Release 1.36.5

Version 1.36.5

What's new

Direct export of metrics to Prometheus

NetScaler ingress controller now supports directly exporting metrics from NetScaler to Prometheus. For more information, see Exporting metrics directly to Prometheus.

Fixed issues

• When you modify the Ingress or service class of an Ingress resource or a load balancer service from a supported to an unsupported class, NetScaler ingress controller now automatically clears stale VIP addresses on the respective Ingress and service resources.
• Multiple NetScaler ingress controllers in the same cluster were causing a loop of creating and deleting VIPs. Now, this issue is fixed.

Release 1.35.6

Version 1.35.6

What's new

The existing Multi-cluster ingress and load balancing solution is now renamed to NetScaler GSLB controller for applications deployed in distributed Kubernetes clusters.

Enhancements

The following enhancements are introduced for NetScaler GSLB controller:

• Optimized the GSE CRD instance reference handling in global traffic policy (GTP).
• Improvement in handling of GTP destination fields such as region, and cluster name.

Release 1.34.16

Version 1.34.16

For NetScaler version 13.1-49.13 or later, Citrix ingress controller version 1.34.16 or later is required. For NetScaler versions prior to 13.1-49.13, older Citrix ingress controller versions are supported.

Fixed issues

• Citrix ingress controller now supports services with target port names. Earlier, services where the target port has a name instead of the port number were not supported and service groups were not configured properly. This issue is fixed now.
• You can now use Citrix ingress controller deployment RBAC Role: kind: IngressClass to associate a particular ingress resource with the ingress controller.
• When Citrix ingress controller receives multiple unknown exceptions, it might terminate event processing. This issue is fixed now.

Enhancements

• Support for services of type ExternalName is enhanced to access services across different namespaces in a Kubernetes cluster.
  For more information, see Support for external name service.

Release version 1.33.4

Version 1.33.4

Enhancements

Support for increased prefix length

The prefix name length for NetScaler entities is enhanced from 7 to 15. When you upgrade Citrix ingress controller to a new version and change the prefix name to a larger value, old entities are not renamed and all entities are newly created. To avoid any stale configuration with the old prefix, you can either delete the ingress and reapply after the upgrade or delete the stale configuration with older prefixes manually from NetScaler.

Support for HTTP PATCH method

PATCH is an HTTP method for changing or adding data to existing resources. Now, the PATCH HTTP method is supported with authentication, authorization, rate limit, BOT, and WAF policy CRDs.

Release version 1.32.7

What's new

NetScaler provides a kubectl plug-in “netscaler-k8s” to inspect ingress controller deployments and aids in troubleshooting operations. You can inspect NetScaler config and related Kubernetes components using the subcommands available with this plug-in.
For more information, see the NetScaler kubectl plugin repository.

Fixed issues

• If an Ingress resource refers to the Listener resource, content-switching policies were getting disassociated from the content-switching virtual server after the Citrix ingress controller restart. This issue is fixed now.
• There was an erroneous entry for device_fingerprint in the BOT CRD definition due to which BOT CRDs were not getting applied. This issue is fixed now.

Enhancements

• Citrix ingress controller now supports multiple response codes in the GTP CRD. Earlier only one response code was allowed in the GTP CRD.
• Citrix ingress controller deployed with the scope namespace is now enhanced to process CRDs in the local namespace. Earlier, it was only supporting Ingress resources.

Note:
You must recreate the BOT CRD instance as per the new definition.

Release v1.31.3

Version 1.31.3

What’s new

Fixed issues

• In this release, Citrix ingress controller is enhanced to handle large-scale services in an improved and optimised approach.

Release v1.30.1

Version 1.30.1

What’s new

Fixed issues

• Earlier, Citrix ingress controller was not binding the policies created for the CORS CRD to the load-balancing virtual server. This issue is now fixed.

• After the Citrix ingress controller reboot, certain entities related to the HTTPRoute were reapplied. This issue is now fixed.

• Citrix ingress controller was skipping service modification events when POD_IPS_FOR_SERVICEGROUP_MEMBERS is enabled for a service of type LoadBalancer. This issue is fixed now.

• While choosing the default certificate, Citrix ingress controller was selecting the certificate in the application namespace instead of the certificate in the namespace provided with the default SSL parameter. Now, Citrix ingress controller selects the certificate in the namespace provided with the default SSL parameter.

