[go: up one dir, main page]

Skip to content

Releases: emissary-ingress/emissary

Emissary Ingress Chart 8.3.1

09 Dec 20:24
Compare
Choose a tag to compare

Emissary Ingress Chart 7.6.1

09 Dec 20:18
Compare
Choose a tag to compare

Emissary Ingress 2.5.0

03 Nov 14:10
Compare
Choose a tag to compare

πŸŽ‰ Emissary Ingress 2.5.0 πŸŽ‰

Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v2.5.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started

  • Bugfix: If a Host or TLSContext contained a hostname with a : then when using the
    diagnostics endpoints ambassador/v0/diagd then an error would be thrown due to the parsing logic
    not being able to handle the extra colon. This has been fixed and Emissary-ingress will not throw
    an error when parsing envoy metrics for the diagnostics user interface.

  • Security: Bump Go from 1.17.12 to 1.19.2. This is to keep the Go version current.

Emissary Ingress Chart 7.6.0

03 Nov 14:08
Compare
Choose a tag to compare

Emissary Ingress 3.3.0

02 Nov 13:46
Compare
Choose a tag to compare

πŸŽ‰ Emissary Ingress 3.3.0 πŸŽ‰

Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v3.3.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started

  • Security: Updated Golang to 1.19.2 to address the CVEs: CVE-2022-2879, CVE-2022-2880,
    CVE-2022-41715.

  • Bugfix: By default Emissary-ingress adds routes for http to https redirection. When an AuthService
    is applied in v2.Y of Emissary-ingress, Envoy would skip the ext_authz call for non-tls http
    request and would perform the https redirect. In Envoy 1.20+ the behavior has changed where Envoy
    will always call the ext_authz filter and must be disabled on a per route basis.
    This new behavior
    change introduced a regression in v3.0 of Emissary-ingress when it was upgraded to Envoy 1.22. The
    http to https redirection no longer works when an AuthService was applied. This fix restores the
    previous behavior by disabling the ext_authz call on the https redirect routes. (#4620)

  • Bugfix: When an AuthService is applied in v2.Y of Emissary-ingress, Envoy would skip the ext_authz
    call for all redirect routes and would perform the redirect. In Envoy 1.20+ the behavior has
    changed where Envoy will always call the ext_authz filter so it must be disabled on a per route
    basis.
    This new behavior change introduced a regression in v3.0 of Emissary-ingress when it was
    upgraded to Envoy 1.22. The host_redirect would call an AuthService prior to redirect if applied.
    This fix restores the previous behavior by disabling the ext_authz call on the host_redirect
    routes. (#4640)

  • Bugfix: Previous versions of Emissary-ingress required a workaround using TLSContexts to find
    tls secrets referenced from Ingress resources. Now tls secrets referenced are properly detected
    without requiring an additional TLSContext to reference them. (Thanks to Ole Markus!).

Emissary Ingress Chart 8.3.0

02 Nov 13:41
Compare
Choose a tag to compare

πŸŽ‰ Emissary Ingress Chart 8.3.0 πŸŽ‰

Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md


  • Upgrade Emissary to v3.3.0 CHANGELOG

  • Change: By default, the Ambassador agent will report diagnostics to the Ambassador Cloud

  • Change: updated auto-scaling resource cpu and memory variable ordering to help with git-ops syncing. Also, adjusted memory and cpu settings to be more friendly so that they do not cause the HPA auto-scaling to trigger during start-up. Thanks to Ian Martin for the contribution!

Emissary Ingress 2.4.1

10 Oct 13:19
Compare
Choose a tag to compare

πŸŽ‰ Emissary Ingress 2.4.1 πŸŽ‰

Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v2.4.1/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started

  • Bugfix: If a Host or TLSContext contained a hostname with a : then when using the
    diagnostics endpoints ambassador/v0/diagd then an error would be thrown due to the parsing logic
    not being able to handle the extra colon. This has been fixed and Emissary-ingress will not throw
    an error when parsing envoy metrics for the diagnostics user interface.

  • Bugfix: The synthetic AuthService didn't correctly handle AmbassadorID, which was fixed in version
    3.1 of Emissary-ingress. The fix has been backported to make sure the AuthService is handled
    correctly during upgrades.

