Releases: emissary-ingress/emissary
Emissary Ingress Chart 8.3.1
π Emissary Ingress Chart 8.3.1 π
Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md
- Upgrade Emissary to v3.3.1 CHANGELOG
Emissary Ingress Chart 7.6.1
π Emissary Ingress Chart 7.6.1 π
Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md
- Upgrade Emissary to v2.5.1 CHANGELOG
Emissary Ingress 2.5.0
π Emissary Ingress 2.5.0 π
Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.
Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v2.5.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started
-
Bugfix: If a
Host
orTLSContext
contained a hostname with a:
then when using the
diagnostics endpointsambassador/v0/diagd
then an error would be thrown due to the parsing logic
not being able to handle the extra colon. This has been fixed and Emissary-ingress will not throw
an error when parsing envoy metrics for the diagnostics user interface. -
Security: Bump Go from 1.17.12 to 1.19.2. This is to keep the Go version current.
Emissary Ingress Chart 7.6.0
π Emissary Ingress Chart 7.6.0 π
Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md
- Upgrade Emissary to v2.5.0 CHANGELOG
Emissary Ingress 3.3.0
π Emissary Ingress 3.3.0 π
Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.
Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v3.3.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started
-
Security: Updated Golang to 1.19.2 to address the CVEs: CVE-2022-2879, CVE-2022-2880,
CVE-2022-41715. -
Bugfix: By default Emissary-ingress adds routes for http to https redirection. When an AuthService
is applied in v2.Y of Emissary-ingress, Envoy would skip the ext_authz call for non-tls http
request and would perform the https redirect. In Envoy 1.20+ the behavior has changed where Envoy
will always call the ext_authz filter and must be disabled on a per route basis.
This new behavior
change introduced a regression in v3.0 of Emissary-ingress when it was upgraded to Envoy 1.22. The
http to https redirection no longer works when an AuthService was applied. This fix restores the
previous behavior by disabling the ext_authz call on the https redirect routes. (#4620) -
Bugfix: When an AuthService is applied in v2.Y of Emissary-ingress, Envoy would skip the ext_authz
call for all redirect routes and would perform the redirect. In Envoy 1.20+ the behavior has
changed where Envoy will always call the ext_authz filter so it must be disabled on a per route
basis.
This new behavior change introduced a regression in v3.0 of Emissary-ingress when it was
upgraded to Envoy 1.22. The host_redirect would call an AuthService prior to redirect if applied.
This fix restores the previous behavior by disabling the ext_authz call on the host_redirect
routes. (#4640) -
Bugfix: Previous versions of Emissary-ingress required a workaround using
TLSContexts
to find
tls secrets referenced fromIngress
resources. Now tls secrets referenced are properly detected
without requiring an additionalTLSContext
to reference them. (Thanks to Ole Markus!).
Emissary Ingress Chart 8.3.0
π Emissary Ingress Chart 8.3.0 π
Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md
-
Upgrade Emissary to v3.3.0 CHANGELOG
-
Change: By default, the Ambassador agent will report diagnostics to the Ambassador Cloud
-
Change: updated auto-scaling resource cpu and memory variable ordering to help with git-ops syncing. Also, adjusted memory and cpu settings to be more friendly so that they do not cause the HPA auto-scaling to trigger during start-up. Thanks to Ian Martin for the contribution!
Emissary Ingress 2.4.1
π Emissary Ingress 2.4.1 π
Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.
Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v2.4.1/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started
-
Bugfix: If a
Host
orTLSContext
contained a hostname with a:
then when using the
diagnostics endpointsambassador/v0/diagd
then an error would be thrown due to the parsing logic
not being able to handle the extra colon. This has been fixed and Emissary-ingress will not throw
an error when parsing envoy metrics for the diagnostics user interface. -
Bugfix: The synthetic AuthService didn't correctly handle AmbassadorID, which was fixed in version
3.1 of Emissary-ingress. The fix has been backported to make sure the AuthService is handled
correctly during upgrades.
Emissary Ingress Chart 7.5.1
π Emissary Ingress Chart 7.5.1 π
Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md
- Upgrade Emissary to v2.4.1 CHANGELOG
Emissary Ingress 3.2.0
π Emissary Ingress 3.2.0 π
Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.
Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v3.2.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started
-
Change: The envoy version included in Emissary-ingress has been upgraded from 1.22 to the latest
patch release of 1.23. This provides Emissary-ingress with the latest security patches,
performances enhancments, and features offered by the envoy proxy. -
Change: Changes to label matching will change how
Hosts
are associated withMappings
. There
was a bug with label selectors that was causingHosts
to be incorrectly being associated with
moreMappings
than intended. If any single label from the selector was matched then theHost
would be associated with theMapping
. Now it has been updated to correctly only associate a
Host
with aMapping
if all labels required by the selector are present. This brings the
mappingSelector
field in-line with how label selectors are used in Kubernetes. To avoid
unexpected behaviour after the upgrade, add all labels that Hosts have in theirmappingSelector
toMappings
you want to associate with theHost
. You can opt-out of the new behaviour by
setting the environment variableDISABLE_STRICT_LABEL_SELECTORS
to"true"
(default:
"false"
). (Thanks to Filip Herceg and Joe Andaverde!). -
Feature: Previously the
Host
resource could only use secrets that are in the namespace as the
Host. ThetlsSecret
field in the Host has a new subfieldnamespace
that will allow the use of
secrets from different namespaces. -
Change: Set
AMBASSADOR_EDS_BYPASS
totrue
to bypass EDS handling of endpoints and have
endpoints be inserted to clusters manually. This can help resolve with503 UH
caused by
certification rotation relating to a delay between EDS + CDS. The default isfalse
. -
Bugfix: Distinct services with names that are the same in the first forty characters will no
longer be incorrectly mapped to the same cluster. (#4354) -
Feature: By default, when Envoy is unable to communicate with the configured RateLimitService then
it will allow traffic through. TheRateLimitService
resource now exposes the failure_mode_deny
option. Setfailure_mode_deny: true
, then Envoy will deny traffic when it is unable to
communicate to the RateLimitService returning a 500. -
Bugfix: Previously, setting the
stats_name
for theTracingService
,RateLimitService
or the
AuthService
would have no affect because it was not being properly passed to the Envoy cluster
config. This has been fixed and thealt_stats_name
field in the cluster config is now set
correctly. (Thanks to Paul!) -
Feature: The
AMBASSADOR_RECONFIG_MAX_DELAY
env var can be optionally set to batch changes for
the specified non-negative window period in seconds before doing an Envoy reconfiguration. Default
is "1" if not set. -
Bugfix: If a
Host
orTLSContext
contained a hostname with a:
when using the diagnostics
endpointsambassador/v0/diagd
then an error would be thrown due to the parsing logic not being
able to handle the extra colon. This has been fixed and Emissary-ingress will not throw an error
when parsing envoy metrics for the diagnostics user interface. -
Feature: It is now possible to set
custom_tags
in theTracingService
. Trace tags can be set
based on literal values, environment variables, or request headers. (Thanks to Paul!) (#4181) -
Bugfix: Emissary-ingress 2.0.0 introduced a bug where a
TCPMapping
that uses SNI, instead of
using the hostname glob in theTCPMapping
, uses the hostname glob in theHost
that the TLS
termination configuration comes from. -
Bugfix: Emissary-ingress 2.0.0 introduced a bug where a
TCPMapping
that terminates TLS must have
a correspondingHost
that it can take the TLS configuration from. This was semi-intentional, but
didn't make much sense. You can now use aTLSContext
without aHost
as in Emissary-ingress 1.y
releases, or aHost
with or without aTLSContext
as in prior 2.y releases. -
Bugfix: Prior releases of Emissary-ingress had the arbitrary limitation that a
TCPMapping
cannot
be used on the same port that HTTP is served on, even if TLS+SNI would make this possible.
Emissary-ingress now allowsTCPMappings
to be used on the sameListener
port as HTTPHosts
,
as long as thatListener
terminates TLS. -
Security: Updated Golang to 1.19.1 to address the CVEs: CVE-2022-27664, CVE-2022-32190.
Emissary Ingress Chart 8.2.0
π Emissary Ingress Chart 8.2.0 π
Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md
-
Upgrade Emissary to v3.2.0 CHANGELOG
-
Bugfix: The default Role configuration of the Ambassador Agent Deployment will allow it to correctly watch Secret resources for Ambassador Cloud tokens.