Emissary Ingress 3.9.0
🎉 Emissary Ingress 3.9.0 🎉
Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.
Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v3.9.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started
-
Feature: This upgrades Emissary-ingress to be built on Envoy v1.27.2 which provides security,
performance and feature enhancements. You can read more about them here: Envoy Proxy
1.27.2 Release Notes -
Feature: By default, Emissary-ingress will return an
UNAVAILABLE
code when a request using gRPC
is rate limited. TheRateLimitService
resource now exposes a new
grpc.use_resource_exhausted_code
field that when set totrue
, Emissary-ingress will return a
RESOURCE_EXHAUSTED
gRPC code instead. Thanks to Jerome
Froelich for contributing this feature! -
Feature: Envoy runtime fields that were provided to mitigate the recent HTTP/2 rapid reset
vulnerability can now be configured via the Module resource so the configuration will persist
between restarts. This configuration is added to the Envoy bootstrap config, so restarting
Emissary is necessary after changing these fields for the configuration to take effect. -
Change: APIExt would previously allow for TLS 1.0 connections. We have updated it to now only use
a minimum TLS version of 1.3 to resolve security concerns. -
Change: - Update default image to Emissary-ingress v3.9.0.
-
Bugfix: The APIExt server provides CRD conversion between the stored version v2 and the version
watched for by Emissary-ingress v3alpha1. Since this component is required to operate
Emissary-ingress, we have introduced an init container that will ensure it is available before
starting. This will help address some of the intermittent issues seen during install and
upgrades.