3 min • read

The Emissary-ingress container

To give you flexibility and independence from a hosting platform's uptime, you can pull the ambassador and aes images from any of the following registries:

  • docker.io/datawire/
    • Note: In rare occasions, you may experience rate limits when using Docker Hub. See this page to learn how to deal with them.
  • quay.io/datawire/
  • gcr.io/datawire/

For an even more robust installation, consider using a local registry as a pull through cache or configure a publicly accessible mirror.

Environment variables

Use the following variables for the environment of your Emissary-ingress container:

PurposeVariableDefault valueValue type
CoreAMBASSADOR_ID[ "default" ]List of strings
CoreAMBASSADOR_NAMESPACEdefault (1)Kubernetes namespace
CoreAMBASSADOR_SINGLE_NAMESPACEEmptyBoolean; non-empty=true, empty=false
CoreAMBASSADOR_LEGACY_MODEfalseBoolean; Go strconv.ParseBool
CoreAMBASSADOR_FAST_RECONFIGUREfalseEXPERIMENTAL -- Boolean; true=true, any other value=false
CoreAMBASSADOR_UPDATE_MAPPING_STATUSfalseBoolean; true=true, any other value=false
CoreAMBASSADOR_DISABLE_SNAPSHOT_SERVERfalseBoolean; non-empty=true, empty=false
CoreAMBASSADOR_JSON_LOGGINGfalseBoolean; non-empty=true, empty=false
CoreAMBASSADOR_FORCE_SECRET_VALIDATIONfalseBoolean: true=true, any other value=false
Ambassador Edge StackAES_LOG_LEVELwarnLog level
Developer PortalDEVPORTAL_CONTENT_URLhttps://github.com/datawire/devportal-contentgit-remote URL
Developer PortalDEVPORTAL_CONTENT_DIR/Rooted Git directory
Developer PortalDEVPORTAL_CONTENT_BRANCHmasterGit branch name
Developer PortalPOLL_EVERY_SECS60Integer
EnvoySTATSD_ENABLEDfalseBoolean; Python value.lower() == "true"
EnvoyDOGSTATSDfalseBoolean; Python value.lower() == "true"

Log level names are case-insensitive. From least verbose to most verbose, valid log levels are error, warn/warning, info, debug, and trace.

Port assignments

Emissary-ingress uses the following ports to listen for HTTP/HTTPS traffic automatically via TCP:

8001envoyInternal stats, logging, etc.; not exposed outside pod
8002wattInternal watt snapshot access; not exposed outside pod
8003ambexInternal ambex snapshot access; not exposed outside pod
8004diagdInternal diagd access when AMBASSADOR_FAST_RECONFIGURE is set; not exposed outside pod
8005snapshotExposes a scrubbed Emissary-ingress snapshot outside of the pod
8080envoyDefault HTTP service port
8443envoyDefault HTTPS service port
8877diagdDirect access to diagnostics UI; provided by busyambassador entrypoint when AMBASSADOR_FAST_RECONFIGURE is set

  1. This may change in a future release to reflect the Pods's namespace if deployed to a namespace other than default. https://github.com/emissary-ingress/emissary/issues/1583