open source Kubernetes-native API gateway for microservices built on the Envoy Proxy
APACHE-2.0 License
Bot releases are hidden (Show)
Published by kflynn over 4 years ago
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
Published by kflynn over 4 years ago
Upgrading - https://www.getambassador.io/docs/latest/topics/install/upgrading/
View changelog - https://github.com/datawire/ambassador/blob/release/v1.5/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
add_request_header
, remove_request_header
, add_response_header
, and remove_response_header
X-Request-ID
on requests from external clients (thanks, Prakhar Joshi!)regex_rewrite
for advanced forwardingAMBASSADOR_SINGLE_NAMESPACE
is set to an empty string; rather than getting in to a weird in-between statewatt
(port 8002) and ambex
(port 8003) components now bind to localhost instead of 0.0.0.0, so they are no longer erroneously available from outside the Podedgectl upgrade
allows upgrading API Gateway installations to AESedgectl intercept
can generate preview-urls for Host resources that enabled the featureedgectl install
will now automatically install the Service Preview components (ambassador-injector, telepresence-proxy) and scoped RBACRetry-After
headerJWT
Filter now makes hasKey
and doNotSet
functions available to header field templates; in order to facilitate only conditionally setting a header field.OAuth2
Filter now has an expirationSafetyMargin
setting that will cause an access token to be treated as expired sooner, in order to have a safety margin of time to send it to the upstream Resource Server that grants insufficient leeway.JWT
Filter now has leewayFor{ExpiresAt,IssuedAt,NotBefore}
settings for configuring leeway when validating the timestamps of a token.REDIS{,_PERSECOND}_{USERNAME,PASSWORD,TLS_ENABLED,TLS_INSECURE}
may now be used to further configure how the Ambassador Edge Stack communicates with Redis.POLL_EVERY_SECS
is 0AMBASSADOR_SINGLE_NAMESPACE
.OAuth2
Filter now validates the reported-to-Client scope of an Access Token even if a separate accessTokenJWTFilter
is configured.OAuth2
Filter now sends the user back to the identity provider to upgrade the scope if they request an endpoint that requires broader scope than initially requested; instead of erroring.OAuth2
Filter will no longer send RFC 7235 challenges back to the user agent if it would not accept RFC 7235 credentials (previously it only avoided sending HTTP 401 challenges, but still sent 400 or 403 challenges).amb-sidecar
(port 8500) component now binds to localhost instead of 0.0.0.0, so it is no longer erroneously available from outside the PodPublished by kflynn over 4 years ago
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
Published by kflynn over 4 years ago
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
OAuth2
Filter redirection-endpoint now handles various XSRF errors more consistently (the way we meant it to in 1.2.1)OAuth2
Filter now supports multiple authentication domains that share the same credentials.
Filter
documentation.AMBASSADOR_ID
Published by kflynn over 4 years ago
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
edgectl install
uses Helm under the hoodPublished by kflynn over 4 years ago
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
Mapping
s support the cluster_tag
attribute to control the name of the generated Envoy cluster (thanks, Stefan Sedich!)
edgectl install
output has clearer formattingedgectl install
offers help when installation does not succeededgectl install
uploads installer and AES logs to a private area upon failure so Datawire support can helpedgectl intercept
supports matching headers values against regular expressions once moreedgectl install
correctly handles more local and cluster environments
edgectl
improvements, see the Service Preview and Edge Control documentation.Published by kflynn over 4 years ago
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
edgectl install
correctly installs on Amazon EKS and other clusters that provide load balancers with fixed DNS namesedgectl install
when using Helm once again works as documentededgectl install
console logs are improved and neatenededgectl install --verbose
output is improvededgectl install
automatically opens documentation pages for some errorsedgectl install
help text is improvedPublished by kflynn over 4 years ago
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
edgectl install
will not install on top of a running Ambassadoredgectl install
can detect and report if kubectl
is missingedgectl install
can detect and report if it cannot talk to a Kubernetes clusterAuthorization Code
grant type for OAuth2
, expired tokens are correctly handled so that the user will be prompted to renewPassword
grant type for OAuth2
, authentication sessions are properly associated with each userPassword
grant type for OAuth2
, you can set up multiple Filter
s to allow requesting different scopes for different endpointsPublished by kflynn over 4 years ago
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
grantType: Password
)edgectl install
provides better feedback for clusters that are unreachable from the public Internetedgectl install
supports KIND clusters (thanks, @factorypreset!)edgectl intercept
supports HTTPSdiagnostics.enable
element in the ambassador
Moduleaes-plugin-runner
now allows passing in docker run
flags after the main argument list.edgectl connect
does a better job handling clusters with many servicesPlugin
Filter now correctly sets request.TLS
to nil/non-nil based on if the original request was encrypted or not.command: ["traffic-manager"]
to use it.Published by kflynn over 4 years ago
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
aes-plugin-runner
binary for GNU/Linux is now statically linked (instead of being linked against musl libc), so it should now work on either musl libc or GNU libc systemsOAuth2
Filter redirection-endpoint now handles various XSRF errors more consistentlyOAuth2
Filter redirection-endpoint now handles XSRF errors by redirecting back to the identity provider(1.2.1 is superseded by 1.2.2.)
