emissary

🎉 Ambassador 1.11.2 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

• Bugfix: Changes to endpoints when endpoint routing is not active will no longer cause reconfiguration
• Bugfix: Correctly differentiate int values of 0 and Boolean values of false from non-existent attributes in CRDs (#3212)
• Bugfix: Correctly support Consul datacenters other than "dc1" without legacy mode.

🎉 Ambassador 1.11.1 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

• Bugfix: Fix an issue that caused Dev Portal to sporadically respond with upstream connect timeout when loading content

🎉 Ambassador 1.11.0 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambasssador API Gateway + Ambassador Edge Stack

• Feature: Ambassador now reads the ENVOY_CONCURRENCY environment variable to optionally set the --concurrency command line option when launching Envoy. This controls the number of worker threads used to serve requests and can be used to fine-tune system resource usage.
• Feature: The %DOWNSTREAM_PEER_CERT_V_START% and %DOWNSTREAM_PEER_CERT_V_END% command operators now support custom date formatting, similar to %START_TIME%. This can be used for both header formatting and access log formatting.
• Feature: Eliminate the need to drain and recreate listeners when routing configuration is changed. This reduces both memory usage and disruption of in-flight requests.
• Bugfix: Make sure that labels specifying headers with extra attributes are correctly supported again (#3137).
• Bugfix: Support Consul services when the ConsulResolver and the Mapping aren't in the same namespace, and legacy mode is not enabled.
• Bugfix: Fix failure to start when one or more IngressClasses are present in a cluster (#3142).
• Bugfix: Properly handle Kubernetes 1.18 and greater when RBAC prohibits access to IngressClass resources.
• Bugfix: Support TLSContext CA secrets with fast validation (#3005).
• Bugfix: Dev Portal correctly handles transient failures when fetching content
• Bugfix: Dev Portal sidebar pages have a stable order
• Bugfix: Dev Portal pages are now marked cacheable

Ambassador Edge Stack only

• Feature: RateLimit CRDs now suport specifying an action for each limit. Possible values include "Enforce" and "LogOnly", case insensitive. LogOnly may be used to implement dry run rules that do not actually enforce.
• Feature: RateLimit CRDs now support specifying a symbolic name for each limit. This name can later be used in the access log to know which RateLimit, if any, applied to a request.
• Feature: RateLimit metadata is now available using the DYNAMIC_METADATA(envoy.http.filters.ratelimit: ... ) command operator in the Envoy access logs. See Envoy Documentation for more on using dynamic metadata in the access log.
• Feature: OAuth2 Filter: The SameSite cookie attribute is now configurable.

🎉 Ambassador 1.10.0 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambasssador API Gateway + Ambassador Edge Stack

• Feature: The redirect response code returned by Ambassador is now configurable using redirect_reponse_code on Mappings that use host_redirect.
• Feature: The redirect location header returned by Ambassador now supports prefix rewrites using prefix_redirect on Mappings that use host_redirect.
• Feature: The redirect location header returned by Ambassador now supports regex rewrites using regex_redirect on Mappings that use host_redirect.
• Feature: Expose max_request_headers_kb in the Ambassador Module. This directly exposes the same value in Envoy; see Envoy documentation for more information.
• Feature: Support Istio mTLS certification rotation for Istio 1.5 and higher. See the howto for details.
• Feature: The Ambassador Module's error_response_overrides now support configuring an empty response body using text_format. Previously, empty response bodies could only be configured by specifying an empty file using text_format_source.
• Feature: OAuth2 Filter: Support injecting HTTP header fields in to the request before passing on to the upstream service. Enables passing along id_token information to the upstream if it was returned by the IDP.
• Bugfix: Fix a bug in the Mapping CRD where the text_format_source field was incorrectly defined as type string instead of an object, as documented.
• Bugfix: The RBAC requirements when AMBASSADOR_FAST_RECONFIGURE is enabled now more-closely match the requirements when it's disabled.
• Bugfix: Fix error reporting and required-field checks when fast validation is enabled. Note that fast validation is now the default; see below.
• Change: Fast validation is now the default, so the AMBASSADOR_FAST_VALIDATION variable has been removed. The Golang boot sequence is also now the default. Set AMBASSADOR_LEGACY_MODE=true to disable these two behaviors.
• Change: ambassador-consul-connect resources now get deployed into the ambassador namespace instead of the active namespace specified in the user's kubernetes context (usually default). Old resource cleanup is documented in the Ambassador Consul integration documentation.

