The Ambassador Edge Stack is a family of products that provides a comprehensive solution for your Kubernetes edge needs. The family contains the Edge Stack API Gateway, Developer Portal, and Service Preview.

API Gateway

The Edge Stack API Gateway takes the capabilities of the Ambassador API Gateway and adds authentication and security among other capabilities. The Edge Stack API Gateway includes:

Ingress Controller for Kubernetes

Edge Management

Traffic Management

Service Mesh

Security and Authentication

Delivery Accelerator

With the Delivery Accelerator, teams can rapidly build version 0 and eliminate friction in the inner and outer development loops to deliver business value sooner.

Service Preview

MicroCD Pipeline

Integration with CI/CD

Developer Portal

The Ambassador Edge Stack includes an API catalog, Swagger/OpenAPI documentation support, and a fully customizable developer portal.

Developer Portal

API Gateway Modules and Features

Ingress Controller for Kubernetes

Routing traffic into your Kubernetes cluster requires modern traffic management. The Ambassador Edge Stack is a modern Kubernetes ingress controller that supports a broad range of protocols including gRPC and gRPC-Web, supports TLS termination, and provides traffic management controls for resource availability.

Learn about Kubernetes Ingress

Protocol Support

Microservices today communicate using a wide variety of protocols. The Ambassador Edge Stack supports a broad range of protocols.

Read the Docs:


HTTP/1.0, HTTP/1.1, HTTP/2 →

gRPC, gRPC-Web →

WebSockets →

Cross-Origin Resource Sharing

Ambassador lets users request resources (e.g., images, fonts, videos) from domains outside the original domain.

Read the Docs:

Cross-Origin Resource Sharing (CORS) →


Provide a crucial layer of privacy and security protection for end users with HTTPS.

Read the Docs:

TLS Termination →

Kubernetes Integration

The Ambassador Edge Stack supports the Kubernetes Ingress specification and can therefore act as a Kubernetes ingress controller. Ambassador's declarative configuration model extends the Kubernetes workflow and minimizes the learning curve for new users.

Read the Docs:

Ingress support →

RBAC support →

CRD-based configuration →

Edge Management

The Ambassador Edge Stack empowers developers and DevOps teams with self-service functionality for managing changes to routing. This includes a declarative policy engine, CRD configurations, an optional UI, and integrations for distributed tracing and observability.

Declarative Policy Engine

Ambassador takes advantage of Kubernetes Custom Resource Definitions (CRDs) to provide a declarative configuration workflow that is idiomatic with Kubernetes.

Read the Docs:

Declarative Configuration →

Kubernetes Integration →

Edge Policy Console

The Edge Policy Console works seamlessly with the Kubernetes API to give platform engineers and developers the ability to easily configure, manage, and visualize edge policies with the ease-of-use and visibility of a graphical interface.

Read the Docs:

Edge Policy Console →

Distributed Tracing Integrations

Distributed Tracing is a powerful tool to debug and analyze your system in addition to request logging and metrics. Ambassador integrates with external trace visualization services and Zipkin-compatible APIs, like Jaeger.

Read the Docs:

Lightstep →

Zipkin →

Datadog →

Observability Integrations

The Ambassador Edge Stack exposes statistics via the ubiquitous and well-tested StatsD protocol. Ambassador makes it easy to direct this information to a statistics and monitoring tool of your choice.

Read the Docs:

Graphite →

Prometheus →

Traffic Management

Microservices may crash, but your application shouldn’t. The Ambassador Edge Stack includes support for automatic retries, timeouts, circuit breakers, and rate limiting to maximize application availability.

Load Balancing

Load balancing allows you to maximize the scalability and availability of your application by efficiently distributing network traffic among backend services. Ambassador supports the following load balancing techniques

Read the Docs:

Round Robin →

Sticky Sessions →

Least Request →

Circuit Breaking

Circuit breakers limit the blast radius of an overloaded service by preventing additional connections or requests to an overloaded service.