Published by kflynn over 4 years ago
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
idle_timeout_ms
support for common HTTP listener (thanks, Jordan Neufeld!) (#2155)ingress.class
when running with Knativeedgectl install
provides a much cleaner, quicker experience when installing Ambassador Edge StackifRequestHeader
can now have valueRegex
instead of value
OAuth2
Filter now has useSessionCookies
option to have cookies expire when the browser closes, rather than at a fixed durationifRequestHeader
now has negate: bool
to invert the matchIngress
now supports the networking.k8s.io
apiGroup
aes
imageOAuth2
Filter no longer sets cookies when insteadOfRedirect
triggersOAuth2
Filter more frequently adjusts the cookiesPublished by LukeShu over 4 years ago
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
AMBASSADOR_SINGLE_NAMESPACE
(thanks, Thibault Cohen!) (#2202)/ambassador/v0/diag/
aes-plugin-runner --version
now works properly/
OAuth2
Filter stateTTL
setting is now ignored; the lifetime of state-tokens is now managed automaticallyPublished by kflynn over 4 years ago
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
(Note that Ambassador 1.1.0 is identical to Ambassador 1.1.0-rc.0, from January 24, 2020.
Also, we're now using "-rc.N" rather than just "-rcN", for better compliance with
SemVer.
edgectl
External
filter type fully compatible with the AuthService
typeedgectl
Published by kflynn over 4 years ago
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
Note that we're now using "-rc.N" rather than just "-rcN", for better compliance with
SemVer.
edgectl
External
filter type fully compatible with the AuthService
typeedgectl
Published by LukeShu almost 5 years ago
All of Ambassador's CRDs have been switched to apiVersion: getambassador.io/v2
, and your resources may be upgraded when you apply the new CRDs. We recommend that you follow the migration instructions and check your installation's behavior before upgrading your CRDs.
ambassador_id
handling for Knative resourcesambassadorId
as a synonym for ambassador_id
(ambassadorId
is the Protobuf 3 canonical form of ambassador_id
)edgectl
program that you can use for interacting with Ambassador from the command lineAPP_LOG_LEVEL
is now AES_LOG_LEVEL
Published by ark3 almost 5 years ago
ο»Ώ
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
ο»Ώ
Published by LukeShu almost 5 years ago
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
localhost
edgectl
so it is easier to readAPP_LOG_LEVEL
is now AES_LOG_LEVEL
Published by LukeShu almost 5 years ago
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
reason
to errorReason
.spec.hostname
to .metadata.name
requestPolicy
field to control redirecting from cleartext to TLSedgectl
help and informational messagesambassador_id
handling for Knative resourcesambassadorId
as a synonym for ambassador_id
(ambassadorId
is the Protobuf 3 canonical form of ambassador_id
)DOCKER_NETWORK
variable to the build-systemPublished by alexgervais almost 5 years ago
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
patch_client
query param to send a partial representation in JSON Patch format, reducing the memory and network traffic for large deploymentswhich
in docs preflight-checkPublished by ark3 almost 5 years ago
Upgrade Ambassador - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/datawire/ambassador/blob/master/CHANGELOG.md
Get started with Ambassador on Kubernetes - https://www.getambassador.io/user-guide/getting-started
When a resource specifies a service or secret name without a corresponding namespace, Ambassador uses the namespace of the resource. In the past, Ambassador would use its own namespace.