In cloud-native organizations, developers frequently take on responsibility for the full development lifecycle of a service, from development to QA to operations. Emissary-ingress was specifically designed for these organizations where developers have operational responsibility for their service(s).
As such, the Emissary-ingress is designed to be used by both developers and operators.
Emissary-ingress is built from the start to support self-service deployments -- a developer working on a new service doesn't have to go to Operations to get their service added to the mesh, they can do it themselves in a matter of seconds. Likewise, a developer can remove their service from the mesh, or merge services, or separate services, as needed, at their convenience. All of these operations are performed via Kubernetes resources or annotations, so they can easily integrate with your existing development workflow.
Canary deployments are an essential component of cloud-native development workflows. In a canary deployment, a small percentage of production traffic is routed to a new version of a service to test it under real-world conditions. Emissary-ingress allows developers to easily control and manage the amount of traffic routed to a given service through annotations. This tutorial covers a complete canary workflow using the Emissary-ingress.
Emissary-ingress relies entirely on Kubernetes for reliability, availability, and scalability. For example, Emissary-ingress persists all state in Kubernetes, instead of requiring a separate database. Scaling the Emissary-ingress is as simple as changing the replicas in your deployment, or using a horizontal pod autoscaler.
Emissary-ingress uses Envoy for all traffic routing and proxying. Envoy is a modern L7 proxy that is used in production at companies including Lyft, Apple, Google, and Stripe.
Emissary-ingress fully supports gRPC and HTTP/2 routing, thanks to Envoy's extensive capabilities in this area. See gRPC and Emissary-ingress for more information.
Emissary-ingress integrates with the Istio service mesh as the edge proxy. In this configuration, Emissary-ingress routes external traffic to the internal Istio service mesh. See Istio and Emissary-ingress for details.
Emissary-ingress supports authenticating incoming requests using a custom authentication service. When configured, the Emissary-ingress will check with your external authentication service prior to routing an incoming request. For more information, see the authentication guide.
Emissary-ingress supports rate limiting incoming requests. When configured, the Emissary-ingress will check with a third party rate limit service prior to routing an incoming request. For more information, see the rate limiting guide.
Emissary-ingress includes a diagnostics service so that you can quickly debug issues associated with configuring the Emissary-ingress. For more information, see running Emissary-ingress in Production.