1<!-- -*- fill-column: 100 -*- -->
2# CHANGELOG -- this is {{/* NOT */}}a GENERATED FILE, edit docs/releaseNotes.yml and "make generate" to change.
3
4## EMISSARY-INGRESS and AMBASSADOR EDGE STACK
5
6Emissary-ingress is a Kubernatives-native, self-service, open-source API gateway
7and ingress controller. It is a CNCF Incubation project, formerly known as the
8Ambassador API Gateway.
9
10Ambassador Edge Stack is a comprehensive, self-service solution for exposing,
11securing, and managing the boundary between end users and your Kubernetes services.
12The core of Ambassador Edge Stack is Emissary-ingress.
13
14**Note well:**
15
16- Ambassador Edge Stack provides all the capabilities of Emissary-ingress,
17 as well as additional capabilities including:
18
19 - Security features such as automatic TLS setup via ACME integration, OAuth/OpenID Connect
20 integration, rate limiting, and fine-grained access control; and
21 - Developer onboarding assistance, including an API catalog, Swagger/OpenAPI documentation
22 support, and a fully customizable developer portal.
23
24- Emissary-ingress can do everything that Ambassador Edge Stack can do, but you'll need to
25 write your own code to take advantage of the capabilities above.
26
27- Ambassador Edge Stack is free for all users: due to popular demand, Ambassador Edge Stack
28 offers a free usage tier of its core features, designed for startups.
29
30In general, references to "Ambassador" in documentation (including this CHANGELOG)
31refer both to Emissary-ingress and to the Ambassador Edge Stack.
32
33## UPCOMING BREAKING CHANGES
34
35### Emissary 3.2.0 and 2.5.0
36
37 - Changes to label matching will change how `Hosts` are associated with `Mappings`. There
38 was a bug with label selectors that was causing `Hosts` to be incorrectly being associated with
39 more `Mappings` than intended. If any single label from the selector was matched then the `Host`
40 would be associated with the `Mapping`. Now it has been updated to correctly only associate a
41 `Host` with a `Mapping` if **all** labels required by the selector are present. This brings the
42 `mappingSelector` field in-line with how label selectors are used in Kubernetes. To avoid
43 unexpected behaviour after the upgrade, add all labels that Hosts have in their `mappingSelector`
44 to `Mappings` you want to associate with the `Host`. You can opt-out of the new behaviour by
45 setting the environment variable `DISABLE_STRICT_LABEL_SELECTORS` to `"true"`
46 (default: `"false"`).
47
48### Emissary 3.0.0
49
50 - **No `protocol_version: v2`**: Support for specifying `protocol_version: v2` in `AuthService`,
51 `RateLimitService`, and `LogService` resources will be removed. These resources each have a
52 `protocol_version` field that controls whether Envoy speaks the `v2` transport API or the `v3`
53 transport API when speaking to that service. Due to Envoy's removal of all v2 Envoy APIs, the
54 `v2` value will no longer be supported. Note that `protocol_version: v2` is the default in
55 current versions of Emissary.
56
57 Users who use these resource types but don't explicitly say `protocol_version: v3` will need to
58 adjust their service implementations to understand the v3 protocols, and then update Emissary
59 resources to say `protocol_version` before upgrading to Emissary-ingress 3.0.0.
60
61 - **No Zipkin `collector_endpoint_version: HTTP_JSON_V1`**: Support for specifying
62 `collector_endpoint_version: HTTP_JSON_V1` for a Zipkin `TracingService` will be removed. The
63 `HTTP_JSON_V1` value corresponds to Zipkin's old API-v1, while the `HTTP_JSON` value corresponds
64 to the Zipkin's new API-v2.
65
66 For current versions of Emissary-ingress (>=1.14.0 and <3.0.0), the behavior is that if the
67 `TracingService` does not specify which Zipkin API to use, it will normally default to using
68 `HTTP_JSON`, but can be made to default to `HTTP_JSON_V1` by setting the
69 `AMBASSADOR_ENVOY_API_VERSION=V2` environment variable. In Emissary-ingress 3.0.0 this
70 environment variable will no longer have any impact on what the default Zipkin API is, and
71 explicitly setting the API in the `TracingService` will no longer support the `HTTP_JSON_V1`
72 value.
73
74 Users who rely on `HTTP_JSON_V1` will need to migrate their Emissary-ingress 2.3 install to use
75 either `HTTP_JSON` or `HTTP_PROTO` before upgrading to Emissary-ingress 3.0.0.
76
77With the removal of `regex_type: unsafe` and `collector_endpoint_version: HTTP_JSON_V1`, there will
78be no more user-visible effects of the `AMBASSADOR_ENVOY_API_VERSION` environment variable, and so
79it will be removed; but as it won't be user-visible this isn't considered a breaking change.
80
81### Emissary 3.0.0 or later
82
83 - In a future version of Emissary-ingress, **no sooner than Emissary-ingress v3.0.0**, TLS secrets
84 in `Ingress` resources will not be able to use `.namespace` suffixes to cross namespaces.
85
86## RELEASE NOTES
87{{ $relnotes := (datasource "relnotes") -}}
88{{ $ghName := "emissary-ingress/emissary" -}}
89
90{{ range $i, $release := $relnotes.items -}}
91{{ $prevVersion := "1.13.3" -}}
92{{- if index $release "prevVersion" -}}
93 {{- $prevVersion = $release.prevVersion -}}
94{{ else -}}
95 {{- if lt (add $i 1) (len $relnotes.items) -}}
96 {{- $prevVersion = (index $relnotes.items (add $i 1)).version -}}
97 {{- end -}}
98{{ end -}}
99{{ if eq $release.version "1.13.7" -}}
100{{ $ghName = "datawire/ambassador" -}}
101{{ end }}
102## {{ if ne $release.date "N/A" }}[{{ end }}{{ $release.version }}{{ if ne $release.date "N/A" }}]{{ end }} {{ if eq $release.date "N/A" }}not issued{{ else if eq $release.date "TBD" }}TBD{{ else }}{{ (time.Parse "2006-01-02" $release.date).Format "January 02, 2006" }}{{ end }}{{ if ne $release.date "N/A" }}
103[{{ $release.version }}]: https://github.com/{{ $ghName }}/compare/v{{ $prevVersion }}...v{{ $release.version }}
104{{- end }}{{ range $release.notes }}{{ if index . "isHeadline" }}{{ if .isHeadline }}
105
106{{ .body |
107 strings.ReplaceAll "$productName$" "Emissary-ingress" |
108 strings.ReplaceAll "<b>" "**" |
109 strings.ReplaceAll "</b>" "**" |
110 strings.ReplaceAll "<i>" "*" |
111 strings.ReplaceAll "</i>" "*" |
112 strings.ReplaceAll "<code>" "`" |
113 strings.ReplaceAll "</code>" "`" |
114 strings.ReplaceAll "href=\"../" "href=\"https://www.getambassador.io/docs/emissary/latest/" |
115 strings.WordWrap 100 }}
116{{- end }}{{ end }}{{ end }}
117{{ if ne $release.date "N/A" }}
118### Emissary-ingress and Ambassador Edge Stack
119{{ range $release.notes }}{{ if not (index . "isHeadline") }}
120- {{ printf "%s: %s" (.type | strings.Title) .body |
121 strings.ReplaceAll "$productName$" "Emissary-ingress" |
122 strings.ReplaceAll "<b>" "**" |
123 strings.ReplaceAll "</b>" "**" |
124 strings.ReplaceAll "<i>" "*" |
125 strings.ReplaceAll "</i>" "*" |
126 strings.ReplaceAll "<code>" "`" |
127 strings.ReplaceAll "</code>" "`" |
128 strings.ReplaceAll "href=\"../" "href=\"https://www.getambassador.io/docs/emissary/latest/" |
129 strings.WordWrap 98 |
130 strings.Indent 2 |
131 strings.TrimPrefix " " }}{{ if index . "github" }}{{ range .github }} ([{{.title}}]){{ end }}{{ end }}
132{{ end }}{{ end }}{{ $anyGitLinks := false }}{{ range $release.notes -}}{{- if index . "github" -}}{{- range .github }}{{ $anyGitLinks = true }}
133[{{.title}}]: {{.link}}{{ end -}}{{- end -}}{{- end -}}{{ if $anyGitLinks }}
134{{ end }}{{ if index $release "edgeStackNotes" }}
135### Ambassador Edge Stack only
136{{ range $release.edgeStackNotes }}
137- {{ printf "%s: %s" (.type | strings.Title) .body |
138 strings.ReplaceAll "$productName$" "Emissary-ingress" |
139 strings.ReplaceAll "<b>" "**" |
140 strings.ReplaceAll "</b>" "**" |
141 strings.ReplaceAll "<i>" "*" |
142 strings.ReplaceAll "</i>" "*" |
143 strings.ReplaceAll "<code>" "`" |
144 strings.ReplaceAll "</code>" "`" |
145 strings.ReplaceAll "href=\"../" "href=\"https://www.getambassador.io/docs/edge-stack/latest/" |
146 strings.WordWrap 98 |
147 strings.Indent 2 |
148 strings.TrimPrefix " " }}{{ if index . "github" }}{{ range .github }} ([{{.title}}]){{ end }}{{ end }}
149{{ end }}{{ $anyGitLinks := false }}{{ range $release.edgeStackNotes -}}{{- if index . "github" -}}{{- range .github }}{{ $anyGitLinks = true }}
150[{{.title}}]: {{.link}}{{ end -}}{{- end -}}{{- end -}}{{ if $anyGitLinks }}
151{{ end }}{{ end }}{{ end }}{{ end }}
152## [1.13.3] May 03, 2021
153[1.13.3]: https://github.com/datawire/ambassador/compare/v1.13.2...v1.13.3
154
155### Emissary Ingress and Ambassador Edge Stack
156
157- Bugfix: Fixed a regression that caused Ambassador to crash when loading the Edge Policy Console when any RateLimit resources exist ([#3348])
158
159## [1.13.2] April 29, 2021
160[1.13.2]: https://github.com/datawire/ambassador/compare/v1.13.1...v1.13.2
161
162### Emissary Ingress and Ambassador Edge Stack
163
164- Bugfix: Fixed a regression that caused endpoint routing to not work when defining mappings in service annotations ([#3369])
165
166[#3369]: https://github.com/datawire/ambassador/issues/3369
167
168## [1.13.1] April 22, 2021
169[1.13.1]: https://github.com/datawire/ambassador/compare/v1.13.0...v1.13.1
170
171### Emissary Ingress and Ambassador Edge Stack
172
173- Bugfix: Potentially increased CPU Usage for deployments with large numbers of Hosts ([#3358])
174
175[#3358]: https://github.com/datawire/ambassador/issues/3358
176
177## [1.13.0] April 20, 2021
178[1.13.0]: https://github.com/datawire/ambassador/compare/v1.12.4...v1.13.0
179
180### Emissary Ingress and Ambassador Edge Stack
181
182**Note**: Support for the deprecated `v2alpha` `protocol_version` has been removed from the `AuthService` and `RateLimitService`.
183
184- Feature: Added support for the [Mapping AuthService setting] `auth_context_extensions`, allowing supplying custom per-mapping information to external auth services (thanks, [Giridhar Pathak](https://github.com/gpathak)!).
185- Feature: Added support in ambassador-agent for reporting [Argo Rollouts] and [Argo Applications] to Ambassador Cloud
186- Feature: The [Ambassador Module configuration] now supports the `diagnostics.allow_non_local` flag to expose admin UI internally only ([#3074] -- thanks, [Fabrice](https://github.com/jfrabaute)!)
187- Feature: Ambassador will now use the Envoy v3 API internally when the AMBASSADOR_ENVOY_API_VERSION environment variable is set to "V3". By default, Ambassador will continue to use the v2 API.
188- Feature: The [Ambassador Agent] is now available (and deployed by default) for the API Gateway (https://app.getambassador.io).
189- Feature: The [Ambassador Module configuration] now supports `merge_slashes` which tells Ambassador to merge adjacent slashes when performing route matching. For example, when true, a request with URL '//foo/' would match a Mapping with prefix '/foo/'.
190- Feature: Basic support for a subset of the [Kubernetes Gateway API] has been added.
191- Feature: Ambassador now supports the `DD_ENTITY_ID` environment variable to set the `dd.internal.entity_id` statistics tag on metrics generated when using DogStatsD.
192- Bugfix: Make Knative paths match on prefix instead of the entire path to better align to the Knative specification ([#3224]).
193- Bugfix: The endpoint routing resolver will now properly watch services that include a scheme.
194- Bugfix: Environment variable interpolation works again for `ConsulResolver.Spec.Address` without setting `AMBASSADOR_LEGACY_MODE` ([#3182], [#3317])
195- Bugfix: Endpoint routing will now detect endpoint changes when your service field includes `.svc.cluster.local`. ([#3324])
196- Bugfix: Upgrade PyYAML to 5.4.1 ([#3349])
197- Change: The Helm chart has been moved into this repo, in the `charts/ambassador` directory.
198- Change: The `Mapping` CRD has been modified so that `kubectl get mappings` now has a column for not just the source path-prefix (`.spec.prefix`), but the source host (`.spec.host`) too.
199- Change: The yaml in yaml/docs is now generated from the contents of the helm chart in the `charts/ambassador` directory.
200- Change: Support for the deprecated `v2alpha` `protocol_version` has been removed from the `AuthService` and `RateLimitService`.
201
202[Ambassador Agent]: https://www.getambassador.io/docs/cloud/latest/service-catalog/quick-start/
203[Ambassador Module configuration]: https://getambassador.io/docs/edge-stack/latest/topics/running/ambassador/
204[Argo Applications]: https://www.getambassador.io/docs/argo/latest/quick-start/
205[Argo Rollouts]: https://www.getambassador.io/docs/argo/latest/quick-start/
206[Kubernetes Gateway API]: https://getambassador.io/docs/edge-stack/latest/topics/using/gateway-api/
207[Mapping AuthService setting]: https://getambassador.io/docs/edge-stack/latest/topics/using/authservice
208
209[#3074]: https://github.com/datawire/ambassador/issues/3074
210[#3182]: https://github.com/datawire/ambassador/issues/3182
211[#3224]: https://github.com/datawire/ambassador/issues/3224
212[#3317]: https://github.com/datawire/ambassador/issues/3317
213[#3324]: https://github.com/datawire/ambassador/issues/3324
214[#3349]: https://github.com/datawire/ambassador/issues/3349
215
216### Ambassador Edge Stack only
217
218- Feature: DevPortal: Added doc.display_name attribute to the Mapping CRD. This value allows for a custom name and documentation URL path of the service in the DevPortal.
219- Feature: DevPortal: Added `naming_scheme` enum to the DevPortal CRD. This enum controls the way services are displayed in the DevPortal. Supported values are `namespace.name` (current behavior) and `name.prefix`, which will use the Mapping name and Mapping prefix to display the services.
220- Feature: DevPortal: `DEVPORTAL_DOCS_BASE_PATH` environment variable makes the base path of service API documentation configurable.
221- Feature: DevPortal: DevPortal will now reload content on changes to Mapping and DevPortal resources.
222- Feature: DevPortal: DevPortal now supports a search endpoint at `/docs/api/search`
223- Feature: DevPortal search can be configured to only search over titles (with search.type=`title-only`in the DevPortal CRD) or to search over all content (search.type=`all-content`)
224- Feature: DevPortal search supports deep linking to openapi spec entries (must set `search.type=all-content` and `search.enabled=true` on the DevPortal CRD)
225- Feature: DevPortal: Trigger content refresh by hitting `/docs/api/refreshContent`
226- Feature: The AES ratelimit preview service now supports [burst ratelimiting] (aka token bucket ratelimiting).
227- Bugfix: The AES ratelimit preview no longer ignores LOCAL_CACHE_SIZE_IN_BYTES.
228- Bugfix: The AES ratelimit preview no longer ignores NEAR_LIMIT_RATIO.
229- Bugfix: The AES ratelimit preview no longer ignores EXPIRATION_JITTER_MAX_SECONDS.
230- Change: Silence DevPortal warnings when DevPortal cannot parse a hostname from a Mapping. (#3341)
231
232[burst ratelimiting]: https://getambassador.io/docs/edge-stack/latest/topics/using/rate-limits/rate-limits/
233
234[#3341]: https://github.com/datawire/ambassador/issues/3341
235
236## [1.12.4] April 19, 2021
237[1.12.4]: https://github.com/datawire/ambassador/compare/v1.12.3...v1.12.4
238
239Bugfix: Fix the Envoy base image build step and, as a result, correctly ship the Envoy 1.15.4 security updates.
240
241## [1.12.3] April 15, 2021
242[1.12.3]: https://github.com/datawire/ambassador/compare/v1.12.2...v1.12.3
243
244Bugfix: Incorporate the Envoy 1.15.4 security update.
245
246## [1.12.2] March 29, 2021
247[1.12.2]: https://github.com/datawire/ambassador/compare/v1.12.1...v1.12.2
248
249- Bugfix: Update OpenSSL to 1.1.1k to address CVE-2021-23840), CVE-2021-3450), CVE-2021-23841), CVE-2021-3449), CVE-2021-23839), CVE-2021-23840), CVE-2021-3450), CVE-2021-23841), CVE-2021-3449), and CVE-2021-23839)
250
251## [1.12.1] March 12, 2021
252[1.12.1]: https://github.com/datawire/ambassador/compare/v1.12.0...v1.12.1
253
254- Bugfix: The endpoint routing resolver will now properly watch services with mappings that define the service field with an explicit port.
255- Bugfix: Correctly manage cluster load assignments with very long cluster names and `AMBASSADOR_FAST_RECONFIGURE`
256
257## [1.12.0] March 08, 2021
258[1.12.0]: https://github.com/datawire/ambassador/compare/v1.11.2...v1.12.0
259
260### Ambasssador API Gateway + Ambassador Edge Stack
261
262- Feature: Endpoint routing is now much more performant, especially in situations where reconfigurations are frequent.
263- Feature: A scrubbed ambassador snapshot is now accessible outside the pod at `:8005/snapshot-external`. This port is exposed on the ambassador-admin Kubernetes service.
264- Feature: Ambassador now supports configuring the maximum lifetime of an upstream connection using `cluster_max_connection_lifetime_ms`. After the configured time, upstream connections are drained and closed, allowing an operator to set an upper bound on how long any upstream connection will remain open. This is useful when using Kubernetes Service resolvers (the default) and modifying label selectors for traffic shifting.
265- Feature: The Ambassador Module configuration now supports `cluster_request_timeout_ms` to set a default request `timeout_ms` for Mappings. This allows an operator to update the default request timeout (currently 3000ms) without needing to update every Mapping.
266- Feature: The Ambassador Module configuration now supports `suppress_envoy_headers` to prevent Ambassador from setting additional headers on requests and responses. These headers are typically used for diagnostic purposes and are safe to omit when they are not desired.
267- Feature: All Kubernetes services managed by Ambassador are automatically instrumented with service catalog discovery annotations.
268- Feature: [`headers_with_underscores_action`](https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/core/protocol.proto#enum-core-httpprotocoloptions-headerswithunderscoresaction) is now configurable in the Ambassador `Module`.