Ambassador Edge Stack only

• Default-off early access: Ratelimiting now supports redis clustering, local caching, and an upgraded redis client with improved scalability. Must set AES_RATELIMIT_PREVIEW=true to access these improvements.
• Bugfix: OAuth2 Filter: Fix insufficient_scope error when validating Azure access tokens.
• Bugfix: Filters: Fix a capitalization-related bug where sometimes existing headers are appended to when they should be overwritten.

🎉 Ambassador 1.9.1 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambasssador API Gateway + Ambassador Edge Stack

• Bugfix: DevPortal: fix a crash when the host cannot be parsed as a valid hostname.

🎉 Ambassador 1.9.0 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambasssador API Gateway + Ambassador Edge Stack

• Change: The DevPortal no longer looks for documentation at /.ambassador-internal/openapi-docs. A new field in Mappings, docs, must be used for specifying the source for documentation. This can result in an empty Dev Portal after upgrading if Mappings do not include a docs attribute.
• Feature: Support configuring the gRPC Statistics Envoy filter to enable telemetry of gRPC calls (see the grpc_stats configuration flag -- thanks, Felipe Roveran!)
• Feature: The RateLimitService and AuthService configs now support switching between gRPC protocol versions v2 and v2alpha (see the protocol_version setting)
• Feature: The TracingService Zipkin config now supports setting collector_hostname to tell Envoy which host header to set when sending spans to the collector
• Feature: Ambassador now supports custom error response mapping
• Feature: DevPortal: default configuration using the ambassador DevPortal resource.
• Bugfix: Ambassador will no longer mistakenly post notices regarding regex_rewrite and rewrite directive conflicts in Mappings due to the latter's implicit default value of / (thanks, obataku!)
• Bugfix: The /metrics endpoint will no longer break if invoked before configuration is complete (thanks, Markus Jevring!)
• Bugfix: Update Python requirements to address CVE-2020-25659
• Bugfix: Prevent mixing Mappings with host_redirect set with Mappings that don't in the same group
• Bugfix: ConsulResolver will now fallback to the Address of a Consul service if Service.Address is not set.
• Docs: Added instructions for building ambassador from source, within a docker container (thanks, Rahul Kumar Saini!)
• Update: Upgrade Alpine 3.10→3.12, GNU libc 2.30→2.32, and Python 3.7→3.8
• Update: Knative serving tests were bumped from version 0.11.0 to version 0.18.0 (thanks, Noah Fontes!)

Ambassador Edge Stack Only

• Feature: How the OAuth2 Filter authenticates itself to the identity provider is now configurable with the clientAuthentication setting.
• Feature: The OAuth2 Filter can now use RFC 7523 JWT assertions to authenticate itself to the identity provider; this is usable with all grant types.
• Feature: When validating a JWT's scope, the JWT and OAuth2 Filters now support not just RFC 8693 behavior, but also the behavior of various drafts leading to it, making JWT scope validation usable with more identity providers.
• Feature: The OAuth2 Filter now has inheritScopeArgument and stripInheritedScope settings that can further customize the behavior of accessTokenJWTFilter.
• Change: The OAuth2 Filter argument scopes has been renamed to scope, for consistency. The name scopes is deprecated, but will continue to work for backward compatibility.
• Bugfix: OAuth2 Filter: Don't have accessTokenValidation: auto fall back to "userinfo" validation for a client_credentials grant; it doesn't make sense there and only serves to obscure a more useful error message.

