1<!-- -*- fill-column: 100 -*- -->
2# CHANGELOG -- this is {{/* NOT */}}a GENERATED FILE, edit docs/releaseNotes.yml and "make generate" to change.
3
4## EMISSARY-INGRESS and AMBASSADOR EDGE STACK
5
6Emissary-ingress is a Kubernatives-native, self-service, open-source API gateway
7and ingress controller. It is a CNCF Incubation project, formerly known as the
8Ambassador API Gateway.
9
10Ambassador Edge Stack is a comprehensive, self-service solution for exposing,
11securing, and managing the boundary between end users and your Kubernetes services.
12The core of Ambassador Edge Stack is Emissary-ingress.
13
14**Note well:**
15
16- Ambassador Edge Stack provides all the capabilities of Emissary-ingress,
17 as well as additional capabilities including:
18
19 - Security features such as automatic TLS setup via ACME integration, OAuth/OpenID Connect
20 integration, rate limiting, and fine-grained access control; and
21 - Developer onboarding assistance, including an API catalog, Swagger/OpenAPI documentation
22 support, and a fully customizable developer portal.
23
24- Emissary-ingress can do everything that Ambassador Edge Stack can do, but you'll need to
25 write your own code to take advantage of the capabilities above.
26
27- Ambassador Edge Stack is free for all users: due to popular demand, Ambassador Edge Stack
28 offers a free usage tier of its core features, designed for startups.
29
30In general, references to "Ambassador" in documentation (including this CHANGELOG)
31refer both to Emissary-ingress and to the Ambassador Edge Stack.
32
33## UPCOMING BREAKING CHANGES
34
35### Emissary 3.0.0
36
37 - **No `protocol_version: v2`**: Support for specifying `protocol_version: v2` in `AuthService`,
38 `RateLimitService`, and `LogService` resources will be removed. These resources each have a
39 `protocol_version` field that controls whether Envoy speaks the `v2` transport API or the `v3`
40 transport API when speaking to that service. Due to Envoy's removal of all v2 Envoy APIs, the
41 `v2` value will no longer be supported. Note that `protocol_version: v2` is the default in
42 current versions of Emissary.
43
44 Users who use these resource types but don't explicitly say `protocol_version: v3` will need to
45 adjust their service implementations to understand the v3 protocols, and then update Emissary
46 resources to say `protocol_version` before upgrading to Emissary-ingress 3.0.0.
47
48 - **No `regex_type: unsafe`**: The `regex_type` field will be removed from the `ambassador`
49 `Module`, meaning that it will not be possible to instruct Envoy to use the [ECMAScript Regex][]
50 engine rather than the default [RE2][] engine.
51
52 Users who rely on the specific ECMAScript Regex syntax will need to rewrite their regular
53 expressions with RE2 syntax before upgrading to Emissary-ingress 3.0.0.
54
55 - **No Zipkin `collector_endpoint_version: HTTP_JSON_V1`**: Support for specifying
56 `collector_endpoint_version: HTTP_JSON_V1` for a Zipkin `TracingService` will be removed. The
57 `HTTP_JSON_V1` value corresponds to Zipkin's old API-v1, while the `HTTP_JSON` value corresponds
58 to the Zipkin's new API-v2.
59
60 For current versions of Emissary-ingress (>=1.14.0 and <3.0.0), the behavior is that if the
61 `TracingService` does not specify which Zipkin API to use, it will normally default to using
62 `HTTP_JSON`, but can be made to default to `HTTP_JSON_V1` by setting the
63 `AMBASSADOR_ENVOY_API_VERSION=V2` environment variable. In Emissary-ingress 3.0.0 this
64 environment variable will no longer have any impact on what the default Zipkin API is, and
65 explicitly setting the API in the `TracingService` will no longer support the `HTTP_JSON_V1`
66 value.
67
68 Users who rely on `HTTP_JSON_V1` will need to migrate their Emissary-ingress 2.3 install to use
69 either `HTTP_JSON` or `HTTP_PROTO` before upgrading to Emissary-ingress 3.0.0.
70
71With the removal of `regex_type: unsafe` and `collector_endpoint_version: HTTP_JSON_V1`, there will
72be no more user-visible effects of the `AMBASSADOR_ENVOY_API_VERSION` environment variable, and so
73it will be removed; but as it won't be user-visible this isn't considered a breaking change.
74
75[ECMASCript Regex]: https://en.cppreference.com/w/cpp/regex/ecmascript
76[RE2]: https://github.com/google/re2
77
78### Emissary 3.0.0 or later
79
80 - In a future version of Emissary-ingress, **no sooner than Emissary-ingress v3.0.0**, TLS secrets
81 in `Ingress` resources will not be able to use `.namespace` suffixes to cross namespaces.
82
83## RELEASE NOTES
84{{ $relnotes := (datasource "relnotes") -}}
85{{ $ghName := "emissary-ingress/emissary" -}}
86
87{{ range $i, $release := $relnotes.items -}}
88{{ $prevVersion := "1.13.3" -}}
89{{- if index $release "prevVersion" -}}
90 {{- $prevVersion = $release.prevVersion -}}
91{{ else -}}
92 {{- if lt (add $i 1) (len $relnotes.items) -}}
93 {{- $prevVersion = (index $relnotes.items (add $i 1)).version -}}
94 {{- end -}}
95{{ end -}}
96{{ if eq $release.version "1.13.7" -}}
97{{ $ghName = "datawire/ambassador" -}}
98{{ end }}
99## {{ if ne $release.date "N/A" }}[{{ end }}{{ $release.version }}{{ if ne $release.date "N/A" }}]{{ end }} {{ if eq $release.date "N/A" }}not issued{{ else if eq $release.date "TBD" }}TBD{{ else }}{{ (time.Parse "2006-01-02" $release.date).Format "January 02, 2006" }}{{ end }}{{ if ne $release.date "N/A" }}
100[{{ $release.version }}]: https://github.com/{{ $ghName }}/compare/v{{ $prevVersion }}...v{{ $release.version }}
101{{- end }}{{ range $release.notes }}{{ if index . "isHeadline" }}{{ if .isHeadline }}
102
103{{ .body |
104 strings.ReplaceAll "$productName$" "Emissary-ingress" |
105 strings.ReplaceAll "<b>" "**" |
106 strings.ReplaceAll "</b>" "**" |
107 strings.ReplaceAll "<i>" "*" |
108 strings.ReplaceAll "</i>" "*" |
109 strings.ReplaceAll "<code>" "`" |
110 strings.ReplaceAll "</code>" "`" |
111 strings.ReplaceAll "href=\"../" "href=\"https://www.getambassador.io/docs/emissary/latest/" |
112 strings.WordWrap 100 }}
113{{- end }}{{ end }}{{ end }}
114{{ if ne $release.date "N/A" }}
115### Emissary-ingress and Ambassador Edge Stack
116{{ range $release.notes }}{{ if not (index . "isHeadline") }}
117- {{ printf "%s: %s" (.type | strings.Title) .body |
118 strings.ReplaceAll "$productName$" "Emissary-ingress" |
119 strings.ReplaceAll "<b>" "**" |
120 strings.ReplaceAll "</b>" "**" |
121 strings.ReplaceAll "<i>" "*" |
122 strings.ReplaceAll "</i>" "*" |
123 strings.ReplaceAll "<code>" "`" |
124 strings.ReplaceAll "</code>" "`" |
125 strings.ReplaceAll "href=\"../" "href=\"https://www.getambassador.io/docs/emissary/latest/" |
126 strings.WordWrap 98 |
127 strings.Indent 2 |
128 strings.TrimPrefix " " }}{{ if index . "github" }}{{ range .github }} ([{{.title}}]){{ end }}{{ end }}
129{{ end }}{{ end }}{{ $anyGitLinks := false }}{{ range $release.notes -}}{{- if index . "github" -}}{{- range .github }}{{ $anyGitLinks = true }}
130[{{.title}}]: {{.link}}{{ end -}}{{- end -}}{{- end -}}{{ if $anyGitLinks }}
131{{ end }}{{ if index $release "edgeStackNotes" }}
132### Ambassador Edge Stack only
133{{ range $release.edgeStackNotes }}
134- {{ printf "%s: %s" (.type | strings.Title) .body |
135 strings.ReplaceAll "$productName$" "Emissary-ingress" |
136 strings.ReplaceAll "<b>" "**" |
137 strings.ReplaceAll "</b>" "**" |
138 strings.ReplaceAll "<i>" "*" |
139 strings.ReplaceAll "</i>" "*" |
140 strings.ReplaceAll "<code>" "`" |
141 strings.ReplaceAll "</code>" "`" |
142 strings.ReplaceAll "href=\"../" "href=\"https://www.getambassador.io/docs/edge-stack/latest/" |
143 strings.WordWrap 98 |
144 strings.Indent 2 |
145 strings.TrimPrefix " " }}{{ if index . "github" }}{{ range .github }} ([{{.title}}]){{ end }}{{ end }}
146{{ end }}{{ $anyGitLinks := false }}{{ range $release.edgeStackNotes -}}{{- if index . "github" -}}{{- range .github }}{{ $anyGitLinks = true }}
147[{{.title}}]: {{.link}}{{ end -}}{{- end -}}{{- end -}}{{ if $anyGitLinks }}
148{{ end }}{{ end }}{{ end }}{{ end }}
149## [1.13.3] May 03, 2021
150[1.13.3]: https://github.com/datawire/ambassador/compare/v1.13.2...v1.13.3
151
152### Emissary Ingress and Ambassador Edge Stack
153
154- Bugfix: Fixed a regression that caused Ambassador to crash when loading the Edge Policy Console when any RateLimit resources exist ([#3348])
155
156## [1.13.2] April 29, 2021
157[1.13.2]: https://github.com/datawire/ambassador/compare/v1.13.1...v1.13.2
158
159### Emissary Ingress and Ambassador Edge Stack
160
161- Bugfix: Fixed a regression that caused endpoint routing to not work when defining mappings in service annotations ([#3369])
162
163[#3369]: https://github.com/datawire/ambassador/issues/3369
164
165## [1.13.1] April 22, 2021
166[1.13.1]: https://github.com/datawire/ambassador/compare/v1.13.0...v1.13.1
167
168### Emissary Ingress and Ambassador Edge Stack
169
170- Bugfix: Potentially increased CPU Usage for deployments with large numbers of Hosts ([#3358])
171
172[#3358]: https://github.com/datawire/ambassador/issues/3358
173
174## [1.13.0] April 20, 2021
175[1.13.0]: https://github.com/datawire/ambassador/compare/v1.12.4...v1.13.0
176
177### Emissary Ingress and Ambassador Edge Stack
178
179**Note**: Support for the deprecated `v2alpha` `protocol_version` has been removed from the `AuthService` and `RateLimitService`.
180
181- Feature: Added support for the [Mapping AuthService setting] `auth_context_extensions`, allowing supplying custom per-mapping information to external auth services (thanks, [Giridhar Pathak](https://github.com/gpathak)!).
182- Feature: Added support in ambassador-agent for reporting [Argo Rollouts] and [Argo Applications] to Ambassador Cloud
183- Feature: The [Ambassador Module configuration] now supports the `diagnostics.allow_non_local` flag to expose admin UI internally only ([#3074] -- thanks, [Fabrice](https://github.com/jfrabaute)!)
184- Feature: Ambassador will now use the Envoy v3 API internally when the AMBASSADOR_ENVOY_API_VERSION environment variable is set to "V3". By default, Ambassador will continue to use the v2 API.
185- Feature: The [Ambassador Agent] is now available (and deployed by default) for the API Gateway (https://app.getambassador.io).
186- Feature: The [Ambassador Module configuration] now supports `merge_slashes` which tells Ambassador to merge adjacent slashes when performing route matching. For example, when true, a request with URL '//foo/' would match a Mapping with prefix '/foo/'.
187- Feature: Basic support for a subset of the [Kubernetes Gateway API] has been added.
188- Feature: Ambassador now supports the `DD_ENTITY_ID` environment variable to set the `dd.internal.entity_id` statistics tag on metrics generated when using DogStatsD.
189- Bugfix: Make Knative paths match on prefix instead of the entire path to better align to the Knative specification ([#3224]).
190- Bugfix: The endpoint routing resolver will now properly watch services that include a scheme.
191- Bugfix: Environment variable interpolation works again for `ConsulResolver.Spec.Address` without setting `AMBASSADOR_LEGACY_MODE` ([#3182], [#3317])
192- Bugfix: Endpoint routing will now detect endpoint changes when your service field includes `.svc.cluster.local`. ([#3324])
193- Bugfix: Upgrade PyYAML to 5.4.1 ([#3349])
194- Change: The Helm chart has been moved into this repo, in the `charts/ambassador` directory.
195- Change: The `Mapping` CRD has been modified so that `kubectl get mappings` now has a column for not just the source path-prefix (`.spec.prefix`), but the source host (`.spec.host`) too.
196- Change: The yaml in yaml/docs is now generated from the contents of the helm chart in the `charts/ambassador` directory.
197- Change: Support for the deprecated `v2alpha` `protocol_version` has been removed from the `AuthService` and `RateLimitService`.
198
199[Ambassador Agent]: https://www.getambassador.io/docs/cloud/latest/service-catalog/quick-start/
200[Ambassador Module configuration]: https://getambassador.io/docs/edge-stack/latest/topics/running/ambassador/
201[Argo Applications]: https://www.getambassador.io/docs/argo/latest/quick-start/
202[Argo Rollouts]: https://www.getambassador.io/docs/argo/latest/quick-start/
203[Kubernetes Gateway API]: https://getambassador.io/docs/edge-stack/latest/topics/using/gateway-api/
204[Mapping AuthService setting]: https://getambassador.io/docs/edge-stack/latest/topics/using/authservice
205
206[#3074]: https://github.com/datawire/ambassador/issues/3074
207[#3182]: https://github.com/datawire/ambassador/issues/3182
208[#3224]: https://github.com/datawire/ambassador/issues/3224
209[#3317]: https://github.com/datawire/ambassador/issues/3317
210[#3324]: https://github.com/datawire/ambassador/issues/3324
211[#3349]: https://github.com/datawire/ambassador/issues/3349
212
213### Ambassador Edge Stack only
214
215- Feature: DevPortal: Added doc.display_name attribute to the Mapping CRD. This value allows for a custom name and documentation URL path of the service in the DevPortal.
216- Feature: DevPortal: Added `naming_scheme` enum to the DevPortal CRD. This enum controls the way services are displayed in the DevPortal. Supported values are `namespace.name` (current behavior) and `name.prefix`, which will use the Mapping name and Mapping prefix to display the services.
217- Feature: DevPortal: `DEVPORTAL_DOCS_BASE_PATH` environment variable makes the base path of service API documentation configurable.
218- Feature: DevPortal: DevPortal will now reload content on changes to Mapping and DevPortal resources.
219- Feature: DevPortal: DevPortal now supports a search endpoint at `/docs/api/search`
220- Feature: DevPortal search can be configured to only search over titles (with search.type=`title-only`in the DevPortal CRD) or to search over all content (search.type=`all-content`)
221- Feature: DevPortal search supports deep linking to openapi spec entries (must set `search.type=all-content` and `search.enabled=true` on the DevPortal CRD)
222- Feature: DevPortal: Trigger content refresh by hitting `/docs/api/refreshContent`
223- Feature: The AES ratelimit preview service now supports [burst ratelimiting] (aka token bucket ratelimiting).
224- Bugfix: The AES ratelimit preview no longer ignores LOCAL_CACHE_SIZE_IN_BYTES.
225- Bugfix: The AES ratelimit preview no longer ignores NEAR_LIMIT_RATIO.
226- Bugfix: The AES ratelimit preview no longer ignores EXPIRATION_JITTER_MAX_SECONDS.
227- Change: Silence DevPortal warnings when DevPortal cannot parse a hostname from a Mapping. (#3341)
228
229[burst ratelimiting]: https://getambassador.io/docs/edge-stack/latest/topics/using/rate-limits/rate-limits/
230
231[#3341]: https://github.com/datawire/ambassador/issues/3341
232
233## [1.12.4] April 19, 2021
234[1.12.4]: https://github.com/datawire/ambassador/compare/v1.12.3...v1.12.4
235
236Bugfix: Fix the Envoy base image build step and, as a result, correctly ship the Envoy 1.15.4 security updates.
237
238## [1.12.3] April 15, 2021
239[1.12.3]: https://github.com/datawire/ambassador/compare/v1.12.2...v1.12.3
240
241Bugfix: Incorporate the Envoy 1.15.4 security update.
242
243## [1.12.2] March 29, 2021
244[1.12.2]: https://github.com/datawire/ambassador/compare/v1.12.1...v1.12.2
245
246- Bugfix: Update OpenSSL to 1.1.1k to address CVE-2021-23840), CVE-2021-3450), CVE-2021-23841), CVE-2021-3449), CVE-2021-23839), CVE-2021-23840), CVE-2021-3450), CVE-2021-23841), CVE-2021-3449), and CVE-2021-23839)
247
248## [1.12.1] March 12, 2021
249[1.12.1]: https://github.com/datawire/ambassador/compare/v1.12.0...v1.12.1
250
251- Bugfix: The endpoint routing resolver will now properly watch services with mappings that define the service field with an explicit port.
252- Bugfix: Correctly manage cluster load assignments with very long cluster names and `AMBASSADOR_FAST_RECONFIGURE`
253
254## [1.12.0] March 08, 2021
255[1.12.0]: https://github.com/datawire/ambassador/compare/v1.11.2...v1.12.0
256
257### Ambasssador API Gateway + Ambassador Edge Stack
258
259- Feature: Endpoint routing is now much more performant, especially in situations where reconfigurations are frequent.
260- Feature: A scrubbed ambassador snapshot is now accessible outside the pod at `:8005/snapshot-external`. This port is exposed on the ambassador-admin Kubernetes service.
261- Feature: Ambassador now supports configuring the maximum lifetime of an upstream connection using `cluster_max_connection_lifetime_ms`. After the configured time, upstream connections are drained and closed, allowing an operator to set an upper bound on how long any upstream connection will remain open. This is useful when using Kubernetes Service resolvers (the default) and modifying label selectors for traffic shifting.
262- Feature: The Ambassador Module configuration now supports `cluster_request_timeout_ms` to set a default request `timeout_ms` for Mappings. This allows an operator to update the default request timeout (currently 3000ms) without needing to update every Mapping.
263- Feature: The Ambassador Module configuration now supports `suppress_envoy_headers` to prevent Ambassador from setting additional headers on requests and responses. These headers are typically used for diagnostic purposes and are safe to omit when they are not desired.
264- Feature: All Kubernetes services managed by Ambassador are automatically instrumented with service catalog discovery annotations.
265- Feature: [`headers_with_underscores_action`](https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/core/protocol.proto#enum-core-httpprotocoloptions-headerswithunderscoresaction) is now configurable in the Ambassador `Module`.
266- Feature: The Ambassador Module configuration now supports `strip_matching_host_port` to control whether the port should be removed from the host/Authority header before any processing by request filters / routing. This behavior only applies if the port matches the associated Envoy listener port.
