Helm chart release notes for Citrix ingress controller v1.23.10

This release note contains information about the Helm chart related changes for the Citrix ingress controller version 1.23.10

What’s new

Listener CRD support for Ingress using annotations

Citrix ingress controller already provides content routing CRDs such as the Listener CRD for front-end configurations and HTTProute for back-end routing logic. Now, Listener CRD can be applied for Ingress resources using an annotation provided by Citrix. Through this feature, you can use the Listener CRD for your Ingress resource and separate the creation of the front-end configuration from the Ingress definition. Hence, NetOps can separately define the Listener resource to configure front-end IP, certificates, and other front-end parameters (TCP, HTTP, and SSL). Any configuration changes can be applied to the listener resources without changing each Ingress resource.

Support for setting log Format to JSON

Now, you can view Citrix ingress controller log messages in the JSON format.

Enhancements

• Now you can set the resources limit for individual containers through the Helm chart. An ability to set podAnnotations and affinity is also provided.
• Added a new parameter disableOpenshiftRoutes to the Helm chart. If the value of this parameter is set to true, then OpenShift routes are not processed.

Fixed issues

• Earlier, if an Ingress resource and an OpenShift route have the same name and the OpenShift route does not belong to a valid route sharding then the Ingress resource was getting unconfigured. This issue is fixed now.
• When a service of type LoadBalancer was modified and IPAM controller was used for the IP address configuration, Citrix ingress controller was repeatedly configuring and unconfiguring the service earlier. This issue is fixed now
• Earlier, while deploying the latest version of the multi-cluster ingress controller the following error was getting displayed:
  AttributeError: ‘IngressCRDInstance’ object has no attribute ‘listener_mode’. Now, this issue is fixed.
• When Citrix ADC was rebooting, the following traceback was getting displayed earlier:
  TypeError: ‘NoneType’ object is not iterable. Now, this issue is fixed.
• After the re-creation of Ingress, CRD policies were not getting bound to load balancing virtual servers. This issue is now fixed.

Helm Chart Release Notes for Citrix xDS-adaptor v0.10.1

Helm Chart Release Notes for Citrix xDS Adaptor v0.10.1

This release note contains information about the Helm chart related changes for the Citrix xDS Adaptor version 0.10.1

What's new

Compatible with Istio v1.12

Helm charts are updated to be compatible with Istio v1.12.

Labels in xDS-adaptor

Helm charts are enhanced to push pod's labels in the container filesystem and then same can be used by Citrix xDS-Adaptor to push labels in metadata to Istiod.

Support of new CPX sidecar injector webhook and certgen services

Citrix xDS-adaptor based deployments rely on Citrix ADC CPX sidecar injector webhook. Sidecar injector webhook service has been enhanced to insert labels in the pod during sidecar-injection.
Helm charts are updated to accept customer input about labels to be injected in the sidecar pod.

Helm Chart release notes for Citrix Ingress Controller v1.22.7

This release note contains information about the Helm chart related changes for the Citrix ingress controller version 1.22.7.

What's new

• You can now apply policies such as rewrite responder, rate limit, auth, WAF, and bot for ingress resources and services of type load balancer by referring them using annotations. Using this feature, when there are multiple services in an Ingress resource, you can apply CRDs for a specific service or all the services based on your requirements.
• CRD definition files for Rewriter-Responder, WAF, Auth, Bot, and Ratelimit CRDs are updated and servicenames key is not mandatory now for these CRDs.

Fixed issues

• For deployments where Citrix ADC CPX acts as tier-1, endpoints were not getting added if Citrix IPAM controller is not deployed. This issue is fixed now.

Helm Chart release notes for Citrix Node Controller 2.2.9

This release note contains information about the Helm chart related changes for the Citrix node controller version 2.2.9.

Fixed Issues

• OVN CNI is now supported.

Helm Chart release notes for Citrix Ingress Controller 1.21.9

This release note contains information about the Helm chart related changes for the Citrix ingress controller version 1.21.9.

