Helm chart release notes for Citrix ADC Observability Exporter 1.6.001

This release note contains information about the Helm chart-related changes for the Citrix ADC Observability Exporter version 1.6.001.

What's new

Support for exporting transactions in the JSON format from Citrix ADC Observability Exporter to Kafka

You can now export transactions from Citrix ADC Observability Exporter to Kafka in the JSON format apart from the AVRO format.
A new parameter DataFormat is introduced in the Kafka deployment ConfigMap to support transactions in the JSON format.
For more information, see deploy COE with Kafka.

Enhancements

Now, you can run Citrix ADC Observability Exporter with the user id (UID) as nobody under the group id (GID) nogroup on both Kubernetes and OpenShift platforms. The UID nobody and GID nogroup are the least privileged user and group ids within the system.

Fixed issues

• Earlier, Citrix ADC Observability Exporter was sending out invalid JSONs for fields like srcMetadataJSON, srcLabelsJSON, dstMetadataJSON, and dstLabelsJSON for JSON specific endpoints. This issue is fixed now.
• Earlier, Citrix ADC Observability Exporter was not logging HTTP response status codes. This issue is fixed now.

Helm chart release notes for Citrix Observability Exporter 1.6.001b

This release note contains information about the Helm chart-related changes for the Citrix Observability Exporter 1.6.001b

Enhancements

• Support to export transactions in JSON format to Apache Kafka
  A new parameter kafka.dataformat is introduced in the configmap (i.e. lstreamd_default.conf).
  It can accept AVRO and JSON values. For allowing JSON based transactions, set this kafka.dataformat to JSON value. Default value of the kafka.dataformat is AVRO.
• Support spawning COE with OpenShift compliant UID

Helm chart release notes for Citrix Ingress Controller version 1.33.4

This release note contains information about the Helm chart-related changes for the Citrix ingress controller version 1.33.4

Enhancements

Support for increased prefix length

When you specify the prefix name for NetScaler entities for applications, the prefix name length is enhanced from 7 to 15. When you upgrade Citrix ingress controller to a new version and change the prefix name to a larger value, old entities are not renamed and all entities are newly created. To avoid any stale configuration with the old prefix, you can either delete the ingress and reapply after the upgrade or delete the stale configuration with older prefixes manually from NetScaler.

Support for HTTP PATCH method

PATCH is an HTTP method for changing or adding data to existing resources. Now, the PATCH HTTP method is supported with authentication, authorization, rate limit, BOT, and WAF policy CRDs.

Helm chart release notes for Citrix Ingress Controller version 1.32.7

This release note contains information about the Helm chart-related changes for the Citrix ingress controller version 1.32.7.

What's new

NetScaler provides a kubectl plug-in netscaler-k8s to inspect ingress controller deployments and aids in troubleshooting operations.
You can inspect NetScaler configuration and related Kubernetes components using the subcommands available with this plug-in.

Fixed issues

• If an Ingress resource refers to the Listener resource, content-switching policies were getting disassociated from the content-switching virtual server after the Citrix ingress controller restart. This issue is fixed now.
• There was an erroneous entry for device_fingerprint in the BOT CRD definition due to which BOT CRDs were not getting applied. This issue is fixed now.

Enhancements

• Citrix ingress controller now supports multiple response codes in the GTP CRD. Earlier only one response code was allowed in the GTP CRD.
• Citrix ingress controller deployed with the scope namespace is now enhanced to process CRDs in the local namespace. Earlier, it was only supporting Ingress resources.

Known issues

• Bot CRD definition is updated in this release. If Bot CRD has been installed using Helm chart, Helm upgrade to this release won't work. You will have to delete and reinstall the Helm chart in this case.

Helm chart release notes for ADM Agent Onboarding version 1.1.0

This release note contains information about the Helm chart-related changes for the ADM agent onboarding version 1.1.0.

What's new

 This release of the ADM agent onboarding enables you to provide the name of the Kubernetes cluster that needs to be registered with the ADM service. You can also provide the Kubernetes API URL that should be registered in the ADM service. This enhancement simplifies the user experience while registering multiple Kubernetes clusters in the ADM service.

The following parameters are added to the Helm chart as part of this enhancement:

-  apiURL :  Provides the Kubernetes API URL in the https://<host>:port format.

-  clusterName: Specifies the Kubernetes cluster name to be registered in the ADM servi

Helm chart release notes for Citrix ingress controller version 1.31.3

Fixed issues

In this release, Citrix ingress controller is enhanced to handle large-scale services in an improved and optimized approach.