267- Bugfix: Ambassador now does a better job of cleaning up gRPC connections when shutting down.
268- Bugfix: Prevent potential reconcile loop when updating the status of an Ingress.
269- Bugfix: Update Python requirements, including addressing CVE-2020-36242 ([#3233])
270- Bugfix: Remove unnecessary logs about Kubernetes Secrets ([#3229])
271
272[#3229]: https://github.com/datawire/ambassador/issues/3229
273[#3233]: https://github.com/datawire/ambassador/issues/3233
274
275### Ambassador Edge Stack only
276
277- Feature: Added support for ambassador-agent deployment, reporting to Ambassador Cloud Service Catalog (https://app.getambassador.io)
278- Feature: `edgectl login` will automatically open your browser, allowing you to login into Service Catalog (https://app.getambassador.io)
279- Feature: `edgectl install` command allows you to install a new Ambassador Edge Stack automatically connected to Ambassador Cloud by passing a `--cloud-connect-token` argument.
280- Feature: `AES_AUTH_TIMEOUT` now allows you to configure the timeout of the AES authentication service. Defaults to 4s.
281- Bugfix: Prevent Dev Portal from sporadically responding with upstream connect timeout when loading content
282
283## [1.11.2] March 01, 2021
284[1.11.2]: https://github.com/datawire/ambassador/compare/v1.11.1...v1.11.2
285
286### Ambasssador API Gateway + Ambassador Edge Stack
287
288- Bugfix: Changes to endpoints when endpoint routing is not active will no longer cause reconfiguration
289- Bugfix: Correctly differentiate int values of 0 and Boolean values of `false` from non-existent attributes in CRDs ([#3212])
290- Bugfix: Correctly support Consul datacenters other than "dc1" without legacy mode.
291
292[#3212]: https://github.com/datawire/ambassador/issues/3212
293
294## [1.11.1] February 04, 2021
295[1.11.1]: https://github.com/datawire/ambassador/compare/v1.11.0...v1.11.1
296
297- Bugfix: Fix an issue that caused Dev Portal to sporadically respond with upstream connect timeout when loading content
298
299## [1.11.0] January 26, 2021
300[1.11.0]: https://github.com/datawire/ambassador/compare/v1.10.0...v1.11.0
301
302### Ambasssador API Gateway + Ambassador Edge Stack
303
304- Feature: Ambassador now reads the ENVOY_CONCURRENCY environment variable to optionally set the [--concurrency](https://www.envoyproxy.io/docs/envoy/latest/operations/cli#cmdoption-concurrency) command line option when launching Envoy. This controls the number of worker threads used to serve requests and can be used to fine-tune system resource usage.
305- Feature: The %DOWNSTREAM_PEER_CERT_V_START% and %DOWNSTREAM_PEER_CERT_V_END% command operators now support custom date formatting, similar to %START_TIME%. This can be used for both header formatting and access log formatting.
306- Feature: Eliminate the need to drain and recreate listeners when routing configuration is changed. This reduces both memory usage and disruption of in-flight requests.
307- Bugfix: Make sure that `labels` specifying headers with extra attributes are correctly supported again ([#3137]).
308- Bugfix: Support Consul services when the `ConsulResolver` and the `Mapping` aren't in the same namespace, and legacy mode is not enabled.
309- Bugfix: Fix failure to start when one or more IngressClasses are present in a cluster ([#3142]).
310- Bugfix: Properly handle Kubernetes 1.18 and greater when RBAC prohibits access to IngressClass resources.
311- Bugfix: Support `TLSContext` CA secrets with fast validation ([#3005]).
312- Bugfix: Dev Portal correctly handles transient failures when fetching content
313- Bugfix: Dev Portal sidebar pages have a stable order
314- Bugfix: Dev Portal pages are now marked cacheable
315
316### Ambassador Edge Stack only
317
318- Feature: RateLimit CRDs now suport specifying an `action` for each limit. Possible values include "Enforce" and "LogOnly", case insensitive. LogOnly may be used to implement dry run rules that do not actually enforce.
319- Feature: RateLimit CRDs now support specifying a symbolic `name` for each limit. This name can later be used in the access log to know which RateLimit, if any, applied to a request.
320- Feature: RateLimit metadata is now available using the `DYNAMIC_METADATA(envoy.http.filters.ratelimit: ... )` command operator in the Envoy access logs. See [Envoy Documentation](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage) for more on using dynamic metadata in the access log.
321- Feature: OAuth2 Filter: The SameSite cookie attribute is now configurable.
322
323[#3005]: https://github.com/datawire/ambassador/issues/3005
324[#3137]: https://github.com/datawire/ambassador/issues/3137
325[#3142]: https://github.com/datawire/ambassador/issues/3142
326
327## [1.10.0] January 04, 2021
328[1.10.0]: https://github.com/datawire/ambassador/compare/v1.9.1...v1.10.0
329
330### Ambasssador API Gateway + Ambassador Edge Stack
331
332- Feature: The redirect response code returned by Ambassador is now configurable using `redirect_reponse_code` on `Mappings` that use `host_redirect`.
333- Feature: The redirect location header returned by Ambassador now supports prefix rewrites using `prefix_redirect` on `Mappings` that use `host_redirect`.
334- Feature: The redirect location header returned by Ambassador now supports regex rewrites using `regex_redirect` on `Mappings` that use `host_redirect`.
335- Feature: Expose `max_request_headers_kb` in the Ambassador `Module`. This directly exposes the same value in Envoy; see [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/network/http_connection_manager/v2/http_connection_manager.proto) for more information.
336- Feature: Support Istio mTLS certification rotation for Istio 1.5 and higher. See the [howto](https://www.getambassador.io/docs/edge-stack/latest/howtos/istio/) for details.
337- Feature: The Ambassador Module's `error_response_overrides` now support configuring an empty response body using `text_format`. Previously, empty response bodies could only be configured by specifying an empty file using `text_format_source`.
338- Feature: OAuth2 Filter: Support injecting HTTP header fields in to the request before passing on to the upstream service. Enables passing along `id_token` information to the upstream if it was returned by the IDP.
339- Bugfix: Fix the grpc external filter to properly cache grpc clients thereby avoiding initiating a separate connection to the external filter for each filtered request.
340- Bugfix: Fix a bug in the Mapping CRD where the `text_format_source` field was incorrectly defined as type `string` instead of an object, as documented.
341- Bugfix: The RBAC requirements when `AMBASSADOR_FAST_RECONFIGURE` is enabled now more-closely match the requirements when it's disabled.
342- Bugfix: Fix error reporting and required-field checks when fast validation is enabled. Note that fast validation is now the default; see below.
343- Change: **Fast validation is now the default**, so the `AMBASSADOR_FAST_VALIDATION` variable has been removed. The Golang boot sequence is also now the default. Set `AMBASSADOR_LEGACY_MODE=true` to disable these two behaviors.
344- Change: ambassador-consul-connect resources now get deployed into the `ambassador` namespace instead of the active namespace specified in the user's kubernetes context (usually `default`). Old resource cleanup is documented in the Ambassador Consul integration documentation.
345
346### Ambassador Edge Stack only
347
348- Default-off early access: Ratelimiting now supports redis clustering, local caching of exceeded ratelimits, and an upgraded redis client with improved scalability. Must set AES_RATELIMIT_PREVIEW=true to access these improvements.
349- Bugfix: OAuth2 Filter: Fix `insufficient_scope` error when validating Azure access tokens.
350- Bugfix: Filters: Fix a capitalization-related bug where sometimes existing headers are appended to when they should be overwritten.
351
352## [1.9.1] November 19, 2020
353[1.9.1]: https://github.com/datawire/ambassador/compare/v1.9.0...v1.9.1
354
355### Ambassador Edge Stack only
356
357- Bugfix: DevPortal: fix a crash when the `host` cannot be parsed as a valid hostname.
358
359## [1.9.0] November 12, 2020
360[1.9.0]: https://github.com/datawire/ambassador/compare/v1.8.1...v1.9.0
361
362### Ambasssador API Gateway + Ambassador Edge Stack
363
364- Feature: Support configuring the gRPC Statistics Envoy filter to enable telemetry of gRPC calls (see the `grpc_stats` configuration flag -- thanks, [Felipe Roveran](https://github.com/feliperoveran)!)
365- Feature: The `RateLimitService` and `AuthService` configs now support switching between gRPC protocol versions `v2` and `v2alpha` (see the `protocol_version` setting)
366- Feature: The `TracingService` Zipkin config now supports setting `collector_hostname` to tell Envoy which host header to set when sending spans to the collector
367- Feature: Ambassador now supports custom error response mapping
368- Bugfix: Ambassador will no longer mistakenly post notices regarding `regex_rewrite` and `rewrite` directive conflicts in `Mapping`s due to the latter's implicit default value of `/` (thanks, [obataku](https://github.com/obataku)!)
369- Bugfix: The `/metrics` endpoint will no longer break if invoked before configuration is complete (thanks, [Markus Jevring](https://github.com/markusjevringsesame)!)
370- Bugfix: Update Python requirements to address CVE-2020-25659
371- Bugfix: Prevent mixing `Mapping`s with `host_redirect` set with `Mapping`s that don't in the same group
372- Bugfix: `ConsulResolver` will now fallback to the `Address` of a Consul service if `Service.Address` is not set.
373- Docs: Added instructions for building ambassador from source, within a docker container (thanks, [Rahul Kumar Saini](https://github.com/rahul-kumar-saini)!)
374- Update: Upgrade Alpine 3.10→3.12, GNU libc 2.30→2.32, and Python 3.7→3.8
375- Update: Knative serving tests were bumped from version 0.11.0 to version 0.18.0 (thanks, [Noah Fontes](https://github.com/impl)!)
376
377### Ambassador Edge Stack only
378
379- Change: The DevPortal no longer looks for documentation at `/.ambassador-internal/openapi-docs`. A new field in `Mappings`, `docs`, must be used for specifying the source for documentation. This can result in an empty Dev Portal after upgrading if `Mappings` do not include a `docs` attribute.
380- Feature: How the `OAuth2` Filter authenticates itself to the identity provider is now configurable with the `clientAuthentication` setting.
381- Feature: The `OAuth2` Filter can now use RFC 7523 JWT assertions to authenticate itself to the identity provider; this is usable with all grant types.
382- Feature: When validating a JWT's scope, the `JWT` and `OAuth2` Filters now support not just RFC 8693 behavior, but also the behavior of various drafts leading to it, making JWT scope validation usable with more identity providers.
383- Feature: The `OAuth2` Filter now has `inheritScopeArgument` and `stripInheritedScope` settings that can further customize the behavior of `accessTokenJWTFilter`.
384- Feature: DevPortal: default configuration using the `ambassador` `DevPortal` resource.
385- Change: The `OAuth2` Filter argument `scopes` has been renamed to `scope`, for consistency. The name `scopes` is deprecated, but will continue to work for backward compatibility.
386- Bugfix: `OAuth2` Filter: Don't have `accessTokenValidation: auto` fall back to "userinfo" validation for a client_credentials grant; it doesn't make sense there and only serves to obscure a more useful error message.
387
388## [1.8.1] October 16, 2020
389[1.8.1]: https://github.com/datawire/ambassador/compare/v1.8.0...v1.8.1
390
391### Ambasssador API Gateway + Ambassador Edge Stack
392
393- Bugfix: Ambassador no longer fails to configure Envoy listeners when a TracingService or LogService has a service name whose underlying cluster name has over 40 charcters.
394- Bugfix: The Ambassador diagnostics page no longer returns HTTP 500 when a TracingService or LogService has a service name whose underlying cluster name has over 40 characters.
395
396## [1.8.0] October 08, 2020
397[1.8.0]: https://github.com/datawire/ambassador/compare/v1.7.4...v1.8.0
398
399### Ambasssador API Gateway + Ambassador Edge Stack
400
401- Feature: HTTP IP Allow/Deny ranges are supported.
402- Bugfix: Ambassador's health checks don't claim that Envoy has failed when reconfiguration taking a long time (thanks, [Fabrice](https://github.com/jfrabaute), for contributions here!).
403- Bugfix: The `edgectl connect` command now works properly when using zsh on a Linux platform.
404- Bugfix: The container no longer exits "successfully" when the Deployment specifies an invalid `command`.
405
406### Ambassador Edge Stack only
407
408- Feature: `RateLimit` CRDs now support setting a response body, configurable with the `errorResponse` setting.
409- Bugfix: `External` `Filter` can now properly proxy the body to the configured `auth_service`
410- Bugfix: The RBAC for AES now grants permission to "patch" `Events.v1.core` (previously it granted "create" but not "patch")
411
412## [1.7.4] October 06, 2020
413[1.7.4]: https://github.com/datawire/ambassador/compare/v1.7.3...v1.7.4
414
415### Ambasssador API Gateway + Ambassador Edge Stack
416
417- Bugfix: Several regressions in the 1.7.x series are resolved by removing the ability to set `insecure.action` on a per-`Host`-resource basis, which was an ability added in 1.7.0. This reverts to the pre-1.7.0 behavior of having one `Host`'s insecure action "win" and be used for all `Host`s.
418- Bugfix: Ambassador will no longer generate invalid Envoy configuration with duplicate clusters in certain scenarios when `AMBASSADOR_FAST_RECONFIGURE=true`.
419- Enhancement: When `AMBASSADOR_FAST_RECONFIGURE=true` is set, Ambassador now logs information about memory usage.
420
421## [1.7.3] September 29, 2020
422[1.7.3]: https://github.com/datawire/ambassador/compare/v1.7.2...v1.7.3
423
424### Ambasssador API Gateway + Ambassador Edge Stack
425
426- Incorporate the Envoy 1.15.1 security update.
427- Bugfix: A regression introduced in 1.7.2 when `AMBASSADOR_FAST_RECONFIGURE=true` has been fixed where Host resources `tls.ca_secret` didn't work correctly.
428- Bugfix: `TLSContext` resources and `spec.tls` in `Host` resources now correctly handle namespaces with `.` in them.
429- Bugfix: Fix `spec.requestPolicy.insecure.action` for `Host` resources with a `*` wildcard in the hostname.
430- Bugfix: Reduce lock contention while generating diagnostics.
431
432## [1.7.2] September 16, 2020
433[1.7.2]: https://github.com/datawire/ambassador/compare/v1.7.1...v1.7.2
434
435### Ambasssador API Gateway + Ambassador Edge Stack
436
437- Bugfix: A regression introduced in 1.7.0 with the various `Host` resource `spec.requestPolicy.insecure.action` behaviors, including handling of X-Forwarded-Proto, has been fixed.
438- Bugfix: Host resources no longer perform secret namespacing when the `AMBASSADOR_FAST_RECONFIGURE` flag is enabled.
439
440## [1.7.1] September 08, 2020
441[1.7.1]: https://github.com/datawire/ambassador/compare/v1.7.0...v1.7.1
442
443### Ambasssador API Gateway + Ambassador Edge Stack
444
445- Bugfix: Support `envoy_validation_timeout` in the Ambassador Module to set the timeout for validating new Envoy configurations
446
447### Ambassador Edge Stack only
448
449- Bugfix: `consul_connect_integration` is now built correctly.
450- Bugfix: The developer portal again supports requests for API documentation
451
452## [1.7.0] August 27, 2020
453[1.7.0]: https://github.com/datawire/ambassador/compare/v1.6.2...v1.7.0
454
455### Ambassador API Gateway + Ambassador Edge Stack
456
457- Feature: Upgrade from Envoy 1.14.4 to 1.15.0.
458- Bugfix: Correctly handle a `Host` object with incompatible manually-specified `TLSContext`
459- Feature: The Ambassador control-plane now publishes Prometheus metrics alongside the existing Envoy data-plane metrics under the `/metrics` endpoint on port 8877.
460- Default-off early access: Experimental changes to allow Ambassador to more quickly process configuration changes (especially with larger configurations) have been added. The `AMBASSADOR_FAST_RECONFIGURE` env var must be set to enable this. `AMBASSADOR_FAST_VALIDATION` should also be set for maximum benefit.
461- Bugfix: Fixed insecure route action behavior. Host security policies no longer affect other Hosts.
462
463### Ambassador API Gateway only
464
465- Bugfix: Fixes regression in 1.5.1 that caused it to not correctly know its own version number, leading to notifications about an available upgrade despite being on the most recent version.
466
467### Ambassador Edge Stack only
468
469- Feature: DevPortal can now discover openapi documentation from `Mapping`s that set `host` and `headers`
470- Feature: `edgectl install` will automatically enable Service Preview with a Preview URL on the Host resource it creates.
471- Feature: Service Preview will inject an `x-service-preview-path` header in filtered requests with the original request prefix to allow for context propagation.
472- Feature: Service Preview can intercept gRPC requests using the `--grpc` flag on the `edgectl intercept add` command and the `getambassador.io/inject-traffic-agent-grpc: "true"` annotation when using automatic Traffic-Agent injection.
473- Feature: The `TracingService` Zipkin config now supports setting `collector_endpoint_version` to tell Envoy to use Zipkin v2.
474- Feature: You can now inject request and/or response headers from a `RateLimit`.
475- Bugfix: Don't crash during startup if Redis is down.
476- Bugfix: Service Preview correctly uses the Host default `Path` value for the `spec.previewUrl.type` field.
477- Bugfix: The `JWT`, `OAuth2`, and other Filters are now better about reusing connections for outgoing HTTP requests.
478- Bugfix: Fixed a potential deadlock in the HTTP cache used for fetching JWKS and such for `Filters`.
479- Bugfix: Internal Ambassador data is no longer exposed to the `/.ambassador-internal/` endpoints used by the DevPortal.
480- Bugfix: Problems with license key limits will no longer trigger spurious HTTP 429 errors. Using the `RateLimit` resource beyond 5rps without any form of license key will still trigger 429 responses, but now with a `X-Ambassador-Message` header indicating that's what happned.
481- Bugfix: When multiple `RateLimit`s overlap, it is supposed to enforce the strictest limit; but the strictness comparison didn't correctly handle comparing limits with different units.
482- Change: The Redis settings have been adjusted to default to the pre-1.6.0 behavior, and have been adjusted to be easier to understand.
483- Feature: `consul_connect_integration` is now part of the AES image.
484- Bugfix: `consul_connect_integration` now correctly handles certificates from Hashicorp Vault.
485
486## [1.6.2] July 30, 2020
487[1.6.2]: https://github.com/datawire/ambassador/compare/v1.6.1...v1.6.2
488
489### Ambassador API Gateway + Ambassador Edge Stack
490
491- Bugfix: The (new in 1.6.0) `Host.spec.tls` and `Host.spec.tlsContext` fields now work when `AMBASSADOR_FAST_VALIDATION=fast` is not set.
492- Bugfix: Setting `use_websocket: true` on a `Mapping` now only affects routes generated from that `Mapping`, instead of affecting all routes on that port.
493- Feature: It is now possible to "upgrade" to non-HTTP protocols other than WebSocket; the new `allow_upgrade` is a generalization of `use_websocket`.