269- Feature: The Ambassador Module configuration now supports `strip_matching_host_port` to control whether the port should be removed from the host/Authority header before any processing by request filters / routing. This behavior only applies if the port matches the associated Envoy listener port.
270- Bugfix: Ambassador now does a better job of cleaning up gRPC connections when shutting down.
271- Bugfix: Prevent potential reconcile loop when updating the status of an Ingress.
272- Bugfix: Update Python requirements, including addressing CVE-2020-36242 ([#3233])
273- Bugfix: Remove unnecessary logs about Kubernetes Secrets ([#3229])
274
275[#3229]: https://github.com/datawire/ambassador/issues/3229
276[#3233]: https://github.com/datawire/ambassador/issues/3233
277
278### Ambassador Edge Stack only
279
280- Feature: Added support for ambassador-agent deployment, reporting to Ambassador Cloud Service Catalog (https://app.getambassador.io)
281- Feature: `edgectl login` will automatically open your browser, allowing you to login into Service Catalog (https://app.getambassador.io)
282- Feature: `edgectl install` command allows you to install a new Ambassador Edge Stack automatically connected to Ambassador Cloud by passing a `--cloud-connect-token` argument.
283- Feature: `AES_AUTH_TIMEOUT` now allows you to configure the timeout of the AES authentication service. Defaults to 4s.
284- Bugfix: Prevent Dev Portal from sporadically responding with upstream connect timeout when loading content
285
286## [1.11.2] March 01, 2021
287[1.11.2]: https://github.com/datawire/ambassador/compare/v1.11.1...v1.11.2
288
289### Ambasssador API Gateway + Ambassador Edge Stack
290
291- Bugfix: Changes to endpoints when endpoint routing is not active will no longer cause reconfiguration
292- Bugfix: Correctly differentiate int values of 0 and Boolean values of `false` from non-existent attributes in CRDs ([#3212])
293- Bugfix: Correctly support Consul datacenters other than "dc1" without legacy mode.
294
295[#3212]: https://github.com/datawire/ambassador/issues/3212
296
297## [1.11.1] February 04, 2021
298[1.11.1]: https://github.com/datawire/ambassador/compare/v1.11.0...v1.11.1
299
300- Bugfix: Fix an issue that caused Dev Portal to sporadically respond with upstream connect timeout when loading content
301
302## [1.11.0] January 26, 2021
303[1.11.0]: https://github.com/datawire/ambassador/compare/v1.10.0...v1.11.0
304
305### Ambasssador API Gateway + Ambassador Edge Stack
306
307- Feature: Ambassador now reads the ENVOY_CONCURRENCY environment variable to optionally set the [--concurrency](https://www.envoyproxy.io/docs/envoy/latest/operations/cli#cmdoption-concurrency) command line option when launching Envoy. This controls the number of worker threads used to serve requests and can be used to fine-tune system resource usage.
308- Feature: The %DOWNSTREAM_PEER_CERT_V_START% and %DOWNSTREAM_PEER_CERT_V_END% command operators now support custom date formatting, similar to %START_TIME%. This can be used for both header formatting and access log formatting.
309- Feature: Eliminate the need to drain and recreate listeners when routing configuration is changed. This reduces both memory usage and disruption of in-flight requests.
310- Bugfix: Make sure that `labels` specifying headers with extra attributes are correctly supported again ([#3137]).
311- Bugfix: Support Consul services when the `ConsulResolver` and the `Mapping` aren't in the same namespace, and legacy mode is not enabled.
312- Bugfix: Fix failure to start when one or more IngressClasses are present in a cluster ([#3142]).
313- Bugfix: Properly handle Kubernetes 1.18 and greater when RBAC prohibits access to IngressClass resources.
314- Bugfix: Support `TLSContext` CA secrets with fast validation ([#3005]).
315- Bugfix: Dev Portal correctly handles transient failures when fetching content
316- Bugfix: Dev Portal sidebar pages have a stable order
317- Bugfix: Dev Portal pages are now marked cacheable
318
319### Ambassador Edge Stack only
320
321- Feature: RateLimit CRDs now suport specifying an `action` for each limit. Possible values include "Enforce" and "LogOnly", case insensitive. LogOnly may be used to implement dry run rules that do not actually enforce.
322- Feature: RateLimit CRDs now support specifying a symbolic `name` for each limit. This name can later be used in the access log to know which RateLimit, if any, applied to a request.
323- Feature: RateLimit metadata is now available using the `DYNAMIC_METADATA(envoy.http.filters.ratelimit: ... )` command operator in the Envoy access logs. See [Envoy Documentation](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage) for more on using dynamic metadata in the access log.
324- Feature: OAuth2 Filter: The SameSite cookie attribute is now configurable.
325
326[#3005]: https://github.com/datawire/ambassador/issues/3005
327[#3137]: https://github.com/datawire/ambassador/issues/3137
328[#3142]: https://github.com/datawire/ambassador/issues/3142
329
330## [1.10.0] January 04, 2021
331[1.10.0]: https://github.com/datawire/ambassador/compare/v1.9.1...v1.10.0
332
333### Ambasssador API Gateway + Ambassador Edge Stack
334
335- Feature: The redirect response code returned by Ambassador is now configurable using `redirect_reponse_code` on `Mappings` that use `host_redirect`.
336- Feature: The redirect location header returned by Ambassador now supports prefix rewrites using `prefix_redirect` on `Mappings` that use `host_redirect`.
337- Feature: The redirect location header returned by Ambassador now supports regex rewrites using `regex_redirect` on `Mappings` that use `host_redirect`.
338- Feature: Expose `max_request_headers_kb` in the Ambassador `Module`. This directly exposes the same value in Envoy; see [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/network/http_connection_manager/v2/http_connection_manager.proto) for more information.
339- Feature: Support Istio mTLS certification rotation for Istio 1.5 and higher. See the [howto](https://www.getambassador.io/docs/edge-stack/latest/howtos/istio/) for details.
340- Feature: The Ambassador Module's `error_response_overrides` now support configuring an empty response body using `text_format`. Previously, empty response bodies could only be configured by specifying an empty file using `text_format_source`.
341- Feature: OAuth2 Filter: Support injecting HTTP header fields in to the request before passing on to the upstream service. Enables passing along `id_token` information to the upstream if it was returned by the IDP.
342- Bugfix: Fix the grpc external filter to properly cache grpc clients thereby avoiding initiating a separate connection to the external filter for each filtered request.
343- Bugfix: Fix a bug in the Mapping CRD where the `text_format_source` field was incorrectly defined as type `string` instead of an object, as documented.
344- Bugfix: The RBAC requirements when `AMBASSADOR_FAST_RECONFIGURE` is enabled now more-closely match the requirements when it's disabled.
345- Bugfix: Fix error reporting and required-field checks when fast validation is enabled. Note that fast validation is now the default; see below.
346- Change: **Fast validation is now the default**, so the `AMBASSADOR_FAST_VALIDATION` variable has been removed. The Golang boot sequence is also now the default. Set `AMBASSADOR_LEGACY_MODE=true` to disable these two behaviors.
347- Change: ambassador-consul-connect resources now get deployed into the `ambassador` namespace instead of the active namespace specified in the user's kubernetes context (usually `default`). Old resource cleanup is documented in the Ambassador Consul integration documentation.
348
349### Ambassador Edge Stack only
350
351- Default-off early access: Ratelimiting now supports redis clustering, local caching of exceeded ratelimits, and an upgraded redis client with improved scalability. Must set AES_RATELIMIT_PREVIEW=true to access these improvements.
352- Bugfix: OAuth2 Filter: Fix `insufficient_scope` error when validating Azure access tokens.
353- Bugfix: Filters: Fix a capitalization-related bug where sometimes existing headers are appended to when they should be overwritten.
354
355## [1.9.1] November 19, 2020
356[1.9.1]: https://github.com/datawire/ambassador/compare/v1.9.0...v1.9.1
357
358### Ambassador Edge Stack only
359
360- Bugfix: DevPortal: fix a crash when the `host` cannot be parsed as a valid hostname.
361
362## [1.9.0] November 12, 2020
363[1.9.0]: https://github.com/datawire/ambassador/compare/v1.8.1...v1.9.0
364
365### Ambasssador API Gateway + Ambassador Edge Stack
366
367- Feature: Support configuring the gRPC Statistics Envoy filter to enable telemetry of gRPC calls (see the `grpc_stats` configuration flag -- thanks, [Felipe Roveran](https://github.com/feliperoveran)!)
368- Feature: The `RateLimitService` and `AuthService` configs now support switching between gRPC protocol versions `v2` and `v2alpha` (see the `protocol_version` setting)
369- Feature: The `TracingService` Zipkin config now supports setting `collector_hostname` to tell Envoy which host header to set when sending spans to the collector
370- Feature: Ambassador now supports custom error response mapping
371- Bugfix: Ambassador will no longer mistakenly post notices regarding `regex_rewrite` and `rewrite` directive conflicts in `Mapping`s due to the latter's implicit default value of `/` (thanks, [obataku](https://github.com/obataku)!)
372- Bugfix: The `/metrics` endpoint will no longer break if invoked before configuration is complete (thanks, [Markus Jevring](https://github.com/markusjevringsesame)!)
373- Bugfix: Update Python requirements to address CVE-2020-25659
374- Bugfix: Prevent mixing `Mapping`s with `host_redirect` set with `Mapping`s that don't in the same group
375- Bugfix: `ConsulResolver` will now fallback to the `Address` of a Consul service if `Service.Address` is not set.
376- Docs: Added instructions for building ambassador from source, within a docker container (thanks, [Rahul Kumar Saini](https://github.com/rahul-kumar-saini)!)
377- Update: Upgrade Alpine 3.10→3.12, GNU libc 2.30→2.32, and Python 3.7→3.8
378- Update: Knative serving tests were bumped from version 0.11.0 to version 0.18.0 (thanks, [Noah Fontes](https://github.com/impl)!)
379
380### Ambassador Edge Stack only
381
382- Change: The DevPortal no longer looks for documentation at `/.ambassador-internal/openapi-docs`. A new field in `Mappings`, `docs`, must be used for specifying the source for documentation. This can result in an empty Dev Portal after upgrading if `Mappings` do not include a `docs` attribute.
383- Feature: How the `OAuth2` Filter authenticates itself to the identity provider is now configurable with the `clientAuthentication` setting.
384- Feature: The `OAuth2` Filter can now use RFC 7523 JWT assertions to authenticate itself to the identity provider; this is usable with all grant types.
385- Feature: When validating a JWT's scope, the `JWT` and `OAuth2` Filters now support not just RFC 8693 behavior, but also the behavior of various drafts leading to it, making JWT scope validation usable with more identity providers.
386- Feature: The `OAuth2` Filter now has `inheritScopeArgument` and `stripInheritedScope` settings that can further customize the behavior of `accessTokenJWTFilter`.
387- Feature: DevPortal: default configuration using the `ambassador` `DevPortal` resource.
388- Change: The `OAuth2` Filter argument `scopes` has been renamed to `scope`, for consistency. The name `scopes` is deprecated, but will continue to work for backward compatibility.
389- Bugfix: `OAuth2` Filter: Don't have `accessTokenValidation: auto` fall back to "userinfo" validation for a client_credentials grant; it doesn't make sense there and only serves to obscure a more useful error message.
390
391## [1.8.1] October 16, 2020
392[1.8.1]: https://github.com/datawire/ambassador/compare/v1.8.0...v1.8.1
393
394### Ambasssador API Gateway + Ambassador Edge Stack
395
396- Bugfix: Ambassador no longer fails to configure Envoy listeners when a TracingService or LogService has a service name whose underlying cluster name has over 40 charcters.
397- Bugfix: The Ambassador diagnostics page no longer returns HTTP 500 when a TracingService or LogService has a service name whose underlying cluster name has over 40 characters.
398
399## [1.8.0] October 08, 2020
400[1.8.0]: https://github.com/datawire/ambassador/compare/v1.7.4...v1.8.0
401
402### Ambasssador API Gateway + Ambassador Edge Stack
403
404- Feature: HTTP IP Allow/Deny ranges are supported.
405- Bugfix: Ambassador's health checks don't claim that Envoy has failed when reconfiguration taking a long time (thanks, [Fabrice](https://github.com/jfrabaute), for contributions here!).
406- Bugfix: The `edgectl connect` command now works properly when using zsh on a Linux platform.
407- Bugfix: The container no longer exits "successfully" when the Deployment specifies an invalid `command`.
408
409### Ambassador Edge Stack only
410
411- Feature: `RateLimit` CRDs now support setting a response body, configurable with the `errorResponse` setting.
412- Bugfix: `External` `Filter` can now properly proxy the body to the configured `auth_service`
413- Bugfix: The RBAC for AES now grants permission to "patch" `Events.v1.core` (previously it granted "create" but not "patch")
414
415## [1.7.4] October 06, 2020
416[1.7.4]: https://github.com/datawire/ambassador/compare/v1.7.3...v1.7.4
417
418### Ambasssador API Gateway + Ambassador Edge Stack
419
420- Bugfix: Several regressions in the 1.7.x series are resolved by removing the ability to set `insecure.action` on a per-`Host`-resource basis, which was an ability added in 1.7.0. This reverts to the pre-1.7.0 behavior of having one `Host`'s insecure action "win" and be used for all `Host`s.
421- Bugfix: Ambassador will no longer generate invalid Envoy configuration with duplicate clusters in certain scenarios when `AMBASSADOR_FAST_RECONFIGURE=true`.
422- Enhancement: When `AMBASSADOR_FAST_RECONFIGURE=true` is set, Ambassador now logs information about memory usage.
423
424## [1.7.3] September 29, 2020
425[1.7.3]: https://github.com/datawire/ambassador/compare/v1.7.2...v1.7.3
426
427### Ambasssador API Gateway + Ambassador Edge Stack
428
429- Incorporate the Envoy 1.15.1 security update.
430- Bugfix: A regression introduced in 1.7.2 when `AMBASSADOR_FAST_RECONFIGURE=true` has been fixed where Host resources `tls.ca_secret` didn't work correctly.
431- Bugfix: `TLSContext` resources and `spec.tls` in `Host` resources now correctly handle namespaces with `.` in them.
432- Bugfix: Fix `spec.requestPolicy.insecure.action` for `Host` resources with a `*` wildcard in the hostname.
433- Bugfix: Reduce lock contention while generating diagnostics.
434
435## [1.7.2] September 16, 2020
436[1.7.2]: https://github.com/datawire/ambassador/compare/v1.7.1...v1.7.2
437
438### Ambasssador API Gateway + Ambassador Edge Stack
439
440- Bugfix: A regression introduced in 1.7.0 with the various `Host` resource `spec.requestPolicy.insecure.action` behaviors, including handling of X-Forwarded-Proto, has been fixed.
441- Bugfix: Host resources no longer perform secret namespacing when the `AMBASSADOR_FAST_RECONFIGURE` flag is enabled.
442
443## [1.7.1] September 08, 2020
444[1.7.1]: https://github.com/datawire/ambassador/compare/v1.7.0...v1.7.1
445
446### Ambasssador API Gateway + Ambassador Edge Stack
447
448- Bugfix: Support `envoy_validation_timeout` in the Ambassador Module to set the timeout for validating new Envoy configurations
449
450### Ambassador Edge Stack only
451
452- Bugfix: `consul_connect_integration` is now built correctly.
453- Bugfix: The developer portal again supports requests for API documentation
454
455## [1.7.0] August 27, 2020
456[1.7.0]: https://github.com/datawire/ambassador/compare/v1.6.2...v1.7.0
457
458### Ambassador API Gateway + Ambassador Edge Stack
459
460- Feature: Upgrade from Envoy 1.14.4 to 1.15.0.
461- Bugfix: Correctly handle a `Host` object with incompatible manually-specified `TLSContext`
462- Feature: The Ambassador control-plane now publishes Prometheus metrics alongside the existing Envoy data-plane metrics under the `/metrics` endpoint on port 8877.
463- Default-off early access: Experimental changes to allow Ambassador to more quickly process configuration changes (especially with larger configurations) have been added. The `AMBASSADOR_FAST_RECONFIGURE` env var must be set to enable this. `AMBASSADOR_FAST_VALIDATION` should also be set for maximum benefit.
464- Bugfix: Fixed insecure route action behavior. Host security policies no longer affect other Hosts.
465
466### Ambassador API Gateway only
467
468- Bugfix: Fixes regression in 1.5.1 that caused it to not correctly know its own version number, leading to notifications about an available upgrade despite being on the most recent version.
469
470### Ambassador Edge Stack only
471
472- Feature: DevPortal can now discover openapi documentation from `Mapping`s that set `host` and `headers`
473- Feature: `edgectl install` will automatically enable Service Preview with a Preview URL on the Host resource it creates.
474- Feature: Service Preview will inject an `x-service-preview-path` header in filtered requests with the original request prefix to allow for context propagation.
475- Feature: Service Preview can intercept gRPC requests using the `--grpc` flag on the `edgectl intercept add` command and the `getambassador.io/inject-traffic-agent-grpc: "true"` annotation when using automatic Traffic-Agent injection.
476- Feature: The `TracingService` Zipkin config now supports setting `collector_endpoint_version` to tell Envoy to use Zipkin v2.
477- Feature: You can now inject request and/or response headers from a `RateLimit`.
478- Bugfix: Don't crash during startup if Redis is down.
479- Bugfix: Service Preview correctly uses the Host default `Path` value for the `spec.previewUrl.type` field.
480- Bugfix: The `JWT`, `OAuth2`, and other Filters are now better about reusing connections for outgoing HTTP requests.
481- Bugfix: Fixed a potential deadlock in the HTTP cache used for fetching JWKS and such for `Filters`.
482- Bugfix: Internal Ambassador data is no longer exposed to the `/.ambassador-internal/` endpoints used by the DevPortal.
483- Bugfix: Problems with license key limits will no longer trigger spurious HTTP 429 errors. Using the `RateLimit` resource beyond 5rps without any form of license key will still trigger 429 responses, but now with a `X-Ambassador-Message` header indicating that's what happned.
484- Bugfix: When multiple `RateLimit`s overlap, it is supposed to enforce the strictest limit; but the strictness comparison didn't correctly handle comparing limits with different units.
485- Change: The Redis settings have been adjusted to default to the pre-1.6.0 behavior, and have been adjusted to be easier to understand.
486- Feature: `consul_connect_integration` is now part of the AES image.
487- Bugfix: `consul_connect_integration` now correctly handles certificates from Hashicorp Vault.
488
489## [1.6.2] July 30, 2020
490[1.6.2]: https://github.com/datawire/ambassador/compare/v1.6.1...v1.6.2
491
492### Ambassador API Gateway + Ambassador Edge Stack
493
494- Bugfix: The (new in 1.6.0) `Host.spec.tls` and `Host.spec.tlsContext` fields now work when `AMBASSADOR_FAST_VALIDATION=fast` is not set.
495- Bugfix: Setting `use_websocket: true` on a `Mapping` now only affects routes generated from that `Mapping`, instead of affecting all routes on that port.
