0.21.0 blog#256
Conversation
Signed-off-by: Robert Young <robertyoungnz@gmail.com>
Signed-off-by: Robert Young <robertyoungnz@gmail.com>
|
|
||
| ### Alpha: Kubernetes Admission Webhook for Sidecar Injection | ||
|
|
||
| The headline feature is our new Kubernetes admission webhook for automatic sidecar injection. This alpha release enables transparent Kafka protocol proxying without any application code changes. Define your sidecar configuration with the `KroxyliciousSidecarConfig` CRD, and the webhook automatically injects the proxy sidecar into matching pods when they are created. Perfect for adding encryption, validation, or multi-tenancy capabilities to existing Kafka applications. |
There was a problem hiding this comment.
We should note that once the proxy won't currently see updates to the KroxyliciousSidecarConfig after it's been injected.
|
|
||
| ### Graceful Connection Draining | ||
|
|
||
| Virtual clusters now support graceful connection draining during shutdown. Configure `drainTimeout` on your virtual cluster, and the proxy will stop accepting new connections while waiting for in-flight requests to complete before shutting down. New metrics track whether disconnections completed gracefully or hit the timeout. Essential for zero-downtime deployments and rolling updates in Kubernetes. |
There was a problem hiding this comment.
Since you mentioned zero downtime deployments and rolling updates maybe we should mention again the connection timeout filter which was added in ?0.20? which serves to rebalance the clients across multiple proxy instances following a rolling restart.
|
|
||
| ### HAProxy PROXY Protocol Support | ||
|
|
||
| We have added HAProxy PROXY protocol support for TLS connections. Configure `proxy.proxyProtocol.mode` to `enabled`, and the proxy expects the PROXY protocol header before the TLS handshake. This enables deployment behind HAProxy or other load balancers while preserving client connection information for logging and authorization. |
There was a problem hiding this comment.
"We" is a tricky word. The cool thing about some of these improvements is they've not been done by the core team. I think we should celebrate that as much as possible. Saying "we" could be interpreted as the core team trying to take the credit, and that's totally the opposite of what we want the interpretation to be.
There was a problem hiding this comment.
Yeah. A strong second to this.
3 participants
No description provided.