Read the Docs:

Circuit Breakers →

Automatic Retries →

Progressive Delivery

Manipulate production traffic for testing features before release with Ambassador Edge Stack’s traffic management controls.

Read the Docs:

Canary Releases →

Header-based routing →

Traffic Shadowing →

Service Mesh

Ambassador natively supports service meshes for service discovery, end-to-end TLS, and observability.

Learn more about Multi-Cluster Kubernetes

Service Mesh Integrations

Ambassador has integrations and close relationships with top Service Mesh providers.

Read the Docs:

Consul →

Istio →

LinkerD →

Multi-Cluster Support

Ambassador works with LinkerD to allow organizations to quickly and easily deploy their application in a way that spans multiple clusters.

Read the Docs:

Multi-Cluster Support

Secure and Authentication

The Ambassador Edge Stack makes securing microservices easy with a comprehensive set of security functionality, including automatic TLS, authentication, rate limiting, WAF integration, and fine-grained access control.


Secure access to your services and integrate with popular identity providers. Declare access control policies and control who has access to specific services.

Read the Docs:

Single Sign-On with OAuth/OIDC →

Session Management →

JWT Validation →

Multi-Domain Authentication →

Access Control →

WAF Integration

The Ambassador Edge Stack integrates with Signal Sciences Next-Gen WAF to screen for all incoming traffic at the cluster edge.

Read the Docs:

Signal Sciences and Ambassador →

Learn More:

Announcement →

Rate Limiting

Ensure your services remain available, even when under heavy load.

Read the Docs:

Global Rate Limiting →

Per-User Rate Limiting →

SNI and Automatic HTTPS

The Ambassador Edge Stack enables automatic TLS setup via ACME integration and serving multiple Hosts behind a single IP address, each with their own certificate

Read the Docs:

Automatic HTTPS →

Server Name Indication (SNI) →

Custom Request Filters

Custom request filters allow you to execute custom logic in Filters. Inspect or validate an incoming request, and add custom Authorization headers.

Read the Docs:

Custom Request Filters →

Delivery Acclerator Modules and Features

Local Development

Constant container deployments complicate the inner development loop. Preview microservice changes locally as if they are in the shared dev cluster without affecting the work of their peers.

Service Preview

Service Preview leverages Telepresence and the fine-grained layer 7 routings available with the Ambassador Edge Stack to accelerate the inner development loop.

Read the Docs:

Service Preview →

Learn More:

Demo Video →

Four Approaches for Microservice Testing & Inner Dev Loops →

CI/CD Pipeline

The MicroCD Pipeline feature enables developers to stand up version 0 of their services. Once you confirm the infrastructure and start making improvements, you can switch to using a CI/CD solution like Jenkins X or continue using the MicroCD Pipeline for smaller, low-risk services.

MicroCD Pipeline

The MicroCD Pipeline feature supports enables developers to build and deploy containers directly from GitHub code. Teams can leverage the Kubernetes edge to stand up dancing skeletons or version 0 of their services to confirm the infrastructure or services that are smaller or temporary.

Read the Docs:

Deploying to Kubernetes from Github →

Learn More:

MicroCD Pipeline Demo Video →

Integration with CI/CD Solutions

Ambassador integrates with popular CI/CD solutions such as Jenkins X.

Read the Docs:

Continuous Delivery, GitOps, and Declarative Configuration →

Learn More:

Webinar: Securing Apps Deployed via Jenkins X Using Ambassador →

Developer Portal Modules and Features

Developer Portal

Your developer community, both internal and external, needs to understand your APIs. The AES includes an API catalog, Swagger/OpenAPI documentation support, and a fully customizable developer portal.

Developer Portal

The Developer Portal gives your developers a central self-service hub for your APIs. With the Developer Portal, developers are able to onboard and start using your APIs right away.

Read the Docs:

Real-Time Catalog →

Swagger/OpenAPI Support →

Developer Documentation →

Fully Customizable →