494
495### Ambassador Edge Stack only
496
497- Bugfix: The `Host.spec.requestPolicy.insecure.additionalPort` field works again.
498- Bugfix: The `Host.spec.ambassadorId` is once again handled in addition to `.ambassador_id`; allowing hosts written by older versions AES prior to 1.6.0 to continue working.
499- Bugfix: Fix a redirect loop that could occur when using using multiple `protectedOrigins` in a `Host`.
500
501## [1.6.1] July 23, 2020
502[1.6.1]: https://github.com/datawire/ambassador/compare/v1.6.0...v1.6.1
503
504### Ambassador API Gateway + Ambassador Edge Stack
505
506- Bugfix: Mapping with `https` scheme for service are correctly parsed.
507- Bugfix: Mapping with both a scheme and a hostname of `localhost` is now handled correctly.
508- Bugfix: ConsulResolver now works again for Mappings outside of Ambassador's namespace.
509
510## [1.6.0] July 21, 2020
511[1.6.0]: https://github.com/datawire/ambassador/compare/v1.5.5...v1.6.0
512
513### Ambassador API Gateway + Ambassador Edge Stack
514
515- Incorporate the Envoy 1.14.4 security update.
516- API CHANGE: Turning off the Diagnostics UI via the Ambassador Module now disables access to the UI from both inside and outside the Ambassador Pod.
517- API CHANGE: Default changes updating `Mapping` status from default-on to default-off; see below.
518- Feature: Add support for circuit breakers in TCP mapping (thanks, [Pierre Fersing](https://github.com/PierreF)!)
519- Feature: Ambassador CRDs now include schema. This enables validation by `kubectl apply`.
520- Feature: Advanced TLS configuration can be specified in `Host` resource via `tlsContext` and `tls` fields.
521- Feature: Implement sampling percentage in tracing service.
522- Performance improvement: Diagnostics are generated on demand rather than on every reconfig.
523- Performance improvement: Experimental fast validation of the contents of Ambassador resources has been added. The `AMBASSADOR_FAST_VALIDATION` env var must be set to enable this.
524- Internal: Configuration endpoints used internally by Ambassador are no longer accessible from outside the Ambassador Pod.
525- Bugfix: `envoy_log_format` can now be set with `envoy_log_type: json`.
526- Docs: Fixed OAuth2 documentation spelling errors (thanks, [Travis Byrum](https://github.com/travisbyrum)!)
527
528As previously announced, the default value of `AMBASSADOR_UPDATE_MAPPING_STATUS`
529has now changed from `true` to `false`; Ambassador will no longer attempt to
530update the `Status` of a `Mapping` unless you explicitly set
531`AMBASSADOR_UPDATE_MAPPING_STATUS=true` in the environment. If you do not have
532tooling that relies on `Mapping` status updates, we do not recommend setting
533`AMBASSADOR_UPDATE_MAPPING_STATUS`.
534
535**In Ambassador 1.7**, TLS secrets in `Ingress` resources will not be able to use
536`.namespace` suffixes to cross namespaces.
537
538### Ambassador Edge Stack only
539
540- Feature: The Edge Policy Console's Debugging page now has a "Log Out" button to terminate all EPC sessions.
541- Feature: `X-Content-Type-Options: nosniff` to response headers are now set for the Edge Policy Console, to prevent MIME confusion attacks.
542- Feature: The `OAuth2` Filter now has a `allowMalformedAccessToken` setting to enable use with IDPs that generate access tokens that are not compliant with RFC 6750.
543- Bugfix: All JWT Filter errors are now formatted per the specified `errorResponse`.
544- Feature: Options for making Redis connection pooling configurable.
545- Bugfix: User is now directed to the correct URL after clicking in Microsoft Office.
546- Feature: The Console's Dashboard page has speedometer gauges to visualize Rate Limited and Authenticated traffic.
547
548## [1.5.5] June 30, 2020
549[1.5.5]: https://github.com/datawire/ambassador/compare/v1.5.4...v1.5.5
550
551### Ambassador API Gateway + Ambassador Edge Stack
552
553- Incorporate the Envoy 1.14.3 security update.
554
555## [1.5.4] June 23, 2020
556[1.5.4]: https://github.com/datawire/ambassador/compare/v1.5.3...v1.5.4
557
558### Ambassador API Gateway + Ambassador Edge Stack
559
560- Bugfix: Allow disabling `Mapping`-status updates (RECOMMENDED: see below)
561- Bugfix: Logging has been made _much_ quieter; the default Envoy log level has been turned down from "warning" to "error"
562- Ambassador now logs timing information about reconfigures
563
564We recommend that users set `AMBASSADOR_UPDATE_MAPPING_STATUS=false`
565in the environment to tell Ambassador not to update `Mapping` statuses
566unless you have some script that relies on `Mapping` status updates.
567The default value of `AMBASSADOR_UPDATE_MAPPING_STATUS` will change to
568`false` in Ambassador 1.6.
569
570## [1.5.3] June 16, 2020
571[1.5.3]: https://github.com/datawire/ambassador/compare/v1.5.2...v1.5.3
572
573### Ambassador API Gateway + Ambassador Edge Stack
574
575- Bugfix: Restore Envoy listener drain time to its pre-Ambassador 1.3.0 default of 10 minutes.
576- Bugfix: Read Knative ingress generation from the correct place in the Kubernetes object
577
578### Ambassador Edge Stack only
579
580- Bugfix: Allow deletion of ProjectControllers.
581- Bugfix: Fix regression introduced in 1.4.2 where the `OAuth2` AuthorizationCode filter no longer works when behind another gateway that rewrites the request hostname. The behavior here is now controllable via the `internalOrigin` sub-field.
582
583## [1.5.2] June 10, 2020
584[1.5.2]: https://github.com/datawire/ambassador/compare/v1.5.1...v1.5.2
585
586### Ambassador API Gateway + Ambassador Edge Stack
587
588- Incorporate the [Envoy 1.14.2](https://www.envoyproxy.io/docs/envoy/v1.14.2/intro/version_history#june-8-2020) security update.
589- Upgrade the base Docker images used by several tests (thanks, [Daniel Sutton](https://github.com/ducksecops)!).
590
591### Ambassador Edge Stack only
592
593- Feature (BETA): Added an in-cluster micro CI/CD system to enable building, staging, and publishing of GitHub projects from source. This has been included in previous versions as an alpha, but disabled by default. It is now in BETA.
594- Bugfix: The `DEVPORTAL_CONTENT_URL` environment variable now properly handles `file:///` URLs to refer to volume-mounted content.
595- Bugfix: `acmeProvider.authority: none` is no longer case sensitive
596- Bugfix: `edgectl connect` works again on Ubuntu and other Linux setups with old versions of nss-mdns (older than version 0.11)
597- Bugfix: `edgectl` works again on Windows
598- Bugfix: The Edge Policy Console now correctly creates FilterPolicy resources
599
600## [1.5.1] June 05, 2020
601[1.5.1]: https://github.com/datawire/ambassador/compare/v1.5.0...v1.5.1
602
603### Ambassador API Gateway + Ambassador Edge Stack
604
605- Bugfix: Logging has been made _much_ quieter
606- Bugfix: A service that somehow has no hostname should no longer cause an exception
607
608## [1.5.0] May 28, 2020
609[1.5.0]: https://github.com/datawire/ambassador/compare/v1.4.3...v1.5.0
610
611### Ambassador API Gateway + Ambassador Edge Stack
612
613- Change: Switched from quay.io back to DockerHub as our primary publication point. **If you are using your own Kubernetes manifests, you will have to update them!** Datawire's Helm charts and published YAML have already been updated.
614- Feature: switch to Envoy 1.14.1
615- Feature: Allow defaults for `add_request_header`, `remove_request_header`, `add_response_header`, and `remove_response_header`
616- Feature: Inform Knative of the route to the Ambassador service if available (thanks, [Noah Fontes](https://github.com/impl)!)
617- Feature: Support the path and timeout options of the Knative ingress path rules (thanks, [Noah Fontes](https://github.com/impl)!)
618- Feature: Allow preserving `X-Request-ID` on requests from external clients (thanks, [Prakhar Joshi](https://github.com/prakharjoshi)!)
619- Feature: Mappings now support query parameters (thanks, [Phil Peble](https://github.com/ppeble)!)
620- Feature: Allow setting the Envoy shared-memory base ID (thanks, [Phil Peble](https://github.com/ppeble)!)
621- Feature: Additional security configurations not set on default YAMLs
622- Feature: Let Ambassador configure `regex_rewrite` for advanced forwarding
623- Bugfix: Only update Knative ingress CRDs when the generation changes (thanks, [Noah Fontes](https://github.com/impl)!)
624- Bugfix: Now behaves properly when `AMBASSADOR_SINGLE_NAMESPACE` is set to an empty string; rather than getting in to a weird in-between state
625- Bugfix: The websocket library used by the test suite has been upgraded to incorporate security fixes (thanks, [Andrew Allbright](https://github.com/aallbrig)!)
626- Bugfix: Fixed evaluation of label selectors causing the wrong IP to be put in to Ingress resource statuses
627- Bugfix: The `watt` (port 8002) and `ambex` (port 8003) components now bind to localhost instead of 0.0.0.0, so they are no longer erroneously available from outside the Pod
628
629### Ambassador Edge Stack only
630
631- Feature: `edgectl upgrade` allows upgrading API Gateway installations to AES
632- Feature: `edgectl intercept` can generate preview-urls for Host resources that enabled the feature
633- Feature: `edgectl install` will now automatically install the Service Preview components (ambassador-injector, telepresence-proxy) and scoped RBAC
634- Feature: Rate-limited 429 responses now include the `Retry-After` header
635- Feature: The `JWT` Filter now makes `hasKey` and `doNotSet` functions available to header field templates; in order to facilitate only conditionally setting a header field.
636- Feature: The `OAuth2` Filter now has an `expirationSafetyMargin` setting that will cause an access token to be treated as expired sooner, in order to have a safety margin of time to send it to the upstream Resource Server that grants insufficient leeway.
637- Feature: The `JWT` Filter now has `leewayFor{ExpiresAt,IssuedAt,NotBefore}` settings for configuring leeway when validating the timestamps of a token.
638- Feature: The environment variables `REDIS{,_PERSECOND}_{USERNAME,PASSWORD,TLS_ENABLED,TLS_INSECURE}` may now be used to further configure how the Ambassador Edge Stack communicates with Redis.
639- Bugfix: Don't start the dev portal running if `POLL_EVERY_SECS` is 0
640- Bugfix: Now no longer needs cluster-wide RBAC when running with `AMBASSADOR_SINGLE_NAMESPACE`.
641- Bugfix: The `OAuth2` Filter now validates the reported-to-Client scope of an Access Token even if a separate `accessTokenJWTFilter` is configured.
642- Bugfix: The `OAuth2` Filter now sends the user back to the identity provider to upgrade the scope if they request an endpoint that requires broader scope than initially requested; instead of erroring.
643- Bugfix: The `OAuth2` Filter will no longer send RFC 7235 challenges back to the user agent if it would not accept RFC 7235 credentials (previously it only avoided sending HTTP 401 challenges, but still sent 400 or 403 challenges).
644- Bugfix: The `amb-sidecar` (port 8500) component now binds to localhost instead of 0.0.0.0, so it is no longer erroneously available from outside the Pod
645
646## [1.4.3] May 14, 2020
647[1.4.3]: https://github.com/datawire/ambassador/compare/v1.4.2...v1.4.3
648
649### Ambassador Edge Stack only
650
651- Bugfix: Don't generate spurious 403s in the logs when using the Edge Policy Console.
652
653## [1.4.2] April 22, 2020
654[1.4.2]: https://github.com/datawire/ambassador/compare/v1.4.1...v1.4.2
655
656### Ambassador Edge Stack only
657
658- Bugfix: The Traffic Agent binds to port 9900 by default. That port can be configured in the Agent's Pod spec.
659 - For more about using the Traffic Agent, see the [Service Preview documentation](https://www.getambassador.io/docs/edge-stack/latest/topics/using/edgectl/#configuring-service-preview).
660- Bugfix: The `OAuth2` Filter redirection-endpoint now handles various XSRF errors more consistently (the way we meant it to in 1.2.1)
661- Bugfix: The `OAuth2` Filter now supports multiple authentication domains that share the same credentials.
662 - For more about using multiple domains, see the [OAuth2 `Filter` documentation](https://www.getambassador.io/docs/edge-stack/1.4/topics/using/filters/oauth2/).
663- Bugfix: The ACME client now obeys `AMBASSADOR_ID`
664- Feature (ALPHA): Added an in-cluster micro CI/CD system to enable building, staging, and publishing of GitHub projects from source. This is disabled by default.
665
666## [1.4.1] April 15, 2020
667[1.4.1]: https://github.com/datawire/ambassador/compare/v1.4.0...v1.4.1
668
669### Ambassador Edge Stack only
670
671- Internal: `edgectl install` uses Helm under the hood
672
673## [1.4.0] April 08, 2020
674[1.4.0]: https://github.com/datawire/ambassador/compare/v1.3.2...v1.4.0
675
676### Ambassador API Gateway + Ambassador Edge Stack
677
678- Feature: Support Ingress Path types improvements from networking.k8s.io/v1beta1 on Kubernetes 1.18+
679- Feature: Support Ingress hostname wildcards
680- Feature: Support for the IngressClass Resource, added to networking.k8s.io/v1beta1 on Kubernetes 1.18+
681 - For more about new Ingress support, see the [Ingress Controller documentation](https://getambassador.io/docs/edge-stack/1.4/topics/running/ingress-controller).
682- Feature: `Mapping`s support the `cluster_tag` attribute to control the name of the generated Envoy cluster (thanks, [Stefan Sedich](https://github.com/stefansedich)!)
683 - See the [Advanced Mapping Configuration documentation](https://getambassador.io/docs/edge-stack/1.4/topics/using/mappings) for more.
684- Feature: Support Envoy's ability to force response headers to canonical HTTP case (thanks, [Puneet Loya](https://github.com/puneetloya)!)
685 - See the [Ambassador Module documentation](https://getambassador.io/docs/edge-stack/1.4/topics/running/ambassador) for more.
686- Bugfix: Correctly ignore Kubernetes services with no metadata (thanks, [Fabrice](https://github.com/jfrabaute)!)
687
688### Ambassador Edge Stack only
689
690- Feature: `edgectl install` output has clearer formatting
691- Feature: `edgectl install` offers help when installation does not succeed
692- Feature: `edgectl install` uploads installer and AES logs to a private area upon failure so Datawire support can help
693- Bugfix: The "Filters" tab in the webui no longer renders the value of OAuth client secrets that are stored in Kubernetes secrets.
694- Bugfix: The ACME client of of one Ambassador install will no longer interfere with the ACME client of another Ambassador install in the same namespace with a different AMBASSADOR_ID.
695- Bugfix: `edgectl intercept` supports matching headers values against regular expressions once more
696- Bugfix: `edgectl install` correctly handles more local and cluster environments
697 - For more about `edgectl` improvements, see the [Service Preview and Edge Control documentation](https://getambassador.io/docs/edge-stack/1.4/topics/using/edgectl).
698
699## [1.3.2] April 01, 2020
700[1.3.2]: https://github.com/datawire/ambassador/compare/v1.3.1...v1.3.2
701
702### Ambassador Edge Stack only
703
704- Bugfix: `edgectl install` correctly installs on Amazon EKS and other clusters that provide load balancers with fixed DNS names
705- Bugfix: `edgectl install` when using Helm once again works as documented
706- Bugfix: `edgectl install` console logs are improved and neatened
707- Bugfix: `edgectl install --verbose` output is improved
708- Bugfix: `edgectl install` automatically opens documentation pages for some errors
709- Bugfix: `edgectl install` help text is improved
710
711## [1.3.1] March 24, 2020
712[1.3.1]: https://github.com/datawire/ambassador/compare/v1.3.0...v1.3.1
713
714### Ambassador Edge Stack only
715
716- Bugfix: `edgectl install` will not install on top of a running Ambassador
717- Bugfix: `edgectl install` can detect and report if `kubectl` is missing
718- Bugfix: `edgectl install` can detect and report if it cannot talk to a Kubernetes cluster
719- Bugfix: When using the `Authorization Code` grant type for `OAuth2`, expired tokens are correctly handled so that the user will be prompted to renew
720- Bugfix: When using the `Password` grant type for `OAuth2`, authentication sessions are properly associated with each user
721- Bugfix: When using the `Password` grant type for `OAuth2`, you can set up multiple `Filter`s to allow requesting different scopes for different endpoints
722
723## [1.3.0] March 17, 2020
724[1.3.0]: https://github.com/datawire/ambassador/compare/v1.2.2...v1.3.0
725
726### Ambassador Edge Stack only
727
728- Feature: Support username and password as headers for OAuth2 authentication (`grantType: Password`)
729- Feature: `edgectl install` provides better feedback for clusters that are unreachable from the public Internet
730- Feature: `edgectl install` supports KIND clusters (thanks, [@factorypreset](https://github.com/factorypreset)!)
731- Feature: `edgectl intercept` supports HTTPS
732- Feature: Ambassador Edge Stack Docker image is ~150MB smaller
733- Feature: The Edge Policy Console can be fully disabled with the `diagnostics.enabled` element in the `ambassador` Module
734- Feature: `aes-plugin-runner` now allows passing in `docker run` flags after the main argument list.
735- Bugfix: Ambassador Edge Stack doesn't crash if the Developer Portal content URL is not accessible
736- Bugfix: `edgectl connect` does a better job handling clusters with many services
737- Bugfix: The `Plugin` Filter now correctly sets `request.TLS` to nil/non-nil based on if the original request was encrypted or not.
738- Change: There is no longer a separate traffic-proxy image; that functionality is now part of the main AES image. Set `command: ["traffic-manager"]` to use it.
739
740## [1.2.2] March 04, 2020
741[1.2.2]: https://github.com/datawire/ambassador/compare/v1.2.1...v1.2.2
742
743### Ambassador Edge Stack only
744
745- Internal: Fix an error in Edge Stack update checks
746
747## [1.2.1] March 03, 2020
748[1.2.1]: https://github.com/datawire/ambassador/compare/v1.2.0...v1.2.1
749
750Edge Stack users SHOULD NOT use this release, and should instead use 1.2.2.
751
752### Ambassador API Gateway + Ambassador Edge Stack
753
754- Bugfix: re-support PROXY protocol when terminating TLS ([#2348])
755- Bugfix: Incorporate the Envoy 1.12.3 security update
756
757### Ambassador Edge Stack only
758
759- Bugfix: The `aes-plugin-runner` binary for GNU/Linux is now statically linked (instead of being linked against musl libc), so it should now work on either musl libc or GNU libc systems
760- Feature (ALPHA): An `aes-plugin-runner` binary for Windows is now produced. (It is un-tested as of yet.)
