github datawire/ambassador v1.6.0
Ambassador 1.6.0
on GitHub

🎉 Ambassador 1.6.0 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador -
View changelog -
Get started with Ambassador on Kubernetes -

Ambassador API Gateway + Ambassador Edge Stack

  • Incorporate the Envoy 1.14.4 security update.
  • API CHANGE: Turning off the Diagnostics UI via the Ambassador Module now disables access to the UI from both inside and outside the Ambassador Pod.
  • API CHANGE: Default changes updating Mapping status from default-on to default-off; see below.
  • Feature: Add support for circuit breakers in TCP mapping (thanks, Pierre Fersing!)
  • Feature: Ambassador CRDs now include schema. This enables validation by kubectl apply.
  • Feature: Advanced TLS configuration can be specified in Host resource via tlsContext and tls fields.
  • Feature: Implement sampling percentage in tracing service.
  • Performance improvement: Diagnostics are generated on demand rather than on every reconfig.
  • Performance improvement: Experimental fast validation of the contents of Ambassador resources has been added. The AMBASSADOR_FAST_VALIDATION env var must be set to enable this.
  • Internal: Configuration endpoints used internally by Ambassador are no longer accessible from outside the Ambassador Pod.
  • Bugfix: envoy_log_format can now be set with envoy_log_type: json.
  • Docs: Fixed OAuth2 documentation spelling errors (thanks, Travis Byrum!)

As previously announced, the default value of AMBASSADOR_UPDATE_MAPPING_STATUS
has now changed from true to false; Ambassador will no longer attempt to
update the Status of a Mapping unless you explicitly set
AMBASSADOR_UPDATE_MAPPING_STATUS=true in the environment. If you do not have
tooling that relies on Mapping status updates, we do not recommend setting

In Ambassador 1.7, TLS secrets in Ingress resources will not be able to use
.namespace suffixes to cross namespaces.

Ambassador Edge Stack only

  • Feature: The Edge Policy Console’s Debugging page now has a “Log Out” button to terminate all EPC sessions.
  • Feature: X-Content-Type-Options: nosniff to response headers are now set for the Edge Policy Console, to prevent MIME confusion attacks.
  • Feature: The OAuth2 Filter now has a allowMalformedAccessToken setting to enable use with IDPs that generate access tokens that are not compliant with RFC 6750.
  • Bugfix: All JWT Filter errors are now formatted per the specified errorResponse.
  • Feature: Options for making Redis connection pooling configurable.
  • Bugfix: User is now directed to the correct URL after clicking in Microsoft Office.
  • Feature: The Console’s Dashboard page has speedometer gauges to visualize Rate Limited and Authenticated traffic.
14 days ago