MINOR: tests: testing SSL passthrough

  • BUG/MINOR: not exposing HTTPS port on KinD

  • MINOR: tests: endpoints out and in scaling

  • MINOR: tests: host-based matching

  • MINOR: tests: path matching with URL rewrite

  • REORG/MINOR: tests: structuring tests and utilities

  • BUG/MINOR: Move Ingress annotations set-host and path-rewrite to frontends

  • MINOR: backend switching: use variables instead of sample fetches.

  • BUG/MINOR: Make tcp inspect-delay timeout match “timeout connect”

  • DOC/MINOR: ssl: documenting the local SSL port upon passthrough

  • MEDIUM: frontend: custom bind port, and frontend and IP protocol toggling

  • MINOR: events: race conditions fix due to Helm posthooks

  • OPTIM/MINOR: handling annotations overwritten by config-snippet

  • DOC: add stick-table info in rate-limit-requests and fix typos.

  • MINOR: annotations: configurable rate limiting status code

  • CLEANUP/MINOR: doc: correct example for syslog-server

  • DOC/MINOR: syslog-server: document default field values

  • MEDIUM: frontend/ingress annotations: Expand ingress matching to include path

  • MINOR: update haproxy set-var rules

  • BUG/MINOR: don’t overwrite Ingress rules with same host

  • REORG: group controller’s refresh functions

  • REORG: move TCP handling to the UpdateHandler interface

  • REORG: move https handling to the UpdateHandler interface

  • REORG: move enable/disable of SSLOffloading to haproxy/api module

  • MEDIUM: Set Logging at module level rather than struct level

  • MAJOR: move k8s resources to seperate module named store

  • OPTIM/MEDIUM: endpoints: don’t reload HAProxy if the only change is the endpoint’s address

  • OPTIM/MINOR: endpoints: use a map instead of a slice for endpoint ports

  • OPTIM/MINOR: endpoints: no need to lookup server annotations at each server iteration

  • REORG: endpoints: Move processEndpointsSrvs out of kuberntes events handling

  • OPTIM/MAJOR: endpoints: handle backend server slots in the main loop

  • CLEANUP: endpoints: remove some over-engineered code and uncessary pointers

  • OPTIM/MINOR: No need to return Error to the main loop when handling Ingress services

  • REORG: Refactoring ConfigMaps

  • REORG: Change FrontendRulesStatus/BackendSwitchingStatus to FrontendRulesModified/BackendSwitchingModified

  • DOC/MAJOR: generate docs from yaml

  • BUILD: CI: add basic linter checks to gitlab ci

  • MINOR: Reload HAProxy when creating new server slots

  • BUG/MEDIUM: Unavailable TargetPort should not yield an error and prevent processing backend servers

  • BUG/MINOR: k8s: be more resilient to api errors

  • CLEANUP/MINOR: tests: separate logic and data

  • TEST/MINOR: test for nbthread 1

  • BUILD/MINOR: increase Go version to 1.15

  • TEST/MAJOR: add action for kind test

  • BUILD/MAJOR: kind: add example of kind setup for ingress controller

  • TEST/MAJOR: Add tests for global annotations

  • MAJOR: move global annotations to a seperate package

  • BUG/MINOR: Require controller update when configmaps are deleted

  • Merge branch ‘issues/82’ of https://github.com/prometherion/kubernetes-ingress into master

  • DOC/MINOR: documenting configmap-errorfile Controller flag

  • MINOR: typos on func names

  • MINOR: k8s: adding errorfile ConfigMap handling

  • MINOR: add confimap namepsace to whitelisted namespaces

  • MINOR: setting the default period of informers cache resync to 10m

  • CLEANUP/MINOR: remove double resource declaration from RBAC role

  • BUG/MEDIUM: Preserve source IP when chaining frontends.

  • BUG/MEDIUM: Enabling ssl-passthrough may break ssl offloading

  • MINOR: deploy manifests: Add update verb to ingress resources

  • MINOR: Fix typos in API functions

  • BUG/MINOR: API: GetConfig, don’t return unsupported option when config is not used.

