Before Kubernetes, the boundary between your users and your monolithic application was simple to manage. Now with Kubernetes, managing the edge has become dynamic and complex. More developers are involved, there are exponentially more edge operations, and each microservice has diverse requirements. To fully capitalize on the benefits of Kubernetes, you need to provide a solution that supports the autonomy of application developers, the various requirements of your microservices, and your ability to scale. You no longer need an API Gateway - you need a self-service, comprehensive edge stack. In this 40 minute webinar on January 30th, we will discuss and demo the new functionality available with the Ambassador Edge Stack. Edge Policy Console- graphical UI to visualize and manage all of your edge policies Security Features- automatic TLS setup via ACME integration, OAuth/OpenID Connect integration, rate limiting, and fine-grained access control Developer Onboarding- API catalog, Swagger/OpenAPI documentation support, and a fully customizable developer portal

1.
STARTING SOON
What’s New in Ambassador Edge Stack 1.0?
Noah Krause,
Support Engineer,
Datawire
Jen Dyment,
Product, Datawire

2. What’s New in Ambassador
Edge Stack 1.0?
Noah Krause,
Support Engineer,
Datawire
Jen Dyment,
Product, Datawire

3. tl;dr
● Ambassador Edge Stack is a comprehensive, self-service edge stack
○ Configurable by service developers
○ Centralized management of application edge
● Best practices at the edge:
○ CRDs for simpler configuration management
○ Use the Host Resource for simpler TLS
○ Let Ambassador manage your certificates
○ Create gateway configuration in the same namespace as your services
○ Visualize your Ambassador configuration
○ Run additional code on every incoming request with filters

4. Intro to Ambassador Edge Stack
Noah

5. With K8S, more services are at the edge.

6. This creates two challenges
Management: How can you
scale edge operations as more
services are deployed at the
edge?
Diversity: How do you support
the diverse and sophisticated
requirements of all your
microservices?

7. The Ambassador Edge Stack 1.0:
Self-service management.
Application development teams
independently configure
Ambassador policies for their
specific microservice.
Comprehensive stack.
● L7 traffic management
● Authentication
● Rate limiting
● Developer Portal

8. How does the Edge Stack relate to Pro?
Ambassador Edge
Stack
Self-Service, Comprehensive
Edge Solution
API Gateway + L7 Load Balancer +
Kubernetes Ingress + Developer Portal
Ambassador
Dev Portal
Ambassador
Pro
Edge Policy
Console
Ambassador API Gateway
(OSS)
Ambassador API Gateway (OSS)

9. Why Did we Build the Ambassador Edge Stack?
1. Simplify End User Experience
Automatic HTTPS, Edge Policy Console, installation management
1. Standardized Architecture
Common install and configuration process
1. Single Control Plane for the Edge
Centralize management of all Kubernetes-edge related functionality

10. Ambassador Editions
Ambassador API
Gateway (OSS)
Ambassador Edge Stack
Community
Ambassador Edge Stack
Enterprise
Traffic Management
+ Resilience, Observibility, Self-
Service Management, TLS
Additional Features
Automatic HTTPS, Edge Policy
Console
Operations Module
OAuth/ OpenID Connect
Integration, Rate-Limiting,
Customization, Filters
Development Module
Dev Portal with API Catalog, Fully
Customizable, Swagger / OpenAPI
Support
Support Community (OSS Slack) Community (OSS Slack) Technical Support, 24x7
Available
Up to
5 RPS
Up to
5 APIs
RPS Tiers
by Price
API Tiers
by Price

11. What Makes Up an Edge Stack?
Kubernetes Ingress
Load Balancer
Identity Aware Proxy
API Gateway
Developer Portal
Your All-in-
One Edge
Stack

12. Recommendations & Demonstration
Noah

13. 1. CRDs for Ambassador Configuration
Configuration options:
1. Ambassador Custom Resources to Configure Ambassador
2. Annotations on Kubernetes Service resources
3. Annotations on Kubernetes Ingress resource
Why Ambassador Resources?
" kubectl get mappings- No need to parse annotations
" kubectl get ambassador-crds --all-namespaces- Immediately see configurations
" Ambassador can update resource Status as direct way of providing
feedback
" CRDs can express everything that Ambassador is capable of doing
" Configuration validation

14. 2. The Host Resource
It collects info about how Ambassador will be visible to the outside world.
" A domain name where Ambassador should expect to be reached;
" How Ambassador should handle TLS certificates;
" How Ambassador should handle secure and insecure requests; and
" Which resources to examine for further configuration

15. AES has built-in support for TLS certificate management using ACME
Things to know:
" It is controlled with the Host resource’s acmeProvider element
" The UI will default to using Let’s Encrypt as the ACME CA
" Only the ACME http-01 challenge is currently supported
" Special treatment for /.well-known/acme-challenge/
3. Ambassador Edge Stack and ACME
AES Only

16. Ambassador 1.0, Ambassador will look in the namespace in which it
found the enclosing resource.
4.Service and Secret Resolution
Previous Ambassador Ambassador 1.0.0

17. Graphical UI for
managing edge policies.
5. Edge Policy Console

18. Filters enable you to run additional code on every incoming request.
Ambassador Edge Stack includes four standard filter types:
" JWT -- validates JWTs
" OAuth2 -- performs authorization against an OAuth2 compliant identity
provider (e.g., Azure AD, Auth0, Keycloak)
" External -- Integrate with third party services (e.g., WAF) or your own
" Plugin -- create custom plugins
6.Filters
FilterPolicies let you manage which filters
are applied, in what order, to a given path
or host.
AES Only

19. Learn More
Learn more about the Ambassador Edge Stack (getambassador.io) or try it yourself
at getambassador.io/user-guide/getting-started.
Contact us (getambassador.io/contact) to set up a personalized best practices call to
walk through your architecture with one of our experts.

20. Q&A: What’s New in
Ambassador Edge Stack 1.0?
Noah Krause,
Support Engineer,
Datawire