• For services of type LoadBalancer, Citrix ingress controller was binding certificates as non-server name indication (SNI) type in the SSL virtual server irrespective of whether SNI is enabled in the SSL profile or not. With this fix, if SNI is enabled in the SSL profile annotation for services of type LoadBalancer, then the certificates get bind as SNI in the SSL virtual server. If SNI is not enabled, certificates are bound as the non-SNI type.

• In the rewrite and responder policy, when the values in two key-value pairs of a string map are identical Citrix ingress controller was considering only one of the key-value pair configurations while applying the policy on the Citrix ADC. This issue is now fixed.

• When the timeslice field was missing in the Rate limit CRD, application configuration was failing on the Citrix ADC appliance. This issue is fixed now.

• Earlier four HTTP methods namely GET, PUT, POST, and DELETE were supported in authentication, authorization, rate limit, BOT, and WAF policies. Citrix ingress controller now supports four additional HTTP methods, HEAD, OPTIONS, TRACE, and CONNECT with these policies.

Release 1.29.5

Version 1.29.5

Fixed issues

• If an ingress has an empty TLS section, Citrix ingress controller was configuring CS virtual server as SSL type by default. Now, Citrix ingress controller will create SSL virtual server only if a default certificate is provided.
• CS virtual server creation was failing for the Ingress resource when an application is exposed with ANY as protocol and port as * in the Ingress resource. This issue is now fixed.
• Citrix ingress controller was not fully provisioning the SSL profile after the Citrix ADC CPX restart. This issue is fixed now.

Release 1.28.2

Version 1.28.2

Enhancements

Deploying Citrix ingress controller with minimal privileges

• A new environment variable SCOPE is introduced. You can set the value of the SCOPE environment variable as local or cluster. When you set this variable as local, Citrix ingress controller is deployed with a Role binding that has limited privileges. You can use this option when you want to deploy Citrix ingress controller with minimal privileges for a particular namespace with Role binding. By default, the value of SCOPE is set as cluster and Citrix ingress controller is deployed with the ClusterRole binding. For more information, see deploy Citrix ingress controller for a namespace.

OpenShift Operator version update

• Citrix ingress controller OpenShift Operator version is now updated to 1.28.2.

Fixed issues

• When Citrix IPAM controller is already configured and Citrix ingress controller is provided with NS_VIP and NS_SVC_LB_DNS_REC, DNS records were getting created spuriously even for virtual IP addresses assigned using NS_VIP. This behavior was occurring for services of type LoadBalancer. Now, DNS address records are added on Citrix ADC only for the IP addresses assigned by Citrix IPAM controller.

Known issues

• RBAC Role does not support kind: IngressClass.

Release 1.27.15

Version 1.27.15

What's new

Configuring wildcard DNS domains through Citrix ADC ingress controller

Wildcard DNS domains are used to handle requests for non-existent domains and subdomains. Now, Citrix ingress controller supports configuring wildcard DNS domains on a Citrix ADC. A new CRD wildcarddnsentry is introduced to support wildcard DNS domains.

For more information, see Configuring wildcard DNS domains through Citrix ADC ingress controller.

Open policy agent support for Kubernetes with Citrix ADC

Open policy agent (OPA) is an open source, general-purpose policy engine that unifies policy enforcement across different technologies and systems. Now, Citrix ingress controller supports OPA through the HTTP callout.

For more information, see Open policy agent support for Kubernetes with Citrix ADC.

Fixed issues

• When distributed tracing is enabled for service mesh lite deployments, the service parameter was mandatory in the analytics configuration ConfigMap. If the service parameter is missing, distributed tracing was not working. This issue is fixed now.
• Canary header values at Citrix ADC are not updated when the existing ingress is updated with new Canary header values using the Ingress annotation. This issue is fixed now.
• For service mesh lite deployments, service group members were not binding earlier. This issue is fixed now.
• During Citrix ingress controller boot-up pre-validation checks, tracebacks were happening while checking connection with Citrix ADC. This issue is fixed now.
• Bot management policies were not getting configured on Citrix ADC VPX version 13.0 with the latest Citrix ingress controller versions. This issue is fixed now.
• Citrix ingress controller now gracefully handles unauthorized access to the Kubernetes API server due to the token expiry.

Enhancements

• A new environment variable OPTIMIZE_ENDPOINT_BINDING is introduced to enable or disable binding of back-end endpoints to a service group in a single API call. This variable is recommended when there are a large number of endpoints (pods) per application. This enhancement is applicable only for Citrix ADC release 13.0–45.7 and higher versions.