🎉 Ambassador 1.8.1 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambasssador API Gateway + Ambassador Edge Stack

• Bugfix: Ambassador no longer fails to configure Envoy listeners when a TracingService or LogService has a service name whose underlying cluster name has over 40 charcters.
• Bugfix: The Ambassador diagnostics page no longer returns HTTP 500 when a TracingService or LogService has a service name whose underlying cluster name has over 40 characters.

🎉 Ambassador 1.8.0 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambasssador API Gateway + Ambassador Edge Stack

• Feature: HTTP IP Allow/Deny ranges are supported.
• Bugfix: Ambassador's health checks don't claim that Envoy has failed when reconfiguration taking a long time (thanks, Fabrice, for contributions here!).
• Bugfix: The edgectl connect command now works properly when using zsh on a Linux platform.
• Bugfix: The container no longer exits "successfully" when the Deployment specifies an invalid command.

Ambassador Edge Stack Only

• Feature: RateLimit CRDs now support setting a response body, configurable with the errorResponse setting.
• Bugfix: External Filter can now properly proxy the body to the configured auth_service
• BugFix: The RBAC for AES now grants permission to "patch" Events.v1.core (previously it granted "create" but not "patch")

🎉 Ambassador 1.7.4 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambasssador API Gateway + Ambassador Edge Stack

• Bugfix: Several regressions in the 1.7.x series are resolved by removing the ability to set insecure.action on a per-Host-resource basis, which was an ability added in 1.7.0. This reverts to the pre-1.7.0 behavior of having one Host's insecure action "win" and be used for all Hosts.
• Bugfix: Ambassador will no longer generate invalid Envoy configuration with duplicate clusters in certain scenarios when AMBASSADOR_FAST_RECONFIGURE=true.
• Enhancement: When AMBASSADOR_FAST_RECONFIGURE=true is set, Ambassador now logs information about memory usage.

🎉 Ambassador 1.7.3 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambasssador API Gateway + Ambassador Edge Stack

• Incorporate the Envoy 1.15.1 security update.
• Bugfix: A regression introduced in 1.7.2 when AMBASSADOR_FAST_RECONFIGURE=true has been fixed where Host resources tls.ca_secret didn't work correctly.
• Bugfix: TLSContext resources and spec.tls in Host resources now correctly handle namespaces with . in them.
• Bugfix: Fix spec.requestPolicy.insecure.action for Host resources with a * wildcard in the hostname.
• Bugfix: Reduce lock contention while generating diagnostics.

🎉 Ambassador 1.7.2 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambasssador API Gateway + Ambassador Edge Stack

• Bugfix: A regression introduced in 1.7.0 with the various Host.spec.insecure.action behaviors, including handling of X-Forwarded-Proto, has been fixed.
• Bugfix: Host resources no longer perform secret namespacing when the AMBASSADOR_FAST_RECONFIGURE flag is enabled.

🎉 Ambassador 1.7.1 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambasssador API Gateway + Ambassador Edge Stack

• Bugfix: Support envoy_validation_timeout in the Ambassador Module to set the timeout for validating new Envoy configurations

Ambassador Edge Stack only

• Bugfix: consul_connect_integration is now built correctly.
• Bugfix: The developer portal again supports requests for API documentation

🎉 Ambassador 1.7.0 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador API Gateway + Ambassador Edge Stack

• Feature: Upgrade from Envoy 1.14.4 to 1.15.0.
• Bugfix: Correctly handle a Host object with incompatible manually-specified TLSContext
• Feature: The Ambassador control-plane now publishes Prometheus metrics alongside the existing Envoy data-plane metrics under the /metrics endpoint on port 8877.
• Default-off early access: Experimental changes to allow Ambassador to more quickly process configuration changes (especially with larger configurations) have been added. The AMBASSADOR_FAST_RECONFIGURE env var must be set to enable this. AMBASSADOR_FAST_VALIDATION should also be set for maximum benefit.

