- Features and Benefits
- Using Ambassador Edge Stack in Your Organization
- Ambassador Edge Stack vs. Other Software
- Certified Builds
- Ambassador Edge Stack Architecture
- Ambassador Edge Stack Deployment Architecture
- Continuous Delivery, Declarative Config, and GitOps
- Microservices API Gateways
- Rate Limiting Concepts
- Self-Service Routing and Deployment Control
- Safely Testing in Production
- OAuth & OIDC Overview
- Why Ambassador Edge Stack Uses Envoy Proxy (External Link)
- Configuring Ambassador Edge Stack
- Mapping Services
- Canary Releases
- Circuit Breakers
- Cross Origin Resource Sharing
- Header-based routing
- Host Header
- Host CRD
- Prefix Regex
- Rate Limits
- Remove Request Headers
- Remove Response Headers
- Add Request Headers
- Add Response Headers
- Automatic Retries
- Routing TCP Connections
- Traffic Shadowing
- Developer Portal
- Filter Reference
- Statistics and Monitoring
Ambassador configuration can be expressed as an annotation of a Kubernetes Service.
For many people, this is the preferred format for configuring Ambassador because it directly ties the routing configuration in with the Service definition. i.e. Creating the Service creates the route in Ambassador and deleteing the service removes the route.
It also allows you to install and configure Ambassador without needing cluster permissions to add CRDs to the cluster.
Annotations, however, can be hard to manage and easy to lose track of since you are not able to manage them the same way you do other Kubernetes resources.
Using CRDs you can find all
Mappings deployed in the cluster with
kubectl get mappings -A
With annotations, you would have to describe and examine the
metadata.annotations of every service.
The following is an example of how to configure annotations for the example quote service from the install documentation.
---apiVersion: getambassador.io/v1kind: Mappingmetadata:name: quote-backendspec:prefix: /backend/service: quote:5000---apiVersion: getambassador.io/v1kind: Mappingmetadata:name: quote-backendspec:prefix: /backend/service: quote:8080labels:ambassador:- request_label:- backend
With CRDs above, we open up routes in Ambassador using two separate Ambassador
Mapping resources. These objects are managed separately from the service and must be created and deleted independently.
---apiVersion: v1kind: Servicemetadata:name: quoteannotations:getambassador.io/config: |---apiVersion: ambassador/v1kind: Mappingname: quote-ui_mappingprefix: /service: quote:5000---apiVersion: ambassador/v1kind: Mappingname: quote-backend_mappingprefix: /backend/service: quote:8080labels:ambassador:- request_label:- backendspec:ports:- name: uiport: 5000targetPort: 5000- name: backendport: 8080targetPort: 8080selector:app: quote
With the annotation approach above, we can expose the exact same routes my creating the
Mapping object as part of the Kubernetes Service. There is more overhead for creating and managing the
Mappings but they are created and deleted when the service is.
All example configuration in this document is given in CRD format. It is easy to translate any CRD to an
annotation by following the steps below.
---apiVersion: getambassador.io/v1kind: Modulemetadata:name: ambassadorspec:config:diagnostics:enabled: false
Starting with the example above:
- Change the
----apiVersion: getambassador.io/v1+apiVersion: ambassador/v1kind: Modulemetadata:name: ambassadorspec:config:diagnostics:enabled: false
- Remove the
metadatasection and resolve the indentation of
nameto be inline with
---apiVersion: ambassador/v1kind: Module-metadata:- name: ambassador+name: ambassadorspec:config:diagnostics:enabled: false
- Remove the
specsection and drop the indentation of everything below it one level
---apiVersion: ambassador/v1kind: Modulename: ambassador-spec:- config:- diagnostics:- enabled: false+config:+ diagnostics:+ enabled: false
After this step, we are left with a
yaml object that looks like this:
---apiVersion: ambassador/v1kind: Modulename: ambassadorconfig:diagnostics:enabled: false
- Finally, add the object as an annotation of a Kubernetes Service with key
---apiVersion: v1kind: Servicemetadata:name: svcannotations:getambassador.io/config: |---apiVersion: ambassador/v1kind: Modulename: ambassadorconfig:diagnostics:enabled: falsespec:ports:- name: httpport: 80