Docker Compose, WAF, and More!
Telepresence 2.14 supports a hybrid remote and local workflow with Docker Compose; Edge Stack 3.7 includes a built-in WAF for security.
It’s summer, and our engineering teams are bringing the heat! We’re proud to announce Telepresence 2.14 with support for Docker Compose, which allows you to use Telepresence to connect to clusters and intercept within a Compose context. There are also other improvements in Telepresence 2.14, including
- Pod Daemons — commercial only
- Routing conflict reporting — commercial and OSS
- Excluding env variables when intercepting — commercial and OSS
You’ve gotta stay safe in the summer sun, so stay hydrated, wear sunscreen, and turn on the new WAF feature in Edge Stack 3.7.0. Edge Stack WAF uses Coraza to provide a turn-key solution edge security solution. Additionally, we’re shipping these improvements:
- ExternalFilters get support for configuring TLS settings
- Upgrade to Envoy v1.26.1 — this is the only change in Emissary-Ingress 3.7.0
Read on for more!
Telepresence 2.14
Telepresence for Docker Compose
We’ve shipped several integrations with Docker tools in the recent future:
- CLI flag –docker that allows building and directing intercept traffic to a container
- Docker Desktop extension that empowers devs to quick-start with Telepresence and their containers directly in the Docker Desktop GUI
Joining those now is Telepresence for Docker Compose. This feature enables running Telepresence within the context of a Compose environment created with docker-compose up.
This facilitates lots of new and exciting hybrid development scenarios! You can start with an existing Compose file and just get connected to the cluster. As you get comfortable with Telepresence, you can start moving towards a hybrid workflow and shrink your compose file (and your laptop’s resource usage) by shifting dependencies to your cluster while maintaining a familiar development environment. If you’re currently connecting to a remote database using telepresence connect but would rather run a local test database while keeping the rest of the services remote, Telepresence for Docker Compose allows for that.
Pod Daemon
The new Pod Daemon feature runs Telepresence as a sidecar with your application rather than running on a developer laptop, enabling deployment previews! Do a blue/green deployment with the new deployment using a pod daemon, and you can talk directly to the preview version the same way you can reach a developer’s laptop using Personal Intercepts.
Exclude environment variables
Telepresence allows developers to retrieve the environment variables of a deployment they are intercepting and have them stored locally, such as in a .env file, so that the local version of their app has access to the same values as the cloud version. But that can be a security concern if the cloud version has database passwords or similar values that should not be on a developer’s laptop. Now specific variables can be excluded from the retrieval to improve security.
Routing conflict reporting
Telepresence will now attempt to detect and report routing conflicts with other running VPN software on client machines. There is a new configuration flag that can be tweaked to allow certain CIDRs to be overridden by Telepresence.
Edge Stack and Emissary-Ingress 3.7
WAF
One of our most-requested features is here: adding additional security capabilities to Edge Stack! By applying two simple CRDs with sane defaults our team maintains, you add a WAF to the edge of your cluster that offers OWASP Top 10 protection and PCI 6.6 compliance at the edge of your cluster. You can also customize the ruleset using Coraza’s SecLang and provide it via a URL, file, or ConfigMap. So whether you’re at a startup that needs a low-maintenance solution or on a security team implementing defense in depth, we’ve got you covered. Along with the existing authentication, rate-limiting, and custom filtering features, Edge Stack continues to enable your developers and the safety of your data.
ExternalFilter TLS settings configuration
For organizations with very specific internal TLS configurations, Edge Stack can now speak to external AuthServices using custom TLS certificates.
Envoy v1.26.1
Both Edge Stack and Emissary-Ingress benefit from an upgrade to a newer Envoy version, which provides security, performance, and feature enhancements.
Try the Latest Releases Today
- Telepresence for Docker Compose is available by upgrading to the latest Telepresence version. You can also read through the full release notes for the OSS and commercial versions.
- Edge Stack WAF is available by upgrading to the latest version of Edge Stack by installing the latest Helm chart or updating the image in your YAML files. You can also read through the full release notes.
Learn More at Feature Friday
You can see demos of Telepresence for Docker Compose and the new Edge Stack WAF at our inaugural Feature Friday webinar! RSVP here to see them in action.