Ambassador API Gateway only

• Bugfix: Fixes regression in 1.5.1 that caused it to not correctly know its own version number, leading to notifications about an available upgrade despite being on the most recent version.

Ambassador Edge Stack only

• Feature: DevPortal can now discover openapi documentation from Mappings that set host and headers
• Feature: edgectl install will automatically enable Service Preview with a Preview URL on the Host resource it creates.
• Feature: Service Preview will inject an x-service-preview-path header in filtered requests with the original request prefix to allow for context propagation.
• Feature: Service Preview can intercept gRPC requests using the --grpc flag on the edgectl intercept add command and the getambassador.io/inject-traffic-agent-grpc: "true" annotation when using automatic Traffic-Agent injection.
• Feature: The TracingService Zipkin config now supports setting collector_endpoint_version to tell Envoy to use Zipkin v2.
• Feature: You can now inject request and/or response headers from a RateLimit.
• Bugfix: Don't crash during startup if Redis is down.
• Bugfix: Service Preview correctly uses the Host default Path value for the spec.previewUrl.type field.
• Bugfix: The JWT, OAuth2, and other Filters are now better about reusing connections for outgoing HTTP requests.
• Bugfix: Fixed a potential deadlock in the HTTP cache used for fetching JWKS and such for Filters.
• Bugfix: Fixed insecure route action behavior. Host security policies no longer affect other Hosts.
• Bugfix: Internal Ambassador data is no longer exposed to the /.ambassador-internal/ endpoints used by the DevPortal.
• Bugfix: Problems with license key limits will no longer trigger spurious HTTP 429 errors. Using the RateLimit resource beyond 5rps without any form of license key will still trigger 429 responses, but now with a X-Ambassador-Message header indicating that's what happned.
• Bugfix: When multiple RateLimits overlap, it is supposed to enforce the strictest limit; but the strictness comparison didn't correctly handle comparing limits with different units.

🎉 Ambassador 1.6.2 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador API Gateway + Ambassador Edge Stack

• Bugfix: The (new in 1.6.0) Host.spec.tls and Host.spec.tlsContext fields now work when AMBASSADOR_FAST_VALIDATION=fast is not set.
• Bugfix: Setting use_websocket: true on a Mapping now only affects routes generated from that Mapping, instead of affecting all routes on that port.
• Feature: It is now possible to "upgrade" to non-HTTP protocols other than WebSocket; the new allow_upgrade is a generalization of use_websocket.

Ambassador Edge Stack only

• Bugfix: The Host.spec.requestPolicy.insecure.additionalPort field works again.
• Bugfix: The Host.spec.ambassadorId is once again handled in addition to .ambassador_id; allowing hosts written by older versions AES prior to 1.6.0 to continue working.
• Bugfix: Fix a redirect loop that could occur when using using multiple protectedOrigins in a Host.

🎉 Ambassador 1.6.1 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

• Bugfix: Mapping with https scheme for service are correctly parsed.
• Bugfix: Mapping with both a scheme and a hostname of localhost is now handled correctly.
• Bugfix: ConsulResolver now works again for Mappings outside of Ambassador's namespace.

🎉 Ambassador 1.6.0 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading/
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador API Gateway + Ambassador Edge Stack

• Incorporate the Envoy 1.14.4 security update.
• API CHANGE: Turning off the Diagnostics UI via the Ambassador Module now disables access to the UI from both inside and outside the Ambassador Pod.
• API CHANGE: Default changes updating Mapping status from default-on to default-off; see below.
• Feature: Add support for circuit breakers in TCP mapping (thanks, Pierre Fersing!)
• Feature: Ambassador CRDs now include schema. This enables validation by kubectl apply.
• Feature: Advanced TLS configuration can be specified in Host resource via tlsContext and tls fields.
• Feature: Implement sampling percentage in tracing service.
• Performance improvement: Diagnostics are generated on demand rather than on every reconfig.
• Performance improvement: Experimental fast validation of the contents of Ambassador resources has been added. The AMBASSADOR_FAST_VALIDATION env var must be set to enable this.
• Internal: Configuration endpoints used internally by Ambassador are no longer accessible from outside the Ambassador Pod.
• Bugfix: envoy_log_format can now be set with envoy_log_type: json.
• Docs: Fixed OAuth2 documentation spelling errors (thanks, Travis Byrum!)

