emissary

🎉 Ambassador 1.5.1 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador API Gateway + Ambassador Edge Stack

• Bugfix: Logging has been made much quieter
• Bugfix: A service that somehow has no hostname should no longer cause an exception

🎉 Ambassador 1.5.0 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrading - https://www.getambassador.io/docs/latest/topics/install/upgrading/
View changelog - https://github.com/datawire/ambassador/blob/release/v1.5/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador API Gateway + Ambassador Edge Stack

• Switched from quay.io back to DockerHub as our primary publication point. If you are using your own Kubernetes manifests, you will have to update them! Datawire's Helm charts and published YAML have already been updated.
• Feature: switch to Envoy 1.14.1
• Feature: Allow defaults for add_request_header, remove_request_header, add_response_header, and remove_response_header
• Feature: Inform Knative of the route to the Ambassador service if available (thanks, Noah Fontes!)
• Feature: Support the path and timeout options of the Knative ingress path rules (thanks, Noah Fontes!)
• Feature: Allow preserving X-Request-ID on requests from external clients (thanks, Prakhar Joshi!)
• Feature: Mappings now support query parameters (thanks, Phil Peble!)
• Feature: Allow setting the Envoy shared-memory base ID (thanks, Phil Peble!)
• Feature: Additional security configurations not set on default YAMLs
• Feature: Let Ambassador configure regex_rewrite for advanced forwarding
• Bugfix: Only update Knative ingress CRDs when the generation changes (thanks, Noah Fontes!)
• Bugfix: Now behaves properly when AMBASSADOR_SINGLE_NAMESPACE is set to an empty string; rather than getting in to a weird in-between state
• Bugfix: The websocket library used by the test suite has been upgraded to incorporate security fixes (thanks, Andrew Allbright!)
• Bugfix: Fixed evaluation of label selectors causing the wrong IP to be put in to Ingress resource statuses
• Bugfix: The watt (port 8002) and ambex (port 8003) components now bind to localhost instead of 0.0.0.0, so they are no longer erroneously available from outside the Pod

Ambassador Edge Stack only

• Feature: edgectl upgrade allows upgrading API Gateway installations to AES
• Feature: edgectl intercept can generate preview-urls for Host resources that enabled the feature
• Feature: edgectl install will now automatically install the Service Preview components (ambassador-injector, telepresence-proxy) and scoped RBAC
• Feature: Rate-limited 429 responses now include the Retry-After header
• Feature: The JWT Filter now makes hasKey and doNotSet functions available to header field templates; in order to facilitate only conditionally setting a header field.
• Feature: The OAuth2 Filter now has an expirationSafetyMargin setting that will cause an access token to be treated as expired sooner, in order to have a safety margin of time to send it to the upstream Resource Server that grants insufficient leeway.
• Feature: The JWT Filter now has leewayFor{ExpiresAt,IssuedAt,NotBefore} settings for configuring leeway when validating the timestamps of a token.
• Feature: The environment variables REDIS{,_PERSECOND}_{USERNAME,PASSWORD,TLS_ENABLED,TLS_INSECURE} may now be used to further configure how the Ambassador Edge Stack communicates with Redis.
• Bugfix: Don't start the dev portal running if POLL_EVERY_SECS is 0
• Bugfix: Now no longer needs cluster-wide RBAC when running with AMBASSADOR_SINGLE_NAMESPACE.
• Bugfix: The OAuth2 Filter now validates the reported-to-Client scope of an Access Token even if a separate accessTokenJWTFilter is configured.
• Bugfix: The OAuth2 Filter now sends the user back to the identity provider to upgrade the scope if they request an endpoint that requires broader scope than initially requested; instead of erroring.
• Bugfix: The OAuth2 Filter will no longer send RFC 7235 challenges back to the user agent if it would not accept RFC 7235 credentials (previously it only avoided sending HTTP 401 challenges, but still sent 400 or 403 challenges).
• Bugfix: The amb-sidecar (port 8500) component now binds to localhost instead of 0.0.0.0, so it is no longer erroneously available from outside the Pod

🎉 Ambassador 1.4.3 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador Edge Stack Only

• Bugfix: Don't generate spurious 403s in logs when using Edge Policy Console.

