Changelog — Agent Proxy Enhancements

Multi-Credential Provider Terraform support and Prometheus metrics now available

October 8, 2024

Aembit regularly releases new enhancements and improvements to Aembit Edge and Aembit Cloud components to provide additional features and functionality for your Aembit environment.

The following four new major features have been released:

• Terraform Provider support for Access Policies with Multiple Credential Providers
• Admin Dashboard enhancements and improvements
• Exposure of Prometheus-compatible Aembit Edge metrics
• Updated Edge Component Versions

Terraform Provider Support for Access Policies with Multiple Credential Providers

Aembit has released a Terraform Provider update that enables users to add multiple Credential Providers to an Access Policy.

Aembit now supports use cases where the Aembit Terraform Provider can manage Aembit Access Policies associated with individual or multiple Credential Providers.

For more information about this feature, please see the Multiple Credential Providers - Terraform page.

Admin Dashboard Enhancements and Improvements

Aembit continually makes improvements and enhancements to the Admin Dashboard to provide greater visibility and insight into your Aembit environment.

The Admin Dashboard has been updated and enhanced with additional tiles and panels that provide detailed information on Client and Server Workloads, Credential Usage by Type, the number of Access Condition failures based on Access Policies over the past 24 hours, and several other visualizations.

For more information on the Admin Dashboard and these additional panels, please see the Admin Dashboard Overview page.

Exposure of Prometheus-compatible Aembit Edge Metrics

Aembit aims to provides users with the ability to view detailed Aembit Edge metrics and data.

Aembit now exposes Prometheus-compatible metrics which enables users to view, and troubleshoot Aembit Edge Components (Agent Proxy, Agent Controller, and Agent Injector), while supporting both Kubernetes and virtual machine deployment models.

For more detailed information on how Aembit exposes Prometheus-compatible metrics, please see the Aembit Edge Prometheus-compatible Metrics page.

Aembit Edge Components Update

Aembit Edge Components have been updated to newer versions to improve overall performance and functionality.

The following components and packages have been updated:

• Helm Chart
• Terraform ECS Module
• AWS Lambda Extension
• VM Artifacts
• Agent Controller
• Agent Proxy

For the latest available versions of these components, please see the Edge Components Supported Versions page.

Tags:

• Enhancement
• Access Policy
• Administration
• Agent Proxy

Helm Chart fix for Edge components

September 20, 2024

Aembit Edge Components are regularly updated to newer versions to address specific bug fixes and optimize performance of these components.

We recently identified a known issue that was resolved with a new Helm Chart version.

For the latest available versions of these components, please see the Edge Components Supported Versions page.

Tags:

• Enhancement
• Agent Proxy

Edge components release with Agent Proxy idle timeout fix

September 5, 2024

Aembit Edge Components are updated on a regular basis to include new features, functionality, and package improvements.

Aembit has released new versions of the following components and packages:

• Helm Chart
• Terraform ECS Module
• VM Artifacts
• AWS Lambda
• Agent Proxy

Agent Proxy has been updated to address a specific issue related to idle timeouts for HTTP persistent connections (currently 1 hour). If no new request comes over a connection, the request will be closed by Agent Proxy.

For the latest available versions of these components, please see the Edge Components Supported Versions page.

Tags:

• Enhancement
• Agent Proxy

Agent Proxy now injected as a native Kubernetes sidecar

August 9, 2024

Kubernetes recently introduced support for native sidecar containers. Aembit now leverages this model for the Agent Proxy, where possible.

Aembit now automatically injects the Agent Proxy as a native sidecar, allowing init container Client Workloads.

This change only applies to Kubernetes deployments of version 1.29 and above.

For more information on how you can use Agent Proxy as a sidecar to support init containers, please see the Kubernetes Deployment page.

Tags:

• Enhancement
• Agent Proxy

Aembit Edge Terraform module and ECS TLS support now available

July 29, 2024

Aembit has released two major enhancements to Aembit Edge Components: Aembit Edge Terraform Module for AWS ECS, and ECS TLS support.

Aembit ECS Terraform Registry

Aembit releases updates to the Aembit ECS Terraform Registry on a regular basis to provide users with additional features and functionality, including improvements to Agent Proxy and Agent Controller.

For more information on the latest ECS Terraform Registry release, please see the Aembit Terraform Registry page.

ECS TLS Support

Aembit has released an ECS deployment enhancement that enable Transport Layer Security (TLS) between the Agent Proxy and Agent Controller using Aembit-provided Private Key Infrastructure (PKI).

There is no option to use your own PKI for ECS deployments.

Tags:

• Enhancement
• Agent Proxy
• Agent Controller

Non-root Aembit containers and configurable Agent Proxy file descriptor limits

June 5, 2024

Aembit has released two new feature updates that enhance existing Aembit functionality.

Aembit Containers

All injected Aembit containers are now run as non-root users.

Agent Proxy File Descriptor Limits

Users may configure limits for the number of file descriptors Agent Proxy is allowed to open on a VM. You may configure this number when Agent Proxy is installed (using the AEMBIT_FD_LIMIT flag).

virtual machines

• Default Limit - 65535, set by Agent Proxy installer

• Configuration - This limit is configurable via the AEMBIT_FD_LIMIT environment variable. This value is passed directly to systemd in Agent Proxy’s service file at the time of installation.

• Example - AEMBIT_FD_LIMIT=200000 [...] ./install

Kubernetes

• Default Limit - This limit is inherited from container runtime.

• Configuration - There is no official support without modifying the underlying runtime. For more information on configuring these limits, please see the Kubernetes limits support GitHub thread.

AWS ECS

• Default Limit - 1024

• Configuration - This limit is configurable via the ECS Task Definition API or ECS Dashboard. Please refer to the AWS ECS Developer Guide for more detailed information on how to configure these limits.

AWS Lambda

• Default Limit - 1024

• Configuration - This limit is not configurable. For more information, please refer to the AWS Lambda Developer Guide.

Tags:

• Enhancement
• Agent Proxy

Graceful Agent Proxy shutdown for sidecars

May 15, 2024

In some cases, you may find it necessary to manually shut down Agent Proxy when the main container exits, but a sidecar is still running. Since you may not want to kill the whole job, since it will look like a cancelled job, Aembit now provides a solution that enables you to gracefully terminate the job while allowing the sidecar to still run.

For more detailed information on this feature, please refer to the Agent Proxy Shutdown page.

Tags:

• Enhancement
• Agent Proxy

TLS support between Agent Proxy and Agent Controller

March 11, 2024

Aembit now supports secure communication between Agent Proxy and Agent Controller using Transport Layer Security (TLS) for both Kubernetes and virtual machine deployments.

For more information on how to configure TLS for Agent Controller, please refer to the Configuring TLS for Agent Controller documentation.

Tags:

• Enhancement
• Agent Proxy
• Agent Controller

← Previous

1. 1
2. 2

Next →