761- Bugfix: The `OAuth2` Filter redirection-endpoint now handles various XSRF errors more consistently
762- Change: The `OAuth2` Filter redirection-endpoint now handles XSRF errors by redirecting back to the identity provider
763
764[#2348]: https://github.com/datawire/ambassador/issues/2348
765
766## [1.2.0] February 24, 2020
767[1.2.0]: https://github.com/datawire/ambassador/compare/v1.1.1...v1.2.0
768
769### Ambassador API Gateway + Ambassador Edge Stack
770
771- Feature: add idle_timeout_ms support for common HTTP listener (thanks, Jordan Neufeld!) ([#2155])
772- Feature: allow override of bind addresses, including for IPv6! (thanks to [Josue Diaz](https://github.com/josuesdiaz)!) ([#2293])
773- Bugfix: Support Istio mTLS secrets natively (thanks, [Phil Peble](https://github.com/ppeble)!) ([#1475])
774- Bugfix: TLS custom secret with period in name doesn't work (thanks, [Phil Peble](https://github.com/ppeble)!) ([#1255])
775- Bugfix: Honor ingress.class when running with Knative
776- Internal: Fix CRD-versioning issue in CI tests (thanks, [Ricky Taylor](https://github.com/ricky26)!)
777- Bugfix: Stop using deprecated Envoy configuration elements
778- Bugfix: Resume building a debuggable Envoy binary
779
780### Ambassador Edge Stack only
781
782- Change: The `ambassador` service now uses the default `externalTrafficPolicy` of `Cluster` rather than explicitly setting it to `Local`. This is a safer setting for GKE where the `Local` policy can cause outages when ambassador is updated. See https://stackoverflow.com/questions/60121956/are-hitless-rolling-updates-possible-on-gke-with-externaltrafficpolicy-local for details.
783- Feature: `edgectl install` provides a much cleaner, quicker experience when installing Ambassador Edge Stack
784- Feature: Ambassador Edge Stack supports the Ambassador operator for automated management and upgrade
785- Feature: `ifRequestHeader` can now have `valueRegex` instead of `value`
786- Feature: The `OAuth2` Filter now has `useSessionCookies` option to have cookies expire when the browser closes, rather than at a fixed duration
787- Feature: `ifRequestHeader` now has `negate: bool` to invert the match
788- Bugfix: The RBAC for `Ingress` now supports the `networking.k8s.io` `apiGroup`
789- Bugfix: Quiet Dev Portal debug logs
790- Bugfix: The Edge Policy Console is much less chatty when logged out
791- Change: The intercept agent is now incorporated into the `aes` image
792- Change: The `OAuth2` Filter no longer sets cookies when `insteadOfRedirect` triggers
793- Change: The `OAuth2` Filter more frequently adjusts the cookies
794
795[#1475]: https://github.com/datawire/ambassador/issues/1475
796[#1255]: https://github.com/datawire/ambassador/issues/1255
797[#2155]: https://github.com/datawire/ambassador/issues/2155
798[#2293]: https://github.com/datawire/ambassador/issues/2293
799
800## [1.1.1] February 12, 2020
801[1.1.1]: https://github.com/datawire/ambassador/compare/v1.1.0...v1.1.1
802
803### Ambassador API Gateway + Ambassador Edge Stack
804
805- Bugfix: Load explicitly referenced secrets in another namespace, even when `AMBASSADOR_SINGLE_NAMESPACE` (thanks, [Thibault Cohen](https://github.com/titilambert)!) ([#2202])
806- Bugfix: Fix Host support for choosing cleartext or TLS ([#2279])
807- Bugfix: Fix intermittent error when rendering `/ambassador/v0/diag/`
808- Internal: Various CLI tooling improvements
809
810[#2202]: https://github.com/datawire/ambassador/issues/2202
811[#2279]: https://github.com/datawire/ambassador/pull/2279
812
813### Ambassador Edge Stack only
814
815- Feature: The Policy Console can now set the log level to "trace" (in addition to "info" or "debug")
816- Bugfix: Don't have the Policy Console poll for snapshots when logged out
817- Bugfix: Do a better job of noticing when the license key changes
818- Bugfix: `aes-plugin-runner --version` now works properly
819- Bugfix: Only serve the custom CONGRATULATIONS! 404 page on `/`
820- Change: The `OAuth2` Filter `stateTTL` setting is now ignored; the lifetime of state-tokens is now managed automatically
821
822## [1.1.0] January 28, 2020
823[1.1.0]: https://github.com/datawire/ambassador/compare/v1.0.0...v1.1.0
824
825(Note that Ambassador 1.1.0 is identical to Ambassador 1.1.0-rc.0, from January 24, 2020.
826 Also, we're now using "-rc.N" rather than just "-rcN", for better compliance with
827 [SemVer](https://www.semver.org/).
828
829### Ambassador API Gateway + Ambassador Edge Stack
830
831- Feature: support resources with the same name but in different namespaces ([#2226], [#2198])
832- Feature: support DNS overrides in `edgectl`
833- Bugfix: Reduce log noise about "kubestatus" updates
834- Bugfix: manage the diagnostics snapshot cache more aggressively to reduce memory footprint
835- Bugfix: re-enable Docker demo mode (and improve the test to make sure we don't break it again!) ([#2227])
836- Bugfix: correct potential issue with building edgectl on Windows
837- Internal: fix an error with an undefined Python type in the TLS test (thanks, [Christian Clauss](https://github.com/cclauss)!)
838
839### Ambassador Edge Stack only
840
841- Feature: make the `External` filter type fully compatible with the `AuthService` type
842- Docs: add instructions for what to do after downloading `edgectl`
843- Bugfix: make it much faster to apply the Edge Stack License
844- Bugfix: make sure the ACME terms-of-service link is always shown
845- Bugfix: make the Edge Policy Console more performant
846
847[#2198]: https://github.com/datawire/ambassador/issues/2198
848[#2226]: https://github.com/datawire/ambassador/issues/2226
849[#2227]: https://github.com/datawire/ambassador/issues/2227
850
851## [1.0.0] January 15, 2020
852[1.0.0]: https://github.com/datawire/ambassador/compare/v0.86.1...v1.0.0
853
854### Caution!
855
856All of Ambassador's CRDs have been switched to `apiVersion: getambassador.io/v2`, and
857**your resources will be upgraded when you apply the new CRDs**. We recommend that you
858follow the [migration instructions](https://getambassador.io/early-access/user-guide/upgrade-to-edge-stack/) and check your installation's
859behavior before upgrading your CRDs.
860
861## Ambassador API Gateway + Ambassador Edge Stack
862
863### Breaking changes
864
865- When a resource specifies a service or secret name without a corresponding namespace, Ambassador will now
866 look for the service or secret in the namespace of the resource that mentioned it. In the past, Ambassador
867 would look in the namespace in which Ambassador was running.
868
869### Features
870
871- The Host CR provides an easy way to tell Ambassador about domains it should expect to handle, and
872 how it should handle secure and insecure requests for those domains
873- Redirection from HTTP to HTTPS defaults to ON when termination contexts are present
874- Mapping and Host CRs, as well as Ingress resources, get Status updates to provide better feedback
875- Improve performance of processing events from Kubernetes
876- Automatic HTTPS should work with any ACME clients doing the http-01 challenge
877
878### Bugfixes
879
880- CORS now happens before rate limiting
881- The reconfiguration engine is better protected from exceptions
882- Don’t try to check for upgrades on every UI snapshot update
883- Reduced reconfiguration churn
884- Don't force SNI routes to be lower-priority than non-SNI routes
885- Knative mappings fallback to the Ambassador namespace if no namespace is specified
886- Fix `ambassador_id` handling for Knative resources
887- Treat `ambassadorId` as a synonym for `ambassador_id` (`ambassadorId` is the Protobuf 3 canonical form of `ambassador_id`)
888
889### Ambassador Edge Stack
890
891Ambassador Edge Stack incorporates the functionality of the old Ambassador Pro product.
892
893- Authentication and ratelimiting are now available under a free community license
894- Given a Host CR, Ambassador can manage TLS certificates using ACME (or you can manage them by hand)
895- There is now an `edgectl` program that you can use for interacting with Ambassador from the command line
896- There is a web user-interface for Ambassador
897- BREAKING CHANGE: `APP_LOG_LEVEL` is now `AES_LOG_LEVEL`
898
899See the [`CHANGELOG.old-pro.md`](./CHANGELOG.old-pro.md) file for the changelog of
900the old Ambassador Pro product.
901
902## [1.0.0-rc6] January 15, 2020
903[1.0.0-rc6]: https://github.com/datawire/ambassador/compare/v1.0.0-rc4...v1.0.0-rc6
904
905 - AES: Bugfix: Fix ACME client with multiple replicas
906 - AES: Bugfix: Fix ACME client race conditions with the API server and WATT
907 - AES: Bugfix: Don't crash in the ACME client if Redis is unavailable
908
909## [1.0.0-rc4] January 13, 2020
910[1.0.0-rc4]: https://github.com/datawire/ambassador/compare/v1.0.0-rc1...v1.0.0-rc4
911
912- Change: Less verbose yet more useful Ambassador pod logs
913- Bugfix: Various bugfixes for listeners and route rejection
914- Bugfix: Don't append the service namespace for `localhost`
915- AES: Bugfix: Fix rendering mapping labels YAML in the webui
916- AES: Bugfix: Organize help output from `edgectl` so it is easier to read
917- AES: Bugfix: Various bugfixes around ACME support with manually-configured TLSContexts
918- AES: Change: Don't disable scout or enable extra-verbose logging when migrating from OSS
919- AES: BREAKING CHANGE: `APP_LOG_LEVEL` is now `AES_LOG_LEVEL`
920
921## [1.0.0-rc1] January 11, 2020
922[1.0.0-rc1]: https://github.com/datawire/ambassador/compare/v1.0.0-rc0...v1.0.0-rc1
923
924- Internal: Improvements to release machinery
925- Internal: Fix the dev shell
926- Internal: Adjust KAT tests to work with the Edge Stack
927
928## [1.0.0-rc0] January 10, 2020
929[1.0.0-rc0]: https://github.com/datawire/ambassador/compare/v1.0.0-ea13...v1.0.0-rc0
930
931- BREAKING CHANGE: Rename Host CR status field `reason` to `errorReason`
932- Feature: Host CRs now default `.spec.hostname` to `.metadata.name`
933- Feature: Host CRs now have a `requestPolicy` field to control redirecting from cleartext to TLS
934- Feature: Redirecting from cleartext to TLS no longer interferes with ACME http-01 challenges
935- Feature: Improved `edgectl` help and informational messages
936- Bugfix: Host CR status is now a sub-resource
937- Bugfix: Have diagd snapshot JSON not include "serialization" keys (which could potentially leak secrets)
938- Bugfix: Fix `ambassador_id` handling for Knative resources
939- Bugfix: Use the correct namespace for resources found via annotations
940- Bugfix: Treat `ambassadorId` as a synonym for `ambassador_id` (`ambassadorId` is the Protobuf 3 canonical form of `ambassador_id`)
941- Internal: Allow passing a `DOCKER_NETWORK` variable to the build-system
942
943## [1.0.0-ea13] January 09, 2020
944[1.0.0-ea13]: https://github.com/datawire/ambassador/compare/v1.0.0-ea12...v1.0.0-ea13
945
946- Bugfix: Knative mappings populate and fallback to the Ambassador namespace if unspecified
947- Internal: Knative tests for versions 0.7.1 and 0.8.0 were removed
948- Internal: Knative tests for version 0.11.0 were added
949- Internal: Improved performance with Edge Stack using /ambassador/v0/diag/ with an optional `patch_client` query param to send a partial representation in JSON Patch format, reducing the memory and network traffic for large deployments
950- Internal: Silencing warnings from `which` in docs preflight-check
951
952## [1.0.0-ea12] January 08, 2020
953[1.0.0-ea12]: https://github.com/datawire/ambassador/compare/v1.0.0-ea9...v1.0.0-ea12
954
955- BREAKING CHANGE: When a resource specifies a service or secret name without a corresponding namespace, Ambassador uses the namespace of the resource. In the past, Ambassador would use its own namespace.
956- Bugfix: Add the appropriate label so Ingress works with Edge Stack
957- Bugfix: Remove superfluous imagePullSecret
958- Bugfix: Fix various admin UI quirks, especially in Firefox
959 - Bogus warnings about duplicate resources
960 - Drag-and-drop reordering of rate limit configuration
961 - Missing icons
962- Internal: Drop duplicated resources earlier in the processing chain
963- Internal: Streamline code generation from protobufs
964- Internal: Automated broken-link checks in the documentation
965
966## [1.0.0-ea9] December 23, 2019
967[1.0.0-ea9]: https://github.com/datawire/ambassador/compare/v1.0.0-ea7...v1.0.0-ea9
968
969- Bugfix: Use proper executable name for Windows edgectl
970- Bugfix: Don't force SNI routes to be lower-priority than non-SNI routes
971- Bugfix: Prevent the self-signed fallback context from conflicting with a manual context
972
973## [1.0.0-ea7] December 19, 2019
974[1.0.0-ea7]: https://github.com/datawire/ambassador/compare/v1.0.0-ea6...v1.0.0-ea7
975
976- Bugfix: UI buttons can hide themselves
977- Bugfix: Developer Portal API acquisition
978- Bugfix: Developer Portal internal routing
979- Internal: Better JS console usage
980- Internal: Rationalize usage reporting for Edge Stack
981
982## [1.0.0-ea6] December 18, 2019
983[1.0.0-ea6]: https://github.com/datawire/ambassador/compare/v1.0.0-ea5...v1.0.0-ea6
984
985- Feature: Improve performance of processing events from Kubernetes
986- Feature: Automatic HTTPS should work with any ACME clients doing the http-01 challenge
987- Internal: General improvements to test infrastructure
988- Internal: Improved the release process
989
990`ambassador-internal-access-control` `Filter` and `FilterPolicy` are now
991created internally. Remove them from your cluster if upgrading from a
992previous version.
993
994## [1.0.0-ea5] December 17, 2019
995[1.0.0-ea5]: https://github.com/datawire/ambassador/compare/v1.0.0-ea3...v1.0.0-ea5
996
997- Internal: Improved the reliability of CI
998- Internal: Improved the release process
999
1000## [1.0.0-ea3] December 16, 2019
1001[1.0.0-ea3]: https://github.com/datawire/ambassador/compare/v1.0.0-ea1...v1.0.0-ea3
1002
1003- Feature: initial edgectl support for Windows!
1004- UX: be explicit that seeing the license applied can take a few minutes
1005- Bugfix: don’t try to check for upgrades on every UI snapshot update
1006- Bugfix: don’t activate the fallback TLSContext if its secret is not available
1007- Bugfix: first cut at reducing reconfiguration churn
1008
1009## [1.0.0-ea1] December 10, 2019
1010[1.0.0-ea1]: https://github.com/datawire/ambassador/compare/v0.85.0...v1.0.0-ea1
1011
1012### Caution!
1013
1014All of Ambassador's CRDs have been switched to `apiVersion: getambassador.io/v2`, and
1015**your resources will be upgraded when you apply the new CRDs**. We recommend that you
1016follow the [migration instructions](https://getambassador.io/early-access/user-guide/upgrade-to-edge-stack/) and check your installation's
1017behavior before upgrading your CRDs.
1018
1019### Features
1020
1021- Authentication and ratelimiting are now available under a free community license
1022- The Host CRD provides an easy way to tell Ambassador about domains it should expect to handle
1023- Given a Host CRD, Ambassador can manage TLS certificates using ACME (or you can manage them by hand)
1024- Redirection from HTTP to HTTPS defaults to ON when termination contexts are present
1025- Mapping and Host CRDs, as well as Ingress resources, get Status updates to provide better feedback
1026
1027### Bugfixes
1028
1029- CVE-2019–18801, CVE-2019–18802, and CVE-2019–18836 are fixed by including Envoy 1.12.2
1030- CORS now happens before rate limiting
1031- The reconfiguration engine is better protected from exceptions
1032
1033## [0.86.1] December 10, 2019
1034[0.86.1]: https://github.com/datawire/ambassador/compare/v0.84.1...v0.86.1
1035
1036- Envoy updated to 1.12.2 for security fixes
1037- Envoy TCP keepalives are now supported (thanks, [Bartek Kowalczyk](https://github.com/KowalczykBartek)!)
1038- Envoy remote access logs are now supported
1039- Correctly handle upgrades when the `LogService` CRD is not present
1040
1041(Ambassador 0.86.0 was superseded by Ambassador 0.86.1.)
1042
1043## [0.85.0] October 22, 2019
1044[0.85.0]: https://github.com/datawire/ambassador/compare/v0.84.1...v0.85.0
1045
1046### Features
1047
1048- Support configuring the Envoy access log format (thanks to [John Esmet](https://github.com/esmet)!)
1049
1050## [0.84.1] October 20, 2019
1051[0.84.1]: https://github.com/datawire/ambassador/compare/v0.84.0...v0.84.1
1052
1053### Major changes:
1054- Bugfix: Fix /ambassador permissions to allow running as non-root - Thanks @dmayle (https://github.com/dmayle) for reporting the bug.
1055
1056## [0.84.0] October 18, 2019
1057[0.84.0]: https://github.com/datawire/ambassador/compare/v0.83.0...v0.84.0
1058
1059### Features:
1060
1061- Support setting window_bits for the GZip filter (thanks to [Florent Delannoy](https://github.com/Pluies)!)
1062- Correctly support tuning the regex_max_size, and bump its default to 200 (thanks to [Paul Salaberria](https://github.com/psalaberria002)!)
1063- Support setting redirect_cleartext_from in a TLSContext
1064
1065### Bugfixes:
1066
1067- Correctly update loadbalancer status of Ingress resources
1068- Don't enable diagd debugging in the test suite unless explicitly requested (thanks to [Jonathan Suever](https://github.com/suever)!)
1069- Switch to an Envoy release build
1070
1071### Developer Notes:
1072
1073- Many many things about the build system have changed under the hood!
1074 - Start with `make help`, and
1075 - Join our [Slack channel](https://d6e.co/slack) for more help!
1076
1077## [0.83.0] October 08, 2019
1078[0.83.0]: https://github.com/datawire/ambassador/compare/v0.82.0...v0.83.0
1079
1080### Major changes:
1081- Update Ambassador to address CVE-2019-15225 and CVE-2019-15226.
1082
1083NOTE: this switches the default regex engine! See the documentation for the `ambassador` `Module` for more.
1084
1085## [0.82.0] October 02, 2019
1086[0.82.0]: https://github.com/datawire/ambassador/compare/v0.81.0...v0.82.0
1087
1088### Major changes:
1089- Feature: Arrange for the Prometheus metrics endpoint to also return associated headers (thanks, [Jennifer Wu](https://github.com/jhsiaomei)!)
1090- Feature: Support setting a TLS origination context when doing TLS to a RateLimitService (thanks, [Phil Peble](https://github.com/ppeble)!)
1091- Feature: Allow configuring Envoy's access log path (thanks, [Jonathan Suever](https://github.com/suever)!)