496- Feature: It is now possible to "upgrade" to non-HTTP protocols other than WebSocket; the new `allow_upgrade` is a generalization of `use_websocket`.
497
498### Ambassador Edge Stack only
499
500- Bugfix: The `Host.spec.requestPolicy.insecure.additionalPort` field works again.
501- Bugfix: The `Host.spec.ambassadorId` is once again handled in addition to `.ambassador_id`; allowing hosts written by older versions AES prior to 1.6.0 to continue working.
502- Bugfix: Fix a redirect loop that could occur when using using multiple `protectedOrigins` in a `Host`.
503
504## [1.6.1] July 23, 2020
505[1.6.1]: https://github.com/datawire/ambassador/compare/v1.6.0...v1.6.1
506
507### Ambassador API Gateway + Ambassador Edge Stack
508
509- Bugfix: Mapping with `https` scheme for service are correctly parsed.
510- Bugfix: Mapping with both a scheme and a hostname of `localhost` is now handled correctly.
511- Bugfix: ConsulResolver now works again for Mappings outside of Ambassador's namespace.
512
513## [1.6.0] July 21, 2020
514[1.6.0]: https://github.com/datawire/ambassador/compare/v1.5.5...v1.6.0
515
516### Ambassador API Gateway + Ambassador Edge Stack
517
518- Incorporate the Envoy 1.14.4 security update.
519- API CHANGE: Turning off the Diagnostics UI via the Ambassador Module now disables access to the UI from both inside and outside the Ambassador Pod.
520- API CHANGE: Default changes updating `Mapping` status from default-on to default-off; see below.
521- Feature: Add support for circuit breakers in TCP mapping (thanks, [Pierre Fersing](https://github.com/PierreF)!)
522- Feature: Ambassador CRDs now include schema. This enables validation by `kubectl apply`.
523- Feature: Advanced TLS configuration can be specified in `Host` resource via `tlsContext` and `tls` fields.
524- Feature: Implement sampling percentage in tracing service.
525- Performance improvement: Diagnostics are generated on demand rather than on every reconfig.
526- Performance improvement: Experimental fast validation of the contents of Ambassador resources has been added. The `AMBASSADOR_FAST_VALIDATION` env var must be set to enable this.
527- Internal: Configuration endpoints used internally by Ambassador are no longer accessible from outside the Ambassador Pod.
528- Bugfix: `envoy_log_format` can now be set with `envoy_log_type: json`.
529- Docs: Fixed OAuth2 documentation spelling errors (thanks, [Travis Byrum](https://github.com/travisbyrum)!)
530
531As previously announced, the default value of `AMBASSADOR_UPDATE_MAPPING_STATUS`
532has now changed from `true` to `false`; Ambassador will no longer attempt to
533update the `Status` of a `Mapping` unless you explicitly set
534`AMBASSADOR_UPDATE_MAPPING_STATUS=true` in the environment. If you do not have
535tooling that relies on `Mapping` status updates, we do not recommend setting
536`AMBASSADOR_UPDATE_MAPPING_STATUS`.
537
538**In Ambassador 1.7**, TLS secrets in `Ingress` resources will not be able to use
539`.namespace` suffixes to cross namespaces.
540
541### Ambassador Edge Stack only
542
543- Feature: The Edge Policy Console's Debugging page now has a "Log Out" button to terminate all EPC sessions.
544- Feature: `X-Content-Type-Options: nosniff` to response headers are now set for the Edge Policy Console, to prevent MIME confusion attacks.
545- Feature: The `OAuth2` Filter now has a `allowMalformedAccessToken` setting to enable use with IDPs that generate access tokens that are not compliant with RFC 6750.
546- Bugfix: All JWT Filter errors are now formatted per the specified `errorResponse`.
547- Feature: Options for making Redis connection pooling configurable.
548- Bugfix: User is now directed to the correct URL after clicking in Microsoft Office.
549- Feature: The Console's Dashboard page has speedometer gauges to visualize Rate Limited and Authenticated traffic.
550
551## [1.5.5] June 30, 2020
552[1.5.5]: https://github.com/datawire/ambassador/compare/v1.5.4...v1.5.5
553
554### Ambassador API Gateway + Ambassador Edge Stack
555
556- Incorporate the Envoy 1.14.3 security update.
557
558## [1.5.4] June 23, 2020
559[1.5.4]: https://github.com/datawire/ambassador/compare/v1.5.3...v1.5.4
560
561### Ambassador API Gateway + Ambassador Edge Stack
562
563- Bugfix: Allow disabling `Mapping`-status updates (RECOMMENDED: see below)
564- Bugfix: Logging has been made _much_ quieter; the default Envoy log level has been turned down from "warning" to "error"
565- Ambassador now logs timing information about reconfigures
566
567We recommend that users set `AMBASSADOR_UPDATE_MAPPING_STATUS=false`
568in the environment to tell Ambassador not to update `Mapping` statuses
569unless you have some script that relies on `Mapping` status updates.
570The default value of `AMBASSADOR_UPDATE_MAPPING_STATUS` will change to
571`false` in Ambassador 1.6.
572
573## [1.5.3] June 16, 2020
574[1.5.3]: https://github.com/datawire/ambassador/compare/v1.5.2...v1.5.3
575
576### Ambassador API Gateway + Ambassador Edge Stack
577
578- Bugfix: Restore Envoy listener drain time to its pre-Ambassador 1.3.0 default of 10 minutes.
579- Bugfix: Read Knative ingress generation from the correct place in the Kubernetes object
580
581### Ambassador Edge Stack only
582
583- Bugfix: Allow deletion of ProjectControllers.
584- Bugfix: Fix regression introduced in 1.4.2 where the `OAuth2` AuthorizationCode filter no longer works when behind another gateway that rewrites the request hostname. The behavior here is now controllable via the `internalOrigin` sub-field.
585
586## [1.5.2] June 10, 2020
587[1.5.2]: https://github.com/datawire/ambassador/compare/v1.5.1...v1.5.2
588
589### Ambassador API Gateway + Ambassador Edge Stack
590
591- Incorporate the [Envoy 1.14.2](https://www.envoyproxy.io/docs/envoy/v1.14.2/intro/version_history#june-8-2020) security update.
592- Upgrade the base Docker images used by several tests (thanks, [Daniel Sutton](https://github.com/ducksecops)!).
593
594### Ambassador Edge Stack only
595
596- Feature (BETA): Added an in-cluster micro CI/CD system to enable building, staging, and publishing of GitHub projects from source. This has been included in previous versions as an alpha, but disabled by default. It is now in BETA.
597- Bugfix: The `DEVPORTAL_CONTENT_URL` environment variable now properly handles `file:///` URLs to refer to volume-mounted content.
598- Bugfix: `acmeProvider.authority: none` is no longer case sensitive
599- Bugfix: `edgectl connect` works again on Ubuntu and other Linux setups with old versions of nss-mdns (older than version 0.11)
600- Bugfix: `edgectl` works again on Windows
601- Bugfix: The Edge Policy Console now correctly creates FilterPolicy resources
602
603## [1.5.1] June 05, 2020
604[1.5.1]: https://github.com/datawire/ambassador/compare/v1.5.0...v1.5.1
605
606### Ambassador API Gateway + Ambassador Edge Stack
607
608- Bugfix: Logging has been made _much_ quieter
609- Bugfix: A service that somehow has no hostname should no longer cause an exception
610
611## [1.5.0] May 28, 2020
612[1.5.0]: https://github.com/datawire/ambassador/compare/v1.4.3...v1.5.0
613
614### Ambassador API Gateway + Ambassador Edge Stack
615
616- Change: Switched from quay.io back to DockerHub as our primary publication point. **If you are using your own Kubernetes manifests, you will have to update them!** Datawire's Helm charts and published YAML have already been updated.
617- Feature: switch to Envoy 1.14.1
618- Feature: Allow defaults for `add_request_header`, `remove_request_header`, `add_response_header`, and `remove_response_header`
619- Feature: Inform Knative of the route to the Ambassador service if available (thanks, [Noah Fontes](https://github.com/impl)!)
620- Feature: Support the path and timeout options of the Knative ingress path rules (thanks, [Noah Fontes](https://github.com/impl)!)
621- Feature: Allow preserving `X-Request-ID` on requests from external clients (thanks, [Prakhar Joshi](https://github.com/prakharjoshi)!)
622- Feature: Mappings now support query parameters (thanks, [Phil Peble](https://github.com/ppeble)!)
623- Feature: Allow setting the Envoy shared-memory base ID (thanks, [Phil Peble](https://github.com/ppeble)!)
624- Feature: Additional security configurations not set on default YAMLs
625- Feature: Let Ambassador configure `regex_rewrite` for advanced forwarding
626- Bugfix: Only update Knative ingress CRDs when the generation changes (thanks, [Noah Fontes](https://github.com/impl)!)
627- Bugfix: Now behaves properly when `AMBASSADOR_SINGLE_NAMESPACE` is set to an empty string; rather than getting in to a weird in-between state
628- Bugfix: The websocket library used by the test suite has been upgraded to incorporate security fixes (thanks, [Andrew Allbright](https://github.com/aallbrig)!)
629- Bugfix: Fixed evaluation of label selectors causing the wrong IP to be put in to Ingress resource statuses
630- Bugfix: The `watt` (port 8002) and `ambex` (port 8003) components now bind to localhost instead of 0.0.0.0, so they are no longer erroneously available from outside the Pod
631
632### Ambassador Edge Stack only
633
634- Feature: `edgectl upgrade` allows upgrading API Gateway installations to AES
635- Feature: `edgectl intercept` can generate preview-urls for Host resources that enabled the feature
636- Feature: `edgectl install` will now automatically install the Service Preview components (ambassador-injector, telepresence-proxy) and scoped RBAC
637- Feature: Rate-limited 429 responses now include the `Retry-After` header
638- Feature: The `JWT` Filter now makes `hasKey` and `doNotSet` functions available to header field templates; in order to facilitate only conditionally setting a header field.
639- Feature: The `OAuth2` Filter now has an `expirationSafetyMargin` setting that will cause an access token to be treated as expired sooner, in order to have a safety margin of time to send it to the upstream Resource Server that grants insufficient leeway.
640- Feature: The `JWT` Filter now has `leewayFor{ExpiresAt,IssuedAt,NotBefore}` settings for configuring leeway when validating the timestamps of a token.
641- Feature: The environment variables `REDIS{,_PERSECOND}_{USERNAME,PASSWORD,TLS_ENABLED,TLS_INSECURE}` may now be used to further configure how the Ambassador Edge Stack communicates with Redis.
642- Bugfix: Don't start the dev portal running if `POLL_EVERY_SECS` is 0
643- Bugfix: Now no longer needs cluster-wide RBAC when running with `AMBASSADOR_SINGLE_NAMESPACE`.
644- Bugfix: The `OAuth2` Filter now validates the reported-to-Client scope of an Access Token even if a separate `accessTokenJWTFilter` is configured.
645- Bugfix: The `OAuth2` Filter now sends the user back to the identity provider to upgrade the scope if they request an endpoint that requires broader scope than initially requested; instead of erroring.
646- Bugfix: The `OAuth2` Filter will no longer send RFC 7235 challenges back to the user agent if it would not accept RFC 7235 credentials (previously it only avoided sending HTTP 401 challenges, but still sent 400 or 403 challenges).
647- Bugfix: The `amb-sidecar` (port 8500) component now binds to localhost instead of 0.0.0.0, so it is no longer erroneously available from outside the Pod
648
649## [1.4.3] May 14, 2020
650[1.4.3]: https://github.com/datawire/ambassador/compare/v1.4.2...v1.4.3
651
652### Ambassador Edge Stack only
653
654- Bugfix: Don't generate spurious 403s in the logs when using the Edge Policy Console.
655
656## [1.4.2] April 22, 2020
657[1.4.2]: https://github.com/datawire/ambassador/compare/v1.4.1...v1.4.2
658
659### Ambassador Edge Stack only
660
661- Bugfix: The Traffic Agent binds to port 9900 by default. That port can be configured in the Agent's Pod spec.
662 - For more about using the Traffic Agent, see the [Service Preview documentation](https://www.getambassador.io/docs/edge-stack/latest/topics/using/edgectl/#configuring-service-preview).
663- Bugfix: The `OAuth2` Filter redirection-endpoint now handles various XSRF errors more consistently (the way we meant it to in 1.2.1)
664- Bugfix: The `OAuth2` Filter now supports multiple authentication domains that share the same credentials.
665 - For more about using multiple domains, see the [OAuth2 `Filter` documentation](https://www.getambassador.io/docs/edge-stack/1.4/topics/using/filters/oauth2/).
666- Bugfix: The ACME client now obeys `AMBASSADOR_ID`
667- Feature (ALPHA): Added an in-cluster micro CI/CD system to enable building, staging, and publishing of GitHub projects from source. This is disabled by default.
668
669## [1.4.1] April 15, 2020
670[1.4.1]: https://github.com/datawire/ambassador/compare/v1.4.0...v1.4.1
671
672### Ambassador Edge Stack only
673
674- Internal: `edgectl install` uses Helm under the hood
675
676## [1.4.0] April 08, 2020
677[1.4.0]: https://github.com/datawire/ambassador/compare/v1.3.2...v1.4.0
678
679### Ambassador API Gateway + Ambassador Edge Stack
680
681- Feature: Support Ingress Path types improvements from networking.k8s.io/v1beta1 on Kubernetes 1.18+
682- Feature: Support Ingress hostname wildcards
683- Feature: Support for the IngressClass Resource, added to networking.k8s.io/v1beta1 on Kubernetes 1.18+
684 - For more about new Ingress support, see the [Ingress Controller documentation](https://getambassador.io/docs/edge-stack/1.4/topics/running/ingress-controller).
685- Feature: `Mapping`s support the `cluster_tag` attribute to control the name of the generated Envoy cluster (thanks, [Stefan Sedich](https://github.com/stefansedich)!)
686 - See the [Advanced Mapping Configuration documentation](https://getambassador.io/docs/edge-stack/1.4/topics/using/mappings) for more.
687- Feature: Support Envoy's ability to force response headers to canonical HTTP case (thanks, [Puneet Loya](https://github.com/puneetloya)!)
688 - See the [Ambassador Module documentation](https://getambassador.io/docs/edge-stack/1.4/topics/running/ambassador) for more.
689- Bugfix: Correctly ignore Kubernetes services with no metadata (thanks, [Fabrice](https://github.com/jfrabaute)!)
690
691### Ambassador Edge Stack only
692
693- Feature: `edgectl install` output has clearer formatting
694- Feature: `edgectl install` offers help when installation does not succeed
695- Feature: `edgectl install` uploads installer and AES logs to a private area upon failure so Datawire support can help
696- Bugfix: The "Filters" tab in the webui no longer renders the value of OAuth client secrets that are stored in Kubernetes secrets.
697- Bugfix: The ACME client of of one Ambassador install will no longer interfere with the ACME client of another Ambassador install in the same namespace with a different AMBASSADOR_ID.
698- Bugfix: `edgectl intercept` supports matching headers values against regular expressions once more
699- Bugfix: `edgectl install` correctly handles more local and cluster environments
700 - For more about `edgectl` improvements, see the [Service Preview and Edge Control documentation](https://getambassador.io/docs/edge-stack/1.4/topics/using/edgectl).
701
702## [1.3.2] April 01, 2020
703[1.3.2]: https://github.com/datawire/ambassador/compare/v1.3.1...v1.3.2
704
705### Ambassador Edge Stack only
706
707- Bugfix: `edgectl install` correctly installs on Amazon EKS and other clusters that provide load balancers with fixed DNS names
708- Bugfix: `edgectl install` when using Helm once again works as documented
709- Bugfix: `edgectl install` console logs are improved and neatened
710- Bugfix: `edgectl install --verbose` output is improved
711- Bugfix: `edgectl install` automatically opens documentation pages for some errors
712- Bugfix: `edgectl install` help text is improved
713
714## [1.3.1] March 24, 2020
715[1.3.1]: https://github.com/datawire/ambassador/compare/v1.3.0...v1.3.1
716
717### Ambassador Edge Stack only
718
719- Bugfix: `edgectl install` will not install on top of a running Ambassador
720- Bugfix: `edgectl install` can detect and report if `kubectl` is missing
721- Bugfix: `edgectl install` can detect and report if it cannot talk to a Kubernetes cluster
722- Bugfix: When using the `Authorization Code` grant type for `OAuth2`, expired tokens are correctly handled so that the user will be prompted to renew
723- Bugfix: When using the `Password` grant type for `OAuth2`, authentication sessions are properly associated with each user
724- Bugfix: When using the `Password` grant type for `OAuth2`, you can set up multiple `Filter`s to allow requesting different scopes for different endpoints
725
726## [1.3.0] March 17, 2020
727[1.3.0]: https://github.com/datawire/ambassador/compare/v1.2.2...v1.3.0
728
729### Ambassador Edge Stack only
730
731- Feature: Support username and password as headers for OAuth2 authentication (`grantType: Password`)
732- Feature: `edgectl install` provides better feedback for clusters that are unreachable from the public Internet
733- Feature: `edgectl install` supports KIND clusters (thanks, [@factorypreset](https://github.com/factorypreset)!)
734- Feature: `edgectl intercept` supports HTTPS
735- Feature: Ambassador Edge Stack Docker image is ~150MB smaller
736- Feature: The Edge Policy Console can be fully disabled with the `diagnostics.enabled` element in the `ambassador` Module
737- Feature: `aes-plugin-runner` now allows passing in `docker run` flags after the main argument list.
738- Bugfix: Ambassador Edge Stack doesn't crash if the Developer Portal content URL is not accessible
739- Bugfix: `edgectl connect` does a better job handling clusters with many services
740- Bugfix: The `Plugin` Filter now correctly sets `request.TLS` to nil/non-nil based on if the original request was encrypted or not.
741- Change: There is no longer a separate traffic-proxy image; that functionality is now part of the main AES image. Set `command: ["traffic-manager"]` to use it.
742
743## [1.2.2] March 04, 2020
744[1.2.2]: https://github.com/datawire/ambassador/compare/v1.2.1...v1.2.2
745
746### Ambassador Edge Stack only
747
748- Internal: Fix an error in Edge Stack update checks
749
750## [1.2.1] March 03, 2020
751[1.2.1]: https://github.com/datawire/ambassador/compare/v1.2.0...v1.2.1
752
753Edge Stack users SHOULD NOT use this release, and should instead use 1.2.2.
754
755### Ambassador API Gateway + Ambassador Edge Stack
756
757- Bugfix: re-support PROXY protocol when terminating TLS ([#2348])
758- Bugfix: Incorporate the Envoy 1.12.3 security update
759
760### Ambassador Edge Stack only
761
762- Bugfix: The `aes-plugin-runner` binary for GNU/Linux is now statically linked (instead of being linked against musl libc), so it should now work on either musl libc or GNU libc systems
763- Feature (ALPHA): An `aes-plugin-runner` binary for Windows is now produced. (It is un-tested as of yet.)