Emissary Ingress Chart 7.5.1

10 Oct 13:16
Compare
Choose a tag to compare

Emissary Ingress 3.2.0

27 Sep 19:37
Compare
Choose a tag to compare

πŸŽ‰ Emissary Ingress 3.2.0 πŸŽ‰

Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v3.2.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started

  • Change: The envoy version included in Emissary-ingress has been upgraded from 1.22 to the latest
    patch release of 1.23. This provides Emissary-ingress with the latest security patches,
    performances enhancments, and features offered by the envoy proxy.

  • Change: Changes to label matching will change how Hosts are associated with Mappings. There
    was a bug with label selectors that was causing Hosts to be incorrectly being associated with
    more Mappings than intended. If any single label from the selector was matched then the Host
    would be associated with the Mapping. Now it has been updated to correctly only associate a
    Host with a Mapping if all labels required by the selector are present. This brings the
    mappingSelector field in-line with how label selectors are used in Kubernetes. To avoid
    unexpected behaviour after the upgrade, add all labels that Hosts have in their mappingSelector
    to Mappings you want to associate with the Host. You can opt-out of the new behaviour by
    setting the environment variable DISABLE_STRICT_LABEL_SELECTORS to "true" (default:
    "false"). (Thanks to Filip Herceg and Joe Andaverde!).

  • Feature: Previously the Host resource could only use secrets that are in the namespace as the
    Host. The tlsSecret field in the Host has a new subfield namespace that will allow the use of
    secrets from different namespaces.

  • Change: Set AMBASSADOR_EDS_BYPASS to true to bypass EDS handling of endpoints and have
    endpoints be inserted to clusters manually. This can help resolve with 503 UH caused by
    certification rotation relating to a delay between EDS + CDS. The default is false.

  • Bugfix: Distinct services with names that are the same in the first forty characters will no
    longer be incorrectly mapped to the same cluster. (#4354)

  • Feature: By default, when Envoy is unable to communicate with the configured RateLimitService then
    it will allow traffic through. The RateLimitService resource now exposes the failure_mode_deny
    option. Set failure_mode_deny: true, then Envoy will deny traffic when it is unable to
    communicate to the RateLimitService returning a 500.

  • Bugfix: Previously, setting the stats_name for the TracingService, RateLimitService or the
    AuthService would have no affect because it was not being properly passed to the Envoy cluster
    config. This has been fixed and the alt_stats_name field in the cluster config is now set
    correctly. (Thanks to Paul!)

  • Feature: The AMBASSADOR_RECONFIG_MAX_DELAY env var can be optionally set to batch changes for
    the specified non-negative window period in seconds before doing an Envoy reconfiguration. Default
    is "1" if not set.

  • Bugfix: If a Host or TLSContext contained a hostname with a : when using the diagnostics
    endpoints ambassador/v0/diagd then an error would be thrown due to the parsing logic not being
    able to handle the extra colon. This has been fixed and Emissary-ingress will not throw an error
    when parsing envoy metrics for the diagnostics user interface.

  • Feature: It is now possible to set custom_tags in the TracingService. Trace tags can be set
    based on literal values, environment variables, or request headers. (Thanks to Paul!) (#4181)

  • Bugfix: Emissary-ingress 2.0.0 introduced a bug where a TCPMapping that uses SNI, instead of
    using the hostname glob in the TCPMapping, uses the hostname glob in the Host that the TLS
    termination configuration comes from.

  • Bugfix: Emissary-ingress 2.0.0 introduced a bug where a TCPMapping that terminates TLS must have
    a corresponding Host that it can take the TLS configuration from. This was semi-intentional, but
    didn't make much sense. You can now use a TLSContext without a Hostas in Emissary-ingress 1.y
    releases, or a Host with or without a TLSContext as in prior 2.y releases.

  • Bugfix: Prior releases of Emissary-ingress had the arbitrary limitation that a TCPMapping cannot
    be used on the same port that HTTP is served on, even if TLS+SNI would make this possible.
    Emissary-ingress now allows TCPMappings to be used on the same Listener port as HTTP Hosts,
    as long as that Listener terminates TLS.

  • Security: Updated Golang to 1.19.1 to address the CVEs: CVE-2022-27664, CVE-2022-32190.

Emissary Ingress Chart 8.2.0

27 Sep 19:35
Compare
Choose a tag to compare

πŸŽ‰ Emissary Ingress Chart 8.2.0 πŸŽ‰

Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md


  • Upgrade Emissary to v3.2.0 CHANGELOG

  • Bugfix: The default Role configuration of the Ambassador Agent Deployment will allow it to correctly watch Secret resources for Ambassador Cloud tokens.