🎉 Ambassador 1.6.0 🎉
Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading/
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
Ambassador API Gateway + Ambassador Edge Stack
- Incorporate the Envoy 1.14.4 security update.
- API CHANGE: Turning off the Diagnostics UI via the Ambassador Module now disables access to the UI from both inside and outside the Ambassador Pod.
- API CHANGE: Default changes updating
Mappingstatus from default-on to default-off; see below.
- Feature: Add support for circuit breakers in TCP mapping (thanks, Pierre Fersing!)
- Feature: Ambassador CRDs now include schema. This enables validation by
- Feature: Advanced TLS configuration can be specified in
- Feature: Implement sampling percentage in tracing service.
- Performance improvement: Diagnostics are generated on demand rather than on every reconfig.
- Performance improvement: Experimental fast validation of the contents of Ambassador resources has been added. The
AMBASSADOR_FAST_VALIDATIONenv var must be set to enable this.
- Internal: Configuration endpoints used internally by Ambassador are no longer accessible from outside the Ambassador Pod.
envoy_log_formatcan now be set with
- Docs: Fixed OAuth2 documentation spelling errors (thanks, Travis Byrum!)
As previously announced, the default value of
has now changed from
false; Ambassador will no longer attempt to
Status of a
Mapping unless you explicitly set
AMBASSADOR_UPDATE_MAPPING_STATUS=true in the environment. If you do not have
tooling that relies on
Mapping status updates, we do not recommend setting
In Ambassador 1.7, TLS secrets in
Ingress resources will not be able to use
.namespace suffixes to cross namespaces.
Ambassador Edge Stack only
- Feature: The Edge Policy Console’s Debugging page now has a “Log Out” button to terminate all EPC sessions.
X-Content-Type-Options: nosniffto response headers are now set for the Edge Policy Console, to prevent MIME confusion attacks.
- Feature: The
OAuth2Filter now has a
allowMalformedAccessTokensetting to enable use with IDPs that generate access tokens that are not compliant with RFC 6750.
- Bugfix: All JWT Filter errors are now formatted per the specified
- Feature: Options for making Redis connection pooling configurable.
- Bugfix: User is now directed to the correct URL after clicking in Microsoft Office.
- Feature: The Console’s Dashboard page has speedometer gauges to visualize Rate Limited and Authenticated traffic.