open source Kubernetes-native API gateway for microservices built on the Envoy Proxy
Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html View changelog - https://github.com/emissary-ingress/emissary/blob/v3.9.1/CHANGELOG.md Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started
Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md
Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html View changelog - https://github.com/emissary-ingress/emissary/blob/v3.9.0/CHANGELOG.md Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started
Feature: This upgrades Emissary-ingress to be built on Envoy v1.27.2 which provides security, performance and feature enhancements. You can read more about them here: Envoy Proxy 1.27.2 Release Notes
Feature: By default, Emissary-ingress will return an UNAVAILABLE
code when a request using gRPC
is rate limited. The RateLimitService
resource now exposes a new
grpc.use_resource_exhausted_code
field that when set to true
, Emissary-ingress will return a
RESOURCE_EXHAUSTED
gRPC code instead. Thanks to Jerome
Froelich for contributing this feature!
Feature: Envoy runtime fields that were provided to mitigate the recent HTTP/2 rapid reset vulnerability can now be configured via the Module resource so the configuration will persist between restarts. This configuration is added to the Envoy bootstrap config, so restarting Emissary is necessary after changing these fields for the configuration to take effect.
Change: APIExt would previously allow for TLS 1.0 connections. We have updated it to now only use a minimum TLS version of 1.3 to resolve security concerns.
Change: - Update default image to Emissary-ingress v3.9.0.
Bugfix: The APIExt server provides CRD conversion between the stored version v2 and the version watched for by Emissary-ingress v3alpha1. Since this component is required to operate Emissary-ingress, we have introduced an init container that will ensure it is available before starting. This will help address some of the intermittent issues seen during install and upgrades.
Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md
.Values.autoscaling.behavior
Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html View changelog - https://github.com/emissary-ingress/emissary/blob/v3.8.2/CHANGELOG.md Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started
Security: This release includes security patches to the current Envoy proxy version to address CVE 2023-44487 and includes a fix to determine if a client is making too many requests with premature resets. The connection is disconnected if more than 50% of resets are considered premature. Another fix is also included which exposes a runtime setting to control the limit on the number of HTTP requests processed from a single connection in a single I/O cycle to mitigate CPU starvation.
Security: Upgrading to the latest release of Golang as part of our general dependency upgrade process. This update resolves CVE-2023-39323 and CVE-2023-39325.
Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md
Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html View changelog - https://github.com/emissary-ingress/emissary/blob/v3.8.1/CHANGELOG.md Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started
Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md
Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html View changelog - https://github.com/emissary-ingress/emissary/blob/v3.8.0/CHANGELOG.md Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started
Bugfix: As of v2.2.2, if two mappings were associated with different Hosts through host mappingSelector labels but share the same prefix, the labels were not taken into account which would cause one Mapping to be correctly routed but the other not. This change fixes this issue so that Mappings sharing the same prefix but associated with different Hosts will be correctly routed. (Canary grouping must take labels into account)
Bugfix: In previous versions, if multiple Headers/QueryParameters where used in a v3alpha1 mapping, these values would duplicate and cause all the Headers/QueryParameters to have the same value. This is no longer the case and the expected values for unique Headers/QueryParameters will apply. This issue was only present in v3alpha1 Mappings. For users who may have this issue, please be sure to re-apply any v3alpha1 Mappings in order to update the stored v2 Mapping and resolve the issue.
Change: When the Ambassador agent is being used, it will no longer attempt to collect and report Envoy metrics. In previous versions, Emissary-ingress would always create an Envoy stats sink for the agent as long as the AMBASSADOR_GRPC_METRICS_SINK environmet variable was provided. This environment variable was hardcoded on the release manifests and has now been removed and an Envoy stats sink for the agent is no longer created.
Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md