github octelium/octelium v0.13.0
on GitHub

latest releases: v0.20.0, v0.19.0, v0.18.0...
3 months ago

You can upgrade an already running Cluster via the command octops upgrade as shown here.

Features

  • An implementation of Envoy's ext_proc (read more here) has been added to allow for implementing arbitrarily complex HTTP request/response header and body modifications. This is extremely useful for many use cases including applying custom rate limiting, AI guardrails, LLM prompt manipulation, DLP and any use case where you would want to modify HTTP requests and responses in an arbitrarily complex way that might include further calls to SaaS APIs (e.g. AI guardrails APIs) and access to external databases. Simply you can now implement an Envoy compliant ext_proc gRPC service and Octelium's Vigil, the identity-aware proxy will act as the ext_proc gRPC client exactly like any Envoy instance. Additionally, Vigil sends the requestContext (i.e. the ctx map used in access control and dynamic configuration) for your ext_proc service to provide identity-based, context-aware decisions on a per-request basis. Envoy's ext_proc has (re)-gained traction lately over other solutions such as proxy-wasm since it simply allows you to have arbitrarily complex logic without having to care about the limitations of WASM binaries and runtimes. Documenting this feature will be added soon.
  • octops cert command has been added. This command is meant to set your Cluster domain TLS certificate instead of having to use kubectl as shown here here.

Improvements

  • Secretless access for AWS sigv4 auth is now available for use. Read more here
  • Service config inheritance is now available for use. Read more here
  • TPM-based Authenticator client-side logic has been implemented. However, it is still not available for use until further testing is made.
  • You can now create/update Secrets from stdin by using - as file path. Here is an example: echo $MY_SECRET | octeliumctl create secret my-secret --file -
  • OCTELIUM_INSECURE_TLS environment variable has been added to be used by octelium and octeliumctl clients to connect to Clusters that are still serving the initial self-signed Cluster domain cert set during the Cluster installation until a real cert signed by a real CA is set. So far this was possible via the OCTELIUM_DEV en var but this is actually used for general debugging and it throws debug logs. You can use the new env var as follows: export OCTELIUM_INSECURE_TLS=true
Check out latest releases or
releases around octelium/octelium v0.13.0

Don't miss a new octelium release

NewReleases is sending notifications on new releases.

Get notifications