1092- Update: Switch to Python 3.7 and Alpine 3.10
1093
1094### Developer notes:
1095- Switch back to the latest mypy (currently 0.730)
1096- Environment variable KAT_IMAGE_PULL_POLICY can override the imagePullPolicy when running KAT tests
1097- Updated Generated Envoy Golang APIs
1098
1099## [0.81.0] September 26, 2019
1100[0.81.0]: https://github.com/datawire/ambassador/compare/v0.80.0...v0.81.0
1101
1102### Major changes:
1103- Feature: ${} environment variable interpolation is supported in all Ambassador configuration resources (thanks, [Stefan Sedich](https://github.com/stefansedich)!)
1104- Feature: DataDog APM tracing is now supported (thanks again, [Stefan Sedich](https://github.com/stefansedich)!)
1105- Bugfix: Fix an error in the TLSContext schema (thanks, [@georgekaz](https://github.com/georgekaz)!)
1106
1107### Developer notes:
1108- Test services can now be built, deployed, and tested more easily (see BUILDING.md)
1109- `mypy` is temporarily pinned to version 0.720.
1110
1111## [0.80.0] September 20, 2019
1112[0.80.0]: https://github.com/datawire/ambassador/compare/v0.78.0...v0.80.0
1113
1114### Major changes:
1115- Feature: Basic support for the Kubernetes Ingress resource
1116- Feature: Basic reporting for some common configuration errors (lack of Mappings, lack of TLS contexts)
1117- Bugfix: Update Envoy to prevent crashing when updating AuthService under load
1118
1119### Developer notes
1120- Golang components now use Go 1.13
1121- Ambassador build now _requires_ clean type hinting
1122- KAT client and server have been pulled back into the Ambassador repo
1123
1124## [0.78.0] September 11, 2019
1125[0.78.0]: https://github.com/datawire/ambassador/compare/v0.77.0...v0.78.0
1126
1127### Major changes:
1128- Feature: Support setting cipher_suites and ecdh_curves in TLSContext - #1782 (Thanks @teejaded)
1129- Feature: Make 128-bits traceids the default - #1794 (Thanks @Pluies)
1130- Feature: Set cap_net_bind_service to allow binding to low ports - #1720 (Thanks @swalberg)
1131
1132### Minor changes:
1133- Testing: Add test that ambassador cli does not crash when called with --help - #1806 (Thanks @rokostik)
1134
1135## [0.77.0] September 05, 2019
1136[0.77.0]: https://github.com/datawire/ambassador/compare/v0.76.0...v0.77.0
1137
1138- (Feature) Support the `least_request` load balancer policy (thanks, [Steve Flanders](https://github.com/flands)!)
1139- (Misc) Many test and release-engineering improvements under the hood
1140
1141## [0.76.0] August 26, 2019
1142[0.76.0]: https://github.com/datawire/ambassador/compare/v0.75.0...v0.76.0
1143
1144- circuit breakers now properly handle overriding a global circuit breaker within a Mapping ([#1767])
1145- support for Knative 0.8.0 ([#1732])
1146
1147[#1767]: https://github.com/datawire/ambassador/issues/1767
1148[#1732]: https://github.com/datawire/ambassador/issues/1732
1149
1150## [0.75.0] August 13, 2019
1151[0.75.0]: https://github.com/datawire/ambassador/compare/0.74.1...0.75.0
1152
1153- (Feature) Update to Envoy 1.11.1, including security fixes
1154- (Feature) You can use a `TLSContext` without a `secret` to set origination options ([#1708])
1155- (Feature) Canary deployments can now use multiple `host_rewrite` values ([#1159])
1156- (Bugfix) Make sure that Ambassador won't mistakenly complain about the number of RateLimit and Tracing services (thanks, [Christian Claus](https://github.com/cclauss)!)
1157
1158[#1159]: https://github.com/datawire/ambassador/issues/1159
1159[#1708]: https://github.com/datawire/ambassador/issues/1708
1160
1161## [0.74.1] August 06, 2019
1162[0.74.1]: https://github.com/datawire/ambassador/compare/0.74.0...0.74.1
1163
1164- (bugfix) Make sure that updates properly trigger reconfigures ([#1727])
1165- (misc) Arrange for startup logging to have timestamps
1166
1167[#1727]: https://github.com/datawire/ambassador/issues/1727
1168
1169## [0.74.0] July 30, 2019
1170[0.74.0]: https://github.com/datawire/ambassador/compare/0.73.0...0.74.0
1171
1172- Bugfix: Make sure that the pod dies if Envoy dies
1173- Bugfix: Correctly allow setting `timeout_ms` for `AuthService` (thanks, [John Esmet!](https://www.github.com/esmet)!)
1174- Feature: Permit configuring `cluster_idle_timeout_ms` for upstream services (thanks, [John Esmet!](https://www.github.com/esmet)!) ([#1542])
1175
1176[#1542]: https://github.com/datawire/ambassador/issues/1542
1177
1178## [0.73.0] July 11, 2019
1179[0.73.0]: https://github.com/datawire/ambassador/compare/0.72.0...0.73.0
1180
1181- Feature: Experimental native support for Knative! ([#1579])
1182- Feature: Better Linkerd interoperability! ([#1578], [#1594])
1183
1184- Feature: Add a legend for the colors of service names on the diagnostic overview (thanks, [Wyatt Pearsall](https://github.com/wpears)!)
1185- Feature: Allow switching Envoy to output JSON logs (thanks, [Pedro Tavares](https://github.com/ServerlessP)!)
1186- Feature: Allow setting `AMBASSADOR_LABEL_SELECTOR` and `AMBASSADOR_FIELD_SELECTOR` to let Ambassador use Kubernetes selectors to determine which things to read (thanks, [John Esmet](https://github.com/esmet)!) ([#1292])
1187- Feature: Allow configuring retries for `AuthService` (thanks, [Kevin Dagostino](https://github.com/TonkWorks)!) ([#1622], [#1461])
1188
1189- Bugfix: Allow Ambassador to ride through Envoy-validation timeouts (thanks, [John Morrisey](https://github.com/jwm)!)
1190- Bugfix: Allow Ambassador to ride through parse errors on input resources (thanks, [Andrei Predoiu](https://github.com/Andrei-Predoiu)!) ([#1625])
1191- Bugfix: Allow '.' in a `secret` name to just be a '.' ([#1255])
1192
1193- Bugfix: Allow manually defining an Ambassador `Service` resource, same as any other resource
1194- Bugfix: Prevent spurious duplicate-resource errors when loading config from the filesystem
1195
1196[#1255]: https://github.com/datawire/ambassador/issues/1255
1197[#1292]: https://github.com/datawire/ambassador/issues/1292
1198[#1461]: https://github.com/datawire/ambassador/issues/1461
1199[#1578]: https://github.com/datawire/ambassador/issues/1578
1200[#1579]: https://github.com/datawire/ambassador/issues/1579
1201[#1594]: https://github.com/datawire/ambassador/issues/1594
1202[#1622]: https://github.com/datawire/ambassador/issues/1622
1203[#1625]: https://github.com/datawire/ambassador/issues/1625
1204
1205## [0.72.0] June 13, 2019
1206[0.72.0]: https://github.com/datawire/ambassador/compare/0.71.0...0.72.0
1207
1208- Envoy: Update Envoy to commit 8f57f7d765
1209- Bugfix: Auth spans are now properly connected to requests ([#1414])
1210- Bugfix: `include_body` now works correctly ([#1531], [#1595])
1211- Bugfix: `x_forwarded_proto_redirect` works again (thanks to [Kyle Martin](https://github.com/KyleMartin901)!) ([#1571])
1212- Bugfix: Ambassador works correctly with read-only filesystems (thanks, [Niko Kurtti](https://github.com/n1koo)!) ([#1614], [#1619])
1213- Bugfix: Correctly render groups associated with a given resolver in diagnostics JSON output
1214- Feature: Give the Ambassador CLI a way to specify the directory into which to write secrets.
1215
1216[#1414]: https://github.com/datawire/ambassador/issues/1414
1217[#1531]: https://github.com/datawire/ambassador/issues/1531
1218[#1571]: https://github.com/datawire/ambassador/issues/1571
1219[#1595]: https://github.com/datawire/ambassador/issues/1595
1220[#1614]: https://github.com/datawire/ambassador/issues/1614
1221[#1619]: https://github.com/datawire/ambassador/issues/1619
1222
1223## [0.71.0] June 06, 2019
1224[0.71.0]: https://github.com/datawire/ambassador/compare/0.70.1...0.71.0
1225
1226- Feature: GZIP support [#744]
1227- Feature: diag UI shows active Resolvers [#1453]
1228- Feature: CRDs exist for Resolvers [#1563]
1229- Feature: Resolvers with custom names work, even as CRDs [#1497]
1230- Feature: The `/metrics` endpoint provides direct access to Prometheus-format stats (thanks to [Rotem Tamir](https://github.com/rotemtam)!)
1231- Bugfix: `statsd-exporter` now correctly defaults to port 8125 (thanks to [Jonathan Suever](https://github.com/suever)!)
1232- Bugfix: redirect_cleartext_from no longer strips the URL path [#1463]
1233- Bugfix: canary weights of 0 and 100 work correctly [#1379]
1234- Bugfix: `docker run` works again for the Ambassador demo, and is part of our tests now [#1569]
1235- Bugfix: Scout `DEBUG` messages don’t get leaked into the diag UI [#1573]
1236- Maintenance: warn of upcoming protocol version changes
1237- Maintenance: check in with Scout every 24 hours, but no more than twice per day
1238
1239[#744]: https://github.com/datawire/ambassador/issues/744
1240[#1379]: https://github.com/datawire/ambassador/issues/1379
1241[#1453]: https://github.com/datawire/ambassador/issues/1453
1242[#1463]: https://github.com/datawire/ambassador/issues/1463
1243[#1497]: https://github.com/datawire/ambassador/issues/1497
1244[#1563]: https://github.com/datawire/ambassador/issues/1563
1245[#1569]: https://github.com/datawire/ambassador/issues/1569
1246[#1573]: https://github.com/datawire/ambassador/issues/1573
1247
1248## [0.70.1] May 24, 2019
1249[0.70.1]: https://github.com/datawire/ambassador/compare/0.70.0...0.70.1
1250
1251### Minor changes:
1252- Bugfix: Disable CRD support if Ambassador cannot access them
1253- Upgrade: Upgrade to watt 0.5.1
1254
1255## [0.70.0] May 20, 2019
1256[0.70.0]: https://github.com/datawire/ambassador/compare/0.61.0...0.70.0
1257
1258### Major changes:
1259- Feature: Support CRDs in the `getambassador.io` API group for configuration ([#482])
1260- Feature: Update to Envoy 1.10
1261
1262### Minor changes:
1263- Feature: Support removing request headers (thanks @ysaakpr!)
1264- Bugfix: `watt` should better coalesce calls to the watch hook on startup
1265- Bugfix: Ambassador no longer uses ports 7000 or 18000 ([#1526], [#1527])
1266
1267[#482]: https://github.com/datawire/ambassador/issues/482
1268[#1526]: https://github.com/datawire/ambassador/issues/1526
1269[#1527]: https://github.com/datawire/ambassador/issues/1527
1270
1271## [0.61.1] May 16, 2019
1272[0.61.1]: https://github.com/datawire/ambassador/compare/0.61.0...0.61.1
1273
1274- Bugfix: Make sure that Consul discovery properly handles the datacenter name ([#1533])
1275- Bugfix: Make sure that the feature-walk code is protected against clusters with no endpoints at all ([#1532])
1276
1277[#1532]: https://github.com/datawire/ambassador/issues/1532
1278[#1533]: https://github.com/datawire/ambassador/issues/1533
1279
1280## [0.61.0] May 08, 2019
1281[0.61.0]: https://github.com/datawire/ambassador/compare/0.60.3...0.61.0
1282
1283Ambassador 0.61.0 metadata
1284
1285### Changes:
1286- Feature: Support for minimum and maximum TLS versions (#689)
1287- Feature: Allow choosing whether to append or overwrite when adding request or response headers (#1481) - thanks to @ysaakpr
1288- Feature: Support for circuit breakers (#360)
1289- Feature: Support for automatic retries (#1127) - thanks to @l1v3
1290- Feature: Support for shadow traffic weighting - thanks to @nemo83
1291- Feature: Support for HTTP/1.0 (#988) - thanks to @cyrus-mc
1292- Bugfix: Problem with local Consul agent resolver and non-standard HTTP port (#1508)
1293- Bugfix: Round each mapping's weight to an integer to prevent invalid Envoy configurations when using weights (#1289) - thanks to @esmet
1294- Bugfix: Fix deadlock on invalid Envoy configuration (#1491) - thanks to @esmet
1295- Bugfix: Fixed LightStep gRPC TracingService (#1189) - thanks to @sbaum1994
1296## [0.60.3] May 01, 2019
1297[0.60.3]: https://github.com/datawire/ambassador/compare/0.60.2...0.60.3
1298
1299### Changes since 0.60.2
1300
1301- When scanning its configuration for secrets and endpoints that must be watched, 0.60.2 could fail with certain configurations if TLS termination but not origination was active. Those failures are fixed now.
1302
1303## [0.60.2] April 29, 2019
1304[0.60.2]: https://github.com/datawire/ambassador/compare/0.60.1...0.60.2
1305
1306### Changes since 0.60.1
1307
1308- Ambassador is now much more careful about which endpoints and secrets it pays attention to. ([#1465] again -- thanks to [@flands](https://github.com/flands) and @seandon for the help here!)
1309
1310[#1465]: https://github.com/datawire/ambassador/issues/1465
1311
1312## [0.60.1] April 25, 2019
1313[0.60.1]: https://github.com/datawire/ambassador/compare/0.60.0...0.60.1
1314
1315### Changes since 0.60.0
1316
1317- Speed up initial parsing of WATT snapshots considerably ([#1465])
1318- Don't look at secrets in the kube-system namespace, or for service-account tokens.
1319- Make sure that secrets we do look at are correctly associated with their namespaces ([#1467] -- thanks to @flands and @derrickburns for their contributions here!)
1320- Allow tuning the number of input snapshots retained for debugging
1321- Include the grab-snapshots.py script to help with debuggability
1322
1323[#1465]: https://github.com/datawire/ambassador/issues/1465
1324[#1467]: https://github.com/datawire/ambassador/issues/1467
1325
1326## [0.60.0] April 23, 2019
1327[0.60.0]: https://github.com/datawire/ambassador/compare/0.53.1...0.60.0
1328
1329### Changes since 0.53.1
1330
1331- BREAKING CHANGE: Ambassador listens on 8080 and 8443 by default so it does not need to run as root
1332- Ambassador natively supports using Consul for service discovery
1333- `AMBASSADOR_ENABLE_ENDPOINTS` is no longer needed; configure using the `Resolver` resource instead
1334- Support for the Maglev load balancing algorithm
1335- Support `connect_timeout_ms`. Thanks to Pétur Erlingsson.
1336- Support for `idle_timeout_ms` Thanks to Aaron Triplett.
1337- Ambassador will properly reload renewed Let's Encrypt certificates (#1416). Thanks to Matthew Ceroni.
1338- Ambassador will now properly redirect from HTTP to HTTPS based on `x-forwarded-proto` (#1233).
1339- The `case_sensitive` field now works when `host_redirect` is set to true (#699). Thanks to Peter Choi and Christopher Coté.
1340
1341## [0.53.1] April 05, 2019
1342[0.53.1]: https://github.com/datawire/ambassador/compare/0.52.1...0.53.1
1343
1344(0.53.0 was immediately supplanted by 0.53.1.)
1345
1346## SECURITY FIXES
1347
1348Ambassador 0.53.1 addresses two security issues in Envoy Proxy, CVE-2019-9900 and CVE-2019-9901:
1349
1350- CVE-2019-9900 (Score 8.3/High). When parsing HTTP/1.x header values, Envoy 1.9 and before does not reject embedded zero characters (NUL, ASCII 0x0).
1351
1352- CVE-2019-9901 (Score 8.3/High). Envoy does not normalize HTTP URL paths in Envoy 1.9 and before.
1353
1354Since these issues can potentially allow a remote attacker to use maliciously-crafted URLs to bypass
1355authentication, anyone running an Ambassador prior to 0.53.1 should upgrade.
1356
1357### UPCOMING CHANGES
1358
1359Ambassador 0.60 will listen on ports 8080/8443 by default. The diagnostics service in Ambassador 0.52.0
1360will try to warn you if your configuration will be affected by this change.
1361
1362## Other changes since 0.52.1
1363
1364- `AuthService` version `ambassador/v1` can now explicitly configure how much body data is sent
1365 to the external authentication service.
1366
1367## [0.52.1] March 26, 2019
1368[0.52.1]: https://github.com/datawire/ambassador/compare/0.52.0...0.52.1
1369
1370### Changes since 0.52.0
1371
1372- You can specify the `AMBASSADOR_NO_SECRETS` environment variable to prevent Ambassador from
1373 watching Kubernetes secrets at all (thanks [@esmet](https://github.com/esmet)!) ([#1293])
1374- The services used when you do `docker run ambassador --demo` have been moved into the Docker image,
1375 to remove external dependencies from the Ambassador quickstart.
1376
1377[#1293]: https://github.com/datawire/ambassador/issues/1293
1378
1379## [0.52.0] March 21, 2019
1380[0.52.0]: https://github.com/datawire/ambassador/compare/0.51.2...0.52.0
1381
1382### Changes since 0.51.2
1383
1384- Initial support for endpoint routing, rather than relying on `kube-proxy` ([#1031])
1385 - set `AMBASSADOR_ENABLE_ENDPOINTS` in the environment to allow this
1386- Initial support for Envoy ring hashing and session affinity (requires endpoint routing!)
1387- Support Lua filters (thanks to [@lolletsoc](https://github.com/lolletsoc)!)
1388- Support gRPC-Web (thanks to [@gertvdijk](https://github.com/gertvdijk)!) ([#456])
1389- Support for gRPC HTTP 1.1 bridge (thanks to [@rotemtam](https://github.com/rotemtam)!)
1390- Allow configuring `num-trusted-hosts` for `X-Forwarded-For`
1391- External auth services using gRPC can now correctly add new headers ([#1313])
1392- External auth services correctly add trace spans
1393- Ambassador should respond to changes more quickly now ([#1294], [#1318])
1394- Ambassador startup should be faster now
1395
1396[#456]: https://github.com/datawire/ambassador/issues/456
1397[#1031]: https://github.com/datawire/ambassador/issues/1031
1398[#1294]: https://github.com/datawire/ambassador/issues/1294
1399[#1313]: https://github.com/datawire/ambassador/issues/1313
1400[#1318]: https://github.com/datawire/ambassador/issues/1318
1401
1402## [0.51.2] March 12, 2019
1403[0.51.2]: https://github.com/datawire/ambassador/compare/0.51.1...0.51.2
1404
1405### Changes since 0.51.1
1406
1407- Cookies are now correctly handled when using external auth services... really. ([#1211])
1408
1409[#1211]: https://github.com/datawire/ambassador/issues/1211
1410
1411## [0.51.1] March 11, 2019
1412[0.51.1]: https://github.com/datawire/ambassador/compare/0.51.0...0.51.1
1413
1414### Changes since 0.51.0
1415
1416- Ambassador correctly handles services in namespaces other than the one Ambassador is running in.
