Emissary Ingress 2.4.0
🎉 Emissary Ingress 2.4.0 🎉
Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.
Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v2.4.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started
-
Feature: Previously the
Host
resource could only use secrets that are in the namespace as the
Host. ThetlsSecret
field in the Host has a new subfieldnamespace
that will allow the use of
secrets from different namespaces. -
Change: Set
AMBASSADOR_EDS_BYPASS
totrue
to bypass EDS handling of endpoints and have
endpoints be inserted to clusters manually. This can help resolve with503 UH
caused by
certification rotation relating to a delay between EDS + CDS. The default isfalse
. -
Bugfix: Previously, setting the
stats_name
for theTracingService
,RateLimitService
or the
AuthService
would have no affect because it was not being properly passed to the Envoy cluster
config. This has been fixed and thealt_stats_name
field in the cluster config is now set
correctly. (Thanks to Paul!) -
Feature: The
AMBASSADOR_RECONFIG_MAX_DELAY
env var can be optionally set to batch changes for
the specified non-negative window period in seconds before doing an Envoy reconfiguration. Default
is "1" if not set. -
Bugfix: Emissary-ingress 2.0.0 introduced a bug where a
TCPMapping
that uses SNI, instead of
using the hostname glob in theTCPMapping
, uses the hostname glob in theHost
that the TLS
termination configuration comes from. -
Bugfix: Emissary-ingress 2.0.0 introduced a bug where a
TCPMapping
that terminates TLS must have
a correspondingHost
that it can take the TLS configuration from. This was semi-intentional, but
didn't make much sense. You can now use aTLSContext
without aHost
as in Emissary-ingress 1.y
releases, or aHost
with or without aTLSContext
as in prior 2.y releases. -
Bugfix: Prior releases of Emissary-ingress had the arbitrary limitation that a
TCPMapping
cannot
be used on the same port that HTTP is served on, even if TLS+SNI would make this possible.
Emissary-ingress now allowsTCPMappings
to be used on the sameListener
port as HTTPHosts
,
as long as thatListener
terminates TLS.