Enhancements

• Citrix ingress controller now supports WAF features such as request side streaming, configuring RFC profile, and grammar based SQL injection detection support.
• Previously Ingress status was updated with an external IP address only when Citrix ingress Controller is started with the –update-ingress-status argument configured as yes. Now, Ingress status is updated with an external IP address by default for tier-1 deployments. This argument –update-ingress-status configured as yes is required for tier-2 deployments with Citrix ADC CPX for updating the ingress status with external IP addresses.
• For multi-cluster Ingress, Citrix ingress controller now supports HTTPS monitors with SNI enabled by default during the TLS handshake.
• For multi-cluster Ingress, Citrix ingress controller now supports source IP persistence.
• Citrix ingress controller feature-node-watch now supports OpenShift OVN CNI.

Fixed issues

• Earlier, OpenShift feature-node-watch was not configuring the correct routes on the Citrix ADC after the node modify event for OpenShift-SDN CNI. This issue is now fixed.
• Sometimes Listener CRD was failing to create cipher groups due to the name size limit of 39 characters. This issue is fixed by using the hash to limit the name size to 39 characters.
• The ingress.citrix.com/csvserver annotation was getting applied only when the first ingress belonging to the content switching virtual server is created. Now, this annotation gets applied regardless of the order of ingresses.
• In the Citrix ADC CPX BGP deployment, service of type LoadBalancer status was not getting updated with external IP sometimes. This issue is fixed.
• Citrix ingress controller now supports the modification of service of type LoadBalancer by clearing the stale entries in Citrix ADC. This modification includes any port group and annotation modifications.
• While adding domain name servers through ConfigMap for tier 1 Citrix ADC, the existing domain name server configuration on Citrix ADC VPX was getting deleted if the existing configuration was not specified as part of the ConfigMap. Now, this issue is fixed.
• Earlier, When Citrix ingress controller was configuring existing alternate backend routes on OpenShift during boot-up, an error keyError: 'weighted_abpol' may occur. Now, it is fixed.

Helm Chart Release notes for Citrix Node Controller v2.2.8

Fixed Issues

• Earlier, when you use the Weave CNI and a worker node is removed all routes were getting deleted. This issue is fixed now.
• The value of theCNI_TYPE environment variable that specifies the CNI used in the Kubernetes cluster is now case-insensitve. Earlier it was case-sensitive.

Helm Chart release notes for Citrix Ingress Controller v1.20.5

Helm chart release notes for Citrix ingress controller v1.20.5

This release note contains information about the Helm chart related changes for the Citrix ingress controller version 1.20.5.

What's New

Traffic management for external services

Now, you can configure Citrix ADC as domain name resolver for external services and enable traffic management.

Enhancements

• You can now disable API certificate verification by setting the parameter disableAPIServerCertVerify as true while communicating with the API server from Citrix ingress controller or multi-cluster ingress.

Helm Chart release notes for Citrix Ingress Controller v1.19.6

What's New

Support for alternate backends for OpenShift routes

Alternate backends for OpenShift routes are now supported by Citrix ingress controller.

Fixed issues

• In OpenShift routes, the targetPort field in the route represents the port of the pod. However, Citrix ingress controller was treating targtePort as a service port similar to the way it treats ingress. Hence, Citrix ingress controller was unable to handle destination services where targetPort is different from the service port. This issue is fixed now.

Enhancements

• Now, Citrix ingress controller supports binding default certificates in OpenShift routes.
• Earlier, front-end profiles for TCP, HTTP, and SSL were supported but the profile must be specified as part of a separate ingress called the front-end ingress. With this enhancement, you can specify front-end profiles as part of the regular ingress.

Helm Chart release notes for Citrix Node Controller version 2.2.7

Fixed Issues

• Router pods were getting created even when the user provides wrong credentials to access Citrix ADC. This issue is fixed now.
• Improved exception handling if there is a wrong user input or unauthorised Citrix ADC access.

Helm chart release notes for Citrix ingress controller 1.18.5

Helm chart release notes for Citrix ingress controller 1.18.5

This release note contains information about the Helm chart related changes for the Citrix ingress controller version 1.18.5.

What's new

• Added support for Kubernetes version 1.22.