1417
1418## [0.51.0] March 08, 2019
1419[0.51.0]: https://github.com/datawire/ambassador/compare/0.50.3...0.51.0
1420
1421**0.51.0 is not recommended: upgrade to 0.51.1.**
1422
1423### Changes since 0.50.3
1424
1425- Ambassador can now route any TCP connection, using the new `TCPMapping` resource. ([#420])
1426- Cookies are now correctly handled when using external auth services ([#1211])
1427- Lots of work in docs and testing under the hood
1428
1429[#420]: https://github.com/datawire/ambassador/issues/420
1430[#1211]: https://github.com/datawire/ambassador/issues/1211
1431
1432### Limitations in 0.51.0
1433
1434At present, you cannot mix HTTP and HTTPS upstream `service`s in any Ambassador resource. This restriction will be lifted in a future Ambassador release.
1435
1436## [0.50.3] February 21, 2019
1437[0.50.3]: https://github.com/datawire/ambassador/compare/0.50.2...0.50.3
1438
1439### Fixes since 0.50.2
1440
1441- Ambassador saves configuration snapshots as it manages configuration changes. 0.50.3 keeps only 5 snapshots,
1442 to bound its disk usage. The most recent snapshot has no suffix; the `-1` suffix is the next most recent, and
1443 the `-4` suffix is the oldest.
1444- Ambassador will not check for available updates more often than once every four hours.
1445
1446### Limitations in 0.50.3
1447
1448At present, you cannot mix HTTP and HTTPS upstream `service`s in any Ambassador resource. This restriction will be lifted in a future Ambassador release.
1449
1450## [0.50.2] February 15, 2019
1451[0.50.2]: https://github.com/datawire/ambassador/compare/0.50.1...0.50.2
1452
1453### Important fixes since 0.50.1
1454
1455- Ambassador no longer requires annotations in order to start -- with no configuration, it will launch with only the diagnostics service available. ([#1203])
1456- If external auth changes headers, routing will happen based on the changed values. ([#1226])
1457
1458### Other changes since 0.50.1
1459
1460- Ambassador will no longer log errors about Envoy statistics being unavaible before startup is complete ([#1216])
1461- The `tls` attribute is again available to control the client certificate offered by an `AuthService` ([#1202])
1462
1463### Limitations in 0.50.2
1464
1465At present, you cannot mix HTTP and HTTPS upstream `service`s in any Ambassador resource. This restriction will be lifted in a future Ambassador release.
1466
1467[#1202]: https://github.com/datawire/ambassador/issues/1202
1468[#1203]: https://github.com/datawire/ambassador/issues/1203
1469[#1216]: https://github.com/datawire/ambassador/issues/1216
1470[#1226]: https://github.com/datawire/ambassador/issues/1226
1471
1472## [0.50.1] February 07, 2019
1473[0.50.1]: https://github.com/datawire/ambassador/compare/0.50.0...0.50.1
1474
1475**0.50.1 is not recommended: upgrade to 0.52.0.**
1476
1477### Changes since 0.50.0
1478
1479- Ambassador defaults to only doing IPv4 DNS lookups. IPv6 can be enabled in the Ambassador module or in a Mapping. ([#944])
1480- An invalid Envoy configuration should not cause Ambassador to hang.
1481- Testing using `docker run` and `docker compose` is supported again. ([#1160])
1482- Configuration from the filesystem is supported again, but see the "Running Ambassador" documentation for more.
1483- Datawire's default Ambassador YAML no longer asks for any permissions for `ConfigMap`s.
1484
1485[#944]: https://github.com/datawire/ambassador/issues/944
1486[#1160]: https://github.com/datawire/ambassador/issues/1160
1487
1488## [0.50.0] January 29, 2019
1489[0.50.0]: https://github.com/datawire/ambassador/compare/0.50.0-rc6...0.50.0
1490
1491**Ambassador 0.50.0 is a major rearchitecture of Ambassador onto Envoy V2 using the ADS. See the "BREAKING NEWS"
1492section above for more information.**
1493
1494(Note that Ambassador 0.50.0-rc7 and -rc8 were internal releases.)
1495
1496### Changes since 0.50.0-rc6
1497
1498- `AMBASSADOR_SINGLE_NAMESPACE` is finally correctly supported and properly tested ([#1098])
1499- Ambassador won't throw an exception for name collisions between resources ([#1155])
1500- A TLS `Module` can now coexist with SNI (the TLS `Module` effectively defines a fallback cert) ([#1156])
1501- `ambassador dump --diag` no longer requires you to explicitly state `--v1` or `--v2`
1502
1503### Limitations in 0.50.0 GA
1504
1505- Configuration from the filesystem is not supported in 0.50.0. It will be resupported in 0.50.1.
1506- A `TLSContext` referencing a `secret` in another namespace will not function when `AMBASSADOR_SINGLE_NAMESPACE` is set.
1507
1508[#1098]: https://github.com/datawire/ambassador/issues/1098
1509[#1155]: https://github.com/datawire/ambassador/issues/1155
1510[#1156]: https://github.com/datawire/ambassador/issues/1156
1511
1512## [0.50.0-rc6] January 28, 2019
1513[0.50.0-rc6]: https://github.com/datawire/ambassador/compare/0.50.0-rc5...0.50.0-rc6
1514
1515**Ambassador 0.50.0-rc6 is a release candidate**.
1516
1517### Changes since 0.50.0-rc5
1518
1519- Ambassador watches certificates and automatically updates TLS on certificate changes ([#474])
1520- Ambassador no longer saves secrets it hasn't been told to use to disk ([#1093])
1521- Ambassador correctly honors `AMBASSADOR_SINGLE_NAMESPACE` rather than trying to access all namespaces ([#1098])
1522- Ambassador correctly honors the `AMBASSADOR_CONFIG_BASE_DIR` setting again ([#1118])
1523- Configuration changes take effect much more quickly than in RC5 ([#1148])
1524- `redirect_cleartext_from` works with no configured secret, to support TLS termination at a downstream load balancer ([#1104])
1525- `redirect_cleartext_from` works with the `PROXY` protocol ([#1115])
1526- Multiple `AuthService` resources (for canary deployments) work again ([#1106])
1527- `AuthService` with `allow_request_body` works correctly with an empty body and no `Content-Length` header ([#1140])
1528- `Mapping` supports the `bypass_auth` attribute to bypass authentication (thanks, @patricksanders! [#174])
1529- The diagnostic service no longer needs to re-parse the configuration on every page load ([#483])
1530- Startup is now faster and more stable
1531- The Makefile should do the right thing if your PATH has spaces in it (thanks, @er1c!)
1532- Lots of Helm chart, statsd, and doc improvements (thanks, @Flydiverny, @alexgervais, @bartlett, @victortv7, and @zencircle!)
1533
1534[#174]: https://github.com/datawire/ambassador/issues/174
1535[#474]: https://github.com/datawire/ambassador/issues/474
1536[#483]: https://github.com/datawire/ambassador/issues/483
1537[#1093]: https://github.com/datawire/ambassador/issues/1093
1538[#1098]: https://github.com/datawire/ambassador/issues/1098
1539[#1104]: https://github.com/datawire/ambassador/issues/1104
1540[#1106]: https://github.com/datawire/ambassador/issues/1106
1541[#1115]: https://github.com/datawire/ambassador/issues/1115
1542[#1118]: https://github.com/datawire/ambassador/issues/1118
1543[#1140]: https://github.com/datawire/ambassador/issues/1140
1544[#1148]: https://github.com/datawire/ambassador/issues/1148
1545
1546## [0.50.0-rc5] January 14, 2019
1547[0.50.0-rc5]: https://github.com/datawire/ambassador/compare/0.50.0-rc4...0.50.0-rc5
1548
1549**Ambassador 0.50.0-rc5 is a release candidate**.
1550
1551### Changes since 0.50.0-rc4
1552
1553- Websocket connections will now be authenticated if an AuthService is configured [#1026]
1554- Client certificate authentication should function whether configured from a TLSContext resource or from the the old-style TLS module (this is the full fix for [#993])
1555- Ambassador can now switch listening ports without a restart (e.g. switching from cleartext to TLS) [#1100]
1556- TLS origination certificates (including Istio mTLS) should now function [#1071]
1557- The diagnostics service should function in all cases. [#1096]
1558- The Ambassador image is significantly (~500MB) smaller than RC4.
1559
1560[#933]: https://github.com/datawire/ambassador/issues/993
1561[#1026]: https://github.com/datawire/ambassador/issues/1026
1562[#1071]: https://github.com/datawire/ambassador/issues/1071
1563[#1096]: https://github.com/datawire/ambassador/issues/1096
1564[#1100]: https://github.com/datawire/ambassador/issues/1100
1565
1566## [0.50.0-rc4] January 09, 2019
1567[0.50.0-rc4]: https://github.com/datawire/ambassador/compare/0.50.0-rc3...0.50.0-rc4
1568
1569**Ambassador 0.50.0-rc4 is a release candidate**, and fully supports running under Microsoft Azure.
1570
1571### Changes since 0.50.0-rc3
1572
1573- Ambassador fully supports running under Azure [#1039]
1574- The `proto` attribute of a v1 `AuthService` is now optional, and defaults to `http`
1575- Ambassador will warn about the use of v0 configuration resources.
1576
1577[#1039]: https://github.com/datawire/ambassador/issues/1039
1578
1579## [0.50.0-rc3] January 03, 2019
1580[0.50.0-rc3]: https://github.com/datawire/ambassador/compare/0.50.0-rc2...0.50.0-rc3
1581
1582**Ambassador 0.50.0-rc3 is a release candidate**, but see below for an important warning about Azure.
1583
1584### Microsoft Azure
1585
1586There is a known issue with recently-created Microsoft Azure clusters where Ambassador will stop receiving service
1587updates after running for a short time. This will be fixed in 0.50.0-GA.
1588
1589### Changes since 0.50.0-rc2
1590
1591- The `Location` and `Set-Cookie` headers should always be allowed from the auth service when using an `ambassador/v0` config [#1054]
1592- `add_response_headers` (parallel to `add_request_headers`) is now supported (thanks, @n1koo!)
1593- `host_redirect` and `shadow` both now work correctly [#1057], [#1069]
1594- Kat is able to give better information when it cannot parse a YAML specification.
1595
1596[#1054]: https://github.com/datawire/ambassador/issues/1054
1597[#1057]: https://github.com/datawire/ambassador/issues/1057
1598[#1069]: https://github.com/datawire/ambassador/issues/1069
1599
1600## [0.50.0-rc2] December 24, 2018
1601[0.50.0-rc2]: https://github.com/datawire/ambassador/compare/0.50.0-rc1...0.50.0-rc2
1602
1603**Ambassador 0.50.0-rc2 fixes some significant TLS bugs found in RC1.**
1604
1605### Changes since 0.50.0-rc1:
1606
1607- TLS client certificate verification should function correctly (including requiring client certs).
1608- TLS context handling (especially with multiple contexts and origination contexts) has been made more consistent and correct.
1609 - Ambassador is now much more careful about reporting errors in TLS configuration (especially around missing keys).
1610 - You can reference a secret in another namespace with `secret: $secret_name.$namespace`.
1611 - Ambassador will now save certificates loaded from Kubernetes to `$AMBASSADOR_CONFIG_BASE_DIR/$namespace/secrets/$secret_name`.
1612- `use_proxy_proto` should be correctly supported [#1050].
1613- `AuthService` v1 will default its `proto` to `http` (thanks @flands!)
1614- The JSON diagnostics service supports filtering: requesting `/ambassador/v0/diag/?json=true&filter=errors`, for example, will return only the errors element from the diagnostic output.
1615
1616[#1050]: https://github.com/datawire/ambassador/issues/1050
1617
1618## [0.50.0-rc1] December 19, 2018
1619[0.50.0-rc1]: https://github.com/datawire/ambassador/compare/0.50.0-ea7...0.50.0-rc1
1620
1621**Ambassador 0.50.0-rc1 is a release candidate.**
1622
1623### Changes since 0.50.0-ea7:
1624
1625- Websockets should work happily with external authentication [#1026]
1626- A `TracingService` using a long cluster name works now [#1025]
1627- TLS origination certificates are no longer offered to clients when Ambassador does TLS termination [#983]
1628- Ambassador will listen on port 443 only if TLS termination contexts are present; a TLS origination context will not cause the switch
1629- The diagnostics service is working, and correctly reporting errors, again. [#1019]
1630- `timeout_ms` in a `Mapping` works correctly again [#990]
1631- Ambassador sends additional anonymized usage data to help Datawire prioritize bug fixes, etc.
1632 See `docs/ambassador/running.md` for more information, including how to disable this function.
1633
1634[#983]: https://github.com/datawire/ambassador/issues/983
1635[#990]: https://github.com/datawire/ambassador/issues/990
1636[#1019]: https://github.com/datawire/ambassador/issues/1019
1637[#1025]: https://github.com/datawire/ambassador/issues/1025
1638[#1026]: https://github.com/datawire/ambassador/issues/1026
1639
1640## [0.50.0-ea7] November 19, 2018
1641[0.50.0-ea7]: https://github.com/datawire/ambassador/compare/0.50.0-ea6...0.50.0-ea7
1642
1643**Ambassador 0.50.0-ea7 is an EARLY ACCESS release! IT IS NOT SUPPORTED FOR PRODUCTION USE.**
1644
1645### Upcoming major changes:
1646
1647- **API version `ambassador/v0` will be officially deprecated in Ambassador 0.50.0.**
1648 API version `ambassador/v1` will the minimum recommended version for resources in Ambassador 0.50.0.
1649
1650- Some resources will change between `ambassador/v0` and `ambassador/v1`.
1651 - For example, the `Mapping` resource will no longer support `rate_limits` as that functionality will
1652 be subsumed by `labels`.
1653
1654### Changes since 0.50.0-ea6:
1655
1656- Ambassador now supports `labels` for all `Mapping`s.
1657- Configuration of rate limits for a `Mapping` is now handled by providing `labels` in the domain configured
1658 for the `RateLimitService` (by default, this is "ambassador").
1659- Ambassador, once again, supports `statsd` for statistics gathering.
1660- The Envoy `buffer` filter is supported.
1661- Ambassador can now use GRPC to call the external authentication service, and also include the message body
1662 in the auth call.
1663- It's now possible to use environment variables to modify the configuration directory (thanks @n1koo!).
1664- Setting environment variable `AMBASSADOR_KUBEWATCH_NO_RETRY` will cause the Ambassador pod to exit, and be
1665 rescheduled, if it loses its connection to the Kubernetes API server.
1666- Many dependencies have been updated, most notably including switching to kube-client 8.0.0.
1667
1668## [0.50.0-ea6] November 19, 2018
1669[0.50.0-ea6]: https://github.com/datawire/ambassador/compare/0.50.0-ea5...0.50.0-ea6
1670
1671**Ambassador 0.50.0-ea6 is an EARLY ACCESS release! IT IS NOT SUPPORTED FOR PRODUCTION USE.**
1672
1673### Changes since 0.50.0-ea5:
1674
1675- `alpn_protocols` is now supported in the `TLS` module and `TLSContext`s
1676- Using `TLSContext`s to provide TLS termination contexts will correctly switch Ambassador to listening on port 443.
1677- `redirect_cleartext_from` is now supported with SNI
1678- Zipkin `TracingService` configuration now supports 128-bit trace IDs and shared span contexts (thanks, @alexgervais!)
1679- Zipkin should correctly trace calls to external auth services (thanks, @alexgervais!)
1680- `AuthService` configurations now allow separately configuring headers allowed from the client to the auth service, and from the auth service upstream
1681- Ambassador won't endlessly append `:annotation` to K8s resources
1682- The Ambassador CLI no longer requires certificate files to be present when dumping configurations
1683- `make mypy` will run full type checks on Ambassador to help developers
1684
1685## [0.50.0-ea5] November 06, 2018
1686[0.50.0-ea5]: https://github.com/datawire/ambassador/compare/0.50.0-ea4...0.50.0-ea5
1687
1688**Ambassador 0.50.0-ea5 is an EARLY ACCESS release! IT IS NOT SUPPORTED FOR PRODUCTION USE.**
1689
1690### Changes since 0.50.0-ea4:
1691
1692- **`use_remote_address` is now set to `true` by default.** If you need the old behavior, you will need to manually set `use_remote_address` to `false` in the `ambassador` `Module`.
1693- Ambassador 0.50.0-ea5 **supports SNI!** See the docs for more here.
1694- Header matching is now supported again, including `host` and `method` headers.
1695
1696## [0.50.0-ea4] October 31, 2018
1697[0.50.0-ea4]: https://github.com/datawire/ambassador/compare/0.50.0-ea3...0.50.0-ea4
1698
1699**Ambassador 0.50.0-ea4 is an EARLY ACCESS release! IT IS NOT SUPPORTED FOR PRODUCTION USE.**
1700
1701### Changes since 0.50.0-ea3:
1702
1703- Ambassador 0.50.0-ea4 uses Envoy 1.8.0.
1704- `RateLimitService` is now supported. **You will need to restart Ambassador if you change the `RateLimitService` configuration.** We expect to lift this restriction in a later release; for now, the diag service will warn you when a restart is required.
1705 - The `RateLimitService` also has a new `timeout_ms` attribute, which allows overriding the default request timeout of 20ms.
1706- GRPC is provisionally supported, but still needs improvements in test coverage.
1707- Ambassador will correctly include its EA number when checking for updates.
1708
1709## [0.50.0-ea3] October 21, 2018
1710[0.50.0-ea3]: https://github.com/datawire/ambassador/compare/0.50.0-ea2...0.50.0-ea3
1711
1712**Ambassador 0.50.0-ea3 is an EARLY ACCESS release! IT IS NOT SUPPORTED FOR PRODUCTION USE.**
1713
1714### Changes since 0.50.0-ea2:
1715
1716- `TracingService` is now supported. **You will need to restart Ambassador if you change the `TracingService` configuration.** We expect to lift this restriction in a later release; for now, the diag service will warn you when a restart is required.
1717- Websockets are now supported, **including** mapping the same websocket prefix to multiple upstream services for canary releases or load balancing.
1718- KAT supports full debug logs by individual `Test` or `Query`.
1719
1720**Ambassador 0.50.0 is not yet feature-complete. Read the Limitations and Breaking Changes sections in the 0.50.0-ea1 section below for more information.**
1721
1722## [0.50.0-ea2] October 16, 2018
1723[0.50.0-ea2]: https://github.com/datawire/ambassador/compare/0.50.0-ea1...0.50.0-ea2
1724
1725**Ambassador 0.50.0-ea2 is an EARLY ACCESS release! IT IS NOT SUPPORTED FOR PRODUCTION USE.**
1726
1727### Changes since 0.50.0-ea1:
1728
1729- Attempting to enable TLS termination without supplying a valid cert secret will result in HTTP on port 80, rather than HTTP on port 443. **No error will be displayed in the diagnostic service yet.** This is a bug and will be fixed in `-ea3`.