🎉 Ambassador 1.4.2 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador Edge Stack Only

• Bugfix: The Traffic Agent binds to port 9900 by default. That port can be configured in the Agent's Pod spec.
  • For more about using the Traffic Agent, see the Service Preview documentation.
• Bugfix: The OAuth2 Filter redirection-endpoint now handles various XSRF errors more consistently (the way we meant it to in 1.2.1)
• Bugfix: The OAuth2 Filter now supports multiple authentication domains that share the same credentials.
  • For more about using multiple domains, see the OAuth2 Filter documentation.
• Bugfix: The ACME client now obeys AMBASSADOR_ID

🎉 Ambassador 1.4.1 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador Edge Stack Only

• Internal: edgectl install uses Helm under the hood

🎉 Ambassador 1.4.0 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador API Gateway + Ambassador Edge Stack

• Feature: Support Ingress Path types improvements from networking.k8s.io/v1beta1 on Kubernetes 1.18+
• Feature: Support Ingress hostname wildcards
• Feature: Support for the IngressClass Resource, added to networking.k8s.io/v1beta1 on Kubernetes 1.18+
  • For more about new Ingress support, see the Ingress Controller documentation.
• Feature: Mappings support the cluster_tag attribute to control the name of the generated Envoy cluster (thanks, Stefan Sedich!)
  • See the Advanced Mapping Configuration documentation for more.
• Feature: Support Envoy's ability to force response headers to canonical HTTP case (thanks, Puneet Loya!)
  • See the Ambassador Module documentation for more.
• Bugfix: Correctly ignore Kubernetes services with no metadata (thanks, Fabrice!)

Ambassador Edge Stack Only

• Feature: edgectl install output has clearer formatting
• Feature: edgectl install offers help when installation does not succeed
• Feature: edgectl install uploads installer and AES logs to a private area upon failure so Datawire support can help
• Bugfix: The "Filters" tab in the webui no longer renders the value of OAuth client secrets that are stored in Kubernetes secrets.
• Bugfix: The ACME client of of one Ambassador install will no longer interfere with the ACME client of another Ambassador install in the same namespace with a different AMBASSADOR_ID.
• Bugfix: edgectl intercept supports matching headers values against regular expressions once more
• Bugfix: edgectl install correctly handles more local and cluster environments
  • For more about edgectl improvements, see the Service Preview and Edge Control documentation.

🎉 Ambassador 1.3.2 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador Edge Stack

• Bugfix: edgectl install correctly installs on Amazon EKS and other clusters that provide load balancers with fixed DNS names
• Bugfix: edgectl install when using Helm once again works as documented
• Bugfix: edgectl install console logs are improved and neatened
• Bugfix: edgectl install --verbose output is improved
• Bugfix: edgectl install automatically opens documentation pages for some errors
• Bugfix: edgectl install help text is improved

🎉 Ambassador 1.3.1 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador Edge Stack

• Bugfix: edgectl install will not install on top of a running Ambassador
• Bugfix: edgectl install can detect and report if kubectl is missing
• Bugfix: edgectl install can detect and report if it cannot talk to a Kubernetes cluster
• Bugfix: When using the Authorization Code grant type for OAuth2, expired tokens are correctly handled so that the user will be prompted to renew
• Bugfix: When using the Password grant type for OAuth2, authentication sessions are properly associated with each user
• Bugfix: When using the Password grant type for OAuth2, you can set up multiple Filters to allow requesting different scopes for different endpoints

🎉 Ambassador 1.3.0 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador Edge Stack

• Feature: Support username and password as headers for OAuth2 authentication (grantType: Password)
• Feature: edgectl install provides better feedback for clusters that are unreachable from the public Internet
• Feature: edgectl install supports KIND clusters (thanks, @factorypreset!)
• Feature: edgectl intercept supports HTTPS
• Feature: Ambassador Edge Stack Docker image is ~150MB smaller
• Feature: The Edge Policy Console can be fully disabled with the diagnostics.enable element in the ambassador Module
• Feature: aes-plugin-runner now allows passing in docker run flags after the main argument list.
• Bugfix: Ambassador Edge Stack doesn't crash if the Developer Portal content URL is not accessible
• Bugfix: edgectl connect does a better job handling clusters with many services
• Bugfix: The Plugin Filter now correctly sets request.TLS to nil/non-nil based on if the original request was encrypted or not.
• Change: There is no longer a separate traffic-proxy image; that functionality is now part of the main AES image. Set command: ["traffic-manager"] to use it.

🎉 Ambassador 1.2.2 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador API Gateway + Ambassador Edge Stack

• Bugfix: re-support PROXY protocol when terminating TLS (#2348)
• Bugfix: Incorporate the Envoy 1.12.3 security update
• Internal: Fix an error in Edge Stack update checks

Ambassador Edge Stack only

• Bugfix: The aes-plugin-runner binary for GNU/Linux is now statically linked (instead of being linked against musl libc), so it should now work on either musl libc or GNU libc systems
• Bugfix: The OAuth2 Filter redirection-endpoint now handles various XSRF errors more consistently
• Change: The OAuth2 Filter redirection-endpoint now handles XSRF errors by redirecting back to the identity provider

(1.2.1 is superseded by 1.2.2.)

