Releases: netscaler/netscaler-helm-charts
Helm chart release notes for Citrix Ingress Controller version 1.33.4
This release note contains information about the Helm chart-related changes for the Citrix ingress controller version 1.33.4
Enhancements
Support for increased prefix length
When you specify the prefix name for NetScaler entities for applications, the prefix name length is enhanced from 7 to 15. When you upgrade Citrix ingress controller to a new version and change the prefix name to a larger value, old entities are not renamed and all entities are newly created. To avoid any stale configuration with the old prefix, you can either delete the ingress and reapply after the upgrade or delete the stale configuration with older prefixes manually from NetScaler.
Support for HTTP PATCH method
PATCH is an HTTP method for changing or adding data to existing resources. Now, the PATCH HTTP method is supported with authentication, authorization, rate limit, BOT, and WAF policy CRDs.
Helm chart release notes for Citrix Ingress Controller version 1.32.7
This release note contains information about the Helm chart-related changes for the Citrix ingress controller version 1.32.7.
What's new
NetScaler provides a kubectl plug-in netscaler-k8s
to inspect ingress controller deployments and aids in troubleshooting operations.
You can inspect NetScaler configuration and related Kubernetes components using the subcommands available with this plug-in.
Fixed issues
- If an Ingress resource refers to the Listener resource, content-switching policies were getting disassociated from the content-switching virtual server after the Citrix ingress controller restart. This issue is fixed now.
- There was an erroneous entry for
device_fingerprint
in the BOT CRD definition due to which BOT CRDs were not getting applied. This issue is fixed now.
Enhancements
- Citrix ingress controller now supports multiple response codes in the GTP CRD. Earlier only one response code was allowed in the GTP CRD.
- Citrix ingress controller deployed with the scope
namespace
is now enhanced to process CRDs in the local namespace. Earlier, it was only supporting Ingress resources.
Known issues
- Bot CRD definition is updated in this release. If Bot CRD has been installed using Helm chart, Helm upgrade to this release won't work. You will have to delete and reinstall the Helm chart in this case.
Helm chart release notes for ADM Agent Onboarding version 1.1.0
This release note contains information about the Helm chart-related changes for the ADM agent onboarding version 1.1.0.
What's new
This release of the ADM agent onboarding enables you to provide the name of the Kubernetes cluster that needs to be registered with the ADM service. You can also provide the Kubernetes API URL that should be registered in the ADM service. This enhancement simplifies the user experience while registering multiple Kubernetes clusters in the ADM service.
The following parameters are added to the Helm chart as part of this enhancement:
- apiURL
: Provides the Kubernetes API URL in the https://<host>:port
format.
- clusterName
: Specifies the Kubernetes cluster name to be registered in the ADM servi
Helm chart release notes for Citrix ingress controller version 1.31.3
Fixed issues
In this release, Citrix ingress controller is enhanced to handle large-scale services in an improved and optimized approach.
Helm chart release notes for Citrix ADC Observability Exporter 1.5.001
Helm chart release notes for Citrix ADC Observability Exporter 1.5.001
This release note contains information about the Helm chart-related changes for the Citrix ingress controller version 1.5.001
Enhancements
- Added rate-limiting support for transactions in JSON-based endpoints: ElasticSearch, Splunk, and Zipkin. The following parameters are added to the Helm chart for rate-limiting support:
json_trans_rate_limiting.enabled
json_trans_rate_limiting.limit
json_trans_rate_limiting.queuelimit
json_trans_rate_limiting.window
For more information, see rate limiting support for transactions in ElasticSearch, Splunk, and Zipkin.
- You can now run Citrix ADC Observability Exporter as a non-root user named
coe_guest
with the user-id as1000
and the group-id as1000
.
Helm chart release notes for Citrix ingress controller v1.30.1
This release note contains information about the Helm chart-related changes for the Citrix ingress controller version 1.30.1.
Fixed issues
- Earlier, Citrix ingress controller was not binding the policies created for the CORS CRD to the load-balancing virtual server. This issue is now fixed.
- After the Citrix ingress controller reboot, certain entities related to the
HTTPRoute
were reapplied. This issue is now fixed. - Citrix ingress controller was skipping service modification events when
POD_IPS_FOR_SERVICEGROUP_MEMBERS
is enabled for a service of type LoadBalancer. This issue is fixed now. - While choosing the default certificate, Citrix ingress controller was selecting the certificate in the application namespace instead of the certificate in the namespace provided with the default SSL parameter. Now, Citrix ingress controller selects the certificate in the namespace provided with the default SSL parameter.
- For services of type LoadBalancer, Citrix ingress controller was binding certificates as non-server name indication (SNI) type in the SSL virtual server irrespective of whether SNI is enabled in the SSL profile or not. With this fix, if SNI is enabled in the SSL profile annotation for services of type LoadBalancer, then the certificates get bind as SNI in the SSL virtual server. If SNI is not enabled, certificates are bound as the non-SNI type.
- In the rewrite and responder policy, when the values in two key-value pairs of a string map are identical Citrix ingress controller was considering only one of the key-value pair configurations while applying the policy on the Citrix ADC. This issue is now fixed.
