Recently the Datawire team announced the release of the Ambassador Edge Stack 1.0., which builds on the open source Ambassador API gateway and provides platform engineers with a comprehensive edge stack for managing the boundary between end users and Kubernetes services. This article explores why the edge of Kubernetes clusters are becoming more critical to developer workflows, and how the Ambassador Edge Stack aims to help both platform teams and developers release functionality to end users with minimal friction.
Organizations that have successfully adopted Kubernetes embrace a self-service platform strategy. In this approach, individual application development teams directly manage and configure the infrastructure services necessary for their applications. Application development teams are able to take both development and operational responsibility for a given application. This “you build it you run it” approach to ownership and accountability is one of the core tenets of DevOps. For example, Netflix has discussed how their platform teams support “full cycle” product development teams.
Adopting this approach of teams owning products, applications, and APIs is crucial to scaling an organization as more and more services are directly exposed to end users in a microservices architecture. Scaling the management of the edge and supporting a diverse range of requirements at the edge are the two most important challenges that must be overcome when adopting Kubernetes.
A platform engineering team builds and maintains the necessary infrastructure services for the app dev teams. For most platform engineering teams today, Kubernetes provides the basic starting point. However, Kubernetes alone does not provide all the infrastructure services needed for a full self-service platform. One of the major missing components from Kubernetes is a way to expose applications to the end user.
The Ambassador Edge Stack (AES) is built on the popular open source Ambassador API Gateway and Envoy Proxy edge proxy. Core to the AES are the principles of self-service and ease-of-use. Given the wide spectrum of Ambassador users — platform engineers, senior application developers, application developers new to Kubernetes — our goal is to deliver an edge stack that doesn’t require expert knowledge to manage and configure.
To simplify usage, the AES:
- Fully integrates with existing Kubernetes workflows. All AES functionality is managed as Kubernetes Custom Resource Definitions (CRDs), which is compatible with approaches such as GitOps. CRDs can be coded by individual product service teams, with no dependencies on other service teams.
- Supports automatic HTTPS. The AES automatically obtains and renews TLS certificates automatically via the ACME protocol and a CA like Let’s Encrypt.
- Provides modern traffic management. Microservices today communicate using a wide variety of protocols, such as TCP, HTTP/2, gRPC, and WebSockets. With these protocols, the AES provides traffic management controls including traffic shadowing, canary routing, header-based routing, cross-origin resource sharing, and more.
Ambassador has always used a decentralized, declarative model for edge configuration. With the Ambassador Edge Stack, users can now manage configuration by directly managing CRDs or using the new Edge Policy Console administrative user interface.
Traditional user interfaces force end users to choose between a declarative, GitOps-style model for configuration or a UI-driven model. Keeping changes made in the UI in sync with configuration YAML (and vice versa) is a challenge. The Ambassador Edge Stack uses declarative CRDs as the canonical source of truth for all configuration. This enables the Edge Policy Console and declarative CRD configuration to always be in sync, and supports seamless round-tripping between CRDs and the UI.
A YAML change that is applied to the cluster will immediately show up in the UI. Likewise, a configuration change in the UI will create a CRD that can be downloaded as YAML and applied to the cluster.
The Ambassador Edge Stack is available for free today in both free Community and Enterprise editions. To get started with the early access program, check out the documentation here.