Ambassador

The Ambassador API Gateway provides all the functionality of a traditional ingress controller (e.g., path-based routing) while exposing many additional capabilities such as authentication, URL rewriting, CORS, rate limiting, and automatic metrics collection.

Installation

Configuration

  • ingress_ambassador_namespace (default ambassador): namespace for installing Ambassador.
  • ingress_ambassador_update_window (default 0 0 * * SUN): crontab-like expression for specifying when the Operator should try to update the Ambassador API Gateway.
  • ingress_ambassador_version (default: *): SemVer rule for versions allowed for installation/updates.
  • ingress_ambassador_secure_port (default: 443): HTTPS port to listen at.
  • ingress_ambassador_insecure_port (default: 80): HTTP port to listen at.

Ambassador Operator

This Ambassador addon deploys the Ambassador Operator, which in turn will install the Ambassador API Gateway in a Kubernetes cluster.

The Ambassador Operator is a Kubernetes Operator that controls Ambassador’s complete lifecycle in your cluster, automating many of the repeatable tasks you would otherwise have to perform yourself. Once installed, the Operator will complete installations and seamlessly upgrade to new versions of Ambassador as they become available.

Usage

The following example creates simple http-echo services and an Ingress object to route to these services.

Note well that the Ambassador API Gateway will automatically load balance Ingress resources that include the annotation kubernetes.io/ingress.class=ambassador. All the other resources will be just ignored.

  1. kind: Pod
  2. apiVersion: v1
  3. metadata:
  4.   name: foo-app
  5.   labels:
  6.     app: foo
  7. spec:
  8.   containers:
  9.   - name: foo-app
  10.     image: hashicorp/http-echo
  11.     args:
  12.     - "-text=foo"
  13. ---
  14. kind: Service
  15. apiVersion: v1
  16. metadata:
  17.   name: foo-service
  18. spec:
  19.   selector:
  20.     app: foo
  21.   ports:
  22.   # Default port used by the image
  23.   - port: 5678
  24. ---
  25. apiVersion: extensions/v1beta1
  26. kind: Ingress
  27. metadata:
  28.   name: example-ingress
  29.   annotations:
  30.     kubernetes.io/ingress.class: ambassador
  31. spec:
  32.   rules:
  33.   - http:
  34.       paths:
  35.       - path: /foo
  36.         backend:
  37.           serviceName: foo-service
  38.           servicePort: 5678

Now you can test that the ingress is working with curl:

  1. $ export AMB_IP=$(kubectl get service ambassador -n ambassador -o 'go-template={{range .status.loadBalancer.ingress}}{{print .ip "\n"}}{{end}}')
  2. $ curl $AMB_IP/foo
  3. foo