As previously announced, the default value of AMBASSADOR_UPDATE_MAPPING_STATUS
has now changed from true to false; Ambassador will no longer attempt to
update the Status of a Mapping unless you explicitly set
AMBASSADOR_UPDATE_MAPPING_STATUS=true in the environment. If you do not have
tooling that relies on Mapping status updates, we do not recommend setting
AMBASSADOR_UPDATE_MAPPING_STATUS.

In Ambassador 1.7, TLS secrets in Ingress resources will not be able to use
.namespace suffixes to cross namespaces.

Ambassador Edge Stack only

• Feature: The Edge Policy Console's Debugging page now has a "Log Out" button to terminate all EPC sessions.
• Feature: X-Content-Type-Options: nosniff to response headers are now set for the Edge Policy Console, to prevent MIME confusion attacks.
• Feature: The OAuth2 Filter now has a allowMalformedAccessToken setting to enable use with IDPs that generate access tokens that are not compliant with RFC 6750.
• Bugfix: All JWT Filter errors are now formatted per the specified errorResponse.
• Feature: Options for making Redis connection pooling configurable.
• Bugfix: User is now directed to the correct URL after clicking in Microsoft Office.
• Feature: The Console's Dashboard page has speedometer gauges to visualize Rate Limited and Authenticated traffic.

🎉 Ambassador 1.5.5 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador API Gateway + Ambassador Edge Stack

• Incorporate the Envoy 1.14.3 security update.

🎉 Ambassador 1.5.4 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador API Gateway + Ambassador Edge Stack

• Bugfix: Allow disabling Mapping-status updates (RECOMMENDED: see below)
• Bugfix: Logging has been made much quieter; the default Envoy log level has been turned down from "warning" to "error"
• Ambassador now logs timing information about reconfigures

We recommend that users set AMBASSADOR_UPDATE_MAPPING_STATUS=false in the environment to tell Ambassador not to update Mapping statuses unless you have some script that relies on Mapping status updates. The default value of AMBASSADOR_UPDATE_MAPPING_STATUS will change to false in Ambassador 1.6.

🎉 Ambassador 1.5.3 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador API Gateway + Ambassador Edge Stack

• Bugfix: Restore Envoy listener drain time to its pre-Ambassador 1.3.0 default of 10 minutes.

Ambassador Edge Stack only

• Bugfix: Allow deletion of ProjectControllers.
• Bugfix: Fix regression introduced in 1.4.2 where the OAuth2 AuthorizationCode filter no longer works when behind another gateway that rewrites the request hostname. The behavior here is now controllable via the internalOrigin sub-field.

🎉 Ambassador 1.5.2 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador API Gateway + Ambassador Edge Stack

• Incorporate the Envoy 1.14.2 security update.
• Upgrade the base Docker images used by several tests (thanks, Daniel Sutton!).

Ambassador Edge Stack only

• Feature: (BETA) Added an in-cluster micro CI/CD system to enable building, staging, and publishing of GitHub projects from source. This has been included in previous versions as an alpha, but disabled by default. It is now in BETA.
• Bugfix: The DEVPORTAL_CONTENT_URL environment variable now properly handles file:/// URLs to refer to volume-mounted content.
• Bugfix: acmeProvider.authority: none is no longer case sensitive
• Bugfix: edgectl connect works again on Ubuntu and other Linux setups with old versions of nss-mdns (older than version 0.11)
• Bugfix: edgectl works again on Windows
• Bugfix: The Edge Policy Console now correctly creates FilterPolicy resources