  • MINOR: global-annotations: use config-parser/types when calling HAProxy API

  • BUG/MINOR: logging: correctly print logTarget

  • DOC/MINOR: Add HTTP/2 description in server-ssl annotation

  • MINOR: logs: referencing to the default TLS certificate

  • FEATURE/MINOR: whitelist: listen only for events from whitelisted namespaces

  • FEATURE/MINOR: maps: check for modification withouth content creation

  • BUG/MINOR: annotations: exclude deleted hosts from map files.

  • BUG/MINOR: Revert: annotations: fix issues with key generating from inappropriate data.

  • CLEANUP/MINOR: resolve linting errors: remove unused func

  • OPTIM/MEDIUM: kubernetes: cache resync period customizable via annotation

  • OPTIM/MEDIUM: k8s: using Shared Informers via factory

  • OPTIM/MINOR: increasing Kubernetes informe cache resync period

  • CLEANUP/MINOR: move hadling of proxy protocol and default cert outside of controller

  • FEATURE/MAJOR: add interfaces for updating config

  • BUG/MAJOR: monitor: reset hadChanges after successful update

  • BUG/MEDIUM: maps: sort rows before generating content

  • BUG/MINOR: annotations: don’t write deleted hosts to map file

  • BUG/MINOR: annotations: skip rules if not rules are set on ingress

  • CLEANUP: maps: rename hosts to rows.

  • FEATURE/MINOR: whitelist/blacklist: use map files instead of inline list

  • BUG/MINOR: annotations: fix issues with key generating from inappropriate data.

  • BUG/MINOR: maps: Fix issues with file removal.

  • BUILD/MEDIUM: k8s: upgrade k8s client to v0.18.5

  • MINOR: Add endpoint for memory profiling with pprof

  • BUG/MINOR: use lower-case letters for log-format variables

  • BUG/MINOR: tls secrets: check that both the key and the crt are not empty

  • BUG/MEDIUM: Controller won’t reload HAProxy as it should be when application endpoints are updated

  • BUILD/MEDIUM: Use latest 2.1 tag for the haproxy docker image

  • MINOR: backend: allowing proxy protocol via annotation

  • MINOR: remove deprecated “http-use-htx” from stats section

  • MINOR: Add timezone support for logs streaming

  • MINOR: removing replicas from DaemonSet

  • BUG/MEDIUM: Fix unmatched acl in response-set-header

  • MINOR: Make (session persistence) cookies configurable via the config-snippet annotation

  • MEDIUM: Add config-snippet to global and backend sections

  • MINOR: Add automatic H2 support for backends when enabling ssl on backend server lines

  • BUG/MINOR: global-annotations: fix incorrect reload assignement

  • REORG/MINOR: global-annotations: use switch statement when possible

  • MEDIUM: Add logging messages for debug

  • BUG/MAJOR: client-native: activate file validation

  • MINOR: Ignore empty fields in syslog params

  • REORG/MEDIUM: Move config-parser usage for global annotations to HAProxy API package

  • REORG/MAJOR: Move HAProxy API code to haproxy package

  • BUILD/MEDIUM: upgrade haproxy packages to v2

  • BUG/MINOR: logs: remove empty lines

  • BUG/MINOR: ingress: warn about ingress misconfiguration

  • CLEANUP: cleanup startup logs

  • BUG/MINOR: Don’t ignore server annotations with EMPTY status when updating backend server

  • MINOR: Add support for ExternalName services

  • DOC: Group logging options in same section

  • DOC: grouping global options in same section

  • MINOR: Add default options: http-server-close, http-keep-alive, dontlognull, logasap

