HAProxy Kubernetes Ingress Controller 1.10 is now available. HAProxy Enterprise Kubernetes Ingress Controller 1.10 is coming soon and will incorporate these same features. In this release, we added partial support for Gateway API, added new Docker image tags to Docker Hub to make it easier to pull the latest version, and implemented other minor improvements. HAProxy Kubernetes Ingress Controller 1.10 is built with HAProxy version 2.7. We discuss the changes in this version below.
Partial Gateway API support (TCPRoute)
HAProxy Kubernetes Ingress Controller 1.10 supports the parts of Gateway API relevant to routing TCP traffic. That is support for the TCPRoute resource. Such support benefits non-HTTP applications running in Kubernetes, such as databases.
Gateway API is a new way of defining traffic routing in Kubernetes, having moved to beta status last year. While Ingress is now a normal and ubiquitous way of defining how traffic flows, it is not quite possible to define everything with it. For example, Ingress does not include TCP routing.
Previous versions of HAProxy Kubernetes Ingress Controller provided support for TCP services by defining the port mappings in a ConfigMap. That implementation can be seen in the documentation for the –configmap-tcp-services startup argument. It is important to note that this established way of defining TCP services is still supported. This new API is an additional, more generalized way of routing TCP traffic.
To cover all possible routing options, Kubernetes introduced the concept of Gateway API. This is not part of the standard Kubernetes API but is implemented as an extension of it. The ingress controller supports Gateway API version 0.5.1.
We plan to implement more of Gateway API, such as HTTPRoute, in the future. To learn more about it, visit our Gateway API documentation.
Docker images
In HAProxy Kubernetes Ingress Controller 1.10, we’ve added new Docker image tags to Docker Hub, making it easier to pull the latest version.
Until recently, it was only possible to tag the haproxytech/kubernetes-ingress Docker images with the exact version number. For example, you could specify a tag of 1.9.6, but you could not specify 1.9.
Pinning a tag to a Docker image means setting an alias (such as 1.9.6 in the example of haproxytech/kubernetes-ingress:1.9.6) that points to a specific image ID. By default, if you do not set a tag, Docker pulls the latest tag, which can make upgrading in the future less predictable since you may jump from, say, version 1.8 to 1.10 by pulling the latest. There are benefits to being explicit about which version of an image you’re pulling. For one, staying within the same major/minor version until you are ready for a bigger upgrade reduces the chance of introducing a breaking change into your environment.
With recent changes you can pick whether, for example, you want to use 1.10.x or just use the 1.10 tag. This feature is also available for 1.9 and 1.8 versions of the ingress controller.
Dropping support for Beta versions of Ingress
Over two years ago, the Kubernetes Networking SIG (Special Interest Group) graduated the Ingress API to an official, general availability release and assigned it the networking.k8s.io/v1 API namespace. The extensions/v1beta1 and networking.k8s.io/v1beta1 namespaces are no longer needed and both are unavailable in Kubernetes versions 1.22 and newer. The networking.k8s.io/v1 namespace has been available since Kubernetes version 1.14.
Therefore, HAProxy Kubernetes Ingress Controller 1.10 drops support for these older namespaces on Ingress resources consumed by HAProxy Kubernetes Ingress Controller.
CPU quotas
HAProxy Kubernetes Ingress Controller 1.10 limits the number of threads it executes upon to match the Linux container’s CPU quota if that quota exists. Before this change, GOMAXPROCS had not been set to the correct value.
In Kubernetes, pods share CPU resources with other pods running on the same node. To avoid a pod from using more than its fair share, you can set limits on how much CPU time each pod can use. The installation for the ingress controller sets a CPU request for 500m, but it does not set a CPU limit. A big thanks to the folks who work on the automaxprocs project, from which we drew this functionality.
Contributions
We’d like to thank the code contributors who helped make this version possible!
Ivan Matmati |
|
Zlatko Bratkovic |
|
Dinko Korunic |
|
C Spargo |
|
Nick Ramirez |
|
Christian Hoffmeister |
|
BEN MANSOUR Mohamed Rafik |
|
Conclusion
The biggest update is the introduction of Gateway API. Version 1.10 allows additional ways of defining how TCP traffic can be routed. These features strengthen the flexibility of your ingress solution.
Interested in learning more about the HAProxy Kubernetes Ingress Controller? Subscribe to our blog!
Subscribe to our blog. Get the latest release updates, tutorials, and deep-dives from HAProxy experts.
