emissary-ingress/emissary v1.11.0

Ambassador 1.11.0

on GitHub

🎉 Ambassador 1.11.0 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambasssador API Gateway + Ambassador Edge Stack

• Feature: Ambassador now reads the ENVOY_CONCURRENCY environment variable to optionally set the --concurrency command line option when launching Envoy. This controls the number of worker threads used to serve requests and can be used to fine-tune system resource usage.
• Feature: The %DOWNSTREAM_PEER_CERT_V_START% and %DOWNSTREAM_PEER_CERT_V_END% command operators now support custom date formatting, similar to %START_TIME%. This can be used for both header formatting and access log formatting.
• Feature: Eliminate the need to drain and recreate listeners when routing configuration is changed. This reduces both memory usage and disruption of in-flight requests.
• Bugfix: Make sure that labels specifying headers with extra attributes are correctly supported again (#3137).
• Bugfix: Support Consul services when the ConsulResolver and the Mapping aren't in the same namespace, and legacy mode is not enabled.
• Bugfix: Fix failure to start when one or more IngressClasses are present in a cluster (#3142).
• Bugfix: Properly handle Kubernetes 1.18 and greater when RBAC prohibits access to IngressClass resources.
• Bugfix: Support TLSContext CA secrets with fast validation (#3005).
• Bugfix: Dev Portal correctly handles transient failures when fetching content
• Bugfix: Dev Portal sidebar pages have a stable order
• Bugfix: Dev Portal pages are now marked cacheable

Ambassador Edge Stack only

• Feature: RateLimit CRDs now suport specifying an action for each limit. Possible values include "Enforce" and "LogOnly", case insensitive. LogOnly may be used to implement dry run rules that do not actually enforce.
• Feature: RateLimit CRDs now support specifying a symbolic name for each limit. This name can later be used in the access log to know which RateLimit, if any, applied to a request.
• Feature: RateLimit metadata is now available using the DYNAMIC_METADATA(envoy.http.filters.ratelimit: ... ) command operator in the Envoy access logs. See Envoy Documentation for more on using dynamic metadata in the access log.
• Feature: OAuth2 Filter: The SameSite cookie attribute is now configurable.