Skip to content

Latest commit

 

History

History
188 lines (147 loc) · 7.08 KB

CHANGELOG.md

File metadata and controls

188 lines (147 loc) · 7.08 KB
Raw

CHANGELOG

v0.5-beta.3

Fixes and improvements since v0.5-beta.2

  • Fix sync of excluded secrets - #102
  • Fix config with long fqdn - #112
  • Fix non ssl redirect on default backend - #120

v0.5-beta.2

Fixes and improvements since v0.5-beta.1

  • Fix reading of txn.path on http-request keywords - #102

v0.5-beta.1

Breaking backward compatibility from v0.4:

  • TLS certificate validation using only SAN extension - common Name (CN) isn't used anymore. Add --verify-hostname=false command-line option to bypass hostname verification
  • ingress.kubernetes.io/auth-tls-secret annotation cannot reference another namespace without --allow-cross-namespace command-line option
  • tcp-log-format configmap option now customizes log of TCP proxies, use https-log-format instead to configure log of SNI inspection (https/tcp frontend)

Fixes and improvements since v0.4

  • Change from Go 1.8.1 to 1.9.2
  • Implement full config of default backend - #73
  • Fix removal of TLS if failing to read the secretName - #78
  • New annotations:
    • Rewrite path support - doc
      • ingress.kubernetes.io/rewrite-target
    • Rate limit support - doc
      • ingress.kubernetes.io/limit-connections
      • ingress.kubernetes.io/limit-rps
      • ingress.kubernetes.io/limit-whitelist
    • Option to include the X509 certificate on requests with client certificate - doc
      • ingress.kubernetes.io/auth-tls-cert-header
    • HSTS support per host and location - doc
      • ingress.kubernetes.io/hsts
      • ingress.kubernetes.io/hsts-include-subdomains
      • ingress.kubernetes.io/hsts-max-age
      • ingress.kubernetes.io/hsts-preload
  • New configmap options:
    • Option to add and customize log of SNI inspection - https/tcp frontend - doc
      • https-log-format
    • Option to load the server state between HAProxy reloads - doc
      • load-server-state
    • Custom prefix of client certificate headers - doc
      • ssl-headers-prefix
    • Support of Host header on TLS requests without SNI extension - doc
      • use-host-on-https
  • New command-line options:
    • Custom rate limit of HAProxy reloads - doc
      • --rate-limit-update
    • Support of loading secrets between another namespaces - doc
      • --allow-cross-namespace
    • TCP services - doc
      • --tcp-services-configmap
    • Option to skip X509 certificate verification of the hostname - doc
      • --verify-hostname

v0.4

Fixes and improvements since v0.3

v0.4-beta.2

Fixes and improvements since v0.4-beta.1

  • Fix global maxconn configuration
  • Add X-Forwarded-Proto: https header on ssl/tls connections

v0.4-beta.1

Fixes and improvements since v0.3

  • Add dynamic scaling - doc
  • Add monitoring URI - doc
  • Add PROXY protocol configmap options - doc
    • UseProxyProtocol
    • StatsProxyProtocol
  • Add log format configmap options - doc
    • HTTPLogFormat
    • TCPLogFormat
  • Add stick session ingress annotations - doc
    • ingress.kubernetes.io/affinity
    • ingress.kubernetes.io/session-cookie-name
  • Support for wildcard hostnames
  • Better and faster synchronization after resource updates
  • Support k, m and g suffix on proxy-body-size annotation and configmap option - doc
  • HTTP 495 and 496 error pages on auth TLS errors
  • Add TLS error page ingress annotation
    • ingress.kubernetes.io/auth-tls-error-page
  • Add support to SSL/TLS offload outside HAProxy on a configmap option - doc
    • https-to-http-port
  • Add support to host alias on ingress annotation - doc
    • ingress.kubernetes.io/server-alias
  • Fix multibinder goes zombie #51 updating to multibinder 0.0.5
  • Add X-SSL headers on client authentication with TLS
    • X-SSL-Client-SHA1
    • X-SSL-Client-DN
    • X-SSL-Client-CN

v0.3

Fixes and improvements since v0.2.1

v0.3-beta.2

Fixes and improvements since v0.3-beta.1

  • Add haproxy as the default value of --ingress-class parameter
  • Fix create/remove ingress based on ingress-class annotation

v0.3-beta.1

Fixes and improvements since v0.2.1

Breaking backward compatibility:

  • Move template to /etc/haproxy/template/haproxy.tmpl
  • Now ingress.kubernetes.io/app-root only applies on ingress with root path /

Other changes and improvements:

  • Reload strategy with native and multibinder options
  • Ingress Controller check for update every 2 seconds (was every 10 seconds)
  • New ingress resource annotations
    • ingress.kubernetes.io/proxy-body-size
    • ingress.kubernetes.io/secure-backends
    • ingress.kubernetes.io/secure-verify-ca-secret
    • ingress.kubernetes.io/ssl-passthrough
  • New configmap options
    • balance-algorithm
    • backend-check-interval
    • forwardfor
    • hsts
    • hsts-include-subdomains
    • hsts-max-age
    • hsts-preload
    • max-connections
    • proxy-body-size
    • ssl-ciphers
    • ssl-dh-default-max-size
    • ssl-dh-param
    • ssl-options
    • stats-auth
    • stats-port
    • timeout-client
    • timeout-client-fin
    • timeout-connect
    • timeout-http-request
    • timeout-keep-alive
    • timeout-server
    • timeout-server-fin
    • timeout-tunnel

v0.2.1

Fixes and improvements since v0.2

  • Fixes #14 (Incorrect X-Forwarded-For handling)

v0.2

Fixes and improvements since v0.1

  • White list source IP range
  • Optionally force TLS connection
  • Basic (user/passwd) authentication
  • Client certificate authentication
  • Root context redirect

v0.1

Initial version with basic functionality

  • rules.hosts with paths from Ingress resource
  • default and per host certificate
  • 302 redirect from http to https if TLS (default or per host) is provided
  • syslog-endpoint from configmap