1730- CORS is now supported.
1731- Logs are no longer full of accesses from the diagnostic service.
1732- KAT supports isolating OptionTests.
1733- The diagnostics service now shows the V2 config actually in use, not V1.
1734- `make` will no longer rebuild the Python venv so aggressively.
1735
1736**Ambassador 0.50.0 is not yet feature-complete. Read the Limitations and Breaking Changes sections in the 0.50.0-ea1 section below for more information.**
1737
1738## [0.50.0-ea1] October 11, 2018
1739[0.50.0-ea1]: https://github.com/datawire/ambassador/compare/0.40.0...0.50.0-ea1
1740
1741**Ambassador 0.50.0-ea1 is an EARLY ACCESS release! IT IS NOT SUPPORTED FOR PRODUCTION USE.**
1742
1743### Ambassador 0.50.0 is not yet feature-complete. Limitations:
1744
1745- `RateLimitService` and `TracingService` resources are not currently supported.
1746- WebSockets are not currently supported.
1747- CORS is not currently supported.
1748- GRPC is not currently supported.
1749- TLS termination is not
1750- `statsd` integration has not been tested.
1751- The logs are very cluttered.
1752- Configuration directly from the filesystem isn’t supported.
1753- The diagnostics service cannot correctly drill down by source file, though it can drill down by route or other resources.
1754- Helm installation has not been tested.
1755- `AuthService` does not currently have full support for configuring headers to be sent to the extauth service. At present it sends all the headers listed in `allowed_headers` plus:
1756 - `Authorization`
1757 - `Cookie`
1758 - `Forwarded`
1759 - `From`
1760 - `Host`
1761 - `Proxy-Authenticate`
1762 - `Proxy-Authorization`
1763 - `Set-Cookie`
1764 - `User-Agent`
1765 - `X-Forwarded-For`
1766 - `X-Forwarded-Host`
1767 - `X-Forwarded`
1768 - `X-Gateway-Proto`
1769 - `WWW-Authenticate`
1770
1771### **BREAKING CHANGES** from 0.40.0
1772
1773- Configuration from a `ConfigMap` is no longer supported.
1774- The authentication `Module` is no longer supported; use `AuthService` instead (which you probably already were).
1775- External authentication now uses the core Envoy `envoy.ext_authz` filter, rather than the custom Datawire auth filter.
1776 - `ext_authz` speaks the same protocol, and your existing external auth services should work, however:
1777 - `ext_authz` does _not_ send all the request headers to the external auth service (see above in `Limitations`).
1778- Circuit breakers and outlier detection are not supported. They will be reintroduced in a later Ambassador release.
1779- Ambassador now _requires_ a TLS `Module` to enable TLS termination, where previous versions would automatically enable termation if the `ambassador-certs` secret was present. A minimal `Module` for the same behavior is:
1780
1781 ---
1782 kind: Module
1783 name: tls
1784 config:
1785 server:
1786 secret: ambassador-certs
1787
1788## [0.40.2] November 26, 2018
1789[0.40.2]: https://github.com/datawire/ambassador/compare/0.40.1...0.40.2
1790
1791### Minor changes:
1792- Feature: Support using environment variables to modify the configuration directory (thanks @n1koo!)
1793- Feature: In Helmfile, support `volumeMounts` (thanks @kyschouv!)
1794- Bugfix: In Helmfile, correctly quote `.Values.namespace.single` (thanks @bobby!)
1795- Bugfix: In Helmfile, correctly support `Nodeport` in HTTP and HTTPS (thanks @n1koo!)
1796
1797## [0.40.1] October 29, 2018
1798[0.40.1]: https://github.com/datawire/ambassador/compare/0.40.0...0.40.1
1799
1800### Minor changes:
1801- Feature: Support running Ambassador as a `Daemonset` via Helm (thanks @DipeshMitthalal!)
1802- Feature: Switch to Envoy commit 5f795fe2 to fix a crash if attempting to add headers after using an AuthService (#647, #680)
1803
1804## [0.40.0] September 25, 2018
1805[0.40.0]: https://github.com/datawire/ambassador/compare/0.39.0...0.40.0
1806
1807### Minor changes:
1808
1809- Feature: Allow users to override the `STATSD_HOST` value (#810). Thanks to @rsyvarth.
1810- Feature: Support LightStep distributed tracing (#796). Thanks to @alexgervais.
1811- Feature: Add service label in Helm chart (#778). Thanks to @sarce.
1812- Feature: Add support for load balancer IP in Helm chart (#765). Thanks to @larsha.
1813- Feature: Support prometheus mapping configurations (#746). Thanks to @bcatcho.
1814- Feature: Add support for `loadBalancerSourceRanges` to Helm chart (#764). Thanks to @mtbdeano.
1815- Feature: Support for namespaces and Ambassador ID in Helm chart (#588, #643). Thanks to @MichielDeMey and @jstol.
1816- Bugfix: Add AMBASSADOR_VERIFY_SSL_FALSE flag (#782, #807). Thanks to @sonrier.
1817- Bugfix: Fix Ambassador single namespace in Helm chart (#827). Thanks to @sarce.
1818- Bugfix: Fix Helm templates and default values (#826).
1819- Bugfix: Add `stats-sink` back to Helm chart (#763).
1820- Bugfix: Allow setting `timeout_ms` to 0 for gRPC streaming services (#545). Thanks to @lovers36.
1821- Bugfix: Update Flask to 0.12.3.
1822
1823## [0.39.0] August 30, 2018
1824[0.39.0]: https://github.com/datawire/ambassador/compare/0.38.0...0.39.0
1825
1826### Major Changes:
1827
1828- Bugfix: The statsd container has been removed by default in order to avoid DoSing Kubernetes DNS. The functionality can be re-enabled by setting the `STATSD_ENABLED` environment variable to `true` in the Ambassador deployment YAML (#568).
1829- Docs: Added detailed Ambassador + Istio Integration Documentation on monitoring and distributed tracing. - @feitnomore
1830
1831### Minor Changes:
1832
1833- Docs: Added instructions for running Ambassador with Docker Compose. - @bcatcho
1834- Bugfix: Fix Ambassador to more aggressively reconnect to Kubernetes (#554). - @nmatsui
1835- Feature: Diagnostic view displays AuthService, RateLimitService, and TracingService (#730). - @alexgervais
1836- Feature: Enable Ambassador to tag tracing spans with request headers via `tag_headers`. - @alexgervais
1837
1838## [0.38.0] August 08, 2018
1839[0.38.0]: https://github.com/datawire/ambassador/compare/0.37.0...0.38.0
1840
1841### Major changes:
1842- Feature: Default CORS configuration can now be set - @KowalczykBartek
1843- Bugfix: Ambassador does not crash with empty YAML config anymore - @rohan47
1844
1845### Minor changes:
1846- DevEx: `master` is now latest, `stable` tracks the latest released version
1847- DevEx: release-prep target added to Makefile to facilitate releasing process
1848- DevEx: all tests now run in parallel, consuming lesser time
1849- Bugfix: Ambassador SIGCHLD messages are less scary looking now
1850
1851## [0.37.0] July 31, 2018:
1852[0.37.0]: https://github.com/datawire/ambassador/compare/0.36.0...0.37.0
1853
1854### Major changes:
1855- Feature: Added support for request tracing (by Alex Gervais)
1856
1857## [0.36.0] July 26, 2018:
1858[0.36.0]: https://github.com/datawire/ambassador/compare/0.35.3...0.36.0
1859
1860### Major changes:
1861- Fix: HEAD requests no longer cause segfaults
1862- Feature: TLS can now be configured with arbitrary secret names, instead of predefined secrets
1863- Change: The Envoy dynamic header value `%CLIENT_IP%` is no longer supported. Use `%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%` instead. (This is due to a change in Envoy 1.7.0.)
1864
1865## [0.35.3] July 18, 2018: **READ THE WARNING ABOVE**
1866[0.35.3]: https://github.com/datawire/ambassador/compare/0.35.2...0.35.3
1867
1868### Changed
1869
1870Major changes:
1871- Ambassador is now based on Envoy v1.7.0
1872- Support for X-FORWARDED-PROTO based redirection, generally used with Layer 7 load balancers
1873- Support for port based redirection using `redirect_cleartext_from`, generally used with Layer 4 load balancers
1874- Specifying HTTP and HTTPS target ports in Helm chart
1875
1876Other changes:
1877- End-to-end tests can now be run with `make e2e` command
1878- Helm release automation has been fixed
1879- Mutliple end-to-end tests are now executed in parallel, taking lesser time
1880- Huge revamp to documentation around unit tests
1881- Documentation changes
1882
1883## [0.35.2] July 05, 2018: **READ THE WARNING ABOVE**
1884[0.35.2]: https://github.com/datawire/ambassador/compare/0.35.1...0.35.2
1885
1886### Changed
1887
1888- 0.35.2 is almost entirely about updates to Datawire testing infrastructure.
1889- The only user-visible change is that Ambassador will do a better job of showing which Kubernetes objects define Ambassador configuration objects when using `AMBASSADOR_ID` to run multiple Ambassadors in the same cluster.
1890
1891## [0.35.1] June 25, 2018: **READ THE WARNING ABOVE**
1892[0.35.1]: https://github.com/datawire/ambassador/compare/0.35.0...0.35.1
1893
1894### Changed
1895
1896- Properly support supplying additional TLS configuration (such as `redirect_cleartext_from`) when using certificates from a Kubernetes `Secret`
1897- Update Helm chart to allow customizing annotations on the deployed `ambassador` Kubernetes `Service` (thanks @psychopenguin!)
1898
1899## [0.35.0] June 25, 2018: **READ THE WARNING ABOVE**
1900[0.35.0]: https://github.com/datawire/ambassador/compare/0.34.3...0.35.0
1901
1902### Changed
1903
1904- 0.35.0 re-supports websockets, but see the **BREAKING NEWS** for an important caveat.
1905- 0.35.0 supports running as non-root. See the **BREAKING NEWS** above for more information.
1906- Make sure regex matches properly handle backslashes, and properly display in the diagnostics service (thanks @alexgervais!).
1907- Prevent kubewatch from falling into an endless spinloop (thanks @mechpen!).
1908- Support YAML array syntax for CORS array elements.
1909
1910## [0.34.3] June 13, 2018: **READ THE WARNING ABOVE**
1911[0.34.3]: https://github.com/datawire/ambassador/compare/0.34.2...0.34.3
1912
1913### Changed
1914
1915- **0.34.3 cannot support websockets**: see the **WARNING** above.
1916- Fix a possible crash if no annotations are found at all (#519).
1917- Improve logging around service watching and such.
1918
1919## [0.34.2] June 11, 2018: **READ THE WARNING ABOVE**
1920[0.34.2]: https://github.com/datawire/ambassador/compare/0.34.1...0.34.2
1921
1922### Changed
1923
1924- **0.34.2 cannot support websockets**: see the **WARNING** above.
1925- Ambassador is now based on Envoy 1.6.0!
1926- Ambassador external auth services can now modify existing headers in place, as well as adding new headers.
1927- Re-support the `ambassador-cacert` secret for configuring TLS client-certificate authentication. **Note well** that a couple of things have changed in setting this up: you'll use the key `tls.crt`, not `fullchain.pem`. See https://www.getambassador.io/reference/auth-tls-certs for more.
1928
1929## [0.34.1] June 04, 2018
1930[0.34.1]: https://github.com/datawire/ambassador/compare/0.34.0...0.34.1
1931
1932### Bugfixes
1933
1934- Unbuffer log output for better diagnostics.
1935- Switch to gunicorn instead of Werkzeug for the diag service.
1936- Use the YAML we release as the basis for end-to-end testing.
1937
1938## [0.34.0] May 16, 2018
1939[0.34.0]: https://github.com/datawire/ambassador/compare/0.33.1...0.34.0
1940
1941### Changed
1942
1943- When originating TLS, use the `host_rewrite` value to set outgoing SNI. If no `host_rewrite` is set, do not use SNI.
1944- Allow disabling external access to the diagnostics service (with thanks to @alexgervais and @dougwilson).
1945
1946## [0.33.1] May 16, 2018
1947[0.33.1]: https://github.com/datawire/ambassador/compare/0.33.0...0.33.1
1948
1949### Changed
1950
1951- Fix YAML error on statsd pod.
1952
1953## [0.33.0] May 14, 2018
1954[0.33.0]: https://github.com/datawire/ambassador/compare/v0.32.2...0.33.0
1955
1956### Changed
1957
1958- Fix support for `host_redirect` in a `Mapping`. **See the `Mapping` documentation** for more details: the definition of the `host_redirect` attribute has changed.
1959
1960## [0.32.2] May 02, 2018
1961[0.32.2]: https://github.com/datawire/ambassador/compare/v0.32.0...v0.32.2
1962
1963(Note that 0.32.1 was an internal release.)
1964
1965### Changed
1966
1967- Fix a bad bootstrap CSS inclusion that would cause the diagnostic service to render incorrectly.
1968
1969## [0.32.0] April 27, 2018
1970[0.32.0]: https://github.com/datawire/ambassador/compare/v0.31.0...v0.32.0
1971
1972### Changed
1973
1974- Traffic shadowing is supported using the `shadow` attribute in a `Mapping`
1975- Multiple Ambassadors can now run more happily in a single cluster
1976- The diagnostic service will now show you what `AuthService` configuration is active
1977- The `tls` keyword now works for `AuthService` just like it does for `Mapping` (thanks @dvavili!)
1978
1979## [0.31.0] April 12, 2018
1980[0.31.0]: https://github.com/datawire/ambassador/compare/v0.30.2...v0.31.0
1981
1982### Changed
1983
1984- Rate limiting is now supported (thanks, @alexgervais!) See the docs for more detail here.
1985- The `statsd` container has been quieted down yet more (thanks again, @alexgervais!).
1986
1987## [0.30.2] March 26, 2018
1988[0.30.2]: https://github.com/datawire/ambassador/compare/v0.30.1...v0.30.2
1989
1990### Changed
1991
1992- drop the JavaScript `statsd` for a simple `socat`-based forwarder
1993- ship an Ambassador Helm chart (thanks @stefanprodan!)
1994 - Interested in testing Helm? See below!
1995- disable Istio automatic sidecar injection (thanks @majelbstoat!)
1996- clean up some doc issues (thanks @lavoiedn and @endrec!)
1997
1998To test Helm, make sure you have `helm` installed and that you have `tiller` properly set up for your RBAC configuration. Then:
1999
2000```
2001helm repo add datawire https://www.getambassador.io
2002
2003helm upgrade --install --wait my-release datawire/ambassador
2004```
2005
2006You can also use `adminService.type=LoadBalancer`.
2007
2008## [0.30.1] March 26, 2018
2009[0.30.1]: https://github.com/datawire/ambassador/compare/v0.30.0...v0.30.1
2010
2011### Fixed
2012
2013- The `tls` module is now able to override TLS settings probed from the `ambassador-certs` secret
2014
2015## [0.30.0] March 23, 2018
2016[0.30.0]: https://github.com/datawire/ambassador/compare/v0.29.0...v0.30.0
2017
2018### Changed
2019
2020- Support regex matching for `prefix` (thanks @radu-c!)
2021- Fix docs around `AuthService` usage
2022
2023## [0.29.0] March 15, 2018
2024[0.29.0]: https://github.com/datawire/ambassador/compare/v0.28.2...v0.29.0
2025
2026### Changed
2027
2028- Default restart timings have been increased. **This will cause Ambassador to respond to service changes less quickly**; by default, you'll see changes appear within 15 seconds.
2029- Liveness and readiness checks are now enabled after 30 seconds, rather than 3 seconds, if you use our published YAML.
2030- The `statsd` container is now based on `mhart/alpine-node:9` rather than `:7`.
2031- `envoy_override` has been reenabled in `Mapping`s.
2032
2033## [0.28.1] March 05, 2018 (and [0.28.0] on March 02, 2018)
2034[0.28.1]: https://github.com/datawire/ambassador/compare/v0.26.0...v0.28.1
2035[0.28.0]: https://github.com/datawire/ambassador/compare/v0.26.0...v0.28.1
2036
2037(Note that 0.28.1 is identical to 0.28.0, and 0.27.0 was an internal release. These are related to the way CI generates tags, which we'll be revamping soon.)
2038
2039### Changed
2040
2041- Support tuning Envoy restart parameters
2042- Support `host_regex`, `method_regex`, and `regex_headers` to allow regular expression matches in `Mappings`
2043- Support `use_proxy_proto` and `use_remote_address` in the `ambassador` module
2044- Fine-tune the way we sort a `Mapping` based on its constraints
2045- Support manually setting the `precedence` of a `Mapping`, so that there's an escape hatch when the automagic sorting gets it wrong
2046- Expose `alpn_protocols` in the `tls` module (thanks @technicianted!)
2047- Make logs a lot quieter
2048- Reorganize and update documentation
2049- Make sure that `ambassador dump --k8s` will work correctly
2050- Remove a dependency on a `ConfigMap` for upgrade checks
2051
2052## [0.26.0] February 13, 2018
2053[0.26.0]: https://github.com/datawire/ambassador/compare/v0.25.0...v0.26.0
2054
2055### Changed
2056
2057- The `authentication` module is deprecated in favor of the `AuthService` resource type.
2058- Support redirecting cleartext connections on port 80 to HTTPS on port 443
2059- Streamline end-to-end tests and, hopefully, allow them to work well without Kubernaut
2060- Clean up some documentation (thanks @lavoiedn!)
2061
2062## [0.25.0] February 06, 2018
2063[0.25.0]: https://github.com/datawire/ambassador/compare/v0.23.0...v0.25.0
2064
2065(Note that 0.24.0 was an internal release.)
2066
2067### Changed
2068
2069- CORS support (thanks @alexgervais!)
2070- Updated docs for
2071 - GKE
2072 - Ambassador + Istio
2073 - Ordering of `Mappings`
2074 - Prometheus with Ambassador
2075- Support multiple external authentication service instances, so that canarying `extauth` services is possible
2076- Correctly support `timeout_ms` in a `Mapping`
2077- Various build tweaks and end-to-end test speedups
2078
2079## [0.23.0] January 17, 2018
2080[0.23.0]: https://github.com/datawire/ambassador/compare/v0.22.0...v0.23.0
2081
2082### Changed
2083
2084- Clean up build docs (thanks @alexgervais!)
2085- Support `add_request_headers` for, uh, adding requests headers (thanks @alexgervais!)
2086- Make end-to-end tests and Travis build process a bit more robust
2087- Pin to Kubernaut 0.1.39
2088- Document the use of the `develop` branch
2089- Don't default to `imagePullAlways`
2090- Switch to Alpine base with a stripped Envoy image
2091
2092## [0.22.0] January 17, 2018
2093[0.22.0]: https://github.com/datawire/ambassador/compare/v0.21.1...v0.22.0
2094
2095### Changed
2096
2097- Switched to using `quay.io` rather than DockerHub. **If you are not using Datawire's published Kubernetes manifests, you will have to update your manifests!**
2098- Switched to building over Alpine rather than Ubuntu. (We're still using an unstripped Envoy; that'll change soon.)