Helm chart release notes for Citrix ADC Observability Exporter 1.5.001

Helm chart release notes for Citrix ADC Observability Exporter 1.5.001

This release note contains information about the Helm chart-related changes for the Citrix ingress controller version 1.5.001

Enhancements

• Added rate-limiting support for transactions in JSON-based endpoints: ElasticSearch, Splunk, and Zipkin. The following parameters are added to the Helm chart for rate-limiting support:
  • json_trans_rate_limiting.enabled
  • json_trans_rate_limiting.limit
  • json_trans_rate_limiting.queuelimit
  • json_trans_rate_limiting.window
    For more information, see rate limiting support for transactions in ElasticSearch, Splunk, and Zipkin.
• You can now run Citrix ADC Observability Exporter as a non-root user named coe_guest with the user-id as 1000 and the group-id as 1000.

Helm chart release notes for Citrix ingress controller v1.30.1

This release note contains information about the Helm chart-related changes for the Citrix ingress controller version 1.30.1.

Fixed issues

• Earlier, Citrix ingress controller was not binding the policies created for the CORS CRD to the load-balancing virtual server. This issue is now fixed.
• After the Citrix ingress controller reboot, certain entities related to the HTTPRoute were reapplied. This issue is now fixed.
• Citrix ingress controller was skipping service modification events when POD_IPS_FOR_SERVICEGROUP_MEMBERS is enabled for a service of type LoadBalancer. This issue is fixed now.
• While choosing the default certificate, Citrix ingress controller was selecting the certificate in the application namespace instead of the certificate in the namespace provided with the default SSL parameter. Now, Citrix ingress controller selects the certificate in the namespace provided with the default SSL parameter.
• For services of type LoadBalancer, Citrix ingress controller was binding certificates as non-server name indication (SNI) type in the SSL virtual server irrespective of whether SNI is enabled in the SSL profile or not. With this fix, if SNI is enabled in the SSL profile annotation for services of type LoadBalancer, then the certificates get bind as SNI in the SSL virtual server. If SNI is not enabled, certificates are bound as the non-SNI type.
• In the rewrite and responder policy, when the values in two key-value pairs of a string map are identical Citrix ingress controller was considering only one of the key-value pair configurations while applying the policy on the Citrix ADC. This issue is now fixed.
• When the timeslice field was missing in the Rate limit CRD, application configuration was failing on the Citrix ADC appliance. This issue is fixed now.
• Earlier four HTTP methods namely GET, PUT, POST, and DELETE were supported in authentication, authorization, rate limit, BOT, and WAF policies. Citrix ingress controller now supports four additional HTTP methods, HEAD, OPTIONS, TRACE, and CONNECT with these policies

Helm chart release notes for Citrix ingress controller v1.29.5

This release note contains information about the Helm chart-related changes for the Citrix ingress controller version 1.29.5.

What’s new

Fixed issues

• If an ingress has an empty TLS section, Citrix ingress controller was configuring CS virtual server as SSL type by default. Now, Citrix ingress controller creates an SSL virtual server only if a default certificate is provided.
• CS virtual server creation was failing for the Ingress resource, when an application is exposed with ANY as protocol and port as * in the Ingress resource. This issue is now fixed.
• Citrix ingress controller was not fully provisioning the SSL profile after the Citrix ADC CPX restart. This issue is fixed now.

Enhancements

The following new parameters are introduced in the Helm chart:

• profileSslFrontend: Specify this parameter to set the front-end SSL profile.
• profileTcpFrontend: Specify this parameter to set the front-end TCP profile.
• profileHttpFrontend: Specify this parameter to set the front-end HTTP profile
  Using the respective parameter, you can enable or disable SSL, TCP, and HTTP features for multiple Ingresses that shares a common front-end IP address.

Helm chart release notes for Citrix ingress controller v1.28.2

This release note contains information about the Helm chart related changes for the Citrix ingress controller version 1.28.2.

Enhancements

• Updated CPX version to 13.1-37.38 in Citrix Netscaler CPX with CIC helm chart

Deploying Citrix ingress controller with minimal privileges

• A new parameter rbacRole is introduced in the Helm chart to enable you to deploy Citrix ingress controller with minimal privileges for a particular namespace with Role binding. You can set this parameter to true to deploy Citrix ingress controller with Role binding. By default, Citrix ingress controller gets installed with ClusterRole binding and this parameter is set as false.

Fixed issues

• When Citrix IPAM controller is already configured and Citrix ingress controller is provided with NS_VIP and NS_SVC_LB_DNS_REC DNS records were getting created spuriously even for virtual IP addresses assigned using NS_VIP. This behavior was occurring for services of type LoadBalancer. Now, DNS address records are added on Citrix ADC only for the IP addresses assigned by Citrix IPAM controller.