- Features and Benefits
- Using Ambassador Edge Stack in Your Organization
- Ambassador Edge Stack vs. Other Software
- Certified Builds
- Ambassador Edge Stack Architecture
- Ambassador Edge Stack Deployment Architecture
- Continuous Delivery, Declarative Config, and GitOps
- Microservices API Gateways
- Rate Limiting Concepts
- Self-Service Routing and Deployment Control
- Safely Testing in Production
- OAuth & OIDC Overview
- Why Ambassador Edge Stack Uses Envoy Proxy (External Link)
- Configuring Ambassador Edge Stack
- Mapping Services
- Canary Releases
- Circuit Breakers
- Cross Origin Resource Sharing
- Header-based routing
- Host Header
- Host CRD
- Prefix Regex
- Rate Limits
- Remove Request Headers
- Remove Response Headers
- Add Request Headers
- Add Response Headers
- Automatic Retries
- Routing TCP Connections
- Traffic Shadowing
- Developer Portal
- Filter Reference
- Statistics and Monitoring
The Ambassador Edge Stack is configured in a declarative fashion, using YAML manifests to describe the state of the world. As with Kubernetes, the Ambassador Edge Stack's manifests are identified with
name. The current
getambassador.io/v2; some of the currently-supported
Modulemanifests configure things that apply to the Ambassador Edge Stack as a whole. For example, the
ambassador Modulecan define listener ports, and the
tlsModule can configure TLS termination for the Ambassador Edge Stack.
AuthServicemanifests configure the external authentication service[s] that the Ambassador Edge Stack will use.
RateLimitServicemanifests configure the external rate limiting service that Ambassador Edge Stack will use.
TracingServicemanifests configure the external tracing service that the Ambassador Edge Stack will use.
Mappingmanifests associate REST resources with Kubernetes services. The Ambassador Edge Stack must have one or more mappings defined to provide access to any services at all.
TLSContextmanifests control the TLS configuration options for a number of different use cases.
Ingressmanifests allows you to use Ambassador as a Kubernetes ingress controller. See the provided documentation on configuration with Ambassador, and review the Kubernetes documentation for detailed information on the
LogServicemanifests configure centralized access logging.
TCPMappingmanifests associate TCP mappings with Kubernetes services.
For an exhaustive list, see the CRDs page.
Note that each of these
kinds are supported as both annotations and as CRDs.
The Ambassador Edge Stack assembles its configuration from YAML blocks that may be stored:
- as Custom Resource Definitions on Kubernetes
services (this is the recommended technique);
- as data in a Kubernetes
- as files in the Ambassador Edge Stack's local filesystem.
The data contained within each YAML block is the same no matter where the blocks are stored, and multiple YAML documents are likewise supported no matter where the blocks are stored.
The Ambassador Edge Stack's configuration is assembled from multiple YAML blocks, to help enable self-service routing and make it easier for multiple developers to collaborate on a single larger application. This implies a few things:
Ambassador Edge Stack's configuration should be under version control.
While you can always read back the Ambassador Edge Stack's configuration from
annotations or its diagnostic service, the Ambassador Edge Stack will not do versioning for you.
Be aware that the Ambassador Edge Stack tries to not start with a broken configuration, but it's not perfect.
Gross errors will result in the Ambassador Edge Stack refusing to start, in which case
kubectl logswill be helpful. However, it's always possible to e.g. map a resource to the wrong service, or use the wrong
rewriterules. The Ambassador Edge Stack can't detect that on its own, although its diagnostic pages can help you figure it out.
Be careful of mapping collisions.
If two different developers try to map
/user/to something, this can lead to unexpected behavior. The Ambassador Edge Stack's canary-deployment logic means that it's more likely that traffic will be split between them than that it will throw an error -- again, the diagnostic service can help you here.
Note: Unless specified, mapping attributes cannot be applied to any other resource type.