github datawire/ambassador v1.6.0
Ambassador 1.6.0
on GitHub

🎉 Ambassador 1.6.0 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading/
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador API Gateway + Ambassador Edge Stack

  • Incorporate the Envoy 1.14.4 security update.
  • API CHANGE: Turning off the Diagnostics UI via the Ambassador Module now disables access to the UI from both inside and outside the Ambassador Pod.
  • API CHANGE: Default changes updating Mapping status from default-on to default-off; see below.
  • Feature: Add support for circuit breakers in TCP mapping (thanks, Pierre Fersing!)
  • Feature: Ambassador CRDs now include schema. This enables validation by kubectl apply.
  • Feature: Advanced TLS configuration can be specified in Host resource via tlsContext and tls fields.
  • Feature: Implement sampling percentage in tracing service.
  • Performance improvement: Diagnostics are generated on demand rather than on every reconfig.
  • Performance improvement: Experimental fast validation of the contents of Ambassador resources has been added. The AMBASSADOR_FAST_VALIDATION env var must be set to enable this.
  • Internal: Configuration endpoints used internally by Ambassador are no longer accessible from outside the Ambassador Pod.
  • Bugfix: envoy_log_format can now be set with envoy_log_type: json.
  • Docs: Fixed OAuth2 documentation spelling errors (thanks, Travis Byrum!)

As previously announced, the default value of AMBASSADOR_UPDATE_MAPPING_STATUS
has now changed from true to false; Ambassador will no longer attempt to
update the Status of a Mapping unless you explicitly set
AMBASSADOR_UPDATE_MAPPING_STATUS=true in the environment. If you do not have
tooling that relies on Mapping status updates, we do not recommend setting
AMBASSADOR_UPDATE_MAPPING_STATUS.

In Ambassador 1.7, TLS secrets in Ingress resources will not be able to use
.namespace suffixes to cross namespaces.

Ambassador Edge Stack only

  • Feature: The Edge Policy Console’s Debugging page now has a “Log Out” button to terminate all EPC sessions.
  • Feature: X-Content-Type-Options: nosniff to response headers are now set for the Edge Policy Console, to prevent MIME confusion attacks.
  • Feature: The OAuth2 Filter now has a allowMalformedAccessToken setting to enable use with IDPs that generate access tokens that are not compliant with RFC 6750.
  • Bugfix: All JWT Filter errors are now formatted per the specified errorResponse.
  • Feature: Options for making Redis connection pooling configurable.
  • Bugfix: User is now directed to the correct URL after clicking in Microsoft Office.
  • Feature: The Console’s Dashboard page has speedometer gauges to visualize Rate Limited and Authenticated traffic.
14 days ago