January 21, 2020
Breaking changes
After a period of deprecation, we have removed the list-versions
and update
commands from apoctl
.
New features
Web interface redesign
We’ve redesigned the web interface. Some of the highlights include:
- Better login page
- New getting started with helpful links
- Most common features moved to the top of the left menu
- More consistent toolbars
Arguments added to SSH command logs
The logs of the SSH commands issued by users now include the arguments.
Webhook automation usability improvements
The web interface now prevents users from creating malformed webhook automations.
- It no longer allows users to specify conditions.
- It allows only a single action.
- The Edit Action dialog provides better stub code.
Streamlined web interface logins
Instead of clicking through several screens each time you log into the Aporeto web interface, you can now provide your selections in the URL itself.
Syntax
https://console.aporeto.com/login/?namespace=/<NAMESPACE>&authmethod=<METHOD>&provider=<NAME>
Example
https://console.aporeto.com/login/?namespace=/acme/team-a&authmethod=oidc&provider=okta
After constructing the appropriate URL, you can bookmark it in your browser for much faster and easier logins.
Reduced latency
The latest enforcer includes a new ENFORCERD_COMPRESSED_TAGS
option that reduces latency.
We recommend this option for all new installs and have updated the install instructions to enable it by default.
IMPORTANT
If you wish to upgrade your enforcers to use this new tag, ensure that you upgrade all of your enforcers. Enforcers compressing tags cannot communicate with enforcers not compressing tags.
Support for identity providers with private certificate authorities
You can now authenticate SSH and control plane users against OpenID Connect (OIDC) identity providers that use private certificate authorities (CAs). Aporeto provides a new option to supply the PEM-encoded SSL certificate of the identity provider’s CA during the configuration. If the identity provider uses a well-known, trusted CA, you can leave the field blank.
New Services tab
After clicking on a flow in the Platform pane, you can now view details of any services or proxies involved in the flow in a new Services tab. These details include HTTP methods and resources, if applicable.
Control plane performance and reliability improvements
We’ve continued to tune the control plane for optimal performance and reliability at scale. This release includes the following enhancements.
- Better API gateway response times through use of TCP fast open and other low-level optimizations
- Significant reduction in the number of processing unit pokes
- Flow logs transmitted in batches for improved fault tolerance
- Strategic use of caches
- Ensuring that critical services have necessary resources and scale up as needed
Known issue
Red Hat Enterprise Linux 8+ requires special configuration to work with the SSH access control feature. If you require this distribution, contact us for assistance.