Welcome

Welcome to the Ocelot 24.1 documentation!

It is recommended to read all Release Notes if you have deployed the Ocelot app in a production environment and are planning to upgrade to major, minor or patched versions.

Release Notes

Release Tag: 24.1.0

Release Codename: Globality

In this minor release, the Ocelot team put the spotlight on the Configuration feature as part of their semi-annual 2025 effort, with a particular focus on the Global Configuration Schema. This release enhances support for global configurations across both routing modes: the classic static Routing and the service discovery-based Dynamic Routing.

The updated documentation highlights the deprecation of certain options through multiple notes and warnings. This deprecation process will be completed in the upcoming .NET 10 release. With the Obsolete attributes in place, C# developers will notice several warnings in the build logs during compilation.

On top of that, this release brings a great enhancement to the Kubernetes (K8s) provider, also known as the Ocelot.Provider.Kubernetes package.

What’s New?

• Configuration: The “Dynamic routing global configuration” feature has been redesigned by @raman-m and contributors.

  This update brings changes to the Dynamic Route Schema and Global Configuration Schema, while the Route Schema stays the same apart from deprecation updates. All work was coordinated under issue 585, which addressed the challenges of configuring Ocelot’s most popular features globally before version 24.1, when dynamic routing gained global configuration partial support, but static routing mostly lacked it. A key outcome of 585 is the ability to override global configuration options within the DynamicRoutes collection. This ongoing issue will continue to require attention, as adapting static route global configurations for dynamic routing is complex and, in some cases, impossible. This will be a challenge for future Ocelot releases and the community.

• Kubernetes (K8s) : The “Kubernetes provider based on watch requests” feature by @kick2nick in pull request 2174.

  The Ocelot.Provider.Kubernetes package now features a new WatchKube provider for Kubernetes service discovery. This provider is a great fit for high-load environments where the older Kube and PollKube providers struggle to handle heavy traffic, often leading to increased log errors, HTTP 500 issues, and potential Ocelot instance failures. WatchKube is the next step in the evolution of these providers, leveraging the reactive capabilities of the KubeClient API. For guidance on choosing the right provider for your Kubernetes setup, check out the “Comparing providers” section.

• Configuration: The “Routing default timeout” feature by @hogwartsdeveloper in pull request 2073.

  In the past, the Timeout setting in the Route Schema did not actually stop requests, defaulting instead to a fixed 90 seconds. Custom timeouts were handled using the Quality of Service Timeout strategy, and this only applied if Polly and the Ocelot.Provider.Polly package were used. Now, the Timeout option (in seconds) can be set at the route, global, and QoS levels. The Global Configuration Schema and Dynamic Route Schema also include the new Timeout setting, making it possible to configure default timeouts for dynamic routing as well.

• Quality of Service: The “FailureRatio and SamplingDuration parameters of Polly V8 circuit-breaker” feature by @RaynaldM in pull request 2081.

  Starting with version 24.1, two new options in QoSOptions Schema, FailureRatio and SamplingDuration, let you fine-tune the behavior of the Circuit Breaker strategy. Both can be configured globally, even with dynamic routing.

  Note

  The DurationOfBreak, ExceptionsAllowedBeforeBreaking, and TimeoutValue options are now deprecated in 24.1, so check the “QoSOptions Schema” documentation for details.

What’s Updated?

• Configuration: Several File-model options have been deprecated by @raman-m.

  The updated docs now highlight these deprecated options with multiple notes and warnings. The 24.1 deprecation process will wrap up in the upcoming .NET 10 release. Due to the Obsolete attributes, C# developers will notice several build warnings during compilation.

• Testing: The Ocelot.Testing project was deprecated by @raman-m in pull request 2295.

  The project was removed from the main repo and moved to its own Ocelot.Testing repository. This change allows the Ocelot.Testing package to be shared independently for delivery of extension packages. The Ocelot team also plans to deprecate more projects and move them to separate repos because: a) despite the fact that a monorepo enables faster builds and quicker delivery; b) but the release process can be delayed by missing versions of integrated libraries in extension packages. The goal is for the Ocelot repo to only contain essential projects, avoiding delays caused by integrated package release schedules. Legacy or abandoned integrated packages should be deprecated and maintained in their own repos with independent release cycles.

• Headers Transformation: Added global configuration by @marklonquist in pull request 1659.

  The Global Configuration Schema now includes new DownstreamHeaderTransform and UpstreamHeaderTransform options. These work only with static routes, meaning the Routes collection (see Route Schema). They are not supported for dynamic routes because they are not part of the Dynamic Route Schema, and Ocelot Core does not read global configuration of this feature in dynamic routing mode. This is noted in the Roadmap documentation.

• Authentication: Added global configuration by @jlukawska in pull request 2114.

  The Global Configuration Schema now includes a new AuthenticationOptions property for setting up static routes globally. This also introduces the AllowAnonymous boolean option within AuthenticationOptions to control static route authentication. Later, pull request 2336 extended global authentication support to dynamic routes.

