Helm chart release notes for NetScaler Ingress Controller and GSLB Controller version 2.2.11 and IPAM v2.0.2

This release note contains information about the Helm chart-related changes for the NetScaler Ingress Controller and GSLB controller version 2.2.11, and IPAM controller version 2.0.2.

Fixed issues

• The service account token generated in Azure Kubernetes for Kubernetes API authentication expires every hour. As a result, the controller restarts periodically to retrieve the newly generated token for continued authentication.

Helm chart release notes for NetScaler Ingress Controller and GSLB Controller version 2.2.10 and IPAM v2.0.1

This release note contains information about the Helm chart-related changes for NetScaler Ingress Controller and GSLB Controller version 2.2.10, as well as IPAM Controller version 2.0.1

What's new

Remote content inspection or content transformation service using ICAP

The Internet Content Adaptation Protocol (ICAP) is a simple lightweight protocol for running a value-added transformation service on HTTP messages. In a NetScaler setup, NetScaler (ICAP client) forwards HTTP requests and responses to one or more ICAP servers for processing. The ICAP servers perform content transformation on the requests and send back responses with an appropriate action to take on the request or response.

In a Kubernetes environment, to enable ICAP on NetScaler through NetScaler Ingress Controller, NetScaler provides the ICAP Custom Resource Definition (CRD). By enabling ICAP, you can perform the following actions:

• Block URLs with a specified string
• Block a set of IP addresses to mitigate DDoS attacks
• Mandate HTTP to HTTPS

For more information, see Remote content inspection or content transformation service using ICAP.

Infoblox integration with NetScaler IPAM Controller

With Infoblox integration, NetScaler IPAM controller assigns IP addresses to services, ingress, or listener resources from Infoblox. The following Helm chart parameters are introduced for Infoblox integration with NetScaler IPAM Controller:

• cluster (Mandatory) - Cluster name that is used to identify the cluster in which the IPAM controller is deployed.
• infoblox.enabled (Optional) - Boolean value that allows you to enable or disable the Infoblox integration with IPAM. Possible values are true or false.
• infoblox.gridHost (Mandatory) - Infoblox grid host IP address or FQDN.
• infoblox.credentialSecret (Mandatory) - Kubernetes secret created using Infoblox user credentials.
• infoblox.httpTimeout(Optional) - Infoblox client HTTP timeout in seconds.
• infoblox.maxRetries (Optional) - Infoblox client maximum retries in case of a failure.
• infoblox.netView (Optional) - Infoblox network view.
• infoblox.vipRange (Optional) - Infoblox IPAM VIP range.

Fixed issues

• After the NSIC upgrade, the CRD specifications in the cluster are deleted, causing the liveness and readiness probes to fail repeatedly. As a result, the NSIC pod gets stuck in a restart loop.

  For information on how to upgrade NSIC, see Upgrade NetScaler Ingress Controller.

• Canary deployment configuration using an ingress annotation such as ingress.citrix.com/canary-weight does not work in a namespace containing a hyphen ("-") in its name.

• When an NSIC pod restarts, SSL profiles are deleted for services of type LoadBalancer.

• NSIC creates a duplicate route entry with the same gateway on NetScaler when there is a change in the node pod CIDR.

Helm chart release notes for NetScaler Ingress Controller and GSLB Controller version 2.1.4

This release note contains information about the Helm chart-related changes for the NetScaler Ingress and GSLB Controller version 2.1.4.

What's new

Multi-monitor support for GSLB

In a GSLB setup, you can now configure multiple monitors to monitor services of the same host. The monitors can be of different types, depending on the request protocol used to check the health of the services. For example, HTTP, HTTPS, and TCP.

In addition to configuring multiple monitors, you can define additional parameters for a monitor. You can also define the combination of parameters for each monitor as per your requirement. For more information, see Multi-monitor support for GSLB
.

Note:

When you upgrade to NSIC version 2.1.4, you must reapply the GTP CRD using the following command: kubectl apply -f https://raw.githubusercontent.com/netscaler/netscaler-k8s-ingress-controller/master/gslb/Manifest/gtp-crd.yaml.

Support to bind multiple SSL certificates for a service of type LoadBalancer

You can now bind multiple SSL certificates as front-end server certificates for a service of type LoadBalancer by using the following annotations: service.citrix.com/secret and service.citrix.com/preconfigured-certkey. For more information, see SSL certificate for services of type LoadBalancer through the Kubernetes secret resource.

Fixed issues

• NSIC doesn't process node update events in certain cases.

Upcoming change

The Helm charts in repositories with the prefix citrix- will no longer be updated starting from the next NSIC release. You can use the equivalent charts available in repositories with the prefix netscaler-. Find the mapping below:

citrix-observability-exporter > netscaler-observability-exporter
citrix-node-controller > netscaler-node-controller
citrix-ingress-controller > netscaler-ingress-controller
citrix-ipam-controller > netscaler-ipam-controller
citrix-cpx-with-ingress-controller > netscaler-cpx-with-ingress-controller
citrix-gslb-controller > netscaler-gslb-controller
citrix-cloud-native > Use the Helm chart that is available in the individual product folder with the prefix netscaler-.