🎉 Ambassador 1.2.0 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador API Gateway + Ambassador Edge Stack

• Feature: add idle_timeout_ms support for common HTTP listener (thanks, Jordan Neufeld!) (#2155)
• Feature: allow override of bind addresses, including for IPv6! (thanks to Josue Diaz!) (#2293)
• Bugfix: Support Istio mTLS secrets natively (thanks, Phil Peble!) (#1475)
• Bugfix: TLS custom secret with period in name doesn't work (thanks, Phil Peble!) (#1255)
• Bugfix: Honor ingress.class when running with Knative
• Internal: Fix CRD-versioning issue in CI tests (thanks, Ricky Taylor!)
• Bugfix: Stop using deprecated Envoy configuration elements

Ambassador Edge Stack only

• Feature: edgectl install provides a much cleaner, quicker experience when installing Ambassador Edge Stack
• Feature: Ambassador Edge Stack supports the Ambassador operator for automated management and upgrade
• Feature: ifRequestHeader can now have valueRegex instead of value
• Feature: The OAuth2 Filter now has useSessionCookies option to have cookies expire when the browser closes, rather than at a fixed duration
• Feature: ifRequestHeader now has negate: bool to invert the match
• Bugfix: The RBAC for Ingress now supports the networking.k8s.io apiGroup
• Bugfix: Quiet Dev Portal debug logs
• Change: The intercept agent is now incorporated into the aes image
• Change: The OAuth2 Filter no longer sets cookies when insteadOfRedirect triggers
• Change: The OAuth2 Filter more frequently adjusts the cookies

🎉 Ambassador 1.1.1 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Ambassador API Gateway + Ambassador Edge Stack

• Bugfix: Load explicitly referenced secrets in another namespace, even when AMBASSADOR_SINGLE_NAMESPACE (thanks, Thibault Cohen!) (#2202)
• Bugfix: Fix Host support for choosing cleartext or TLS (#2279)
• Bugfix: Fix intermittent error when rendering /ambassador/v0/diag/
• Internal: Various CLI tooling improvements

Ambassador Edge Stack only

• Feature: The Policy Console can now set the log level to "trace" (in addition to "info" or "debug")
• Bugfix: Don't have the Policy Console poll for snapshots when logged out
• Bugfix: Do a better job of noticing when the license key changes
• Bugfix: aes-plugin-runner --version now works properly
• Bugfix: Only serve the custom CONGRATULATIONS! 404 page on /
• Change: The OAuth2 Filter stateTTL setting is now ignored; the lifetime of state-tokens is now managed automatically

🎉 Ambassador 1.1.0 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

(Note that Ambassador 1.1.0 is identical to Ambassador 1.1.0-rc.0, from January 24, 2020.
Also, we're now using "-rc.N" rather than just "-rcN", for better compliance with
SemVer.

Ambassador API Gateway + Ambassador Edge Stack

• Feature: support resources with the same name but in different namespaces (#2226, #2198)
• Feature: support DNS overrides in edgectl
• Bugfix: Reduce log noise about "kubestatus" updates
• Bugfix: manage the diagnostics snapshot cache more aggressively to reduce memory footprint
• Bugfix: re-enable Docker demo mode (and improve the test to make sure we don't break it again!) (#2227)
• Bugfix: correct potential issue with building edgectl on Windows
• Internal: fix an error with an undefined Python type in the TLS test (thanks, Christian Clauss!)

Ambassador Edge Stack only

• Feature: make the External filter type fully compatible with the AuthService type
• Docs: add instructions for what to do after downloading edgectl
• Bugfix: make it much faster to apply the Edge Stack License
• Bugfix: make sure the ACME terms-of-service link is always shown
• Bugfix: make the Edge Policy Console more performant

🎉 Ambassador 1.1.0-rc.0 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Note that we're now using "-rc.N" rather than just "-rcN", for better compliance with
SemVer.

Ambassador API Gateway + Ambassador Edge Stack

• Feature: support resources with the same name but in different namespaces (#2226, #2198)
• Feature: support DNS overrides in edgectl
• Bugfix: Reduce log noise about "kubestatus" updates
• Bugfix: manage the diagnostics snapshot cache more aggressively to reduce memory footprint
• Bugfix: re-enable Docker demo mode (and improve the test to make sure we don't break it again!) (#2227)
• Bugfix: correct potential issue with building edgectl on Windows
• Internal: fix an error with an undefined Python type in the TLS test (thanks, Christian Clauss!)

Ambassador Edge Stack only

• Feature: make the External filter type fully compatible with the AuthService type
• Docs: add instructions for what to do after downloading edgectl
• Bugfix: make it much faster to apply the Edge Stack License
• Bugfix: make sure the ACME terms-of-service link is always shown
• Bugfix: make the Edge Policy Console more performant

🎉 Ambassador 1.0.0 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

• Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
• View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
• Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Caution!

All of Ambassador's CRDs have been switched to apiVersion: getambassador.io/v2, and your resources may be upgraded when you apply the new CRDs. We recommend that you follow the migration instructions and check your installation's behavior before upgrading your CRDs.