- When the
timeslice
field was missing in the Rate limit CRD, application configuration was failing on the Citrix ADC appliance. This issue is fixed now. - Earlier four HTTP methods namely
GET
,PUT
,POST
, andDELETE
were supported in authentication, authorization, rate limit, BOT, and WAF policies. Citrix ingress controller now supports four additional HTTP methods,HEAD
,OPTIONS
,TRACE
, andCONNECT
with these policies
Helm chart release notes for Citrix ingress controller v1.29.5
This release note contains information about the Helm chart-related changes for the Citrix ingress controller version 1.29.5.
What’s new
Fixed issues
- If an ingress has an empty TLS section, Citrix ingress controller was configuring CS virtual server as SSL type by default. Now, Citrix ingress controller creates an SSL virtual server only if a default certificate is provided.
- CS virtual server creation was failing for the Ingress resource, when an application is exposed with
ANY
as protocol and port as*
in the Ingress resource. This issue is now fixed. - Citrix ingress controller was not fully provisioning the SSL profile after the Citrix ADC CPX restart. This issue is fixed now.
Enhancements
The following new parameters are introduced in the Helm chart:
profileSslFrontend
: Specify this parameter to set the front-end SSL profile.profileTcpFrontend
: Specify this parameter to set the front-end TCP profile.profileHttpFrontend
: Specify this parameter to set the front-end HTTP profile
Using the respective parameter, you can enable or disable SSL, TCP, and HTTP features for multiple Ingresses that shares a common front-end IP address.
Helm chart release notes for Citrix ingress controller v1.28.2
This release note contains information about the Helm chart related changes for the Citrix ingress controller version 1.28.2.
Enhancements
- Updated CPX version to 13.1-37.38 in Citrix Netscaler CPX with CIC helm chart
Deploying Citrix ingress controller with minimal privileges
- A new parameter
rbacRole
is introduced in the Helm chart to enable you to deploy Citrix ingress controller with minimal privileges for a particular namespace withRole
binding. You can set this parameter totrue
to deploy Citrix ingress controller withRole
binding. By default, Citrix ingress controller gets installed withClusterRole
binding and this parameter is set asfalse
.
Fixed issues
- When Citrix IPAM controller is already configured and Citrix ingress controller is provided with
NS_VIP
andNS_SVC_LB_DNS_REC
DNS records were getting created spuriously even for virtual IP addresses assigned usingNS_VIP
. This behavior was occurring for services of typeLoadBalancer
. Now, DNS address records are added on Citrix ADC only for the IP addresses assigned by Citrix IPAM controller.
Helm Chart release notes for Citrix CPX Istio Sidecar Injector v1.14.1
Helm Chart Release Notes for Citrix CPX Istio Sidecar Injector v1.14.1
This release note contains information about the Helm chart related changes for the Citrix CPX Istio Sidecar Injector v1.14.1.
What’s new
New mutatingwebhook for NetScaler CPX Sidecar Injector
A new mutatingwebhook configuration is added in the CPX sidecar injector deployment. The mutatingwebhookconfig object.cpx-sidecar-injector.citrix.io
ensures that the NetScaler CPX would be injected as a sidecar proxy in the application pod if it is labeled with sidecar.citrix.io/inject
. The injection will happen even if the namespace is not labelled with cpx-injection=enabled
.
Change of names of the mutatingwebhookconfigurations
The mutatingwebhook sidecar-injector.istio.io has been renamed as cpx-sidecar-injector.citrix.io
. This webhook is responsible to inject NetScaler CPX as a sidecar proxy in the pod based on the namespace label.
Helm chart release notes for Citrix ingress controller v1.27.15
This release note contains information about the Helm chart related changes for the Citrix ingress controller version 1.27.15.
What's new
Configuring wildcard DNS domains through Citrix ingress controller
Wildcard DNS domains are used to handle requests for non-existent domains and subdomains. Now, Citrix ingress controller supports configuring wildcard DNS domains on a Citrix ADC. A new CRD wildcarddnsentry is introduced to support wildcard DNS domains.
For more information, see Configuring wildcard DNS domains through Citrix ingress controller.
Open policy agent support for Kubernetes with Citrix ADC
Open policy agent (OPA) is an open source, general-purpose policy engine that unifies policy enforcement across different technologies and systems. Now, Citrix ingress controller supports OPA through the HTTP callout.
For more information, see Open policy agent support for Kubernetes with Citrix ADC.
Fixed issues
-
When distributed tracing is enabled for service mesh lite deployments, the
service
parameter was mandatory in the analytics configuration ConfigMap. If theservice
parameter is missing, distributed tracing was not working. This issue is fixed now. -
Canary header values at Citrix ADC are not updated, when the existing ingress is updated with new Canary header values using the Ingress annotation. This issue is fixed now.
-
For service mesh lite deployments, service group members were not binding earlier. This issue is fixed now.
-
During Citrix ingress controller boot up pre-validation checks, tracebacks were happening while checking connection with Citrix ADC. This issue is fixed now.
-
Bot management policies were not getting configured on Citrix ADC VPX version 13.0 with the latest Citrix ingress controller versions. This issue is fixed now.
Enhancements
- A new parameter
optimizeEndpointBinding
is introduced in the Helm chart to enable or disable binding of back-end endpoints to a service group in a single API call. Acceptable values areTrue
andFalse
. Enabling this parameter is recommended when there are large number of endpoints (pods) per application. This enhancement is applicable only for Citrix ADC release 13.0–45.7 and higher versions.