764- Bugfix: The `OAuth2` Filter redirection-endpoint now handles various XSRF errors more consistently
765- Change: The `OAuth2` Filter redirection-endpoint now handles XSRF errors by redirecting back to the identity provider
766
767[#2348]: https://github.com/datawire/ambassador/issues/2348
768
769## [1.2.0] February 24, 2020
770[1.2.0]: https://github.com/datawire/ambassador/compare/v1.1.1...v1.2.0
771
772### Ambassador API Gateway + Ambassador Edge Stack
773
774- Feature: add idle_timeout_ms support for common HTTP listener (thanks, Jordan Neufeld!) ([#2155])
775- Feature: allow override of bind addresses, including for IPv6! (thanks to [Josue Diaz](https://github.com/josuesdiaz)!) ([#2293])
776- Bugfix: Support Istio mTLS secrets natively (thanks, [Phil Peble](https://github.com/ppeble)!) ([#1475])
777- Bugfix: TLS custom secret with period in name doesn't work (thanks, [Phil Peble](https://github.com/ppeble)!) ([#1255])
778- Bugfix: Honor ingress.class when running with Knative
779- Internal: Fix CRD-versioning issue in CI tests (thanks, [Ricky Taylor](https://github.com/ricky26)!)
780- Bugfix: Stop using deprecated Envoy configuration elements
781- Bugfix: Resume building a debuggable Envoy binary
782
783### Ambassador Edge Stack only
784
785- Change: The `ambassador` service now uses the default `externalTrafficPolicy` of `Cluster` rather than explicitly setting it to `Local`. This is a safer setting for GKE where the `Local` policy can cause outages when ambassador is updated. See https://stackoverflow.com/questions/60121956/are-hitless-rolling-updates-possible-on-gke-with-externaltrafficpolicy-local for details.
786- Feature: `edgectl install` provides a much cleaner, quicker experience when installing Ambassador Edge Stack
787- Feature: Ambassador Edge Stack supports the Ambassador operator for automated management and upgrade
788- Feature: `ifRequestHeader` can now have `valueRegex` instead of `value`
789- Feature: The `OAuth2` Filter now has `useSessionCookies` option to have cookies expire when the browser closes, rather than at a fixed duration
790- Feature: `ifRequestHeader` now has `negate: bool` to invert the match
791- Bugfix: The RBAC for `Ingress` now supports the `networking.k8s.io` `apiGroup`
792- Bugfix: Quiet Dev Portal debug logs
793- Bugfix: The Edge Policy Console is much less chatty when logged out
794- Change: The intercept agent is now incorporated into the `aes` image
795- Change: The `OAuth2` Filter no longer sets cookies when `insteadOfRedirect` triggers
796- Change: The `OAuth2` Filter more frequently adjusts the cookies
797
798[#1475]: https://github.com/datawire/ambassador/issues/1475
799[#1255]: https://github.com/datawire/ambassador/issues/1255
800[#2155]: https://github.com/datawire/ambassador/issues/2155
801[#2293]: https://github.com/datawire/ambassador/issues/2293
802
803## [1.1.1] February 12, 2020
804[1.1.1]: https://github.com/datawire/ambassador/compare/v1.1.0...v1.1.1
805
806### Ambassador API Gateway + Ambassador Edge Stack
807
808- Bugfix: Load explicitly referenced secrets in another namespace, even when `AMBASSADOR_SINGLE_NAMESPACE` (thanks, [Thibault Cohen](https://github.com/titilambert)!) ([#2202])
809- Bugfix: Fix Host support for choosing cleartext or TLS ([#2279])
810- Bugfix: Fix intermittent error when rendering `/ambassador/v0/diag/`
811- Internal: Various CLI tooling improvements
812
813[#2202]: https://github.com/datawire/ambassador/issues/2202
814[#2279]: https://github.com/datawire/ambassador/pull/2279
815
816### Ambassador Edge Stack only
817
818- Feature: The Policy Console can now set the log level to "trace" (in addition to "info" or "debug")
819- Bugfix: Don't have the Policy Console poll for snapshots when logged out
820- Bugfix: Do a better job of noticing when the license key changes
821- Bugfix: `aes-plugin-runner --version` now works properly
822- Bugfix: Only serve the custom CONGRATULATIONS! 404 page on `/`
823- Change: The `OAuth2` Filter `stateTTL` setting is now ignored; the lifetime of state-tokens is now managed automatically
824
825## [1.1.0] January 28, 2020
826[1.1.0]: https://github.com/datawire/ambassador/compare/v1.0.0...v1.1.0
827
828(Note that Ambassador 1.1.0 is identical to Ambassador 1.1.0-rc.0, from January 24, 2020.
829 Also, we're now using "-rc.N" rather than just "-rcN", for better compliance with
830 [SemVer](https://www.semver.org/).
831
832### Ambassador API Gateway + Ambassador Edge Stack
833
834- Feature: support resources with the same name but in different namespaces ([#2226], [#2198])
835- Feature: support DNS overrides in `edgectl`
836- Bugfix: Reduce log noise about "kubestatus" updates
837- Bugfix: manage the diagnostics snapshot cache more aggressively to reduce memory footprint
838- Bugfix: re-enable Docker demo mode (and improve the test to make sure we don't break it again!) ([#2227])
839- Bugfix: correct potential issue with building edgectl on Windows
840- Internal: fix an error with an undefined Python type in the TLS test (thanks, [Christian Clauss](https://github.com/cclauss)!)
841
842### Ambassador Edge Stack only
843
844- Feature: make the `External` filter type fully compatible with the `AuthService` type
845- Docs: add instructions for what to do after downloading `edgectl`
846- Bugfix: make it much faster to apply the Edge Stack License
847- Bugfix: make sure the ACME terms-of-service link is always shown
848- Bugfix: make the Edge Policy Console more performant
849
850[#2198]: https://github.com/datawire/ambassador/issues/2198
851[#2226]: https://github.com/datawire/ambassador/issues/2226
852[#2227]: https://github.com/datawire/ambassador/issues/2227
853
854## [1.0.0] January 15, 2020
855[1.0.0]: https://github.com/datawire/ambassador/compare/v0.86.1...v1.0.0
856
857### Caution!
858
859All of Ambassador's CRDs have been switched to `apiVersion: getambassador.io/v2`, and
860**your resources will be upgraded when you apply the new CRDs**. We recommend that you
861follow the [migration instructions](https://getambassador.io/early-access/user-guide/upgrade-to-edge-stack/) and check your installation's
862behavior before upgrading your CRDs.
863
864## Ambassador API Gateway + Ambassador Edge Stack
865
866### Breaking changes
867
868- When a resource specifies a service or secret name without a corresponding namespace, Ambassador will now
869 look for the service or secret in the namespace of the resource that mentioned it. In the past, Ambassador
870 would look in the namespace in which Ambassador was running.
871
872### Features
873
874- The Host CR provides an easy way to tell Ambassador about domains it should expect to handle, and
875 how it should handle secure and insecure requests for those domains
876- Redirection from HTTP to HTTPS defaults to ON when termination contexts are present
877- Mapping and Host CRs, as well as Ingress resources, get Status updates to provide better feedback
878- Improve performance of processing events from Kubernetes
879- Automatic HTTPS should work with any ACME clients doing the http-01 challenge
880
881### Bugfixes
882
883- CORS now happens before rate limiting
884- The reconfiguration engine is better protected from exceptions
885- Don’t try to check for upgrades on every UI snapshot update
886- Reduced reconfiguration churn
887- Don't force SNI routes to be lower-priority than non-SNI routes
888- Knative mappings fallback to the Ambassador namespace if no namespace is specified
889- Fix `ambassador_id` handling for Knative resources
890- Treat `ambassadorId` as a synonym for `ambassador_id` (`ambassadorId` is the Protobuf 3 canonical form of `ambassador_id`)
891
892### Ambassador Edge Stack
893
894Ambassador Edge Stack incorporates the functionality of the old Ambassador Pro product.
895
896- Authentication and ratelimiting are now available under a free community license
897- Given a Host CR, Ambassador can manage TLS certificates using ACME (or you can manage them by hand)
898- There is now an `edgectl` program that you can use for interacting with Ambassador from the command line
899- There is a web user-interface for Ambassador
900- BREAKING CHANGE: `APP_LOG_LEVEL` is now `AES_LOG_LEVEL`
901
902See the [`CHANGELOG.old-pro.md`](./CHANGELOG.old-pro.md) file for the changelog of
903the old Ambassador Pro product.
904
905## [1.0.0-rc6] January 15, 2020
906[1.0.0-rc6]: https://github.com/datawire/ambassador/compare/v1.0.0-rc4...v1.0.0-rc6
907
908 - AES: Bugfix: Fix ACME client with multiple replicas
909 - AES: Bugfix: Fix ACME client race conditions with the API server and WATT
910 - AES: Bugfix: Don't crash in the ACME client if Redis is unavailable
911
912## [1.0.0-rc4] January 13, 2020
913[1.0.0-rc4]: https://github.com/datawire/ambassador/compare/v1.0.0-rc1...v1.0.0-rc4
914
915- Change: Less verbose yet more useful Ambassador pod logs
916- Bugfix: Various bugfixes for listeners and route rejection
917- Bugfix: Don't append the service namespace for `localhost`
918- AES: Bugfix: Fix rendering mapping labels YAML in the webui
919- AES: Bugfix: Organize help output from `edgectl` so it is easier to read
920- AES: Bugfix: Various bugfixes around ACME support with manually-configured TLSContexts
921- AES: Change: Don't disable scout or enable extra-verbose logging when migrating from OSS
922- AES: BREAKING CHANGE: `APP_LOG_LEVEL` is now `AES_LOG_LEVEL`
923
924## [1.0.0-rc1] January 11, 2020
925[1.0.0-rc1]: https://github.com/datawire/ambassador/compare/v1.0.0-rc0...v1.0.0-rc1
926
927- Internal: Improvements to release machinery
928- Internal: Fix the dev shell
929- Internal: Adjust KAT tests to work with the Edge Stack
930
931## [1.0.0-rc0] January 10, 2020
932[1.0.0-rc0]: https://github.com/datawire/ambassador/compare/v1.0.0-ea13...v1.0.0-rc0
933
934- BREAKING CHANGE: Rename Host CR status field `reason` to `errorReason`
935- Feature: Host CRs now default `.spec.hostname` to `.metadata.name`
936- Feature: Host CRs now have a `requestPolicy` field to control redirecting from cleartext to TLS
937- Feature: Redirecting from cleartext to TLS no longer interferes with ACME http-01 challenges
938- Feature: Improved `edgectl` help and informational messages
939- Bugfix: Host CR status is now a sub-resource
940- Bugfix: Have diagd snapshot JSON not include "serialization" keys (which could potentially leak secrets)
941- Bugfix: Fix `ambassador_id` handling for Knative resources
942- Bugfix: Use the correct namespace for resources found via annotations
943- Bugfix: Treat `ambassadorId` as a synonym for `ambassador_id` (`ambassadorId` is the Protobuf 3 canonical form of `ambassador_id`)
944- Internal: Allow passing a `DOCKER_NETWORK` variable to the build-system
945
946## [1.0.0-ea13] January 09, 2020
947[1.0.0-ea13]: https://github.com/datawire/ambassador/compare/v1.0.0-ea12...v1.0.0-ea13
948
949- Bugfix: Knative mappings populate and fallback to the Ambassador namespace if unspecified
950- Internal: Knative tests for versions 0.7.1 and 0.8.0 were removed
951- Internal: Knative tests for version 0.11.0 were added
952- Internal: Improved performance with Edge Stack using /ambassador/v0/diag/ with an optional `patch_client` query param to send a partial representation in JSON Patch format, reducing the memory and network traffic for large deployments
953- Internal: Silencing warnings from `which` in docs preflight-check
954
955## [1.0.0-ea12] January 08, 2020
956[1.0.0-ea12]: https://github.com/datawire/ambassador/compare/v1.0.0-ea9...v1.0.0-ea12
957
958- BREAKING CHANGE: When a resource specifies a service or secret name without a corresponding namespace, Ambassador uses the namespace of the resource. In the past, Ambassador would use its own namespace.
959- Bugfix: Add the appropriate label so Ingress works with Edge Stack
960- Bugfix: Remove superfluous imagePullSecret
961- Bugfix: Fix various admin UI quirks, especially in Firefox
962 - Bogus warnings about duplicate resources
963 - Drag-and-drop reordering of rate limit configuration
964 - Missing icons
965- Internal: Drop duplicated resources earlier in the processing chain
966- Internal: Streamline code generation from protobufs
967- Internal: Automated broken-link checks in the documentation
968
969## [1.0.0-ea9] December 23, 2019
970[1.0.0-ea9]: https://github.com/datawire/ambassador/compare/v1.0.0-ea7...v1.0.0-ea9
971
972- Bugfix: Use proper executable name for Windows edgectl
973- Bugfix: Don't force SNI routes to be lower-priority than non-SNI routes
974- Bugfix: Prevent the self-signed fallback context from conflicting with a manual context
975
976## [1.0.0-ea7] December 19, 2019
977[1.0.0-ea7]: https://github.com/datawire/ambassador/compare/v1.0.0-ea6...v1.0.0-ea7
978
979- Bugfix: UI buttons can hide themselves
980- Bugfix: Developer Portal API acquisition
981- Bugfix: Developer Portal internal routing
982- Internal: Better JS console usage
983- Internal: Rationalize usage reporting for Edge Stack
984
985## [1.0.0-ea6] December 18, 2019
986[1.0.0-ea6]: https://github.com/datawire/ambassador/compare/v1.0.0-ea5...v1.0.0-ea6
987
988- Feature: Improve performance of processing events from Kubernetes
989- Feature: Automatic HTTPS should work with any ACME clients doing the http-01 challenge
990- Internal: General improvements to test infrastructure
991- Internal: Improved the release process
992
993`ambassador-internal-access-control` `Filter` and `FilterPolicy` are now
994created internally. Remove them from your cluster if upgrading from a
995previous version.
996
997## [1.0.0-ea5] December 17, 2019
998[1.0.0-ea5]: https://github.com/datawire/ambassador/compare/v1.0.0-ea3...v1.0.0-ea5
999
1000- Internal: Improved the reliability of CI
1001- Internal: Improved the release process
1002
1003## [1.0.0-ea3] December 16, 2019
1004[1.0.0-ea3]: https://github.com/datawire/ambassador/compare/v1.0.0-ea1...v1.0.0-ea3
1005
1006- Feature: initial edgectl support for Windows!
1007- UX: be explicit that seeing the license applied can take a few minutes
1008- Bugfix: don’t try to check for upgrades on every UI snapshot update
1009- Bugfix: don’t activate the fallback TLSContext if its secret is not available
1010- Bugfix: first cut at reducing reconfiguration churn
1011
1012## [1.0.0-ea1] December 10, 2019
1013[1.0.0-ea1]: https://github.com/datawire/ambassador/compare/v0.85.0...v1.0.0-ea1
1014
1015### Caution!
1016
1017All of Ambassador's CRDs have been switched to `apiVersion: getambassador.io/v2`, and
1018**your resources will be upgraded when you apply the new CRDs**. We recommend that you
1019follow the [migration instructions](https://getambassador.io/early-access/user-guide/upgrade-to-edge-stack/) and check your installation's
1020behavior before upgrading your CRDs.
1021
1022### Features
1023
1024- Authentication and ratelimiting are now available under a free community license
1025- The Host CRD provides an easy way to tell Ambassador about domains it should expect to handle
1026- Given a Host CRD, Ambassador can manage TLS certificates using ACME (or you can manage them by hand)
1027- Redirection from HTTP to HTTPS defaults to ON when termination contexts are present
1028- Mapping and Host CRDs, as well as Ingress resources, get Status updates to provide better feedback
1029
1030### Bugfixes
1031
1032- CVE-2019–18801, CVE-2019–18802, and CVE-2019–18836 are fixed by including Envoy 1.12.2
1033- CORS now happens before rate limiting
1034- The reconfiguration engine is better protected from exceptions
1035
1036## [0.86.1] December 10, 2019
1037[0.86.1]: https://github.com/datawire/ambassador/compare/v0.84.1...v0.86.1
1038
1039- Envoy updated to 1.12.2 for security fixes
1040- Envoy TCP keepalives are now supported (thanks, [Bartek Kowalczyk](https://github.com/KowalczykBartek)!)
1041- Envoy remote access logs are now supported
1042- Correctly handle upgrades when the `LogService` CRD is not present
1043
1044(Ambassador 0.86.0 was superseded by Ambassador 0.86.1.)
1045
1046## [0.85.0] October 22, 2019
1047[0.85.0]: https://github.com/datawire/ambassador/compare/v0.84.1...v0.85.0
1048
1049### Features
1050
1051- Support configuring the Envoy access log format (thanks to [John Esmet](https://github.com/esmet)!)
1052
1053## [0.84.1] October 20, 2019
1054[0.84.1]: https://github.com/datawire/ambassador/compare/v0.84.0...v0.84.1
1055
1056### Major changes:
1057- Bugfix: Fix /ambassador permissions to allow running as non-root - Thanks @dmayle (https://github.com/dmayle) for reporting the bug.
1058
1059## [0.84.0] October 18, 2019
1060[0.84.0]: https://github.com/datawire/ambassador/compare/v0.83.0...v0.84.0
1061
1062### Features:
1063
1064- Support setting window_bits for the GZip filter (thanks to [Florent Delannoy](https://github.com/Pluies)!)
1065- Correctly support tuning the regex_max_size, and bump its default to 200 (thanks to [Paul Salaberria](https://github.com/psalaberria002)!)
1066- Support setting redirect_cleartext_from in a TLSContext
1067
1068### Bugfixes:
1069
1070- Correctly update loadbalancer status of Ingress resources
1071- Don't enable diagd debugging in the test suite unless explicitly requested (thanks to [Jonathan Suever](https://github.com/suever)!)
1072- Switch to an Envoy release build
1073
1074### Developer Notes:
1075
1076- Many many things about the build system have changed under the hood!
1077 - Start with `make help`, and
1078 - Join our [Slack channel](https://d6e.co/slack) for more help!
1079
1080## [0.83.0] October 08, 2019
1081[0.83.0]: https://github.com/datawire/ambassador/compare/v0.82.0...v0.83.0
1082
1083### Major changes:
1084- Update Ambassador to address CVE-2019-15225 and CVE-2019-15226.
1085
1086NOTE: this switches the default regex engine! See the documentation for the `ambassador` `Module` for more.
1087
1088## [0.82.0] October 02, 2019
1089[0.82.0]: https://github.com/datawire/ambassador/compare/v0.81.0...v0.82.0
1090
1091### Major changes:
1092- Feature: Arrange for the Prometheus metrics endpoint to also return associated headers (thanks, [Jennifer Wu](https://github.com/jhsiaomei)!)
1093- Feature: Support setting a TLS origination context when doing TLS to a RateLimitService (thanks, [Phil Peble](https://github.com/ppeble)!)
1094- Feature: Allow configuring Envoy's access log path (thanks, [Jonathan Suever](https://github.com/suever)!)
