🎉 Ambassador 1.11.0 🎉
Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
Ambasssador API Gateway + Ambassador Edge Stack
- Feature: Ambassador now reads the ENVOY_CONCURRENCY environment variable to optionally set the --concurrency command line option when launching Envoy. This controls the number of worker threads used to serve requests and can be used to fine-tune system resource usage.
- Feature: The %DOWNSTREAM_PEER_CERT_V_START% and %DOWNSTREAM_PEER_CERT_V_END% command operators now support custom date formatting, similar to %START_TIME%. This can be used for both header formatting and access log formatting.
- Feature: Eliminate the need to drain and recreate listeners when routing configuration is changed. This reduces both memory usage and disruption of in-flight requests.
- Bugfix: Make sure that
labels
specifying headers with extra attributes are correctly supported again (#3137). - Bugfix: Support Consul services when the
ConsulResolver
and theMapping
aren't in the same namespace, and legacy mode is not enabled. - Bugfix: Fix failure to start when one or more IngressClasses are present in a cluster (#3142).
- Bugfix: Properly handle Kubernetes 1.18 and greater when RBAC prohibits access to IngressClass resources.
- Bugfix: Support
TLSContext
CA secrets with fast validation (#3005). - Bugfix: Dev Portal correctly handles transient failures when fetching content
- Bugfix: Dev Portal sidebar pages have a stable order
- Bugfix: Dev Portal pages are now marked cacheable
Ambassador Edge Stack only
- Feature: RateLimit CRDs now suport specifying an
action
for each limit. Possible values include "Enforce" and "LogOnly", case insensitive. LogOnly may be used to implement dry run rules that do not actually enforce. - Feature: RateLimit CRDs now support specifying a symbolic
name
for each limit. This name can later be used in the access log to know which RateLimit, if any, applied to a request. - Feature: RateLimit metadata is now available using the
DYNAMIC_METADATA(envoy.http.filters.ratelimit: ... )
command operator in the Envoy access logs. See Envoy Documentation for more on using dynamic metadata in the access log. - Feature: OAuth2 Filter: The SameSite cookie attribute is now configurable.