Releases: emissary-ingress/emissary
Emissary Ingress 2.4.0
🎉 Emissary Ingress 2.4.0 🎉
Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.
Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v2.4.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started
-
Feature: Previously the
Host
resource could only use secrets that are in the namespace as the
Host. ThetlsSecret
field in the Host has a new subfieldnamespace
that will allow the use of
secrets from different namespaces. -
Change: Set
AMBASSADOR_EDS_BYPASS
totrue
to bypass EDS handling of endpoints and have
endpoints be inserted to clusters manually. This can help resolve with503 UH
caused by
certification rotation relating to a delay between EDS + CDS. The default isfalse
. -
Bugfix: Previously, setting the
stats_name
for theTracingService
,RateLimitService
or the
AuthService
would have no affect because it was not being properly passed to the Envoy cluster
config. This has been fixed and thealt_stats_name
field in the cluster config is now set
correctly. (Thanks to Paul!) -
Feature: The
AMBASSADOR_RECONFIG_MAX_DELAY
env var can be optionally set to batch changes for
the specified non-negative window period in seconds before doing an Envoy reconfiguration. Default
is "1" if not set. -
Bugfix: Emissary-ingress 2.0.0 introduced a bug where a
TCPMapping
that uses SNI, instead of
using the hostname glob in theTCPMapping
, uses the hostname glob in theHost
that the TLS
termination configuration comes from. -
Bugfix: Emissary-ingress 2.0.0 introduced a bug where a
TCPMapping
that terminates TLS must have
a correspondingHost
that it can take the TLS configuration from. This was semi-intentional, but
didn't make much sense. You can now use aTLSContext
without aHost
as in Emissary-ingress 1.y
releases, or aHost
with or without aTLSContext
as in prior 2.y releases. -
Bugfix: Prior releases of Emissary-ingress had the arbitrary limitation that a
TCPMapping
cannot
be used on the same port that HTTP is served on, even if TLS+SNI would make this possible.
Emissary-ingress now allowsTCPMappings
to be used on the sameListener
port as HTTPHosts
,
as long as thatListener
terminates TLS.
Emissary Ingress Chart 7.5.0
🎉 Emissary Ingress Chart 7.5.0 🎉
Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md
- Upgrade Emissary to v2.4.0 CHANGELOG
Emissary Ingress 3.1.0
🎉 Emissary Ingress 3.1.0 🎉
Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.
Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v3.1.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started
-
Feature: The agent is now able to parse api contracts using swagger 2, and to convert them to
OpenAPI 3, making them available for use in the dev portal. -
Feature: Adds a new command to the agent directive service to manage secrets. This allows a third
party product to manage CRDs that depend upon a secret. -
Feature: Add additional pprof endpoints to allow for profiling Emissary-ingress:
- CPU profiles
(/debug/pprof/profile) - tracing (/debug/pprof/trace)
- command line running
(/debug/pprof/cmdline) - program counters (/debug/pprof/symbol)
- CPU profiles
-
Change: In the standard published
.yaml
files, theModule
resource enables serving remote
client requests to the:8877/ambassador/v0/diag/
endpoint. The associated Helm chart release
also now enables it by default. -
Bugfix: A regression was introduced in 2.3.0 causing the agent to miss some of the metrics coming
from emissary ingress before sending them to Ambassador cloud. This issue has been resolved to
ensure that all the nodes composing the emissary ingress cluster are reporting properly. -
Security: Updated Golang to 1.17.12 to address the CVEs: CVE-2022-23806, CVE-2022-28327,
CVE-2022-24675, CVE-2022-24921, CVE-2022-23772. -
Security: Updated Curl to 7.80.0-r2 to address the CVEs: CVE-2022-32207, CVE-2022-27782,
CVE-2022-27781, CVE-2022-27780. -
Security: Updated openSSL-dev to 1.1.1q-r0 to address CVE-2022-2097.
-
Security: Updated ncurses to 1.1.1q-r0 to address CVE-2022-29458
Emissary Ingress 2.3.2
🎉 Emissary Ingress 2.3.2 🎉
Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.
Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v2.3.2/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started
-
Bugfix: A regression was introduced in 2.3.0 causing the agent to miss some of the metrics coming
from emissary ingress before sending them to Ambassador cloud. This issue has been resolved to
ensure that all the nodes composing the emissary ingress cluster are reporting properly. -
Security: Updated Golang to 1.17.12 to address the CVEs: CVE-2022-23806, CVE-2022-28327,
CVE-2022-24675, CVE-2022-24921, CVE-2022-23772. -
Security: Updated Curl to 7.80.0-r2 to address the CVEs: CVE-2022-32207, CVE-2022-27782,
CVE-2022-27781, CVE-2022-27780. -
Security: Updated openSSL-dev to 1.1.1q-r0 to address CVE-2022-2097.
-
Security: Updated ncurses to 1.1.1q-r0 to address CVE-2022-29458
Emissary Ingress Chart 8.1.0
🎉 Emissary Ingress Chart 8.1.0 🎉
Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md
Emissary Ingress Chart 7.4.2
🎉 Emissary Ingress Chart 7.4.2 🎉
Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md
- Update Emissary chart image to version v2.3.2 CHANGELOG
Emissary Ingress 3.0.0
🎉 Emissary Ingress 3.0.0 🎉
Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.
Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v3.0.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started
-
Change: The envoy version included in Emissary-ingress has been upgraded from 1.17 to the latest
patch release of 1.22. This provides Emissary-ingress with the latest security patches,
performances enhancments, and features offered by the envoy proxy. One notable change that will
effect users is the removal of support for V2 tranport protocol. See below for more information. -
Change: Emissary-ingress can no longer be made to configure Envoy using the v2 xDS configuration
API; it now always uses the v3 xDS API to configure Envoy. This change should be mostly invisible
to users, with one notable exception: It removes support forregex_type: unsafe
.
The
regex_type
field will is removed from theambassador
Module
, meaning that it is not be
possible to instruct Envoy to use the ECMAScript Regex engine rather than
the default RE2 engine.
Users who rely on the specific
ECMAScript Regex syntax will need to rewrite their regular expressions with RE2 syntax before
upgrading to Emissary-ingress 3.0.0.
As the xDS version is no longer configurable and the range of
supported Zipkin protocols is reduced (see below), the AMBASSADOR_ENVOY_API_VERSION environment
variable has been removed. -
Change: With the ugprade to Envoy 1.22, Emissary-ingress no longer supports the V2 transport
protocol. TheAuthService
,LogService
and theRateLimitService
will only support the v3
protocol_version. If protocol_version is not specified, the default value ofv2
will cause an
error to be posted. Therefore, you will need to set it toprotocol_version: "v3"
. If upgrading
from a previous version you will want to set it to "v3" and ensure it is working before upgrading
to Emissary-ingress 3.Y. -
Change: With the upgrade to Envoy 1.22, the
zipkin
driver for theTraceService
no longer
supports setting thecollector_endpoint_version: HTTP_JSON_V1
. This was removed in Envoy 1.20 -
.
The new default will becollector_endpoint_version: HTTP_JSON
, regardless of the
AMBASSADOR_ENVOY_API_VERSION
environment variable. -
Change: In the standard published
.yaml
files, now included is aModule
resource that disables
the/ambassador/v0/
→127.0.0.1:8878
synthetic mapping. We have long recommended to turn
this off for production use; it is now off in the standard YAML. The associated Helm chart
release also now disables it by default. A later apiVersion (getambassador.io/v3alpha2
or
later) will likely change theModule
CRD so that it is disabled if unspecified; but in the
mean-time, the default install procedure will now specify it to be disabled. -
Change: This release does not include the publishing of
emissary-emissaryns-agent.yaml
,
emissary-defaultns-agent.yaml
,emissary-emissaryns-migration.yaml
, or
emissary-defaultns-migration.yaml
files. All four of these files existed solely as part of the
migration process from 1;y, but since 2.2.0 the*-migration.yaml
files have not been part of the
migration instructions, and while the*-agent.yaml
files remained part of the instructions they
were actually unnescessary. -
Change: The previous version of Emissary-ingress was based on Envoy 1.17 and when using grpc_stats
withall_methods
orservices
set, it would output metrics in the following format
envoy_cluster_grpc_{ServiceName}_{statname}
. When neither of these fields are set it would be
aggregated toenvoy_cluster_grpc_{statname}
.
The new behavior since Envoy 1.18 will produce
metrics in the following formatenvoy_cluster_grpc_{MethodName}_statsname
and
envoy_cluster_grpc_statsname
.
After further investigation we found that Envoy doesn't properly
parse service names such ascncf.telepresence.Manager/Status
. In the future, we will work
upstream Envoy to get this parsing logic fixed to ensure consistent metric naming. -
Bugfix: Previously setting
grpc_stats
in theambassador
Module
without setting either
grpc_stats.services
orgrpc_stats.all_methods
would result in crashing. Now it behaves as if
grpc_stats.all_methods=false
. -
Feature: With the ugprade to Envoy 1.22, Emissary-ingress can now be configured to listen for
HTTP/3 connections using QUIC and the UDP network protocol. It currently only supports for
connections between downstream clients and Emissary-ingress.
Emissary Ingress Chart 8.0.0
🎉 Emissary Ingress Chart 8.0.0 🎉
Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md
-
Change: The default for the
module
value has changed to disable
the/ambassador/v0/
→127.0.0.1:8877
synthetic Mapping by
default. We have long recommended to turn this off for production
use; it is now off by default. -
Bugfix: The default values no trigger the creation of an
"emissary-test-ready" Pod. This Pod was meant to only be created
when running the chart's test suite; it was not meant to be created
in users' clusters.
Ambassador 1.14.4
🎉 Ambassador 1.14.4 🎉
Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
- Security: We have backported patches from the Envoy 1.19.5 security update to Emissary-ingress's
1.17-based Envoy, addressing CVE-2022-29224 and CVE-2022-29225. Emissary-ingress is not affected
by CVE-2022-29226, CVE-2022-29227, or CVE-2022-29228; as it does not support internal
redirects, and does not use Envoy's built-in OAuth2 filter.
Ambassador Chart 6.9.5
🎉 Ambassador Chart 6.9.5 🎉
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/datawire/ambassador/blob/master/charts/ambassador/CHANGELOG.md