  Note

  The AuthenticationProviderKey option is deprecated in version 24.1—see the “AuthenticationOptions Schema” documentation for details.

• Rate Limiting: Re-designed global configuration by @MiladRv and @raman-m in pull request 2294.

  The Global Configuration Schema now includes a new RateLimitOptions property for both static and dynamic routes. Previously, global configuration was available through RateLimitOptions in dynamic routing mode, while route overriding used the now-deprecated RateLimitRule from the Dynamic Route Schema.

  This marks the second major overhaul of the Rate Limiting feature since the first update in pull request 1592. A new Wait option has been added, replacing the deprecated PeriodTimespan, to enhance the Fixed Window algorithm. The full list of deprecated options can be found in the “Deprecated options” documentation.

• Load Balancer: Added global configuration by @raman-m in pull request 2324.

  The Global Configuration Schema now includes a new LoadBalancerOptions property for both static and dynamic routes. Previously, global configuration was available through LoadBalancerOptions in dynamic routing mode without dynamic route overrides. Starting with version 24.1, the Dynamic Route Schema also supports LoadBalancerOptions for overriding, and global configuration for static routes is now supported as well.

• Caching: Added global configuration by @raman-m in pull request 2331.

  The Global Configuration Schema now includes a new CacheOptions property for both static and dynamic routes. Global configuration has been available for static routes since version 23.3, but starting with version 24.1, the Dynamic Route Schema also supports CacheOptions for overriding.

  Note

  The FileCacheOptions property in the Route Schema (static routes) is deprecated in version 24.1. For more details, see the caching Configuration documentation.

• Http Handler: Added global configuration by @raman-m in pull request 2332.

  The Global Configuration Schema now includes a new HttpHandlerOptions property for both static and dynamic routes. Previously, global configuration was available through HttpHandlerOptions in dynamic routing mode without dynamic route overriding. Starting with version 24.1, the Dynamic Route Schema also supports HttpHandlerOptions for overriding, and global configuration is now available for static routes as well.

• Authentication: Added global configuration by @raman-m in pull request 2336.

  The Global Configuration Schema now includes a new AuthenticationOptions property for both static and dynamic routes. Starting with version 24.1, the Dynamic Route Schema also supports AuthenticationOptions to override global settings.

  Note

  The AuthenticationProviderKey option is deprecated in version 24.1, so check the “AuthenticationOptions Schema” documentation for details.

• Quality of Service: Added global configuration by @raman-m in pull request 2339.

  The Global Configuration Schema now includes a new QoSOptions property for both static and dynamic routes. Previously, global configuration was available through QoSOptions in dynamic routing mode without the option for dynamic route overrides. Starting with version 24.1, the Dynamic Route Schema supports QoSOptions for overriding, and global configuration support is now available for static routes as well.

  Note

  The DurationOfBreak, ExceptionsAllowedBeforeBreaking, and TimeoutValue options are deprecated in version 24.1. For details, see the “QoSOptions Schema” documentation.

• DevOps: Stabilized tests and reviewed GH-Actions workflows by @raman-m in pull requests 2342 and 2345.

  These efforts kept the CI/CD builds in GitHub Actions stable, targeting the alpha release of version 24.1. The CI/CD environment was set up and tested GH-Actions workflows in advance for the beta release, which is the goal of pull request 2347.

Patches Included

• Websockets: Issue 930 patch by @hogwartsdeveloper in pull request 2091.

  This update removes the troublesome System.Net.WebSockets.WebSocketException from logs, preventing Ocelot from running into 500 status disasters. The issue stemmed from client-side or network events that Ocelot’s WebSocketsProxyMiddleware could not anticipate on the server side. The patch now checks for incorrect connection statuses, attempting to close the connection and end server-side tasks gracefully without errors.

• Kubernetes (K8s) : Issue 2304 patch by @raman-m in pull request 2335.

  This update fixes the PollKube provider to address a bug with the first cold request, where the winning thread got an empty collection before the initial callback was triggered. The solution is to call the integrated discovery provider for the first cold request when the queue is empty.

• Authorization: Issue 913 patch by @mehyaa in pull request 1478.

  Starting with version 24.1, Ocelot now supports RFC 8693 (OAuth 2.0 Token Exchange) for the ‘scope’ claim in the ScopesAuthorizer service, also referred to as the IScopesAuthorizer service in the DI container. This is noted in the “Allowed Scopes” documentation (see the first note).

Contributing

Pull requests, issues, and commentary are welcome at the Ocelot GitHub repository. For ideas and questions, please post them in the Ocelot Discussions space.

Our Development Process is a part of successful Release Process. If you are a new contributor, it is crucial to read Development Process attentively to grasp our methods for efficient and swift feature delivery. We, as a team, advocate adhering to Best Practices throughout the development phase.

We extend our best wishes for your successful contributions to the Ocelot product!