Breaking changes

• When a resource specifies a service or secret name without a corresponding namespace, Ambassador will now look for the service or secret in the namespace of the resource that mentioned it. In the past, Ambassador would look in the namespace in which Ambassador was running.

Features

• The Host CR provides an easy way to tell Ambassador about domains it should expect to handle, and how it should handle secure and insecure requests for those domains
• Redirection from HTTP to HTTPS defaults to ON when termination contexts are present
• Mapping and Host CRs, as well as Ingress resources, get Status updates to provide better feedback
• Improve performance of processing events from Kubernetes
• Automatic HTTPS should work with any ACME clients doing the http-01 challenge

Bugfixes

• CORS now happens before rate limiting
• The reconfiguration engine is better protected from exceptions
• Don’t try to check for upgrades on every UI snapshot update
• Reduced reconfiguration churn
• Don't force SNI routes to be lower-priority than non-SNI routes
• Knative mappings fallback to the Ambassador namespace if no namespace is specified
• Fix ambassador_id handling for Knative resources
• Treat ambassadorId as a synonym for ambassador_id (ambassadorId is the Protobuf 3 canonical form of ambassador_id)

Ambassador Edge Stack

• Authentication and ratelimiting are now available under a free community license
• Given a Host CR, Ambassador can manage TLS certificates using ACME (or you can manage them by hand)
• There is now an edgectl program that you can use for interacting with Ambassador from the command line
• There is a web user-interface for Ambassador
• BREAKING CHANGE: APP_LOG_LEVEL is now AES_LOG_LEVEL

🎉 Ambassador 1.0.0-rc6 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.


Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started


• AES: Bugfix: Fix ACME client with multiple replicas
• AES: Bugfix: Fix ACME client race conditions with the API server and WATT
• AES: Bugfix: Don't crash in the ACME client if Redis is unavailable

🎉 Ambassador 1.0.0-rc4 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

• Change: Less verbose yet more useful Ambassador pod logs
• Bugfix: Various bugfixes for listeners and route rejection
• Bugfix: Don't append the service namespace for localhost
• AES: Bugfix: Fix rendering mapping labels YAML in the webui
• AES: Bugfix: Organize help output from edgectl so it is easier to read
• AES: Bugfix: Various bugfixes around ACME support with manually-configured TLSContexts
• AES: Change: Don't disable scout or enable extra-verbose logging when migrating from OSS
• AES: BREAKING CHANGE: APP_LOG_LEVEL is now AES_LOG_LEVEL

🎉 Ambassador 1.0.0-rc1 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

• BREAKING CHANGE: Rename Host CR status field reason to errorReason
• Feature: Host CRs now default .spec.hostname to .metadata.name
• Feature: Host CRs now have a requestPolicy field to control redirecting from cleartext to TLS
• Feature: Redirecting from cleartext to TLS no longer interferes with ACME http-01 challenges
• Feature: Improved edgectl help and informational messages
• Bugfix: Host CR status is now a sub-resource
• Bugfix: Have diagd snapshot JSON not include "serialization" keys (which could potentially leak secrets)
• Bugfix: Fix ambassador_id handling for Knative resources
• Bugfix: Use the correct namespace for resources found via annotations
• Bugfix: Treat ambassadorId as a synonym for ambassador_id (ambassadorId is the Protobuf 3 canonical form of ambassador_id)
• Internal: Allow passing a DOCKER_NETWORK variable to the build-system
• Internal: Improvements to release machinery
• Internal: Fix the dev shell
• Internal: Adjust KAT tests to work with the Edge Stack

🎉 Ambassador 1.0.0-ea13 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

• Bugfix: Knative mappings populate and fallback to the ambassador namespace if unspecified
• Internal: Knative tests for versions 0.7.1 and 0.8.0 were removed
• Internal: Knative tests for version 0.11.0 were added
• Internal: Improved performance with Edge Stack using /ambassador/v0/diag/ with an optional patch_client query param to send a partial representation in JSON Patch format, reducing the memory and network traffic for large deployments
• Internal: Silencing warnings from which in docs preflight-check

🎉 Ambassador 1.0.0-ea12 🎉

Ambassador is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started

Breaking Change

When a resource specifies a service or secret name without a corresponding namespace, Ambassador uses the namespace of the resource. In the past, Ambassador would use its own namespace.

Bugfixes

• Add the appropriate label so Ingress works with Edge Stack
• Remove superfluous imagePullSecret
• Fix various admin UI quirks, especially in Firefox
  • Bogus warnings about duplicate resources
  • Drag-and-drop reordering of rate limit configuration
  • Missing icons

Internal

• Drop duplicated resources earlier in the processing chain
• Streamline code generation from protobufs
• Automated broken-link checks in the documentation