1095- Update: Switch to Python 3.7 and Alpine 3.10
1096
1097### Developer notes:
1098- Switch back to the latest mypy (currently 0.730)
1099- Environment variable KAT_IMAGE_PULL_POLICY can override the imagePullPolicy when running KAT tests
1100- Updated Generated Envoy Golang APIs
1101
1102## [0.81.0] September 26, 2019
1103[0.81.0]: https://github.com/datawire/ambassador/compare/v0.80.0...v0.81.0
1104
1105### Major changes:
1106- Feature: ${} environment variable interpolation is supported in all Ambassador configuration resources (thanks, [Stefan Sedich](https://github.com/stefansedich)!)
1107- Feature: DataDog APM tracing is now supported (thanks again, [Stefan Sedich](https://github.com/stefansedich)!)
1108- Bugfix: Fix an error in the TLSContext schema (thanks, [@georgekaz](https://github.com/georgekaz)!)
1109
1110### Developer notes:
1111- Test services can now be built, deployed, and tested more easily (see BUILDING.md)
1112- `mypy` is temporarily pinned to version 0.720.
1113
1114## [0.80.0] September 20, 2019
1115[0.80.0]: https://github.com/datawire/ambassador/compare/v0.78.0...v0.80.0
1116
1117### Major changes:
1118- Feature: Basic support for the Kubernetes Ingress resource
1119- Feature: Basic reporting for some common configuration errors (lack of Mappings, lack of TLS contexts)
1120- Bugfix: Update Envoy to prevent crashing when updating AuthService under load
1121
1122### Developer notes
1123- Golang components now use Go 1.13
1124- Ambassador build now _requires_ clean type hinting
1125- KAT client and server have been pulled back into the Ambassador repo
1126
1127## [0.78.0] September 11, 2019
1128[0.78.0]: https://github.com/datawire/ambassador/compare/v0.77.0...v0.78.0
1129
1130### Major changes:
1131- Feature: Support setting cipher_suites and ecdh_curves in TLSContext - #1782 (Thanks @teejaded)
1132- Feature: Make 128-bits traceids the default - #1794 (Thanks @Pluies)
1133- Feature: Set cap_net_bind_service to allow binding to low ports - #1720 (Thanks @swalberg)
1134
1135### Minor changes:
1136- Testing: Add test that ambassador cli does not crash when called with --help - #1806 (Thanks @rokostik)
1137
1138## [0.77.0] September 05, 2019
1139[0.77.0]: https://github.com/datawire/ambassador/compare/v0.76.0...v0.77.0
1140
1141- (Feature) Support the `least_request` load balancer policy (thanks, [Steve Flanders](https://github.com/flands)!)
1142- (Misc) Many test and release-engineering improvements under the hood
1143
1144## [0.76.0] August 26, 2019
1145[0.76.0]: https://github.com/datawire/ambassador/compare/v0.75.0...v0.76.0
1146
1147- circuit breakers now properly handle overriding a global circuit breaker within a Mapping ([#1767])
1148- support for Knative 0.8.0 ([#1732])
1149
1150[#1767]: https://github.com/datawire/ambassador/issues/1767
1151[#1732]: https://github.com/datawire/ambassador/issues/1732
1152
1153## [0.75.0] August 13, 2019
1154[0.75.0]: https://github.com/datawire/ambassador/compare/0.74.1...0.75.0
1155
1156- (Feature) Update to Envoy 1.11.1, including security fixes
1157- (Feature) You can use a `TLSContext` without a `secret` to set origination options ([#1708])
1158- (Feature) Canary deployments can now use multiple `host_rewrite` values ([#1159])
1159- (Bugfix) Make sure that Ambassador won't mistakenly complain about the number of RateLimit and Tracing services (thanks, [Christian Claus](https://github.com/cclauss)!)
1160
1161[#1159]: https://github.com/datawire/ambassador/issues/1159
1162[#1708]: https://github.com/datawire/ambassador/issues/1708
1163
1164## [0.74.1] August 06, 2019
1165[0.74.1]: https://github.com/datawire/ambassador/compare/0.74.0...0.74.1
1166
1167- (bugfix) Make sure that updates properly trigger reconfigures ([#1727])
1168- (misc) Arrange for startup logging to have timestamps
1169
1170[#1727]: https://github.com/datawire/ambassador/issues/1727
1171
1172## [0.74.0] July 30, 2019
1173[0.74.0]: https://github.com/datawire/ambassador/compare/0.73.0...0.74.0
1174
1175- Bugfix: Make sure that the pod dies if Envoy dies
1176- Bugfix: Correctly allow setting `timeout_ms` for `AuthService` (thanks, [John Esmet!](https://www.github.com/esmet)!)
1177- Feature: Permit configuring `cluster_idle_timeout_ms` for upstream services (thanks, [John Esmet!](https://www.github.com/esmet)!) ([#1542])
1178
1179[#1542]: https://github.com/datawire/ambassador/issues/1542
1180
1181## [0.73.0] July 11, 2019
1182[0.73.0]: https://github.com/datawire/ambassador/compare/0.72.0...0.73.0
1183
1184- Feature: Experimental native support for Knative! ([#1579])
1185- Feature: Better Linkerd interoperability! ([#1578], [#1594])
1186
1187- Feature: Add a legend for the colors of service names on the diagnostic overview (thanks, [Wyatt Pearsall](https://github.com/wpears)!)
1188- Feature: Allow switching Envoy to output JSON logs (thanks, [Pedro Tavares](https://github.com/ServerlessP)!)
1189- Feature: Allow setting `AMBASSADOR_LABEL_SELECTOR` and `AMBASSADOR_FIELD_SELECTOR` to let Ambassador use Kubernetes selectors to determine which things to read (thanks, [John Esmet](https://github.com/esmet)!) ([#1292])
1190- Feature: Allow configuring retries for `AuthService` (thanks, [Kevin Dagostino](https://github.com/TonkWorks)!) ([#1622], [#1461])
1191
1192- Bugfix: Allow Ambassador to ride through Envoy-validation timeouts (thanks, [John Morrisey](https://github.com/jwm)!)
1193- Bugfix: Allow Ambassador to ride through parse errors on input resources (thanks, [Andrei Predoiu](https://github.com/Andrei-Predoiu)!) ([#1625])
1194- Bugfix: Allow '.' in a `secret` name to just be a '.' ([#1255])
1195
1196- Bugfix: Allow manually defining an Ambassador `Service` resource, same as any other resource
1197- Bugfix: Prevent spurious duplicate-resource errors when loading config from the filesystem
1198
1199[#1255]: https://github.com/datawire/ambassador/issues/1255
1200[#1292]: https://github.com/datawire/ambassador/issues/1292
1201[#1461]: https://github.com/datawire/ambassador/issues/1461
1202[#1578]: https://github.com/datawire/ambassador/issues/1578
1203[#1579]: https://github.com/datawire/ambassador/issues/1579
1204[#1594]: https://github.com/datawire/ambassador/issues/1594
1205[#1622]: https://github.com/datawire/ambassador/issues/1622
1206[#1625]: https://github.com/datawire/ambassador/issues/1625
1207
1208## [0.72.0] June 13, 2019
1209[0.72.0]: https://github.com/datawire/ambassador/compare/0.71.0...0.72.0
1210
1211- Envoy: Update Envoy to commit 8f57f7d765
1212- Bugfix: Auth spans are now properly connected to requests ([#1414])
1213- Bugfix: `include_body` now works correctly ([#1531], [#1595])
1214- Bugfix: `x_forwarded_proto_redirect` works again (thanks to [Kyle Martin](https://github.com/KyleMartin901)!) ([#1571])
1215- Bugfix: Ambassador works correctly with read-only filesystems (thanks, [Niko Kurtti](https://github.com/n1koo)!) ([#1614], [#1619])
1216- Bugfix: Correctly render groups associated with a given resolver in diagnostics JSON output
1217- Feature: Give the Ambassador CLI a way to specify the directory into which to write secrets.
1218
1219[#1414]: https://github.com/datawire/ambassador/issues/1414
1220[#1531]: https://github.com/datawire/ambassador/issues/1531
1221[#1571]: https://github.com/datawire/ambassador/issues/1571
1222[#1595]: https://github.com/datawire/ambassador/issues/1595
1223[#1614]: https://github.com/datawire/ambassador/issues/1614
1224[#1619]: https://github.com/datawire/ambassador/issues/1619
1225
1226## [0.71.0] June 06, 2019
1227[0.71.0]: https://github.com/datawire/ambassador/compare/0.70.1...0.71.0
1228
1229- Feature: GZIP support [#744]
1230- Feature: diag UI shows active Resolvers [#1453]
1231- Feature: CRDs exist for Resolvers [#1563]
1232- Feature: Resolvers with custom names work, even as CRDs [#1497]
1233- Feature: The `/metrics` endpoint provides direct access to Prometheus-format stats (thanks to [Rotem Tamir](https://github.com/rotemtam)!)
1234- Bugfix: `statsd-exporter` now correctly defaults to port 8125 (thanks to [Jonathan Suever](https://github.com/suever)!)
1235- Bugfix: redirect_cleartext_from no longer strips the URL path [#1463]
1236- Bugfix: canary weights of 0 and 100 work correctly [#1379]
1237- Bugfix: `docker run` works again for the Ambassador demo, and is part of our tests now [#1569]
1238- Bugfix: Scout `DEBUG` messages don’t get leaked into the diag UI [#1573]
1239- Maintenance: warn of upcoming protocol version changes
1240- Maintenance: check in with Scout every 24 hours, but no more than twice per day
1241
1242[#744]: https://github.com/datawire/ambassador/issues/744
1243[#1379]: https://github.com/datawire/ambassador/issues/1379
1244[#1453]: https://github.com/datawire/ambassador/issues/1453
1245[#1463]: https://github.com/datawire/ambassador/issues/1463
1246[#1497]: https://github.com/datawire/ambassador/issues/1497
1247[#1563]: https://github.com/datawire/ambassador/issues/1563
1248[#1569]: https://github.com/datawire/ambassador/issues/1569
1249[#1573]: https://github.com/datawire/ambassador/issues/1573
1250
1251## [0.70.1] May 24, 2019
1252[0.70.1]: https://github.com/datawire/ambassador/compare/0.70.0...0.70.1
1253
1254### Minor changes:
1255- Bugfix: Disable CRD support if Ambassador cannot access them
1256- Upgrade: Upgrade to watt 0.5.1
1257
1258## [0.70.0] May 20, 2019
1259[0.70.0]: https://github.com/datawire/ambassador/compare/0.61.0...0.70.0
1260
1261### Major changes:
1262- Feature: Support CRDs in the `getambassador.io` API group for configuration ([#482])
1263- Feature: Update to Envoy 1.10
1264
1265### Minor changes:
1266- Feature: Support removing request headers (thanks @ysaakpr!)
1267- Bugfix: `watt` should better coalesce calls to the watch hook on startup
1268- Bugfix: Ambassador no longer uses ports 7000 or 18000 ([#1526], [#1527])
1269
1270[#482]: https://github.com/datawire/ambassador/issues/482
1271[#1526]: https://github.com/datawire/ambassador/issues/1526
1272[#1527]: https://github.com/datawire/ambassador/issues/1527
1273
1274## [0.61.1] May 16, 2019
1275[0.61.1]: https://github.com/datawire/ambassador/compare/0.61.0...0.61.1
1276
1277- Bugfix: Make sure that Consul discovery properly handles the datacenter name ([#1533])
1278- Bugfix: Make sure that the feature-walk code is protected against clusters with no endpoints at all ([#1532])
1279
1280[#1532]: https://github.com/datawire/ambassador/issues/1532
1281[#1533]: https://github.com/datawire/ambassador/issues/1533
1282
1283## [0.61.0] May 08, 2019
1284[0.61.0]: https://github.com/datawire/ambassador/compare/0.60.3...0.61.0
1285
1286Ambassador 0.61.0 metadata
1287
1288### Changes:
1289- Feature: Support for minimum and maximum TLS versions (#689)
1290- Feature: Allow choosing whether to append or overwrite when adding request or response headers (#1481) - thanks to @ysaakpr
1291- Feature: Support for circuit breakers (#360)
1292- Feature: Support for automatic retries (#1127) - thanks to @l1v3
1293- Feature: Support for shadow traffic weighting - thanks to @nemo83
1294- Feature: Support for HTTP/1.0 (#988) - thanks to @cyrus-mc
1295- Bugfix: Problem with local Consul agent resolver and non-standard HTTP port (#1508)
1296- Bugfix: Round each mapping's weight to an integer to prevent invalid Envoy configurations when using weights (#1289) - thanks to @esmet
1297- Bugfix: Fix deadlock on invalid Envoy configuration (#1491) - thanks to @esmet
1298- Bugfix: Fixed LightStep gRPC TracingService (#1189) - thanks to @sbaum1994
1299## [0.60.3] May 01, 2019
1300[0.60.3]: https://github.com/datawire/ambassador/compare/0.60.2...0.60.3
1301
1302### Changes since 0.60.2
1303
1304- When scanning its configuration for secrets and endpoints that must be watched, 0.60.2 could fail with certain configurations if TLS termination but not origination was active. Those failures are fixed now.
1305
1306## [0.60.2] April 29, 2019
1307[0.60.2]: https://github.com/datawire/ambassador/compare/0.60.1...0.60.2
1308
1309### Changes since 0.60.1
1310
1311- Ambassador is now much more careful about which endpoints and secrets it pays attention to. ([#1465] again -- thanks to [@flands](https://github.com/flands) and @seandon for the help here!)
1312
1313[#1465]: https://github.com/datawire/ambassador/issues/1465
1314
1315## [0.60.1] April 25, 2019
1316[0.60.1]: https://github.com/datawire/ambassador/compare/0.60.0...0.60.1
1317
1318### Changes since 0.60.0
1319
1320- Speed up initial parsing of WATT snapshots considerably ([#1465])
1321- Don't look at secrets in the kube-system namespace, or for service-account tokens.
1322- Make sure that secrets we do look at are correctly associated with their namespaces ([#1467] -- thanks to @flands and @derrickburns for their contributions here!)
1323- Allow tuning the number of input snapshots retained for debugging
1324- Include the grab-snapshots.py script to help with debuggability
1325
1326[#1465]: https://github.com/datawire/ambassador/issues/1465
1327[#1467]: https://github.com/datawire/ambassador/issues/1467
1328
1329## [0.60.0] April 23, 2019
1330[0.60.0]: https://github.com/datawire/ambassador/compare/0.53.1...0.60.0
1331
1332### Changes since 0.53.1
1333
1334- BREAKING CHANGE: Ambassador listens on 8080 and 8443 by default so it does not need to run as root
1335- Ambassador natively supports using Consul for service discovery
1336- `AMBASSADOR_ENABLE_ENDPOINTS` is no longer needed; configure using the `Resolver` resource instead
1337- Support for the Maglev load balancing algorithm
1338- Support `connect_timeout_ms`. Thanks to Pétur Erlingsson.
1339- Support for `idle_timeout_ms` Thanks to Aaron Triplett.
1340- Ambassador will properly reload renewed Let's Encrypt certificates (#1416). Thanks to Matthew Ceroni.
1341- Ambassador will now properly redirect from HTTP to HTTPS based on `x-forwarded-proto` (#1233).
1342- The `case_sensitive` field now works when `host_redirect` is set to true (#699). Thanks to Peter Choi and Christopher Coté.
1343
1344## [0.53.1] April 05, 2019
1345[0.53.1]: https://github.com/datawire/ambassador/compare/0.52.1...0.53.1
1346
1347(0.53.0 was immediately supplanted by 0.53.1.)
1348
1349## SECURITY FIXES
1350
1351Ambassador 0.53.1 addresses two security issues in Envoy Proxy, CVE-2019-9900 and CVE-2019-9901:
1352
1353- CVE-2019-9900 (Score 8.3/High). When parsing HTTP/1.x header values, Envoy 1.9 and before does not reject embedded zero characters (NUL, ASCII 0x0).
1354
1355- CVE-2019-9901 (Score 8.3/High). Envoy does not normalize HTTP URL paths in Envoy 1.9 and before.
1356
1357Since these issues can potentially allow a remote attacker to use maliciously-crafted URLs to bypass
1358authentication, anyone running an Ambassador prior to 0.53.1 should upgrade.
1359
1360### UPCOMING CHANGES
1361
1362Ambassador 0.60 will listen on ports 8080/8443 by default. The diagnostics service in Ambassador 0.52.0
1363will try to warn you if your configuration will be affected by this change.
1364
1365## Other changes since 0.52.1
1366
1367- `AuthService` version `ambassador/v1` can now explicitly configure how much body data is sent
1368 to the external authentication service.
1369
1370## [0.52.1] March 26, 2019
1371[0.52.1]: https://github.com/datawire/ambassador/compare/0.52.0...0.52.1
1372
1373### Changes since 0.52.0
1374
1375- You can specify the `AMBASSADOR_NO_SECRETS` environment variable to prevent Ambassador from
1376 watching Kubernetes secrets at all (thanks [@esmet](https://github.com/esmet)!) ([#1293])
1377- The services used when you do `docker run ambassador --demo` have been moved into the Docker image,
1378 to remove external dependencies from the Ambassador quickstart.
1379
1380[#1293]: https://github.com/datawire/ambassador/issues/1293
1381
1382## [0.52.0] March 21, 2019
1383[0.52.0]: https://github.com/datawire/ambassador/compare/0.51.2...0.52.0
1384
1385### Changes since 0.51.2
1386
1387- Initial support for endpoint routing, rather than relying on `kube-proxy` ([#1031])
1388 - set `AMBASSADOR_ENABLE_ENDPOINTS` in the environment to allow this
1389- Initial support for Envoy ring hashing and session affinity (requires endpoint routing!)
1390- Support Lua filters (thanks to [@lolletsoc](https://github.com/lolletsoc)!)
1391- Support gRPC-Web (thanks to [@gertvdijk](https://github.com/gertvdijk)!) ([#456])
1392- Support for gRPC HTTP 1.1 bridge (thanks to [@rotemtam](https://github.com/rotemtam)!)
1393- Allow configuring `num-trusted-hosts` for `X-Forwarded-For`
1394- External auth services using gRPC can now correctly add new headers ([#1313])
1395- External auth services correctly add trace spans
1396- Ambassador should respond to changes more quickly now ([#1294], [#1318])
1397- Ambassador startup should be faster now
1398
1399[#456]: https://github.com/datawire/ambassador/issues/456
1400[#1031]: https://github.com/datawire/ambassador/issues/1031
1401[#1294]: https://github.com/datawire/ambassador/issues/1294
1402[#1313]: https://github.com/datawire/ambassador/issues/1313
1403[#1318]: https://github.com/datawire/ambassador/issues/1318
1404
1405## [0.51.2] March 12, 2019
1406[0.51.2]: https://github.com/datawire/ambassador/compare/0.51.1...0.51.2
1407
1408### Changes since 0.51.1
1409
1410- Cookies are now correctly handled when using external auth services... really. ([#1211])
1411
1412[#1211]: https://github.com/datawire/ambassador/issues/1211
1413
1414## [0.51.1] March 11, 2019
1415[0.51.1]: https://github.com/datawire/ambassador/compare/0.51.0...0.51.1
1416
1417### Changes since 0.51.0
1418
1419- Ambassador correctly handles services in namespaces other than the one Ambassador is running in.
