Release 1.17.13

Version 1.17.13

What's New

Configure cross-origin resource sharing policies

Cross-origin resource sharing (CORS) is a mechanism allows a web application running under one domain to securely access resources in another domain. You can configure CORS policies on Citrix ADC using Citrix ingress controller to allow one domain (the origin domain) to call APIs in another domain. For more information, see the cross-origin resource sharing CRD documentation.

Analytics support with GitOps

Web insight based analytics is now supported with GitOps (API Gateway CRD).
When you use GitOps, the following web insight parameters httpurl, httpuseragent, httphost, httpmethod, and httpcontenttype are enabled by default. For more information, see the Deploy API Gateway with GitOps documentation.

Ingress class support for CRDs

For CRDs, the ingress class feature is now supported. Earlier, Citrix CRD instances are applied by all instances of Citrix ingress controllers within a Kubernetes cluster. Now, you can optionally specify the ingress class using the spec.ingressclass field. When the ingress class is specified, only the Citrix ingress controller instance which is started with the given ingress class using the --ingress-classes argument processes the CRD resource. If the ingress class is not specified, then the earlier behavior persists.

DNS resolution on Citrix ADC

Now, you can configure Citrix ADC as a DNS server to resolve host names specified in the Ingress using Citrix ingress controller. A new environment variable NS_CONFIG_DNS_REC is introduced which can be configured as an argument to Citrix ingress controller.

For more information, see deploy Citrix ingress controller.

Logging support with rate limit CRD

You can now enable logging for observability with the rate limit CRD. For more information, see the rate limit CRD documentation.

Added support for protection against SQL injection using the grammar pattern

Now, protection against SQL injection using the grammar pattern is added to WAF CRD. For more information, see the WAF CRD documentation.

Fixed issues

• When Citrix ingress controller is restarted, CRD bindings for a load balancing virtual server created by content routing CRD was lost. This issue is fixed now.

• Earlier, https monitoring was not working when specified in a global traffic policy (GTP). This issue is fixed now.

• A backup content switching virtual server binding was lost in some scenarios when the traffic-policy deployment type is failover. This issue is fixed now.

• Earlier, the monitor configuration was not getting deleted when the GTP was deleted. This issue is fixed now.

• Earlier, multiple ingresses were not supported with WAF and bot CRDs. This issue is fixed now.

• When a service of type load balancer was processed but not configured due to any error and a delete event of that service was received, Citrix ingress controller was crashing. This issue is fixed now.

• Earlier, when the HTTPRoute back-end is used in the Ingress and redirect option is enabled, it worked only for the first host name. This issue is fixed now.

• Earlier, Citrix ingress controller modifies the SNIEnable and ClientAuth fields of a preconfigured SSL profile depending on the certificate binding. Now, Citrix ingress controller is excluded from modifying the preconfigured SSL profile.

• Sometimes, there is inconsistency in service group members of the Listener CRD back-end if the replica goes to zero. This issue is fixed.