2099- Switched to a proper production configuration for the `statsd` pod, so that it hopefully chews up less memory.
2100- Make sure that Ambassador won't generate cluster names that are too long for Envoy.
2101- Fix a bug where Ambassador could crash if there were too many egregious errors in its configuration.
2102
2103## [0.21.1] January 11, 2018
2104[0.21.1]: https://github.com/datawire/ambassador/compare/v0.21.0...v0.21.1
2105
2106### Changed
2107
2108- Ambassador will no longer generate cluster names that exceed Envoy's 60-character limit.
2109
2110## [0.21.0] January 03, 2018
2111[0.21.0]: https://github.com/datawire/ambassador/compare/v0.20.1...v0.21.0
2112
2113### Changed
2114
2115- If `AMBASSADOR_SINGLE_NAMESPACE` is present in the environment, Ambassador will only look for services in its own namespace.
2116- Ambassador `Mapping` objects now correctly support `host_redirect`, `path_redirect`, `host_rewrite`, `auto_host_rewrite`, `case_sensitive`, `use_websocket`, `timeout_ms`, and `priority`.
2117
2118## [0.20.1] December 22, 2017
2119[0.20.1]: https://github.com/datawire/ambassador/compare/v0.20.0...v0.20.1
2120
2121### Changed
2122
2123- If Ambassador finds an empty YAML document, it will now ignore it rather than raising an exception.
2124- Includes the namespace of a service from an annotation in the name of its generated YAML file.
2125- Always process inputs in the same order from run to run.
2126
2127## [0.20.0] December 18, 2017
2128[0.20.0]: https://github.com/datawire/ambassador/compare/v0.19.2...v0.20.0
2129
2130### Changed
2131
2132- Switch to Envoy 1.5 under the hood.
2133- Refocus the diagnostic service to better reflect what's actually visible when you're working at Ambassador's level.
2134- Allow the diagnostic service to display, and change, the Envoy log level.
2135
2136## [0.19.2] December 12, 2017
2137[0.19.2]: https://github.com/datawire/ambassador/compare/v0.19.1...v0.19.2
2138
2139### Changed
2140
2141- Arrange for logs from the subsystem that watches for Kubernetes service changes (kubewatch) to have timestamps and such.
2142- Only do new-version checks every four hours.
2143
2144## [0.19.1] December 04, 2017
2145[0.19.1]: https://github.com/datawire/ambassador/compare/v0.19.0...v0.19.1
2146
2147### Changed
2148
2149- Allow the diag service to look good (well, OK, not too horrible anyway) when Ambassador is running with TLS termination.
2150- Show clusters on the overview page again.
2151- The diag service now shows you the "health" of a cluster by computing it from the number of requests to a given service that didn't involve a 5xx status code, rather than just forwarding Envoy's stat, since we don't configure Envoy's stat in a meaningful way yet.
2152- Make sure that the tests correctly reported failures (sigh).
2153- Allow updating out-of-date diagnostic reports without requiring multiple test runs.
2154
2155## [0.19.0] November 30, 2017
2156[0.19.0]: https://github.com/datawire/ambassador/compare/v0.18.2...v0.19.0
2157
2158### Changed
2159
2160- Ambassador can now use HTTPS upstream services: just use a `service` that starts with `https://` to enable it.
2161 - By default, Ambassador will not offer a certificate when using HTTPS to connect to a service, but it is possible to configure certificates. Please [contact us on Slack](https://d6e.co/slack) if you need to do this.
2162- HTTP access logs appear in the normal Kubernetes logs for Ambassador.
2163- It’s now possible to tell `ambassador config` to read Kubernetes manifests from the filesystem and build a configuration from the annotations in them (use the `--k8s` switch).
2164- Documentation on using Ambassador with Istio now reflects Ambassador 0.19.0 and Istio 0.2.12.
2165
2166## [0.18.2] November 28, 2017
2167[0.18.2]: https://github.com/datawire/ambassador/compare/v0.18.0...v0.18.2
2168
2169### Changed
2170
2171- The diagnostics service will now tell you when updates are available.
2172
2173## [0.18.0] November 20, 2017
2174[0.18.0]: https://github.com/datawire/ambassador/compare/v0.17.0...v0.18.0
2175
2176### Changed
2177
2178- The Host header is no longer overwritten when Ambassador talks to an external auth service. It will now retain whatever value the client passes there.
2179
2180### Fixed
2181
2182- Checks for updates weren’t working, and they have been restored. At present you’ll only see them in the Kubernetes logs if you’re using annotations to configure Ambassador — they’ll start showing up in the diagnostics service in the next release or so.
2183
2184## [0.17.0] November 14, 2017
2185[0.17.0]: https://github.com/datawire/ambassador/compare/v0.16.0...v0.17.0
2186
2187### Changed
2188
2189- Allow Mappings to require matches on HTTP headers and `Host`
2190- Update tests, docs, and diagnostic service for header matching
2191
2192### Fixed
2193
2194- Published YAML resource files will no longer overwrite annotations on the Ambassador `service` when creating the Ambassador `deployment`
2195
2196## [0.16.0] November 10, 2017
2197[0.16.0]: https://github.com/datawire/ambassador/compare/v0.15.0...v0.16.0
2198
2199### Changed
2200
2201- Support configuring Ambassador via `annotations` on Kubernetes `service`s
2202- No need for volume mounts! Ambassador can read configuration and TLS-certificate information directly from Kubernetes to simplify your Kubernetes YAML
2203- Expose more configuration elements for Envoy `route`s: `host_redirect`, `path_redirect`, `host_rewrite`, `auto_host_rewrite`, `case_sensitive`, `use_websocket`, `timeout_ms`, and `priority` get transparently copied
2204
2205### Fixed
2206
2207- Reenable support for gRPC
2208
2209## [0.15.0] October 16, 2017
2210[0.15.0]: https://github.com/datawire/ambassador/compare/v0.14.2...v0.15.0
2211
2212### Changed
2213
2214- Allow `docker run` to start Ambassador with a simple default configuration for testing
2215- Support `host_rewrite` in mappings to force the HTTP `Host` header value for services that need it
2216- Support `envoy_override` in mappings for odd situations
2217- Allow asking the diagnostic service for JSON output rather than HTML
2218
2219## [0.14.2] October 12, 2017
2220[0.14.2]: https://github.com/datawire/ambassador/compare/v0.14.0...v0.14.2
2221
2222### Changed
2223
2224- Allow the diagnostic service to show configuration errors.
2225
2226## [0.14.0] October 05, 2017
2227[0.14.0]: https://github.com/datawire/ambassador/compare/v0.13.0...v0.14.0
2228
2229### Changed
2230
2231- Have a diagnostic service!
2232- Support `cert_required` in TLS config
2233
2234## [0.13.0] September 25, 2017
2235[0.13.0]: https://github.com/datawire/ambassador/compare/v0.12.1...v0.13.0
2236
2237### Changed
2238
2239- Support using IP addresses for services.
2240- Check for collisions, so that trying to e.g. map the same prefix twice will report an error.
2241- Enable liveness and readiness probes, and have Kubernetes perform them by default.
2242- Document the presence of the template-override escape hatch.
2243
2244## [0.12.1] September 22, 2017
2245[0.12.1]: https://github.com/datawire/ambassador/compare/v0.12.0...v0.12.1
2246
2247### Changed
2248
2249- Notify (in the logs) if a new version of Ambassador is available.
2250
2251## [0.12.0] September 21, 2017
2252[0.12.0]: https://github.com/datawire/ambassador/compare/v0.11.2...v0.12.0
2253
2254### Changed
2255
2256- Support for non-default Kubernetes namespaces.
2257- Infrastructure for checking if a new version of Ambassador is available.
2258
2259## [0.11.2] September 20, 2017
2260[0.11.2]: https://github.com/datawire/ambassador/compare/v0.11.1...v0.11.2
2261
2262### Changed
2263
2264- Better schema verification.
2265
2266## [0.11.1] September 18, 2017
2267[0.11.1]: https://github.com/datawire/ambassador/compare/v0.11.0...v0.11.1
2268
2269### Changed
2270
2271- Do schema verification of input YAML files.
2272
2273## [0.11.0] September 18, 2017
2274[0.11.0]: https://github.com/datawire/ambassador/compare/v0.10.14...v0.11.0
2275
2276### Changed
2277
2278- Declarative Ambassador! Configuration is now via YAML files rather than REST calls
2279- The `ambassador-store` service is no longer needed.
2280
2281## [0.10.14] September 15, 2017
2282[0.10.14]: https://github.com/datawire/ambassador/compare/v0.10.13...v0.10.14
2283
2284### Fixed
2285
2286- Update `demo-qotm.yaml` with the correct image tag.
2287
2288## [0.10.13] September 05, 2017
2289[0.10.13]: https://github.com/datawire/ambassador/compare/v0.10.12...v0.10.13
2290
2291### Changed
2292
2293- Properly support proxying all methods to an external authentication service, with headers intact, rather than moving request headers into the body of an HTTP POST.
2294
2295## [0.10.12] August 02, 2017
2296[0.10.12]: https://github.com/datawire/ambassador/compare/v0.10.10...v0.10.12
2297
2298### Changed
2299
2300- Make TLS work with standard K8s TLS secrets, and completely ditch push-cert and push-cacert.
2301
2302### Fixed
2303
2304- Move Ambassador out from behind Envoy, so that you can use Ambassador to fix things if you completely botch your Envoy config.
2305- Let Ambassador keep running if Envoy totally chokes and dies, but make sure the pod dies if Ambassador loses access to its storage.
2306
2307## [0.10.10] August 01, 2017
2308[0.10.10]: https://github.com/datawire/ambassador/compare/v0.10.7...v0.10.10
2309
2310### Fixed
2311
2312- Fix broken doc paths and simplify building as a developer. 0.10.8, 0.10.9, and 0.10.10 were all stops along the way to getting this done; hopefully we'll be able to reduce version churn from here on out.
2313
2314## [0.10.7] July 25, 2017
2315[0.10.7]: https://github.com/datawire/ambassador/compare/v0.10.6...v0.10.7
2316
2317### Changed
2318- More CI-build tweaks.
2319
2320## [0.10.6] July 25, 2017
2321[0.10.6]: https://github.com/datawire/ambassador/compare/v0.10.5...v0.10.6
2322
2323### Changed
2324- Fix automagic master build tagging
2325
2326## [0.10.5] July 25, 2017
2327[0.10.5]: https://github.com/datawire/ambassador/compare/v0.10.1...v0.10.5
2328
2329### Changed
2330- Many changes to the build process and versioning. In particular, CI no longer has to commit files.
2331
2332## [0.10.1] July 03, 2017
2333[0.10.1]: https://github.com/datawire/ambassador/compare/v0.10.0...v0.10.1
2334
2335### Added
2336- Changelog
2337
2338
2339## [0.10.0] June 30, 2017
2340[0.10.0]: https://github.com/datawire/ambassador/compare/v0.9.1...v0.10.0
2341[grpc-0.10.0]: https://github.com/datawire/ambassador/blob/v0.10.0/docs/user-guide/grpc.md
2342
2343### Added
2344- Ambassador supports [GRPC services][grpc-0.10.0] (and other HTTP/2-only services) using the GRPC module
2345
2346### Fixed
2347- Minor typo in Ambassador's `Dockerfile` that break some versions of Docker
2348
2349
2350## [0.9.1] June 28, 2017
2351[0.9.1]: https://github.com/datawire/ambassador/compare/v0.9.0...v0.9.1
2352[building-0.9.1]: https://github.com/datawire/ambassador/blob/v0.9.1/BUILDING.md
2353
2354### Changed
2355- Made development a little easier by automating dev version numbers so that modified Docker images update in Kubernetes
2356- Updated [`BUILDING.md`][building-0.9.1]
2357
2358
2359## [0.9.0] June 23, 2017
2360[0.9.0]: https://github.com/datawire/ambassador/compare/v0.8.12...v0.9.0
2361[start-0.9.0]: https://github.com/datawire/ambassador/blob/v0.9.0/docs/user-guide/getting-started.md
2362[concepts-0.9.0]: https://github.com/datawire/ambassador/blob/v0.9.0/docs/user-guide/mappings.md
2363
2364### Added
2365- Ambassador supports HTTP Basic Auth
2366- Ambassador now has the concept of _modules_ to enable and configure optional features such as auth
2367- Ambassador now has the concept of _consumers_ to represent end-users of mapped services
2368- Ambassador supports auth via an external auth server
2369
2370Basic auth is covered in [Getting Started][start-0.9.0]. Learn about modules and consumers and see an example of external auth in [About Mappings, Modules, and Consumers][concepts-0.9.0].
2371
2372### Changed
2373- State management (via Ambassador store) has been refactored
2374- Switched to [Ambassador-Envoy] for the base Docker image
2375
2376
2377## [0.8.12] June 07, 2017
2378[0.8.12]: https://github.com/datawire/ambassador/compare/v0.8.11...v0.8.12
2379
2380### Added
2381- Mappings can now be updated
2382
2383
2384## [0.8.11] May 24, 2017
2385[0.8.11]: https://github.com/datawire/ambassador/compare/v0.8.10...v0.8.11
2386[istio-0.8.11]: https://github.com/datawire/ambassador/blob/v0.8.11/docs/user-guide/with-istio.md
2387[stats-0.8.11]: https://github.com/datawire/ambassador/blob/v0.8.11/docs/user-guide/statistics.md
2388
2389### Added
2390- Ambassador interoperates with [Istio] -- see [Ambassador and Istio][istio-0.8.11]
2391- There is additional documentation for [statistics and monitoring][stats-0.8.11]
2392
2393### Fixed
2394- Bug in mapping change detection
2395- Release machinery issues
2396
2397
2398## [0.8.6] May 05, 2017
2399[0.8.6]: https://github.com/datawire/ambassador/compare/v0.8.5...v0.8.6
2400
2401### Added
2402- Ambassador releases are now performed by Travis CI
2403
2404
2405## [0.8.2] May 04, 2017
2406[0.8.2]: https://github.com/datawire/ambassador/compare/v0.8.1...v0.8.2
2407
2408### Changed
2409- Documentation updates
2410
2411
2412## [0.8.0] May 02, 2017
2413[0.8.0]: https://github.com/datawire/ambassador/compare/v0.7.0...v0.8.0
2414[client-tls-0.8.0]: https://github.com/datawire/ambassador/blob/v0.8.0/README.md#using-tls-for-client-auth
2415
2416### Added
2417- [Ambassador has a website!][Ambassador]
2418- Ambassador supports auth via [TLS client certificates][client-tls-0.8.0]
2419- There are some additional helper scripts in the `scripts` directory
2420
2421### Changed
2422- Ambassador's admin interface is now on local port 8888 while mappings are available on port 80/443 depending on whether TLS is enabled
2423- Multiple instances of Ambassador talking to the same Ambassador Store pod will pick up each other's changes automatically
2424
2425
2426## [0.7.0] May 01, 2017
2427[0.7.0]: https://github.com/datawire/ambassador/compare/v0.6.0...v0.7.0
2428[start-0.7.0]: https://github.com/datawire/ambassador/blob/v0.7.0/README.md#mappings
2429
2430### Added
2431- Ambassador can rewrite the request URL path prefix before forwarding the request to your service (covered in [Getting Started][start-0.7.0])
2432- Ambassador supports additional stats aggregators: Datadog, Grafana
2433
2434### Changed
2435- _Services_ are now known as _mappings_
2436- Minikube is supported again
2437
2438
2439## [0.6.0] April 28, 2017
2440[0.6.0]: https://github.com/datawire/ambassador/compare/v0.5.2...v0.6.0
2441
2442### Removed
2443- The Ambassador SDS has been removed; Ambassador routes to service names
2444
2445
2446## [0.5.2] April 26, 2017
2447[0.5.2]: https://github.com/datawire/ambassador/compare/v0.5.0...v0.5.2
2448
2449### Added
2450- Ambassador includes a local `statsd` so that full stats from Envoy can be collected and pushed to a stats aggregator (Prometheus is supported)
2451
2452### Changed
2453- It's easier to develop Ambassador thanks to improved build documentation and `Makefile` fixes
2454
2455
2456## [0.5.0] April 13, 2017
2457[0.5.0]: https://github.com/datawire/ambassador/compare/v0.4.0...v0.5.0
2458
2459### Added
2460- Ambassador supports inbound TLS
2461- YAML for a demo user service is now included
2462
2463### Changed
2464- The `geturl` script supports Minikube and handles AWS better
2465- Documentation and code cleanup
2466
2467
2468## [0.4.0] April 07, 2017
2469[0.4.0]: https://github.com/datawire/ambassador/compare/v0.3.3...v0.4.0
2470
2471### Changed
2472- Ambassador now reconfigures Envoy automatically once changes have settled for five seconds
2473- Envoy stats and Ambassador stats are separate
2474- Mappings no longer require specifying the port as it is not needed
2475
2476### Fixed
2477- SDS does the right thing with unnamed ports
2478
2479
2480## [0.3.1] April 06, 2017
2481[0.3.1]: https://github.com/datawire/ambassador/compare/v0.3.0...v0.3.1
2482
2483### Added
2484- Envoy stats accessible through Ambassador
2485- Basic interpretation of cluster stats
2486
2487### Changed
2488- Split up `ambassador.py` into multiple files
2489- Switch to a debug build of Envoy
2490
2491
2492## [0.1.9] April 03, 2017
2493[0.1.9]: https://github.com/datawire/ambassador/compare/v0.1.8...v0.1.9
2494
2495### Changed
2496- Ambassador configuration on `/ambassador-config/` prefix rather than exposed on port 8001
2497- Updated to current Envoy and pinned the Envoy version
2498- Use Bumpversion for version management
2499- Conditionalized Docker push
2500
2501### Fixed
2502- Ambassador keeps running with an empty services list (part 2)
2503
2504
2505## [0.1.5] March 31, 2017
2506[0.1.5]: https://github.com/datawire/ambassador/compare/v0.1.4...v0.1.5
2507
2508### Fixed
2509- Ambassador SDS correctly handles ports
2510
2511
2512## [0.1.4] March 31, 2017
2513[0.1.4]: https://github.com/datawire/ambassador/compare/v0.1.3...v0.1.4
2514
2515### Changed
2516- Ambassador keeps running with an empty services list
2517- Easier to run with [Telepresence]
2518
2519
2520## [0.1.3] March 31, 2017
2521[0.1.3]: https://github.com/datawire/ambassador/compare/82ed5e4...v0.1.3
2522
2523### Added
2524- Initial Ambassador
2525- Ambassador service discovery service
2526- Documentation
2527
2528
2529Based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). Ambassador follows [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
2530
2531[Ambassador]: https://www.getambassador.io/
2532[Ambassador-Envoy]: https://github.com/datawire/ambassador-envoy
2533[Telepresence]: http://telepresence.io
2534[Istio]: https://istio.io/
View as plain text