1420
1421## [0.51.0] March 08, 2019
1422[0.51.0]: https://github.com/datawire/ambassador/compare/0.50.3...0.51.0
1423
1424**0.51.0 is not recommended: upgrade to 0.51.1.**
1425
1426### Changes since 0.50.3
1427
1428- Ambassador can now route any TCP connection, using the new `TCPMapping` resource. ([#420])
1429- Cookies are now correctly handled when using external auth services ([#1211])
1430- Lots of work in docs and testing under the hood
1431
1432[#420]: https://github.com/datawire/ambassador/issues/420
1433[#1211]: https://github.com/datawire/ambassador/issues/1211
1434
1435### Limitations in 0.51.0
1436
1437At present, you cannot mix HTTP and HTTPS upstream `service`s in any Ambassador resource. This restriction will be lifted in a future Ambassador release.
1438
1439## [0.50.3] February 21, 2019
1440[0.50.3]: https://github.com/datawire/ambassador/compare/0.50.2...0.50.3
1441
1442### Fixes since 0.50.2
1443
1444- Ambassador saves configuration snapshots as it manages configuration changes. 0.50.3 keeps only 5 snapshots,
1445 to bound its disk usage. The most recent snapshot has no suffix; the `-1` suffix is the next most recent, and
1446 the `-4` suffix is the oldest.
1447- Ambassador will not check for available updates more often than once every four hours.
1448
1449### Limitations in 0.50.3
1450
1451At present, you cannot mix HTTP and HTTPS upstream `service`s in any Ambassador resource. This restriction will be lifted in a future Ambassador release.
1452
1453## [0.50.2] February 15, 2019
1454[0.50.2]: https://github.com/datawire/ambassador/compare/0.50.1...0.50.2
1455
1456### Important fixes since 0.50.1
1457
1458- Ambassador no longer requires annotations in order to start -- with no configuration, it will launch with only the diagnostics service available. ([#1203])
1459- If external auth changes headers, routing will happen based on the changed values. ([#1226])
1460
1461### Other changes since 0.50.1
1462
1463- Ambassador will no longer log errors about Envoy statistics being unavaible before startup is complete ([#1216])
1464- The `tls` attribute is again available to control the client certificate offered by an `AuthService` ([#1202])
1465
1466### Limitations in 0.50.2
1467
1468At present, you cannot mix HTTP and HTTPS upstream `service`s in any Ambassador resource. This restriction will be lifted in a future Ambassador release.
1469
1470[#1202]: https://github.com/datawire/ambassador/issues/1202
1471[#1203]: https://github.com/datawire/ambassador/issues/1203
1472[#1216]: https://github.com/datawire/ambassador/issues/1216
1473[#1226]: https://github.com/datawire/ambassador/issues/1226
1474
1475## [0.50.1] February 07, 2019
1476[0.50.1]: https://github.com/datawire/ambassador/compare/0.50.0...0.50.1
1477
1478**0.50.1 is not recommended: upgrade to 0.52.0.**
1479
1480### Changes since 0.50.0
1481
1482- Ambassador defaults to only doing IPv4 DNS lookups. IPv6 can be enabled in the Ambassador module or in a Mapping. ([#944])
1483- An invalid Envoy configuration should not cause Ambassador to hang.
1484- Testing using `docker run` and `docker compose` is supported again. ([#1160])
1485- Configuration from the filesystem is supported again, but see the "Running Ambassador" documentation for more.
1486- Datawire's default Ambassador YAML no longer asks for any permissions for `ConfigMap`s.
1487
1488[#944]: https://github.com/datawire/ambassador/issues/944
1489[#1160]: https://github.com/datawire/ambassador/issues/1160
1490
1491## [0.50.0] January 29, 2019
1492[0.50.0]: https://github.com/datawire/ambassador/compare/0.50.0-rc6...0.50.0
1493
1494**Ambassador 0.50.0 is a major rearchitecture of Ambassador onto Envoy V2 using the ADS. See the "BREAKING NEWS"
1495section above for more information.**
1496
1497(Note that Ambassador 0.50.0-rc7 and -rc8 were internal releases.)
1498
1499### Changes since 0.50.0-rc6
1500
1501- `AMBASSADOR_SINGLE_NAMESPACE` is finally correctly supported and properly tested ([#1098])
1502- Ambassador won't throw an exception for name collisions between resources ([#1155])
1503- A TLS `Module` can now coexist with SNI (the TLS `Module` effectively defines a fallback cert) ([#1156])
1504- `ambassador dump --diag` no longer requires you to explicitly state `--v1` or `--v2`
1505
1506### Limitations in 0.50.0 GA
1507
1508- Configuration from the filesystem is not supported in 0.50.0. It will be resupported in 0.50.1.
1509- A `TLSContext` referencing a `secret` in another namespace will not function when `AMBASSADOR_SINGLE_NAMESPACE` is set.
1510
1511[#1098]: https://github.com/datawire/ambassador/issues/1098
1512[#1155]: https://github.com/datawire/ambassador/issues/1155
1513[#1156]: https://github.com/datawire/ambassador/issues/1156
1514
1515## [0.50.0-rc6] January 28, 2019
1516[0.50.0-rc6]: https://github.com/datawire/ambassador/compare/0.50.0-rc5...0.50.0-rc6
1517
1518**Ambassador 0.50.0-rc6 is a release candidate**.
1519
1520### Changes since 0.50.0-rc5
1521
1522- Ambassador watches certificates and automatically updates TLS on certificate changes ([#474])
1523- Ambassador no longer saves secrets it hasn't been told to use to disk ([#1093])
1524- Ambassador correctly honors `AMBASSADOR_SINGLE_NAMESPACE` rather than trying to access all namespaces ([#1098])
1525- Ambassador correctly honors the `AMBASSADOR_CONFIG_BASE_DIR` setting again ([#1118])
1526- Configuration changes take effect much more quickly than in RC5 ([#1148])
1527- `redirect_cleartext_from` works with no configured secret, to support TLS termination at a downstream load balancer ([#1104])
1528- `redirect_cleartext_from` works with the `PROXY` protocol ([#1115])
1529- Multiple `AuthService` resources (for canary deployments) work again ([#1106])
1530- `AuthService` with `allow_request_body` works correctly with an empty body and no `Content-Length` header ([#1140])
1531- `Mapping` supports the `bypass_auth` attribute to bypass authentication (thanks, @patricksanders! [#174])
1532- The diagnostic service no longer needs to re-parse the configuration on every page load ([#483])
1533- Startup is now faster and more stable
1534- The Makefile should do the right thing if your PATH has spaces in it (thanks, @er1c!)
1535- Lots of Helm chart, statsd, and doc improvements (thanks, @Flydiverny, @alexgervais, @bartlett, @victortv7, and @zencircle!)
1536
1537[#174]: https://github.com/datawire/ambassador/issues/174
1538[#474]: https://github.com/datawire/ambassador/issues/474
1539[#483]: https://github.com/datawire/ambassador/issues/483
1540[#1093]: https://github.com/datawire/ambassador/issues/1093
1541[#1098]: https://github.com/datawire/ambassador/issues/1098
1542[#1104]: https://github.com/datawire/ambassador/issues/1104
1543[#1106]: https://github.com/datawire/ambassador/issues/1106
1544[#1115]: https://github.com/datawire/ambassador/issues/1115
1545[#1118]: https://github.com/datawire/ambassador/issues/1118
1546[#1140]: https://github.com/datawire/ambassador/issues/1140
1547[#1148]: https://github.com/datawire/ambassador/issues/1148
1548
1549## [0.50.0-rc5] January 14, 2019
1550[0.50.0-rc5]: https://github.com/datawire/ambassador/compare/0.50.0-rc4...0.50.0-rc5
1551
1552**Ambassador 0.50.0-rc5 is a release candidate**.
1553
1554### Changes since 0.50.0-rc4
1555
1556- Websocket connections will now be authenticated if an AuthService is configured [#1026]
1557- Client certificate authentication should function whether configured from a TLSContext resource or from the the old-style TLS module (this is the full fix for [#993])
1558- Ambassador can now switch listening ports without a restart (e.g. switching from cleartext to TLS) [#1100]
1559- TLS origination certificates (including Istio mTLS) should now function [#1071]
1560- The diagnostics service should function in all cases. [#1096]
1561- The Ambassador image is significantly (~500MB) smaller than RC4.
1562
1563[#933]: https://github.com/datawire/ambassador/issues/993
1564[#1026]: https://github.com/datawire/ambassador/issues/1026
1565[#1071]: https://github.com/datawire/ambassador/issues/1071
1566[#1096]: https://github.com/datawire/ambassador/issues/1096
1567[#1100]: https://github.com/datawire/ambassador/issues/1100
1568
1569## [0.50.0-rc4] January 09, 2019
1570[0.50.0-rc4]: https://github.com/datawire/ambassador/compare/0.50.0-rc3...0.50.0-rc4
1571
1572**Ambassador 0.50.0-rc4 is a release candidate**, and fully supports running under Microsoft Azure.
1573
1574### Changes since 0.50.0-rc3
1575
1576- Ambassador fully supports running under Azure [#1039]
1577- The `proto` attribute of a v1 `AuthService` is now optional, and defaults to `http`
1578- Ambassador will warn about the use of v0 configuration resources.
1579
1580[#1039]: https://github.com/datawire/ambassador/issues/1039
1581
1582## [0.50.0-rc3] January 03, 2019
1583[0.50.0-rc3]: https://github.com/datawire/ambassador/compare/0.50.0-rc2...0.50.0-rc3
1584
1585**Ambassador 0.50.0-rc3 is a release candidate**, but see below for an important warning about Azure.
1586
1587### Microsoft Azure
1588
1589There is a known issue with recently-created Microsoft Azure clusters where Ambassador will stop receiving service
1590updates after running for a short time. This will be fixed in 0.50.0-GA.
1591
1592### Changes since 0.50.0-rc2
1593
1594- The `Location` and `Set-Cookie` headers should always be allowed from the auth service when using an `ambassador/v0` config [#1054]
1595- `add_response_headers` (parallel to `add_request_headers`) is now supported (thanks, @n1koo!)
1596- `host_redirect` and `shadow` both now work correctly [#1057], [#1069]
1597- Kat is able to give better information when it cannot parse a YAML specification.
1598
1599[#1054]: https://github.com/datawire/ambassador/issues/1054
1600[#1057]: https://github.com/datawire/ambassador/issues/1057
1601[#1069]: https://github.com/datawire/ambassador/issues/1069
1602
1603## [0.50.0-rc2] December 24, 2018
1604[0.50.0-rc2]: https://github.com/datawire/ambassador/compare/0.50.0-rc1...0.50.0-rc2
1605
1606**Ambassador 0.50.0-rc2 fixes some significant TLS bugs found in RC1.**
1607
1608### Changes since 0.50.0-rc1:
1609
1610- TLS client certificate verification should function correctly (including requiring client certs).
1611- TLS context handling (especially with multiple contexts and origination contexts) has been made more consistent and correct.
1612 - Ambassador is now much more careful about reporting errors in TLS configuration (especially around missing keys).
1613 - You can reference a secret in another namespace with `secret: $secret_name.$namespace`.
1614 - Ambassador will now save certificates loaded from Kubernetes to `$AMBASSADOR_CONFIG_BASE_DIR/$namespace/secrets/$secret_name`.
1615- `use_proxy_proto` should be correctly supported [#1050].
1616- `AuthService` v1 will default its `proto` to `http` (thanks @flands!)
1617- The JSON diagnostics service supports filtering: requesting `/ambassador/v0/diag/?json=true&filter=errors`, for example, will return only the errors element from the diagnostic output.
1618
1619[#1050]: https://github.com/datawire/ambassador/issues/1050
1620
1621## [0.50.0-rc1] December 19, 2018
1622[0.50.0-rc1]: https://github.com/datawire/ambassador/compare/0.50.0-ea7...0.50.0-rc1
1623
1624**Ambassador 0.50.0-rc1 is a release candidate.**
1625
1626### Changes since 0.50.0-ea7:
1627
1628- Websockets should work happily with external authentication [#1026]
1629- A `TracingService` using a long cluster name works now [#1025]
1630- TLS origination certificates are no longer offered to clients when Ambassador does TLS termination [#983]
1631- Ambassador will listen on port 443 only if TLS termination contexts are present; a TLS origination context will not cause the switch
1632- The diagnostics service is working, and correctly reporting errors, again. [#1019]
1633- `timeout_ms` in a `Mapping` works correctly again [#990]
1634- Ambassador sends additional anonymized usage data to help Datawire prioritize bug fixes, etc.
1635 See `docs/ambassador/running.md` for more information, including how to disable this function.
1636
1637[#983]: https://github.com/datawire/ambassador/issues/983
1638[#990]: https://github.com/datawire/ambassador/issues/990
1639[#1019]: https://github.com/datawire/ambassador/issues/1019
1640[#1025]: https://github.com/datawire/ambassador/issues/1025
1641[#1026]: https://github.com/datawire/ambassador/issues/1026
1642
1643## [0.50.0-ea7] November 19, 2018
1644[0.50.0-ea7]: https://github.com/datawire/ambassador/compare/0.50.0-ea6...0.50.0-ea7
1645
1646**Ambassador 0.50.0-ea7 is an EARLY ACCESS release! IT IS NOT SUPPORTED FOR PRODUCTION USE.**
1647
1648### Upcoming major changes:
1649
1650- **API version `ambassador/v0` will be officially deprecated in Ambassador 0.50.0.**
1651 API version `ambassador/v1` will the minimum recommended version for resources in Ambassador 0.50.0.
1652
1653- Some resources will change between `ambassador/v0` and `ambassador/v1`.
1654 - For example, the `Mapping` resource will no longer support `rate_limits` as that functionality will
1655 be subsumed by `labels`.
1656
1657### Changes since 0.50.0-ea6:
1658
1659- Ambassador now supports `labels` for all `Mapping`s.
1660- Configuration of rate limits for a `Mapping` is now handled by providing `labels` in the domain configured
1661 for the `RateLimitService` (by default, this is "ambassador").
1662- Ambassador, once again, supports `statsd` for statistics gathering.
1663- The Envoy `buffer` filter is supported.
1664- Ambassador can now use GRPC to call the external authentication service, and also include the message body
1665 in the auth call.
1666- It's now possible to use environment variables to modify the configuration directory (thanks @n1koo!).
1667- Setting environment variable `AMBASSADOR_KUBEWATCH_NO_RETRY` will cause the Ambassador pod to exit, and be
1668 rescheduled, if it loses its connection to the Kubernetes API server.
1669- Many dependencies have been updated, most notably including switching to kube-client 8.0.0.
1670
1671## [0.50.0-ea6] November 19, 2018
1672[0.50.0-ea6]: https://github.com/datawire/ambassador/compare/0.50.0-ea5...0.50.0-ea6
1673
1674**Ambassador 0.50.0-ea6 is an EARLY ACCESS release! IT IS NOT SUPPORTED FOR PRODUCTION USE.**
1675
1676### Changes since 0.50.0-ea5:
1677
1678- `alpn_protocols` is now supported in the `TLS` module and `TLSContext`s
1679- Using `TLSContext`s to provide TLS termination contexts will correctly switch Ambassador to listening on port 443.
1680- `redirect_cleartext_from` is now supported with SNI
1681- Zipkin `TracingService` configuration now supports 128-bit trace IDs and shared span contexts (thanks, @alexgervais!)
1682- Zipkin should correctly trace calls to external auth services (thanks, @alexgervais!)
1683- `AuthService` configurations now allow separately configuring headers allowed from the client to the auth service, and from the auth service upstream
1684- Ambassador won't endlessly append `:annotation` to K8s resources
1685- The Ambassador CLI no longer requires certificate files to be present when dumping configurations
1686- `make mypy` will run full type checks on Ambassador to help developers
1687
1688## [0.50.0-ea5] November 06, 2018
1689[0.50.0-ea5]: https://github.com/datawire/ambassador/compare/0.50.0-ea4...0.50.0-ea5
1690
1691**Ambassador 0.50.0-ea5 is an EARLY ACCESS release! IT IS NOT SUPPORTED FOR PRODUCTION USE.**
1692
1693### Changes since 0.50.0-ea4:
1694
1695- **`use_remote_address` is now set to `true` by default.** If you need the old behavior, you will need to manually set `use_remote_address` to `false` in the `ambassador` `Module`.
1696- Ambassador 0.50.0-ea5 **supports SNI!** See the docs for more here.
1697- Header matching is now supported again, including `host` and `method` headers.
1698
1699## [0.50.0-ea4] October 31, 2018
1700[0.50.0-ea4]: https://github.com/datawire/ambassador/compare/0.50.0-ea3...0.50.0-ea4
1701
1702**Ambassador 0.50.0-ea4 is an EARLY ACCESS release! IT IS NOT SUPPORTED FOR PRODUCTION USE.**
1703
1704### Changes since 0.50.0-ea3:
1705
1706- Ambassador 0.50.0-ea4 uses Envoy 1.8.0.
1707- `RateLimitService` is now supported. **You will need to restart Ambassador if you change the `RateLimitService` configuration.** We expect to lift this restriction in a later release; for now, the diag service will warn you when a restart is required.
1708 - The `RateLimitService` also has a new `timeout_ms` attribute, which allows overriding the default request timeout of 20ms.
1709- GRPC is provisionally supported, but still needs improvements in test coverage.
1710- Ambassador will correctly include its EA number when checking for updates.
1711
1712## [0.50.0-ea3] October 21, 2018
1713[0.50.0-ea3]: https://github.com/datawire/ambassador/compare/0.50.0-ea2...0.50.0-ea3
1714
1715**Ambassador 0.50.0-ea3 is an EARLY ACCESS release! IT IS NOT SUPPORTED FOR PRODUCTION USE.**
1716
1717### Changes since 0.50.0-ea2:
1718
1719- `TracingService` is now supported. **You will need to restart Ambassador if you change the `TracingService` configuration.** We expect to lift this restriction in a later release; for now, the diag service will warn you when a restart is required.
1720- Websockets are now supported, **including** mapping the same websocket prefix to multiple upstream services for canary releases or load balancing.
1721- KAT supports full debug logs by individual `Test` or `Query`.
1722
1723**Ambassador 0.50.0 is not yet feature-complete. Read the Limitations and Breaking Changes sections in the 0.50.0-ea1 section below for more information.**
1724
1725## [0.50.0-ea2] October 16, 2018
1726[0.50.0-ea2]: https://github.com/datawire/ambassador/compare/0.50.0-ea1...0.50.0-ea2
1727
1728**Ambassador 0.50.0-ea2 is an EARLY ACCESS release! IT IS NOT SUPPORTED FOR PRODUCTION USE.**
1729
1730### Changes since 0.50.0-ea1:
1731
1732- Attempting to enable TLS termination without supplying a valid cert secret will result in HTTP on port 80, rather than HTTP on port 443. **No error will be displayed in the diagnostic service yet.** This is a bug and will be fixed in `-ea3`.
