🎉 Ambassador 1.9.0 🎉
Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
Ambasssador API Gateway + Ambassador Edge Stack
- Change: The DevPortal no longer looks for documentation at
/.ambassador-internal/openapi-docs
. A new field inMappings
,docs
, must be used for specifying the source for documentation. This can result in an empty Dev Portal after upgrading ifMappings
do not include adocs
attribute. - Feature: Support configuring the gRPC Statistics Envoy filter to enable telemetry of gRPC calls (see the
grpc_stats
configuration flag -- thanks, Felipe Roveran!) - Feature: The
RateLimitService
andAuthService
configs now support switching between gRPC protocol versionsv2
andv2alpha
(see theprotocol_version
setting) - Feature: The
TracingService
Zipkin config now supports settingcollector_hostname
to tell Envoy which host header to set when sending spans to the collector - Feature: Ambassador now supports custom error response mapping
- Feature: DevPortal: default configuration using the
ambassador
DevPortal
resource. - Bugfix: Ambassador will no longer mistakenly post notices regarding
regex_rewrite
andrewrite
directive conflicts inMapping
s due to the latter's implicit default value of/
(thanks, obataku!) - Bugfix: The
/metrics
endpoint will no longer break if invoked before configuration is complete (thanks, Markus Jevring!) - Bugfix: Update Python requirements to address CVE-2020-25659
- Bugfix: Prevent mixing
Mapping
s withhost_redirect
set withMapping
s that don't in the same group - Bugfix:
ConsulResolver
will now fallback to theAddress
of a Consul service ifService.Address
is not set. - Docs: Added instructions for building ambassador from source, within a docker container (thanks, Rahul Kumar Saini!)
- Update: Upgrade Alpine 3.10→3.12, GNU libc 2.30→2.32, and Python 3.7→3.8
- Update: Knative serving tests were bumped from version 0.11.0 to version 0.18.0 (thanks, Noah Fontes!)
Ambassador Edge Stack Only
- Feature: How the
OAuth2
Filter authenticates itself to the identity provider is now configurable with theclientAuthentication
setting. - Feature: The
OAuth2
Filter can now use RFC 7523 JWT assertions to authenticate itself to the identity provider; this is usable with all grant types. - Feature: When validating a JWT's scope, the
JWT
andOAuth2
Filters now support not just RFC 8693 behavior, but also the behavior of various drafts leading to it, making JWT scope validation usable with more identity providers. - Feature: The
OAuth2
Filter now hasinheritScopeArgument
andstripInheritedScope
settings that can further customize the behavior ofaccessTokenJWTFilter
. - Change: The
OAuth2
Filter argumentscopes
has been renamed toscope
, for consistency. The namescopes
is deprecated, but will continue to work for backward compatibility. - Bugfix:
OAuth2
Filter: Don't haveaccessTokenValidation: auto
fall back to "userinfo" validation for a client_credentials grant; it doesn't make sense there and only serves to obscure a more useful error message.