Skip to content

Emissary Ingress 3.5.0

Compare
Choose a tag to compare
@d6e-automaton d6e-automaton released this 15 Feb 15:27
· 342 commits to master since this release

🎉 Emissary Ingress 3.5.0 🎉

Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v3.5.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started

  • Security: Upgrading to the latest release of Golang as part of our general dependency upgrade
    process. This includes security fixes for CVE-2022-41725, CVE-2022-41723.

  • Feature: In Envoy 1.24, experimental support for a native OpenTelemetry tracing driver was
    introduced that allows exporting spans in the otlp format. Many Observability platforms accept
    that format and is the recommend replacement for the LightStep driver. Emissary-ingress now
    supports setting the TracingService.spec.driver=opentelemetry to export spans in otlp
    format.


    Thanks to Paul for helping us
    get this tested and implemented!

  • Bugfix: When wanting to expose traffic to clients on ports other than 80/443, users will set a
    port in the Host.hostname (eg.Host.hostname=example.com:8500. The config generated allowed
    matching on the :authority header. This worked in v1.Y series due to the way emissary was
    generating Envoy configuration under a single wild-card virtual_host and matching on
    :authority.

    In v2.Y/v3.Y+, the way emissary generates Envoy configuration changed to address
    memory pressure and improve route lookup speed in Envoy. However, when including a port in the
    hostname, an incorrect configuration was generated with an sni match including the port. This has
    been fixed and the correct envoy configuration is being generated. (fix: hostname port issue)

  • Change: Previously, specifying backend ports by name in Ingress was not supported and would result
    in defaulting to port 80. This allows emissary-ingress to now resolve port names for backend
    services. If the port number cannot be resolved by the name (e.g named port in the Service doesn't
    exist) then it defaults back to the original behavior. (Thanks to Anton Ustyuzhanin!). (#4809)

  • Change: The emissary-apiext server is a Kubernetes Conversion Webhook that converts between the
    Emissary-ingress CRD versions. On startup, it ensures that a self-signed cert is available so that
    K8s API Server can talk to the conversion webhook (TLS is required by K8s). We have introduced
    a startupProbe to ensure that emissary-apiext server has enough time to configure the webhooks
    before running liveness and readiness probes. This is to ensure slow startup doesn't cause K8s to
    needlessly restart the pod.