emissary-ingress/emissary v1.7.0

Ambassador 1.7.0

on GitHub

🎉 Ambassador 1.7.0 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador API Gateway + Ambassador Edge Stack

• Feature: Upgrade from Envoy 1.14.4 to 1.15.0.
• Bugfix: Correctly handle a Host object with incompatible manually-specified TLSContext
• Feature: The Ambassador control-plane now publishes Prometheus metrics alongside the existing Envoy data-plane metrics under the /metrics endpoint on port 8877.
• Default-off early access: Experimental changes to allow Ambassador to more quickly process configuration changes (especially with larger configurations) have been added. The AMBASSADOR_FAST_RECONFIGURE env var must be set to enable this. AMBASSADOR_FAST_VALIDATION should also be set for maximum benefit.

Ambassador API Gateway only

• Bugfix: Fixes regression in 1.5.1 that caused it to not correctly know its own version number, leading to notifications about an available upgrade despite being on the most recent version.

Ambassador Edge Stack only

• Feature: DevPortal can now discover openapi documentation from Mappings that set host and headers
• Feature: edgectl install will automatically enable Service Preview with a Preview URL on the Host resource it creates.
• Feature: Service Preview will inject an x-service-preview-path header in filtered requests with the original request prefix to allow for context propagation.
• Feature: Service Preview can intercept gRPC requests using the --grpc flag on the edgectl intercept add command and the getambassador.io/inject-traffic-agent-grpc: "true" annotation when using automatic Traffic-Agent injection.
• Feature: The TracingService Zipkin config now supports setting collector_endpoint_version to tell Envoy to use Zipkin v2.
• Feature: You can now inject request and/or response headers from a RateLimit.
• Bugfix: Don't crash during startup if Redis is down.
• Bugfix: Service Preview correctly uses the Host default Path value for the spec.previewUrl.type field.
• Bugfix: The JWT, OAuth2, and other Filters are now better about reusing connections for outgoing HTTP requests.
• Bugfix: Fixed a potential deadlock in the HTTP cache used for fetching JWKS and such for Filters.
• Bugfix: Fixed insecure route action behavior. Host security policies no longer affect other Hosts.
• Bugfix: Internal Ambassador data is no longer exposed to the /.ambassador-internal/ endpoints used by the DevPortal.
• Bugfix: Problems with license key limits will no longer trigger spurious HTTP 429 errors. Using the RateLimit resource beyond 5rps without any form of license key will still trigger 429 responses, but now with a X-Ambassador-Message header indicating that's what happned.
• Bugfix: When multiple RateLimits overlap, it is supposed to enforce the strictest limit; but the strictness comparison didn't correctly handle comparing limits with different units.