1733- CORS is now supported.
1734- Logs are no longer full of accesses from the diagnostic service.
1735- KAT supports isolating OptionTests.
1736- The diagnostics service now shows the V2 config actually in use, not V1.
1737- `make` will no longer rebuild the Python venv so aggressively.
1738
1739**Ambassador 0.50.0 is not yet feature-complete. Read the Limitations and Breaking Changes sections in the 0.50.0-ea1 section below for more information.**
1740
1741## [0.50.0-ea1] October 11, 2018
1742[0.50.0-ea1]: https://github.com/datawire/ambassador/compare/0.40.0...0.50.0-ea1
1743
1744**Ambassador 0.50.0-ea1 is an EARLY ACCESS release! IT IS NOT SUPPORTED FOR PRODUCTION USE.**
1745
1746### Ambassador 0.50.0 is not yet feature-complete. Limitations:
1747
1748- `RateLimitService` and `TracingService` resources are not currently supported.
1749- WebSockets are not currently supported.
1750- CORS is not currently supported.
1751- GRPC is not currently supported.
1752- TLS termination is not
1753- `statsd` integration has not been tested.
1754- The logs are very cluttered.
1755- Configuration directly from the filesystem isn’t supported.
1756- The diagnostics service cannot correctly drill down by source file, though it can drill down by route or other resources.
1757- Helm installation has not been tested.
1758- `AuthService` does not currently have full support for configuring headers to be sent to the extauth service. At present it sends all the headers listed in `allowed_headers` plus:
1759 - `Authorization`
1760 - `Cookie`
1761 - `Forwarded`
1762 - `From`
1763 - `Host`
1764 - `Proxy-Authenticate`
1765 - `Proxy-Authorization`
1766 - `Set-Cookie`
1767 - `User-Agent`
1768 - `X-Forwarded-For`
1769 - `X-Forwarded-Host`
1770 - `X-Forwarded`
1771 - `X-Gateway-Proto`
1772 - `WWW-Authenticate`
1773
1774### **BREAKING CHANGES** from 0.40.0
1775
1776- Configuration from a `ConfigMap` is no longer supported.
1777- The authentication `Module` is no longer supported; use `AuthService` instead (which you probably already were).
1778- External authentication now uses the core Envoy `envoy.ext_authz` filter, rather than the custom Datawire auth filter.
1779 - `ext_authz` speaks the same protocol, and your existing external auth services should work, however:
1780 - `ext_authz` does _not_ send all the request headers to the external auth service (see above in `Limitations`).
1781- Circuit breakers and outlier detection are not supported. They will be reintroduced in a later Ambassador release.
1782- Ambassador now _requires_ a TLS `Module` to enable TLS termination, where previous versions would automatically enable termation if the `ambassador-certs` secret was present. A minimal `Module` for the same behavior is:
1783
1784 ---
1785 kind: Module
1786 name: tls
1787 config:
1788 server:
1789 secret: ambassador-certs
1790
1791## [0.40.2] November 26, 2018
1792[0.40.2]: https://github.com/datawire/ambassador/compare/0.40.1...0.40.2
1793
1794### Minor changes:
1795- Feature: Support using environment variables to modify the configuration directory (thanks @n1koo!)
1796- Feature: In Helmfile, support `volumeMounts` (thanks @kyschouv!)
1797- Bugfix: In Helmfile, correctly quote `.Values.namespace.single` (thanks @bobby!)
1798- Bugfix: In Helmfile, correctly support `Nodeport` in HTTP and HTTPS (thanks @n1koo!)
1799
1800## [0.40.1] October 29, 2018
1801[0.40.1]: https://github.com/datawire/ambassador/compare/0.40.0...0.40.1
1802
1803### Minor changes:
1804- Feature: Support running Ambassador as a `Daemonset` via Helm (thanks @DipeshMitthalal!)
1805- Feature: Switch to Envoy commit 5f795fe2 to fix a crash if attempting to add headers after using an AuthService (#647, #680)
1806
1807## [0.40.0] September 25, 2018
1808[0.40.0]: https://github.com/datawire/ambassador/compare/0.39.0...0.40.0
1809
1810### Minor changes:
1811
1812- Feature: Allow users to override the `STATSD_HOST` value (#810). Thanks to @rsyvarth.
1813- Feature: Support LightStep distributed tracing (#796). Thanks to @alexgervais.
1814- Feature: Add service label in Helm chart (#778). Thanks to @sarce.
1815- Feature: Add support for load balancer IP in Helm chart (#765). Thanks to @larsha.
1816- Feature: Support prometheus mapping configurations (#746). Thanks to @bcatcho.
1817- Feature: Add support for `loadBalancerSourceRanges` to Helm chart (#764). Thanks to @mtbdeano.
1818- Feature: Support for namespaces and Ambassador ID in Helm chart (#588, #643). Thanks to @MichielDeMey and @jstol.
1819- Bugfix: Add AMBASSADOR_VERIFY_SSL_FALSE flag (#782, #807). Thanks to @sonrier.
1820- Bugfix: Fix Ambassador single namespace in Helm chart (#827). Thanks to @sarce.
1821- Bugfix: Fix Helm templates and default values (#826).
1822- Bugfix: Add `stats-sink` back to Helm chart (#763).
1823- Bugfix: Allow setting `timeout_ms` to 0 for gRPC streaming services (#545). Thanks to @lovers36.
1824- Bugfix: Update Flask to 0.12.3.
1825
1826## [0.39.0] August 30, 2018
1827[0.39.0]: https://github.com/datawire/ambassador/compare/0.38.0...0.39.0
1828
1829### Major Changes:
1830
1831- Bugfix: The statsd container has been removed by default in order to avoid DoSing Kubernetes DNS. The functionality can be re-enabled by setting the `STATSD_ENABLED` environment variable to `true` in the Ambassador deployment YAML (#568).
1832- Docs: Added detailed Ambassador + Istio Integration Documentation on monitoring and distributed tracing. - @feitnomore
1833
1834### Minor Changes:
1835
1836- Docs: Added instructions for running Ambassador with Docker Compose. - @bcatcho
1837- Bugfix: Fix Ambassador to more aggressively reconnect to Kubernetes (#554). - @nmatsui
1838- Feature: Diagnostic view displays AuthService, RateLimitService, and TracingService (#730). - @alexgervais
1839- Feature: Enable Ambassador to tag tracing spans with request headers via `tag_headers`. - @alexgervais
1840
1841## [0.38.0] August 08, 2018
1842[0.38.0]: https://github.com/datawire/ambassador/compare/0.37.0...0.38.0
1843
1844### Major changes:
1845- Feature: Default CORS configuration can now be set - @KowalczykBartek
1846- Bugfix: Ambassador does not crash with empty YAML config anymore - @rohan47
1847
1848### Minor changes:
1849- DevEx: `master` is now latest, `stable` tracks the latest released version
1850- DevEx: release-prep target added to Makefile to facilitate releasing process
1851- DevEx: all tests now run in parallel, consuming lesser time
1852- Bugfix: Ambassador SIGCHLD messages are less scary looking now
1853
1854## [0.37.0] July 31, 2018:
1855[0.37.0]: https://github.com/datawire/ambassador/compare/0.36.0...0.37.0
1856
1857### Major changes:
1858- Feature: Added support for request tracing (by Alex Gervais)
1859
1860## [0.36.0] July 26, 2018:
1861[0.36.0]: https://github.com/datawire/ambassador/compare/0.35.3...0.36.0
1862
1863### Major changes:
1864- Fix: HEAD requests no longer cause segfaults
1865- Feature: TLS can now be configured with arbitrary secret names, instead of predefined secrets
1866- Change: The Envoy dynamic header value `%CLIENT_IP%` is no longer supported. Use `%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%` instead. (This is due to a change in Envoy 1.7.0.)
1867
1868## [0.35.3] July 18, 2018: **READ THE WARNING ABOVE**
1869[0.35.3]: https://github.com/datawire/ambassador/compare/0.35.2...0.35.3
1870
1871### Changed
1872
1873Major changes:
1874- Ambassador is now based on Envoy v1.7.0
1875- Support for X-FORWARDED-PROTO based redirection, generally used with Layer 7 load balancers
1876- Support for port based redirection using `redirect_cleartext_from`, generally used with Layer 4 load balancers
1877- Specifying HTTP and HTTPS target ports in Helm chart
1878
1879Other changes:
1880- End-to-end tests can now be run with `make e2e` command
1881- Helm release automation has been fixed
1882- Mutliple end-to-end tests are now executed in parallel, taking lesser time
1883- Huge revamp to documentation around unit tests
1884- Documentation changes
1885
1886## [0.35.2] July 05, 2018: **READ THE WARNING ABOVE**
1887[0.35.2]: https://github.com/datawire/ambassador/compare/0.35.1...0.35.2
1888
1889### Changed
1890
1891- 0.35.2 is almost entirely about updates to Datawire testing infrastructure.
1892- The only user-visible change is that Ambassador will do a better job of showing which Kubernetes objects define Ambassador configuration objects when using `AMBASSADOR_ID` to run multiple Ambassadors in the same cluster.
1893
1894## [0.35.1] June 25, 2018: **READ THE WARNING ABOVE**
1895[0.35.1]: https://github.com/datawire/ambassador/compare/0.35.0...0.35.1
1896
1897### Changed
1898
1899- Properly support supplying additional TLS configuration (such as `redirect_cleartext_from`) when using certificates from a Kubernetes `Secret`
1900- Update Helm chart to allow customizing annotations on the deployed `ambassador` Kubernetes `Service` (thanks @psychopenguin!)
1901
1902## [0.35.0] June 25, 2018: **READ THE WARNING ABOVE**
1903[0.35.0]: https://github.com/datawire/ambassador/compare/0.34.3...0.35.0
1904
1905### Changed
1906
1907- 0.35.0 re-supports websockets, but see the **BREAKING NEWS** for an important caveat.
1908- 0.35.0 supports running as non-root. See the **BREAKING NEWS** above for more information.
1909- Make sure regex matches properly handle backslashes, and properly display in the diagnostics service (thanks @alexgervais!).
1910- Prevent kubewatch from falling into an endless spinloop (thanks @mechpen!).
1911- Support YAML array syntax for CORS array elements.
1912
1913## [0.34.3] June 13, 2018: **READ THE WARNING ABOVE**
1914[0.34.3]: https://github.com/datawire/ambassador/compare/0.34.2...0.34.3
1915
1916### Changed
1917
1918- **0.34.3 cannot support websockets**: see the **WARNING** above.
1919- Fix a possible crash if no annotations are found at all (#519).
1920- Improve logging around service watching and such.
1921
1922## [0.34.2] June 11, 2018: **READ THE WARNING ABOVE**
1923[0.34.2]: https://github.com/datawire/ambassador/compare/0.34.1...0.34.2
1924
1925### Changed
1926
1927- **0.34.2 cannot support websockets**: see the **WARNING** above.
1928- Ambassador is now based on Envoy 1.6.0!
1929- Ambassador external auth services can now modify existing headers in place, as well as adding new headers.
1930- Re-support the `ambassador-cacert` secret for configuring TLS client-certificate authentication. **Note well** that a couple of things have changed in setting this up: you'll use the key `tls.crt`, not `fullchain.pem`. See https://www.getambassador.io/reference/auth-tls-certs for more.
1931
1932## [0.34.1] June 04, 2018
1933[0.34.1]: https://github.com/datawire/ambassador/compare/0.34.0...0.34.1
1934
1935### Bugfixes
1936
1937- Unbuffer log output for better diagnostics.
1938- Switch to gunicorn instead of Werkzeug for the diag service.
1939- Use the YAML we release as the basis for end-to-end testing.
1940
1941## [0.34.0] May 16, 2018
1942[0.34.0]: https://github.com/datawire/ambassador/compare/0.33.1...0.34.0
1943
1944### Changed
1945
1946- When originating TLS, use the `host_rewrite` value to set outgoing SNI. If no `host_rewrite` is set, do not use SNI.
1947- Allow disabling external access to the diagnostics service (with thanks to @alexgervais and @dougwilson).
1948
1949## [0.33.1] May 16, 2018
1950[0.33.1]: https://github.com/datawire/ambassador/compare/0.33.0...0.33.1
1951
1952### Changed
1953
1954- Fix YAML error on statsd pod.
1955
1956## [0.33.0] May 14, 2018
1957[0.33.0]: https://github.com/datawire/ambassador/compare/v0.32.2...0.33.0
1958
1959### Changed
1960
1961- Fix support for `host_redirect` in a `Mapping`. **See the `Mapping` documentation** for more details: the definition of the `host_redirect` attribute has changed.
1962
1963## [0.32.2] May 02, 2018
1964[0.32.2]: https://github.com/datawire/ambassador/compare/v0.32.0...v0.32.2
1965
1966(Note that 0.32.1 was an internal release.)
1967
1968### Changed
1969
1970- Fix a bad bootstrap CSS inclusion that would cause the diagnostic service to render incorrectly.
1971
1972## [0.32.0] April 27, 2018
1973[0.32.0]: https://github.com/datawire/ambassador/compare/v0.31.0...v0.32.0
1974
1975### Changed
1976
1977- Traffic shadowing is supported using the `shadow` attribute in a `Mapping`
1978- Multiple Ambassadors can now run more happily in a single cluster
1979- The diagnostic service will now show you what `AuthService` configuration is active
1980- The `tls` keyword now works for `AuthService` just like it does for `Mapping` (thanks @dvavili!)
1981
1982## [0.31.0] April 12, 2018
1983[0.31.0]: https://github.com/datawire/ambassador/compare/v0.30.2...v0.31.0
1984
1985### Changed
1986
1987- Rate limiting is now supported (thanks, @alexgervais!) See the docs for more detail here.
1988- The `statsd` container has been quieted down yet more (thanks again, @alexgervais!).
1989
1990## [0.30.2] March 26, 2018
1991[0.30.2]: https://github.com/datawire/ambassador/compare/v0.30.1...v0.30.2
1992
1993### Changed
1994
1995- drop the JavaScript `statsd` for a simple `socat`-based forwarder
1996- ship an Ambassador Helm chart (thanks @stefanprodan!)
1997 - Interested in testing Helm? See below!
1998- disable Istio automatic sidecar injection (thanks @majelbstoat!)
1999- clean up some doc issues (thanks @lavoiedn and @endrec!)
2000
2001To test Helm, make sure you have `helm` installed and that you have `tiller` properly set up for your RBAC configuration. Then:
2002
2003```
2004helm repo add datawire https://www.getambassador.io
2005
2006helm upgrade --install --wait my-release datawire/ambassador
2007```
2008
2009You can also use `adminService.type=LoadBalancer`.
2010
2011## [0.30.1] March 26, 2018
2012[0.30.1]: https://github.com/datawire/ambassador/compare/v0.30.0...v0.30.1
2013
2014### Fixed
2015
2016- The `tls` module is now able to override TLS settings probed from the `ambassador-certs` secret
2017
2018## [0.30.0] March 23, 2018
2019[0.30.0]: https://github.com/datawire/ambassador/compare/v0.29.0...v0.30.0
2020
2021### Changed
2022
2023- Support regex matching for `prefix` (thanks @radu-c!)
2024- Fix docs around `AuthService` usage
2025
2026## [0.29.0] March 15, 2018
2027[0.29.0]: https://github.com/datawire/ambassador/compare/v0.28.2...v0.29.0
2028
2029### Changed
2030
2031- Default restart timings have been increased. **This will cause Ambassador to respond to service changes less quickly**; by default, you'll see changes appear within 15 seconds.
2032- Liveness and readiness checks are now enabled after 30 seconds, rather than 3 seconds, if you use our published YAML.
2033- The `statsd` container is now based on `mhart/alpine-node:9` rather than `:7`.
2034- `envoy_override` has been reenabled in `Mapping`s.
2035
2036## [0.28.1] March 05, 2018 (and [0.28.0] on March 02, 2018)
2037[0.28.1]: https://github.com/datawire/ambassador/compare/v0.26.0...v0.28.1
2038[0.28.0]: https://github.com/datawire/ambassador/compare/v0.26.0...v0.28.1
2039
2040(Note that 0.28.1 is identical to 0.28.0, and 0.27.0 was an internal release. These are related to the way CI generates tags, which we'll be revamping soon.)
2041
2042### Changed
2043
2044- Support tuning Envoy restart parameters
2045- Support `host_regex`, `method_regex`, and `regex_headers` to allow regular expression matches in `Mappings`
2046- Support `use_proxy_proto` and `use_remote_address` in the `ambassador` module
2047- Fine-tune the way we sort a `Mapping` based on its constraints
2048- Support manually setting the `precedence` of a `Mapping`, so that there's an escape hatch when the automagic sorting gets it wrong
2049- Expose `alpn_protocols` in the `tls` module (thanks @technicianted!)
2050- Make logs a lot quieter
2051- Reorganize and update documentation
2052- Make sure that `ambassador dump --k8s` will work correctly
2053- Remove a dependency on a `ConfigMap` for upgrade checks
2054
2055## [0.26.0] February 13, 2018
2056[0.26.0]: https://github.com/datawire/ambassador/compare/v0.25.0...v0.26.0
2057
2058### Changed
2059
2060- The `authentication` module is deprecated in favor of the `AuthService` resource type.
2061- Support redirecting cleartext connections on port 80 to HTTPS on port 443
2062- Streamline end-to-end tests and, hopefully, allow them to work well without Kubernaut
2063- Clean up some documentation (thanks @lavoiedn!)
2064
2065## [0.25.0] February 06, 2018
2066[0.25.0]: https://github.com/datawire/ambassador/compare/v0.23.0...v0.25.0
2067
2068(Note that 0.24.0 was an internal release.)
2069
2070### Changed
2071
2072- CORS support (thanks @alexgervais!)
2073- Updated docs for
2074 - GKE
2075 - Ambassador + Istio
2076 - Ordering of `Mappings`
2077 - Prometheus with Ambassador
2078- Support multiple external authentication service instances, so that canarying `extauth` services is possible
2079- Correctly support `timeout_ms` in a `Mapping`
2080- Various build tweaks and end-to-end test speedups
2081
2082## [0.23.0] January 17, 2018
2083[0.23.0]: https://github.com/datawire/ambassador/compare/v0.22.0...v0.23.0
2084
2085### Changed
2086
2087- Clean up build docs (thanks @alexgervais!)
2088- Support `add_request_headers` for, uh, adding requests headers (thanks @alexgervais!)
2089- Make end-to-end tests and Travis build process a bit more robust
2090- Pin to Kubernaut 0.1.39
2091- Document the use of the `develop` branch
2092- Don't default to `imagePullAlways`
2093- Switch to Alpine base with a stripped Envoy image
2094
2095## [0.22.0] January 17, 2018
2096[0.22.0]: https://github.com/datawire/ambassador/compare/v0.21.1...v0.22.0
2097
2098### Changed
2099
2100- Switched to using `quay.io` rather than DockerHub. **If you are not using Datawire's published Kubernetes manifests, you will have to update your manifests!**
2101- Switched to building over Alpine rather than Ubuntu. (We're still using an unstripped Envoy; that'll change soon.)
