Emissary Ingress 101 by danielbryantuk June CNCF Canada Meetup

Transcript

1. Emissary Ingress 101 Daniel Bryant @danielbryantuk | [email protected] Director of

   DevRel, Ambassador Labs

2. What is Emissary Ingress? Open-source cloud-native API gateway, powered by

   Envoy • Formerly known as Ambassador API Gateway • CNCF Incubation project • Developer-focused (self-service config) ◦ CRDs, Ingress, or Kubernetes annotations • Wide adoption over the past four years 2

3. Traffic management Emissary is an API Gateway Jane: /quote/ Mark:

   /quote/update/ 3

4. Emissary is an API Gateway Jane: /quote/ Mark: /quote/update/ App

   development App security 4 Mark: /quote/update/ X Rate Limiting Resilience Observability

5. Resilience • Advanced load balancing • Circuit breakers • Automatic

   retries • Timeouts • Auth (via ext_authz) • Rate limiting (via rls.proto) Observability • Distributed tracing • Real-time metrics • Logs (+Envoy output) Cloud-native • Service discovery with Kubernetes and Consul • Zero downtime configuration • Stateless high availability architecture L7 support • HTTP/1.0, HTTP/1.1, HTTP/2 • gRPC, gRPC-Web • TCP, WebSockets • Server Name Indication (SNI) • Gzip compression Emissary Core Features Emissary Core Features 5

6. Emissary is Built on Envoy Proxy 6

7. Emissary is Ambassador’s Open Core 7

8. Use cases

9. API Gateway for North/South traffic Traffic management App security App

   development 9

10. Internal / External 10

11. Hub and Spoke Traffic management App security App development 11

12. None

13. Service meshes: We’ve got you covered https://www.getambassador.io/docs/edge-stack/latest/howtos/

14. Configuration

15. Configuring the Control Plane apiVersion: getambassador.io/v2 kind: Mapping metadata: name:

    quote-mapping spec: prefix: /quote/ service: quote apiVersion: getambassador.io/v2 kind: Host metadata: name: wildcard-host spec: hostname: “*” acmeProvider: authority: none tlsSecret: name: base-cert apiVersion: getambassador.io/v2 kind: AuthService metadata: name: extauth-service spec: auth_service: example-auth path_prefix: “/extauth” allowed_request_headers: - “x-example-session” allowed_authorization_headers: - “x-example-session” - “x-example-userid” apiVersion: getambassador.io/v2 kind: Mapping metadata: name: quote2-mapping spec: prefix: /quote/ service: fancy-quote weight: 10 apiVersion: getambassador.io/v2 kind: Mapping metadata: name: restricted-mapping spec: host: restricted.example.com prefix: /restricted/ rewrite: /a/very/safe/path/ rewrite_host: safe.example.com service: dangerous-service 15

16. Configuring the Control Plane apiVersion: getambassador.io/v2 kind: Mapping metadata: name:

    quote-mapping spec: prefix: /quote/ service: quote apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: ambassador name: example-ingress spec: tls: - hosts: - sslexample.foo.com secretName: sslexample-cert rules: - host: sslexample.foo.com http: paths: - path: /quote/ backend: serviceName: quote servicePort: 80 apiVersion: getambassador.io/v2 kind: Host metadata: name: wildcard-host spec: hostname: “sslexample.foo.com” acmeProvider: authority: none tlsSecret: name: sslexample-cert 16

17. Gateway API www.getambassador.io/docs/edge-stack/latest/topics/using/gateway-api/

18. Service meshes: We’ve got you covered https://www.getambassador.io/docs/edge-stack/latest/howtos/

19. Make Money* with Emissary-Ingress & Linkerd Install add_linkerd_headers: true *

    Making money not guaranteed!

20. Emissary + Linkerd https://www.getambassador.io/docs/edge-stack/latest/howtos/linkerd2/ www.youtube.com/watch?v=nWCvine4_Sw

21. Emissary + HashiCorp Consul www.youtube.com/watch?v=QnvU4vCgAlE blog.getambassador.io/part-3-incremental-app-migration-from-vms-to-kubernetes-amb assador-and-consul-aacf87eea3e8

22. Observability www.getambassador.io/docs/edge-stack/latest/howtos/prometheus/ www.getambassador.io/docs/edge-stack/latest/topics/running/services/tracing-service/ www.youtube.com/watch?v=hPifPTEAFK0

23. Observability and understandability www.youtube.com/watch?v=bdvxsEIhHcc a8r.io

24. Adoption

25. Four Remarkable Years Initial release, March 2017 Ambassador 1.0 release,

    Jan 2020 CNCF donation as Emissary, April 2021 3.3K GitHub stars 5000+ Slack members 160+ contributors 500+ forks 25
26. None

27. The cloud native superpower: The people Emissary Ingress could never

    have come this far without the amazing community that’s grown up around it Many, many thanks! (And we’re only just getting started)

28. Proven and Growing Rapidly Many production deployments: • AppDirect: (KubeCon

    NA 2018 presentation) • GoSpotCheck: (KubeCon NA 2019 presentation) • Lifion by ADP • Ticketmaster • Chick-Fil-A • OneFootball (KubeCon EU 2019 presentation) 28

29. Getting Started with Emissary-Ingress www.getambassador.io/docs/edge-stack/latest/topics/install/install-ambassador-oss/ app.getambassador.io/initializer/

30. Thanks! @danielbryantuk | [email protected] To get involved or ask questions:

    www.getambassador.io/developer-office-hours/ a8r.io/slack 30