emissary

🎉 Emissary Ingress Chart 8.2.0 🎉

Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md

• Upgrade Emissary to v3.2.0 CHANGELOG

• Bugfix: The default Role configuration of the Ambassador Agent Deployment will allow it to correctly watch Secret resources for Ambassador Cloud tokens.

🎉 Emissary Ingress 2.4.0 🎉

Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v2.4.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started

• Feature: Previously the Host resource could only use secrets that are in the namespace as the
  Host. The tlsSecret field in the Host has a new subfield namespace that will allow the use of
  secrets from different namespaces.

• Change: Set AMBASSADOR_EDS_BYPASS to true to bypass EDS handling of endpoints and have
  endpoints be inserted to clusters manually. This can help resolve with 503 UH caused by
  certification rotation relating to a delay between EDS + CDS. The default is false.

• Bugfix: Previously, setting the stats_name for the TracingService, RateLimitService or the
  AuthService would have no affect because it was not being properly passed to the Envoy cluster
  config. This has been fixed and the alt_stats_name field in the cluster config is now set
  correctly. (Thanks to Paul!)

• Feature: The AMBASSADOR_RECONFIG_MAX_DELAY env var can be optionally set to batch changes for
  the specified non-negative window period in seconds before doing an Envoy reconfiguration. Default
  is "1" if not set.

• Bugfix: Emissary-ingress 2.0.0 introduced a bug where a TCPMapping that uses SNI, instead of
  using the hostname glob in the TCPMapping, uses the hostname glob in the Host that the TLS
  termination configuration comes from.

• Bugfix: Emissary-ingress 2.0.0 introduced a bug where a TCPMapping that terminates TLS must have
  a corresponding Host that it can take the TLS configuration from. This was semi-intentional, but
  didn't make much sense. You can now use a TLSContext without a Hostas in Emissary-ingress 1.y
  releases, or a Host with or without a TLSContext as in prior 2.y releases.

• Bugfix: Prior releases of Emissary-ingress had the arbitrary limitation that a TCPMapping cannot
  be used on the same port that HTTP is served on, even if TLS+SNI would make this possible.
  Emissary-ingress now allows TCPMappings to be used on the same Listener port as HTTP Hosts,
  as long as that Listener terminates TLS.

🎉 Emissary Ingress Chart 7.5.0 🎉

Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md

• Upgrade Emissary to v2.4.0 CHANGELOG

🎉 Emissary Ingress 3.1.0 🎉

Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v3.1.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started

• Feature: The agent is now able to parse api contracts using swagger 2, and to convert them to
  OpenAPI 3, making them available for use in the dev portal.

• Feature: Adds a new command to the agent directive service to manage secrets. This allows a third
  party product to manage CRDs that depend upon a secret.

• Feature: Add additional pprof endpoints to allow for profiling Emissary-ingress:

  • CPU profiles
    (/debug/pprof/profile)
  • tracing (/debug/pprof/trace)
  • command line running
    (/debug/pprof/cmdline)
  • program counters (/debug/pprof/symbol)

• Change: In the standard published .yaml files, the Module resource enables serving remote
  client requests to the :8877/ambassador/v0/diag/ endpoint. The associated Helm chart release
  also now enables it by default.

• Bugfix: A regression was introduced in 2.3.0 causing the agent to miss some of the metrics coming
  from emissary ingress before sending them to Ambassador cloud. This issue has been resolved to
  ensure that all the nodes composing the emissary ingress cluster are reporting properly.

• Security: Updated Golang to 1.17.12 to address the CVEs: CVE-2022-23806, CVE-2022-28327,
  CVE-2022-24675, CVE-2022-24921, CVE-2022-23772.

• Security: Updated Curl to 7.80.0-r2 to address the CVEs: CVE-2022-32207, CVE-2022-27782,
  CVE-2022-27781, CVE-2022-27780.

• Security: Updated openSSL-dev to 1.1.1q-r0 to address CVE-2022-2097.

• Security: Updated ncurses to 1.1.1q-r0 to address CVE-2022-29458

🎉 Emissary Ingress Chart 8.1.0 🎉

Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md

🎉 Emissary Ingress 2.3.2 🎉

Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v2.3.2/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started

• Bugfix: A regression was introduced in 2.3.0 causing the agent to miss some of the metrics coming
  from emissary ingress before sending them to Ambassador cloud. This issue has been resolved to
  ensure that all the nodes composing the emissary ingress cluster are reporting properly.

• Security: Updated Golang to 1.17.12 to address the CVEs: CVE-2022-23806, CVE-2022-28327,
  CVE-2022-24675, CVE-2022-24921, CVE-2022-23772.

• Security: Updated Curl to 7.80.0-r2 to address the CVEs: CVE-2022-32207, CVE-2022-27782,
  CVE-2022-27781, CVE-2022-27780.

• Security: Updated openSSL-dev to 1.1.1q-r0 to address CVE-2022-2097.

