🎉 Emissary Ingress 3.3.0 🎉
Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.
Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v3.3.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started
-
Security: Updated Golang to 1.19.2 to address the CVEs: CVE-2022-2879, CVE-2022-2880,
CVE-2022-41715. -
Bugfix: By default Emissary-ingress adds routes for http to https redirection. When an AuthService
is applied in v2.Y of Emissary-ingress, Envoy would skip the ext_authz call for non-tls http
request and would perform the https redirect. In Envoy 1.20+ the behavior has changed where Envoy
will always call the ext_authz filter and must be disabled on a per route basis.
This new behavior
change introduced a regression in v3.0 of Emissary-ingress when it was upgraded to Envoy 1.22. The
http to https redirection no longer works when an AuthService was applied. This fix restores the
previous behavior by disabling the ext_authz call on the https redirect routes. (#4620) -
Bugfix: When an AuthService is applied in v2.Y of Emissary-ingress, Envoy would skip the ext_authz
call for all redirect routes and would perform the redirect. In Envoy 1.20+ the behavior has
changed where Envoy will always call the ext_authz filter so it must be disabled on a per route
basis.
This new behavior change introduced a regression in v3.0 of Emissary-ingress when it was
upgraded to Envoy 1.22. The host_redirect would call an AuthService prior to redirect if applied.
This fix restores the previous behavior by disabling the ext_authz call on the host_redirect
routes. (#4640) -
Bugfix: Previous versions of Emissary-ingress required a workaround using
TLSContextsto find
tls secrets referenced fromIngressresources. Now tls secrets referenced are properly detected
without requiring an additionalTLSContextto reference them. (Thanks to Ole Markus!).