You can upgrade an already running Cluster via the command octops upgrade as shown here.
Features
-
A Lua plugin for HTTP-based Services has been implemented. This plugin enables you to define your own on-request/on-response lua scripts and modify the request/response headers and bodies as well as directly respond to requests without having to proxy the requests to the upstream. Lua onRequest and onResponse functions take the RequestContext as an input; therefore, you can actually modify requests and responses based on the identity and context of the request. Moreover, a few Lua modules have been implemented (e.g. strings, regex, http, etc...). Lua plugins are a performant way to modify requests/responses and they can be useful for many use cases: API gateways, AI gateways, sanitizing MCP inputs, DLP for ZTNA and BeyondCorp, etc.... This feature is to be documented in the docs very soon.
-
Post-authentication rules for IdentityProviders have been added. You can now reject a successful IdentityProvider authentication. You can use this, for example, to prevent certain Users from logging in during certain times, or logging in from certain IdentityProviders, or logging in without using having been used strong hardware-based MFAs.
-
Introducing a new Service.Spec.Config.TLS interface to handle TLS client-side configuration. It allows for adding private CAs used by the upstreams without having to use mTLS. Simply this will replace Service.Spec.Config.ClientCertificate in the future.
Improvements
- Various octelium, octeliumctl command improvments
- Getting closer to actually expose the Authenticator APIs. Currently they are only exposed in development/non-production Cluster images for further testing.