2102- Switched to a proper production configuration for the `statsd` pod, so that it hopefully chews up less memory.
2103- Make sure that Ambassador won't generate cluster names that are too long for Envoy.
2104- Fix a bug where Ambassador could crash if there were too many egregious errors in its configuration.
2105
2106## [0.21.1] January 11, 2018
2107[0.21.1]: https://github.com/datawire/ambassador/compare/v0.21.0...v0.21.1
2108
2109### Changed
2110
2111- Ambassador will no longer generate cluster names that exceed Envoy's 60-character limit.
2112
2113## [0.21.0] January 03, 2018
2114[0.21.0]: https://github.com/datawire/ambassador/compare/v0.20.1...v0.21.0
2115
2116### Changed
2117
2118- If `AMBASSADOR_SINGLE_NAMESPACE` is present in the environment, Ambassador will only look for services in its own namespace.
2119- Ambassador `Mapping` objects now correctly support `host_redirect`, `path_redirect`, `host_rewrite`, `auto_host_rewrite`, `case_sensitive`, `use_websocket`, `timeout_ms`, and `priority`.
2120
2121## [0.20.1] December 22, 2017
2122[0.20.1]: https://github.com/datawire/ambassador/compare/v0.20.0...v0.20.1
2123
2124### Changed
2125
2126- If Ambassador finds an empty YAML document, it will now ignore it rather than raising an exception.
2127- Includes the namespace of a service from an annotation in the name of its generated YAML file.
2128- Always process inputs in the same order from run to run.
2129
2130## [0.20.0] December 18, 2017
2131[0.20.0]: https://github.com/datawire/ambassador/compare/v0.19.2...v0.20.0
2132
2133### Changed
2134
2135- Switch to Envoy 1.5 under the hood.
2136- Refocus the diagnostic service to better reflect what's actually visible when you're working at Ambassador's level.
2137- Allow the diagnostic service to display, and change, the Envoy log level.
2138
2139## [0.19.2] December 12, 2017
2140[0.19.2]: https://github.com/datawire/ambassador/compare/v0.19.1...v0.19.2
2141
2142### Changed
2143
2144- Arrange for logs from the subsystem that watches for Kubernetes service changes (kubewatch) to have timestamps and such.
2145- Only do new-version checks every four hours.
2146
2147## [0.19.1] December 04, 2017
2148[0.19.1]: https://github.com/datawire/ambassador/compare/v0.19.0...v0.19.1
2149
2150### Changed
2151
2152- Allow the diag service to look good (well, OK, not too horrible anyway) when Ambassador is running with TLS termination.
2153- Show clusters on the overview page again.
2154- The diag service now shows you the "health" of a cluster by computing it from the number of requests to a given service that didn't involve a 5xx status code, rather than just forwarding Envoy's stat, since we don't configure Envoy's stat in a meaningful way yet.
2155- Make sure that the tests correctly reported failures (sigh).
2156- Allow updating out-of-date diagnostic reports without requiring multiple test runs.
2157
2158## [0.19.0] November 30, 2017
2159[0.19.0]: https://github.com/datawire/ambassador/compare/v0.18.2...v0.19.0
2160
2161### Changed
2162
2163- Ambassador can now use HTTPS upstream services: just use a `service` that starts with `https://` to enable it.
2164 - By default, Ambassador will not offer a certificate when using HTTPS to connect to a service, but it is possible to configure certificates. Please [contact us on Slack](https://d6e.co/slack) if you need to do this.
2165- HTTP access logs appear in the normal Kubernetes logs for Ambassador.
2166- It’s now possible to tell `ambassador config` to read Kubernetes manifests from the filesystem and build a configuration from the annotations in them (use the `--k8s` switch).
2167- Documentation on using Ambassador with Istio now reflects Ambassador 0.19.0 and Istio 0.2.12.
2168
2169## [0.18.2] November 28, 2017
2170[0.18.2]: https://github.com/datawire/ambassador/compare/v0.18.0...v0.18.2
2171
2172### Changed
2173
2174- The diagnostics service will now tell you when updates are available.
2175
2176## [0.18.0] November 20, 2017
2177[0.18.0]: https://github.com/datawire/ambassador/compare/v0.17.0...v0.18.0
2178
2179### Changed
2180
2181- The Host header is no longer overwritten when Ambassador talks to an external auth service. It will now retain whatever value the client passes there.
2182
2183### Fixed
2184
2185- Checks for updates weren’t working, and they have been restored. At present you’ll only see them in the Kubernetes logs if you’re using annotations to configure Ambassador — they’ll start showing up in the diagnostics service in the next release or so.
2186
2187## [0.17.0] November 14, 2017
2188[0.17.0]: https://github.com/datawire/ambassador/compare/v0.16.0...v0.17.0
2189
2190### Changed
2191
2192- Allow Mappings to require matches on HTTP headers and `Host`
2193- Update tests, docs, and diagnostic service for header matching
2194
2195### Fixed
2196
2197- Published YAML resource files will no longer overwrite annotations on the Ambassador `service` when creating the Ambassador `deployment`
2198
2199## [0.16.0] November 10, 2017
2200[0.16.0]: https://github.com/datawire/ambassador/compare/v0.15.0...v0.16.0
2201
2202### Changed
2203
2204- Support configuring Ambassador via `annotations` on Kubernetes `service`s
2205- No need for volume mounts! Ambassador can read configuration and TLS-certificate information directly from Kubernetes to simplify your Kubernetes YAML
2206- Expose more configuration elements for Envoy `route`s: `host_redirect`, `path_redirect`, `host_rewrite`, `auto_host_rewrite`, `case_sensitive`, `use_websocket`, `timeout_ms`, and `priority` get transparently copied
2207
2208### Fixed
2209
2210- Reenable support for gRPC
2211
2212## [0.15.0] October 16, 2017
2213[0.15.0]: https://github.com/datawire/ambassador/compare/v0.14.2...v0.15.0
2214
2215### Changed
2216
2217- Allow `docker run` to start Ambassador with a simple default configuration for testing
2218- Support `host_rewrite` in mappings to force the HTTP `Host` header value for services that need it
2219- Support `envoy_override` in mappings for odd situations
2220- Allow asking the diagnostic service for JSON output rather than HTML
2221
2222## [0.14.2] October 12, 2017
2223[0.14.2]: https://github.com/datawire/ambassador/compare/v0.14.0...v0.14.2
2224
2225### Changed
2226
2227- Allow the diagnostic service to show configuration errors.
2228
2229## [0.14.0] October 05, 2017
2230[0.14.0]: https://github.com/datawire/ambassador/compare/v0.13.0...v0.14.0
2231
2232### Changed
2233
2234- Have a diagnostic service!
2235- Support `cert_required` in TLS config
2236
2237## [0.13.0] September 25, 2017
2238[0.13.0]: https://github.com/datawire/ambassador/compare/v0.12.1...v0.13.0
2239
2240### Changed
2241
2242- Support using IP addresses for services.
2243- Check for collisions, so that trying to e.g. map the same prefix twice will report an error.
2244- Enable liveness and readiness probes, and have Kubernetes perform them by default.
2245- Document the presence of the template-override escape hatch.
2246
2247## [0.12.1] September 22, 2017
2248[0.12.1]: https://github.com/datawire/ambassador/compare/v0.12.0...v0.12.1
2249
2250### Changed
2251
2252- Notify (in the logs) if a new version of Ambassador is available.
2253
2254## [0.12.0] September 21, 2017
2255[0.12.0]: https://github.com/datawire/ambassador/compare/v0.11.2...v0.12.0
2256
2257### Changed
2258
2259- Support for non-default Kubernetes namespaces.
2260- Infrastructure for checking if a new version of Ambassador is available.
2261
2262## [0.11.2] September 20, 2017
2263[0.11.2]: https://github.com/datawire/ambassador/compare/v0.11.1...v0.11.2
2264
2265### Changed
2266
2267- Better schema verification.
2268
2269## [0.11.1] September 18, 2017
2270[0.11.1]: https://github.com/datawire/ambassador/compare/v0.11.0...v0.11.1
2271
2272### Changed
2273
2274- Do schema verification of input YAML files.
2275
2276## [0.11.0] September 18, 2017
2277[0.11.0]: https://github.com/datawire/ambassador/compare/v0.10.14...v0.11.0
2278
2279### Changed
2280
2281- Declarative Ambassador! Configuration is now via YAML files rather than REST calls
2282- The `ambassador-store` service is no longer needed.
2283
2284## [0.10.14] September 15, 2017
2285[0.10.14]: https://github.com/datawire/ambassador/compare/v0.10.13...v0.10.14
2286
2287### Fixed
2288
2289- Update `demo-qotm.yaml` with the correct image tag.
2290
2291## [0.10.13] September 05, 2017
2292[0.10.13]: https://github.com/datawire/ambassador/compare/v0.10.12...v0.10.13
2293
2294### Changed
2295
2296- Properly support proxying all methods to an external authentication service, with headers intact, rather than moving request headers into the body of an HTTP POST.
2297
2298## [0.10.12] August 02, 2017
2299[0.10.12]: https://github.com/datawire/ambassador/compare/v0.10.10...v0.10.12
2300
2301### Changed
2302
2303- Make TLS work with standard K8s TLS secrets, and completely ditch push-cert and push-cacert.
2304
2305### Fixed
2306
2307- Move Ambassador out from behind Envoy, so that you can use Ambassador to fix things if you completely botch your Envoy config.
2308- Let Ambassador keep running if Envoy totally chokes and dies, but make sure the pod dies if Ambassador loses access to its storage.
2309
2310## [0.10.10] August 01, 2017
2311[0.10.10]: https://github.com/datawire/ambassador/compare/v0.10.7...v0.10.10
2312
2313### Fixed
2314
2315- Fix broken doc paths and simplify building as a developer. 0.10.8, 0.10.9, and 0.10.10 were all stops along the way to getting this done; hopefully we'll be able to reduce version churn from here on out.
2316
2317## [0.10.7] July 25, 2017
2318[0.10.7]: https://github.com/datawire/ambassador/compare/v0.10.6...v0.10.7
2319
2320### Changed
2321- More CI-build tweaks.
2322
2323## [0.10.6] July 25, 2017
2324[0.10.6]: https://github.com/datawire/ambassador/compare/v0.10.5...v0.10.6
2325
2326### Changed
2327- Fix automagic master build tagging
2328
2329## [0.10.5] July 25, 2017
2330[0.10.5]: https://github.com/datawire/ambassador/compare/v0.10.1...v0.10.5
2331
2332### Changed
2333- Many changes to the build process and versioning. In particular, CI no longer has to commit files.
2334
2335## [0.10.1] July 03, 2017
2336[0.10.1]: https://github.com/datawire/ambassador/compare/v0.10.0...v0.10.1
2337
2338### Added
2339- Changelog
2340
2341
2342## [0.10.0] June 30, 2017
2343[0.10.0]: https://github.com/datawire/ambassador/compare/v0.9.1...v0.10.0
2344[grpc-0.10.0]: https://github.com/datawire/ambassador/blob/v0.10.0/docs/user-guide/grpc.md
2345
2346### Added
2347- Ambassador supports [GRPC services][grpc-0.10.0] (and other HTTP/2-only services) using the GRPC module
2348
2349### Fixed
2350- Minor typo in Ambassador's `Dockerfile` that break some versions of Docker
2351
2352
2353## [0.9.1] June 28, 2017
2354[0.9.1]: https://github.com/datawire/ambassador/compare/v0.9.0...v0.9.1
2355[building-0.9.1]: https://github.com/datawire/ambassador/blob/v0.9.1/BUILDING.md
2356
2357### Changed
2358- Made development a little easier by automating dev version numbers so that modified Docker images update in Kubernetes
2359- Updated [`BUILDING.md`][building-0.9.1]
2360
2361
2362## [0.9.0] June 23, 2017
2363[0.9.0]: https://github.com/datawire/ambassador/compare/v0.8.12...v0.9.0
2364[start-0.9.0]: https://github.com/datawire/ambassador/blob/v0.9.0/docs/user-guide/getting-started.md
2365[concepts-0.9.0]: https://github.com/datawire/ambassador/blob/v0.9.0/docs/user-guide/mappings.md
2366
2367### Added
2368- Ambassador supports HTTP Basic Auth
2369- Ambassador now has the concept of _modules_ to enable and configure optional features such as auth
2370- Ambassador now has the concept of _consumers_ to represent end-users of mapped services
2371- Ambassador supports auth via an external auth server
2372
2373Basic auth is covered in [Getting Started][start-0.9.0]. Learn about modules and consumers and see an example of external auth in [About Mappings, Modules, and Consumers][concepts-0.9.0].
2374
2375### Changed
2376- State management (via Ambassador store) has been refactored
2377- Switched to [Ambassador-Envoy] for the base Docker image
2378
2379
2380## [0.8.12] June 07, 2017
2381[0.8.12]: https://github.com/datawire/ambassador/compare/v0.8.11...v0.8.12
2382
2383### Added
2384- Mappings can now be updated
2385
2386
2387## [0.8.11] May 24, 2017
2388[0.8.11]: https://github.com/datawire/ambassador/compare/v0.8.10...v0.8.11
2389[istio-0.8.11]: https://github.com/datawire/ambassador/blob/v0.8.11/docs/user-guide/with-istio.md
2390[stats-0.8.11]: https://github.com/datawire/ambassador/blob/v0.8.11/docs/user-guide/statistics.md
2391
2392### Added
2393- Ambassador interoperates with [Istio] -- see [Ambassador and Istio][istio-0.8.11]
2394- There is additional documentation for [statistics and monitoring][stats-0.8.11]
2395
2396### Fixed
2397- Bug in mapping change detection
2398- Release machinery issues
2399
2400
2401## [0.8.6] May 05, 2017
2402[0.8.6]: https://github.com/datawire/ambassador/compare/v0.8.5...v0.8.6
2403
2404### Added
2405- Ambassador releases are now performed by Travis CI
2406
2407
2408## [0.8.2] May 04, 2017
2409[0.8.2]: https://github.com/datawire/ambassador/compare/v0.8.1...v0.8.2
2410
2411### Changed
2412- Documentation updates
2413
2414
2415## [0.8.0] May 02, 2017
2416[0.8.0]: https://github.com/datawire/ambassador/compare/v0.7.0...v0.8.0
2417[client-tls-0.8.0]: https://github.com/datawire/ambassador/blob/v0.8.0/README.md#using-tls-for-client-auth
2418
2419### Added
2420- [Ambassador has a website!][Ambassador]
2421- Ambassador supports auth via [TLS client certificates][client-tls-0.8.0]
2422- There are some additional helper scripts in the `scripts` directory
2423
2424### Changed
2425- Ambassador's admin interface is now on local port 8888 while mappings are available on port 80/443 depending on whether TLS is enabled
2426- Multiple instances of Ambassador talking to the same Ambassador Store pod will pick up each other's changes automatically
2427
2428
2429## [0.7.0] May 01, 2017
2430[0.7.0]: https://github.com/datawire/ambassador/compare/v0.6.0...v0.7.0
2431[start-0.7.0]: https://github.com/datawire/ambassador/blob/v0.7.0/README.md#mappings
2432
2433### Added
2434- Ambassador can rewrite the request URL path prefix before forwarding the request to your service (covered in [Getting Started][start-0.7.0])
2435- Ambassador supports additional stats aggregators: Datadog, Grafana
2436
2437### Changed
2438- _Services_ are now known as _mappings_
2439- Minikube is supported again
2440
2441
2442## [0.6.0] April 28, 2017
2443[0.6.0]: https://github.com/datawire/ambassador/compare/v0.5.2...v0.6.0
2444
2445### Removed
2446- The Ambassador SDS has been removed; Ambassador routes to service names
2447
2448
2449## [0.5.2] April 26, 2017
2450[0.5.2]: https://github.com/datawire/ambassador/compare/v0.5.0...v0.5.2
2451
2452### Added
2453- Ambassador includes a local `statsd` so that full stats from Envoy can be collected and pushed to a stats aggregator (Prometheus is supported)
2454
2455### Changed
2456- It's easier to develop Ambassador thanks to improved build documentation and `Makefile` fixes
2457
2458
2459## [0.5.0] April 13, 2017
2460[0.5.0]: https://github.com/datawire/ambassador/compare/v0.4.0...v0.5.0
2461
2462### Added
2463- Ambassador supports inbound TLS
2464- YAML for a demo user service is now included
2465
2466### Changed
2467- The `geturl` script supports Minikube and handles AWS better
2468- Documentation and code cleanup
2469
2470
2471## [0.4.0] April 07, 2017
2472[0.4.0]: https://github.com/datawire/ambassador/compare/v0.3.3...v0.4.0
2473
2474### Changed
2475- Ambassador now reconfigures Envoy automatically once changes have settled for five seconds
2476- Envoy stats and Ambassador stats are separate
2477- Mappings no longer require specifying the port as it is not needed
2478
2479### Fixed
2480- SDS does the right thing with unnamed ports
2481
2482
2483## [0.3.1] April 06, 2017
2484[0.3.1]: https://github.com/datawire/ambassador/compare/v0.3.0...v0.3.1
2485
2486### Added
2487- Envoy stats accessible through Ambassador
2488- Basic interpretation of cluster stats
2489
2490### Changed
2491- Split up `ambassador.py` into multiple files
2492- Switch to a debug build of Envoy
2493
2494
2495## [0.1.9] April 03, 2017
2496[0.1.9]: https://github.com/datawire/ambassador/compare/v0.1.8...v0.1.9
2497
2498### Changed
2499- Ambassador configuration on `/ambassador-config/` prefix rather than exposed on port 8001
2500- Updated to current Envoy and pinned the Envoy version
2501- Use Bumpversion for version management
2502- Conditionalized Docker push
2503
2504### Fixed
2505- Ambassador keeps running with an empty services list (part 2)
2506
2507
2508## [0.1.5] March 31, 2017
2509[0.1.5]: https://github.com/datawire/ambassador/compare/v0.1.4...v0.1.5
2510
2511### Fixed
2512- Ambassador SDS correctly handles ports
2513
2514
2515## [0.1.4] March 31, 2017
2516[0.1.4]: https://github.com/datawire/ambassador/compare/v0.1.3...v0.1.4
2517
2518### Changed
2519- Ambassador keeps running with an empty services list
2520- Easier to run with [Telepresence]
2521
2522
2523## [0.1.3] March 31, 2017
2524[0.1.3]: https://github.com/datawire/ambassador/compare/82ed5e4...v0.1.3
2525
2526### Added
2527- Initial Ambassador
2528- Ambassador service discovery service
2529- Documentation
2530
2531
2532Based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). Ambassador follows [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
2533
2534[Ambassador]: https://www.getambassador.io/
2535[Ambassador-Envoy]: https://github.com/datawire/ambassador-envoy
2536[Telepresence]: http://telepresence.io
2537[Istio]: https://istio.io/
View as plain text