Skip to content

Release 2.2.10

Latest
Latest
Compare
Choose a tag to compare
@subashd subashd released this 15 Nov 09:34
· 2 commits to master since this release
2.2.10
51ea8f9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Version 2.2.10

What's new

Remote content inspection or content transformation service using ICAP

The Internet Content Adaptation Protocol (ICAP) is a simple lightweight protocol for running a value-added transformation service on HTTP messages. In a NetScaler setup, NetScaler (ICAP client) forwards HTTP requests and responses to one or more ICAP servers for processing. The ICAP servers perform content transformation on the requests and send back responses with an appropriate action to take on the request or response.

In a Kubernetes environment, to enable ICAP on NetScaler through NetScaler Ingress Controller, NetScaler provides the ICAP Custom Resource Definition (CRD). By enabling ICAP, you can perform the following actions:

  • Block URLs with a specified string
  • Block a set of IP addresses to mitigate DDoS attacks
  • Mandate HTTP to HTTPS

For more information, see Remote content inspection or content transformation service using ICAP.

Infoblox integration with NetScaler IPAM Controller

With Infoblox integration, NetScaler IPAM controller assigns IP addresses to services, ingress, or listener resources from Infoblox.
Infoblox integration helps in the following ways:

  • Request an available IP address from the specified range.
  • Request the IP address associated with a domain name, ensuring the retrieval of a pre-existing IP address.
  • Guarantee that the application deployed across various clusters can be accessed using a single, consistent IP address.

Note: After you upgrade to NetScaler IPAM Controller 2.2.10, make sure to upgrade the VIP CRD.

For more information, see Infoblox integration with IPAM controller.

Listener is now supported with NetScaler IPAM Controller

Listener is now supported with NetScaler IPAM Controller. To configure listener support for IPAM, specify the annotation listeners.citrix.com/ipam-range: (<range>) in the listener CRD resource.

Note: After you upgrade to NetScaler IPAM Controller 2.2.10, make sure to upgrade the VIP CRD.

Address field of the ingress resource is updated

In an NSIC sidecar deployment, in which the NetScaler CPX is exposed using a service of type ClusterIP, NodePort, or LoadBalancer, the Address (Status.LoadBalancer.IP) field of the ingress is updated. To enable the ingress status update, specify the updateIngressStatus Helm chart parameter as True.

For more information, see ingress status update for sidecar deployments.

Fixed issues

  • After the NSIC upgrade, the CRD specifications in the cluster are deleted, causing the liveness and readiness probes to fail repeatedly. As a result, the NSIC pod gets stuck in a restart loop.

    For information on how to upgrade NSIC, see Upgrade NetScaler Ingress Controller.

  • Canary deployment configuration using an ingress annotation such as ingress.citrix.com/canary-weight does not work in a namespace containing a hyphen ("-") in its name.

  • When an NSIC pod restarts, SSL profiles are deleted for services of type LoadBalancer.

  • NSIC creates a duplicate route entry with the same gateway on NetScaler when there is a change in the node pod CIDR.

    This fix ensures that NSIC deletes the stale route entry before creating a new one for any gateway, preventing duplicate route entries.

Assets 2
Loading