• Security: Updated ncurses to 1.1.1q-r0 to address CVE-2022-29458

🎉 Emissary Ingress Chart 7.4.2 🎉

Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md

• Update Emissary chart image to version v2.3.2 CHANGELOG

🎉 Emissary Ingress 3.0.0 🎉

Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v3.0.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started

• Change: The envoy version included in Emissary-ingress has been upgraded from 1.17 to the latest
  patch release of 1.22. This provides Emissary-ingress with the latest security patches,
  performances enhancments, and features offered by the envoy proxy. One notable change that will
  effect users is the removal of support for V2 tranport protocol. See below for more information.

• Change: Emissary-ingress can no longer be made to configure Envoy using the v2 xDS configuration
  API; it now always uses the v3 xDS API to configure Envoy. This change should be mostly invisible
  to users, with one notable exception: It removes support for regex_type: unsafe.
  The
  regex_type field will is removed from the ambassador Module, meaning that it is not be
  possible to instruct Envoy to use the ECMAScript Regex engine rather than
  the default RE2 engine.
  Users who rely on the specific
  ECMAScript Regex syntax will need to rewrite their regular expressions with RE2 syntax before
  upgrading to Emissary-ingress 3.0.0.
  As the xDS version is no longer configurable and the range of
  supported Zipkin protocols is reduced (see below), the AMBASSADOR_ENVOY_API_VERSION environment
  variable has been removed.

• Change: With the ugprade to Envoy 1.22, Emissary-ingress no longer supports the V2 transport
  protocol. The AuthService, LogService and the RateLimitService will only support the v3
  protocol_version. If protocol_version is not specified, the default value of v2 will cause an
  error to be posted. Therefore, you will need to set it to protocol_version: "v3". If upgrading
  from a previous version you will want to set it to "v3" and ensure it is working before upgrading
  to Emissary-ingress 3.Y.

• Change: With the upgrade to Envoy 1.22, the zipkin driver for the TraceService no longer
  supports setting the collector_endpoint_version: HTTP_JSON_V1. This was removed in Envoy 1.20 -
  .
  The new default will be collector_endpoint_version: HTTP_JSON, regardless of the
  AMBASSADOR_ENVOY_API_VERSION environment variable.

• Change: In the standard published .yaml files, now included is a Module resource that disables
  the /ambassador/v0/ → 127.0.0.1:8878 synthetic mapping. We have long recommended to turn
  this off for production use; it is now off in the standard YAML. The associated Helm chart
  release also now disables it by default. A later apiVersion (getambassador.io/v3alpha2 or
  later) will likely change the Module CRD so that it is disabled if unspecified; but in the
  mean-time, the default install procedure will now specify it to be disabled.

• Change: This release does not include the publishing of emissary-emissaryns-agent.yaml,
  emissary-defaultns-agent.yaml, emissary-emissaryns-migration.yaml, or
  emissary-defaultns-migration.yaml files. All four of these files existed solely as part of the
  migration process from 1;y, but since 2.2.0 the *-migration.yaml files have not been part of the
  migration instructions, and while the *-agent.yaml files remained part of the instructions they
  were actually unnescessary.

• Change: The previous version of Emissary-ingress was based on Envoy 1.17 and when using grpc_stats
  with all_methods or services set, it would output metrics in the following format
  envoy_cluster_grpc_{ServiceName}_{statname}. When neither of these fields are set it would be
  aggregated to envoy_cluster_grpc_{statname}.
  The new behavior since Envoy 1.18 will produce
  metrics in the following format envoy_cluster_grpc_{MethodName}_statsname and
  envoy_cluster_grpc_statsname.
  After further investigation we found that Envoy doesn't properly
  parse service names such as cncf.telepresence.Manager/Status. In the future, we will work
  upstream Envoy to get this parsing logic fixed to ensure consistent metric naming.

• Bugfix: Previously setting grpc_stats in the ambassador Module without setting either
  grpc_stats.services or grpc_stats.all_methods would result in crashing. Now it behaves as if
  grpc_stats.all_methods=false.

• Feature: With the ugprade to Envoy 1.22, Emissary-ingress can now be configured to listen for
  HTTP/3 connections using QUIC and the UDP network protocol. It currently only supports for
  connections between downstream clients and Emissary-ingress.

🎉 Emissary Ingress Chart 8.0.0 🎉

Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md

• Change: The default for the module value has changed to disable
  the /ambassador/v0/ → 127.0.0.1:8877 synthetic Mapping by
  default. We have long recommended to turn this off for production
  use; it is now off by default.

• Bugfix: The default values no trigger the creation of an
  "emissary-test-ready" Pod. This Pod was meant to only be created
  when running the chart's test suite; it was not meant to be created
  in users' clusters.

🎉 Ambassador 1.14.4 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

• Security: We have backported patches from the Envoy 1.19.5 security update to Emissary-ingress's
  1.17-based Envoy, addressing CVE-2022-29224 and CVE-2022-29225. Emissary-ingress is not affected
  by CVE-2022-29226, CVE-2022-29227, or CVE-2022-29228; as it does not support internal
  redirects, and does not use Envoy's built-in OAuth2 filter.