  • OPTIM/MINOR: refactor ActiveTransactionHasChanges in global annotations

  • BUILD: HAProxy: update to version 2.1.4

  • DOC/MINOR: Fix wrong link for community slack

  • BUILD: Update check-commit action to v1.1.1

  • CLEANUP/MINOR: log: remove LogErr and PanicErr

  • MAJOR: add log levels

  • BUG/MAJOR: configmap: always create configmap

  • MINOR: move ConfigMap to controller namespace in k8s deploy file

  • MEDIUM: Make configMap optional

  • BUILD: Update check-commit actoin to v1.1.0

  • BUILD/MINOR: Fix Linting error in commit 1ce463d70d2

  • OPTIM/MINOR: Ignore the port part when matching for HTTP redirects

  • DOC: Add timeouts documentation

  • MINOR: Add client-fin and server-fin timeouts

  • BUG/MINOR: Fix incorrect restart/reload handling with globalAnnotation

  • minor: Fixed typo in filename: haproxy-ingress-daemonset.yaml.

  • DOC: typos on docblock and docs

  • OPTIM/MINOR: controller: configurable controller sync period

  • BUILD: Update github workflow to add check-commit action

  • BUG/MINOR: Fix setupTestEnv to cope with haproxy config dir changes

  • MEDIUM: Make controller handles directly HAProxy process instead of relying on init.d script

  • MINOR: Provide HAProxyCfgDir as a default place for HAProxy configuration

  • FEATURE/MEDIUM: Add response-set-header config and functionality.

  • REORG: Low risk, renamed FrontendHTTPRules to FrontendHTTPReqRules.

  • DOC/MINOR: readme: Typo on HAProxy Community Slack link

  • BUG/MINOR: Fix incorrect reload check with syslog-server annotation

  • MINOR: Sort backendSwitching rules across different ingresses

  • BUG/MEDIUM: fix set-var parsing bug in config-parser

  • BUILD: Update linter to v1.24.0

  • BUG/MEDIUM: Fix deprecated actions in tcp-request rule

  • BUILD: Upgrade Golang version to 1.14.2

  • MINOR: Ignore the port part when matching hosts against ingress rules

  • BUG/MINOR: Missed client-native update required for rewrite-path

  • MINOR: Add path-rewrite annotation

  • MINOR: Add set-host annotation

  • MEDIUM: Add support for http-request rules in the backend

  • REORG: Prefix “Frontend” word to fields holding HTTP rules.

  • REORG: Put service related code in a seperate file

  • REORG: Move Backend and Server configuration in HAProxy package

  • BUILD: Use config-parser v2.0

  • CLEANUP/MEDIUM: Use same reload flag

  • REFACTOR/MINOR: refactor global annotations

  • MINOR: Add log-format annotation to customize HTTP traffic logging

  • BUG/MINOR: Propagate ADDED status of ingress to its tls secrets

  • BUG/MINOR: Updated of default TLS secret are ignored.

  • BUG/MINOR: Ensure that certificate provided via –default-ssl-certificate is used as default certificate

  • REFACTOR/MINOR: Refactor code for HAProxy service start,restart,reload

  • MINOR: Restart HAProxy when logging to stdout

  • MEDIUM: Make use of master-worker mode to reload HAProxy

  • BUILD: HAProxy: update to version 2.0.14

  • BUG/MINOR: Refresh map files after refreshing HAProxy rules

  • MEDIUM: Enable rate-limiting by ingress

  • BUG/MINOR: tcp accept rule in ssl-passthrough frontend is stopping rules evaluation.

  • REFACTOR: Follow up on spec refactor, changing ID to index

  • REFACTOR: Follow up on spec refactor, changing cookie Domain to Domains

  • MINOR: Add blacklisting Acess Control

  • BUG/MEDIUM: default tcp log-format conflicts with ssl-passthrough

  • BUG/MINOR: Check empty sample in RequestCapture before rule modification.

  • BUG/MINOR: Empty Map Files are created whith SSLRedirect

  • BUG/MINOR: Map Refresh does not return correct needReload flag.

  • MINOR: Exit when receiving SIGTERM or SIGUSR1

  • DOC: Add Discussion section in README

  • DOC: Update contributing section

Next up

Install the HAProxy Kubernetes Ingress Controller