Release 1.8.19
Version 1.8.19
What's New
Direct Server Return deployment mode support
Now, the Citrix ingress controller supports Citrix ADC deployment in Direct Server Return (DSR) mode.
In a DSR deployment the load balancer forwards the client request to the server, but the back-end server directly sends the response to the client. Using a DSR deployment, you can improve response time between the client and the server and also reduce some extra load from the load balancer.
For more information, see Deploy Direct Server Return.
TCP profile support for services of type LoadBalancer
A TCP profile is a collection of TCP settings. Instead of configuring the settings on each entity, you can configure TCP settings in a profile and bind the profile to all the required entities. Now, you can apply TCP profiles for services of type LoadBalancer.
For more information, see TCP profile support for services of type LoadBalancer.
TLS server authentication support
Server authentication allows a client to verify the authenticity of the web server that it is accessing. Usually, the Citrix ADC device performs SSL offload and acceleration on behalf of a web server and does not authenticate the certificate of the web server. However, you can authenticate the server in deployments that require end-to-end SSL encryption.
For more information, see TLS server authentication support in Citrix ADC using the Citrix ingress controller.
oAuth introspection support
The Citrix ingress controller now supports oAuth introspection. Using this feature, Citrix ADC can check the validity of access tokens, and find out other information such as which user and which scopes are associated with the token.
For more information, see Define authentication policies on the Ingress Citrix ADC.
GoTo Priority Expression support
Earlier, when you bind multiple policies to a service and the ongoing policy evaluation turns True, the other rewrite policies were not evaluated.
The go-to-priority expression feature allows the evaluation of multiple policies within the RewritePolicy CRD, even when the ongoing policy evaluation turns True.
For more information, see Use Rewrite and Responder policies in Kubernetes.
Automated deployment of applications in Service mesh lite
When you want to deploy multiple applications that consist of several microservices in a Service Mesh lite architecture, you may need an easier way you deploy your services. Citrix provides you an automated way to generate ready to deploy YAMLs out of your application YAMLs for Service Mesh lite deployment.
For more information, see Automated deployment of applications in Service Mesh lite
.
Anthos platform support
Anthos is a hybrid and multi-cloud platform that lets you run your applications on existing on-prem hardware or in the public cloud. It provides a consistent development and operation experience for cloud and on-premises environments.
The Citrix ingress controller can be deployed in Anthos GKE on-premises. For more information, see Deploy the Citrix ingress controller in Anthos.
Support for Citrix observability exporter configuration using ConfigMap
You can now enable Citrix observability exporter configuration using ConfigMap.
For more information, see Support for Citrix observability exporter configuration using ConfigMap.
Updating the Ingress status for the Ingress resources with the specified IP address
You can now update the Status.LoadBalancer.Ingress field of the Ingress resources managed by the Citrix ingress controller with the allocated IP addresses by specifying the command line argument --update-ingress-status yes when you start the Citrix ingress controller. This feature is only supported for the Citrix ingress controller deployed as a stand-alone pod for managing Citrix ADC VPX or MPX. For Citrix ADC CPXs deployed as sidecars, this feature is not supported.
For more information, see Updating the Ingress status for the Ingress resources with the specified IP address.