Skip to content

Emissary Ingress 2.4.0

Compare
Choose a tag to compare
@d6e-automaton d6e-automaton released this 19 Sep 15:23
· 800 commits to master since this release

🎉 Emissary Ingress 2.4.0 🎉

Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v2.4.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started

  • Feature: Previously the Host resource could only use secrets that are in the namespace as the
    Host. The tlsSecret field in the Host has a new subfield namespace that will allow the use of
    secrets from different namespaces.

  • Change: Set AMBASSADOR_EDS_BYPASS to true to bypass EDS handling of endpoints and have
    endpoints be inserted to clusters manually. This can help resolve with 503 UH caused by
    certification rotation relating to a delay between EDS + CDS. The default is false.

  • Bugfix: Previously, setting the stats_name for the TracingService, RateLimitService or the
    AuthService would have no affect because it was not being properly passed to the Envoy cluster
    config. This has been fixed and the alt_stats_name field in the cluster config is now set
    correctly. (Thanks to Paul!)

  • Feature: The AMBASSADOR_RECONFIG_MAX_DELAY env var can be optionally set to batch changes for
    the specified non-negative window period in seconds before doing an Envoy reconfiguration. Default
    is "1" if not set.

  • Bugfix: Emissary-ingress 2.0.0 introduced a bug where a TCPMapping that uses SNI, instead of
    using the hostname glob in the TCPMapping, uses the hostname glob in the Host that the TLS
    termination configuration comes from.

  • Bugfix: Emissary-ingress 2.0.0 introduced a bug where a TCPMapping that terminates TLS must have
    a corresponding Host that it can take the TLS configuration from. This was semi-intentional, but
    didn't make much sense. You can now use a TLSContext without a Hostas in Emissary-ingress 1.y
    releases, or a Host with or without a TLSContext as in prior 2.y releases.

  • Bugfix: Prior releases of Emissary-ingress had the arbitrary limitation that a TCPMapping cannot
    be used on the same port that HTTP is served on, even if TLS+SNI would make this possible.
    Emissary-ingress now allows TCPMappings to be used on the same Listener port as HTTP Hosts,
    as long as that Listener terminates TLS.