🎉 Ambassador Chart 6.9.5 🎉

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/datawire/ambassador/blob/master/charts/ambassador/CHANGELOG.md

• Update Ambassador API Gateway chart image to version v1.14.4: CHANGELOG
• Update Ambassador Edge Stack chart image to version v1.14.4: CHANGELOG

🎉 Emissary Ingress 2.3.1 🎉

Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v2.3.1/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started

• Bugfix: A regression was introduced in 2.3.0 that leaked zipkin default config fields into the
  configuration for the other drivers (lightstep, etc...). This caused Emissary-ingress to crash on
  startup. This issue has been resolved to ensure that the defaults are only applied when driver is
  zipkin (#4267)

• Security: We have backported patches from the Envoy 1.19.5 security update to Emissary-ingress's
  1.17-based Envoy, addressing CVE-2022-29224 and CVE-2022-29225. Emissary-ingress is not affected
  by CVE-2022-29226, CVE-2022-29227, or CVE-2022-29228; as it does not support internal
  redirects, and does not use Envoy's built-in OAuth2 filter.

🎉 Emissary Ingress Chart 7.4.1 🎉

Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md

🎉 Emissary Ingress 2.3.0 🎉

Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v2.3.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started

• Security: Completely remove gdbm, pip, smtplib, and sqlite packages, as they are unused.

• Feature: It is now possible to set propagation_modes in the TracingService config when using
  lightstep as the driver. (Thanks to Paul!) (#4179)

• Feature: It is now possible to set crl_secret in Host and TLSContext resources to check peer
  certificates against a certificate revocation list. (#1743)

• Feature: Previously, a LogService would always have Emissary-ingress communicate with the
  external log service using the envoy.service.accesslog.v2.AccessLogService API. It is now
  possible for the LogService to specify protocol_version: v3 to use the newer
  envoy.service.accesslog.v3.AccessLogService API instead. This functionality is not available if
  you set the AMBASSADOR_ENVOY_API_VERSION=V2 environment variable.

• Bugfix: When CORS is specified (either in a Mapping or in the Ambassador Module), CORS
  processing will happen before authentication. This corrects a problem where XHR to authenticated
  endpoints would fail.

• Bugfix: In 2.x releases of Emissary-ingress when there are multiple Mappings that have the same
  metadata.name across multiple namespaces, their old config would not properly be removed from
  the cache when their config was updated. This resulted in an inability to update configuration for
  groups of Mappings that share the same name until the Emissary-ingress pods restarted.

• Bugfix: It is now possible for a TracingService to specify collector_endpoint_version: HTTP_JSON_V1 when using xDS v3 to configure Envoy (which has been the default since
  Emissary-ingress 1.14.0). The HTTP_JSON_V1 value configures Envoy to speak to Zipkin using
  Zipkin's old API-v1, while the HTTP_JSON value configures Envoy to speak to Zipkin using
  Zipkin's new API-v2. In previous versions of Emissary-ingress it was only possible to use
  HTTP_JSON_V1 when explicitly setting the AMBASSADOR_ENVOY_API_VERSION=V2 environment variable
  to force use of xDS v2 to configure Envoy.

🎉 Emissary Ingress Chart 7.4.0 🎉

Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md

• Update change Emissary chart image to version v2.3.0 CHANGELOG
• Add "lifecycle" option to main container. This can be used, for example, to add a lifecycle.preStop hook. Thanks to Eric Totten for the contribution!
• Add ambassador_id to listener manifests rendered when using createDefaultListeners: true with AMBASSADOR_ID set in environment variables. Thanks to Jennifer Reed for the contribution!
• Feature: Added configurable IngressClass resource to be compliant with Kubernetes 1.22+ ingress specification.

🎉 Ambassador 1.14.3 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

• Security: Upgraded Envoy to address security vulnerabilities CVE-2021-43824, CVE-2021-43825,
  CVE-2021-43826, CVE-2022-21654, and CVE-2022-21655.

🎉 Ambassador Chart 6.9.4 🎉

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/datawire/ambassador/blob/master/charts/ambassador/CHANGELOG.md

• Update Ambassador API Gateway chart image to version v1.14.3: CHANGELOG
• Update Ambassador Edge Stack chart image to version v1.14.3: CHANGELOG

🎉 Emissary Ingress 2.2.2 🎉

Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v2.2.2/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started

• Change: You may now choose to enable TLS Secret validation by setting the
  AMBASSADOR_FORCE_SECRET_VALIDATION=true environment variable. The default configuration does not
  enforce secret validation.

• Bugfix: Kubernetes Secrets that should contain an EC (Elliptic Curve) TLS Private Key are now
  properly validated. (4134)

🎉 Emissary Ingress Chart 7.3.2 🎉

Upgrade Emissary - https://www.getambassador.io/reference/upgrading#helm.html
View changelog - https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md

🎉 Emissary Ingress 2.2.1 🎉

Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v2.2.1/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started

• Change: Support for the Envoy V2 API is deprecated as of Emissary-ingress v2.1, and will be
  removed in Emissary-ingress v3.0. The AMBASSADOR_ENVOY_API_VERSION environment variable will be
  removed at the same time. Only the Envoy V3 API will be supported (this has been the default since
  Emissary-ingress v1.14.0).

• Bugfix: The Ambassador Agent now correctly supports requests to cancel a rollout.