Helm chart release notes for NetScaler Observability Exporter version 1.10.001

This release note contains information about the Helm chart-related changes for NetScaler Observability Exporter 1.10.001.

Fixed issues

Fixed the issue of the kafka.broker parameter not accepting multiple bootstrap brokers. With this fix, the kafka.broker parameter now accepts a comma-separated list of bootstrap Kafka brokers. For example, X.X.X.X:9092,Y.Y.Y.Y:9092.

Helm chart release notes for NetScaler Ingress Controller and GSLB Controller version 2.0.6

This release note contains information about the Helm chart-related changes for the NetScaler Ingress and GSLB Controller version 2.0.6.

What's new

• The following Helm chart parameter has been added for the multi-cluster ingress solution. NetScaler multi-cluster ingress solution enables NetScaler to load balance applications distributed across clusters using a single front-end IP address. For more information on multi-cluster ingress, see Multi-cluster ingress.

  • multiClusterPrefix: Specifies the multi-cluster prefix for an NSIC instance that is part of the multi-cluster ingress setup. You must specify the same value for the multiClusterPrefix parameter for each NSIC instance that is part of the multi-cluster ingress setup. For a different set of NSICs in another multi-cluster ingress setup configuring the same NetScaler, the multiClusterPrefix value must be consistent across NSIC instances but different from the value used in the other set.

• The following Helm chart parameters have been added for analytics configuration using ConfigMap.

  • analyticsConfig.endpoint.metrics.service: Set this value as the IP address or DNS address of the observability endpoint.

  • analyticsConfig.endpoint.transactions.service: Set this value as the IP address or namespace/service of the NetScaler Observability Exporter service.

    Notes:

    • Starting from NSIC release 2.0.6, analyticsConfig.endpoint.metrics.service replaces analyticsConfig.endpoint.server.
    • Starting from NSIC release 2.0.6, analyticsConfig.endpoint.transactions.service replaces analyticsConfig.endpoint.service.
    • If you are upgrading from any NSIC Helm chart version 1.x to 2.x, note down the metrics_endpoint (analyticsConfig.endpoint.server) and transactions_endpoint (analyticsConfig.endpoint.service) values, and then upgrade using the following set parameters in Helm upgrade: --set analyticsConfig.endpoint.metrics.service=<metrics_endpoint>,analyticsConfig.endpoint. transactions.service=<transactions_endpoint>.

Helm chart release notes for NetScaler ADM Agent version 141.31.38

This release note contains information about the Helm chart-related changes for the NetScaler ADM Agent version 141.31.38.

What's fixed

• HPA is disabled for ADM Agent Core Container.

Helm chart release notes for NetScaler Ingress Controller and GSLB Controller version 1.43.7

This release note contains information about the Helm chart-related changes for NetScaler Ingress Controller (NSIC) and GSLB Controller version 1.43.7

What's new

• You can now enable and configure Liveness and Readiness probes for NSIC using the following Helm chart variables:

  • enableLivenessProbe (optional): Enables Liveness probe for NSIC and CPX. Configurable values are True and False. enableLivenessProbe is set to True by default.
  • enableReadinessProbe (optional): Enables Readiness probe for NSIC. Configurable values are True and False. enableReadinessProbe is set to True by default.
  • enableStartupProbe (optional): Enables Startup probe for CPX. Configurable values are True and False.
    enableStartupProbe is set to True by default.
  • readinessProbe (optional): Enables you to configure the settings for Readiness probe. You can configure the following parameters: initialDelaySeconds, periodSeconds, failureThreshold, and successThreshold. For information about these parameters, see Kubernetes documentation.
  • livenessProbe (optional): Enables you to configure the settings for Liveness probe.
  • startupProbe (optional): Enables you to configure the settings for Startup Probe.

• For NSIC and GLSB controller OpenShift deployments, DeploymentConfig objects are replaced with Deployment objects. Also, spec.strategy has been removed.

Helm chart release notes for NetScaler Ingress Controller 1.42.12

This release note contains information about the Helm chart-related changes for the NetScaler Ingress Controller version 1.42.12.

What's new

You can now add a hostname to a CPX instance deployed in Kubernetes or OpenShift cluster using the new hostname Helm chart parameter for NetScaler CPX with NetScaler Ingress Controller.

• hostName: Specifies the hostname for a CPX instance.

Helm chart release notes for NetScaler IPAM Controller 1.2.0

This release note contains information about the helm chart related changes for the NetScaler IPAM Controller version 1.2.0

What's new

• A new variable reuseIngressVip has been introduced. Using this variable, you can configure the IPAM controller to assign a different IP address to each ingress resource referring to the same VIP range.

Helm chart release notes for NetScaler Node Controller version 2.2.14

This release has multiple bug fixes in the NetScaler Node Controller Helm Chart.

What's fixed

• Incorrect references are fixed in the template functions and values.yaml.

The version of NetScaler Node Controller image 2.2.12 has not changed in this release.