O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-level API gateway"

By Daniel Bryant, Ambassador Labs We all need to be able to get user traffic into our applications, and your requirements for services running on Kubernetes are no different. "But", I hear you say, "what about the K8s Ingress spec? And how do I observe what's happening under the hood? And who should be responsible for configuring the gateway: dev or ops?" These are all good questions! Join me for a whistle-stop tour of all things emissary-ingress, where we will explore how this new edition to the family of CNCF incubation projects can make your life easier when it comes to routing, observability, and integration into the bigger (people and technology) picture.

  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-level API gateway"

  1. 1. Emissary Ingress 101 Daniel Bryant @danielbryantuk | db@datawire.io Director of DevRel, Ambassador Labs
  2. 2. What is Emissary Ingress? Open-source cloud-native API gateway, powered by Envoy ● Formerly known as Ambassador API Gateway ● CNCF Incubation project ● Developer-focused (self-service config) ○ CRDs, Ingress, or Kubernetes annotations ● Wide adoption over the past four years 2
  3. 3. Traffic management Emissary is an API Gateway Jane: /quote/ Mark: /quote/update/ 3
  4. 4. Emissary is an API Gateway Jane: /quote/ Mark: /quote/update/ App development App security 4 Mark: /quote/update/ X Rate Limiting Resilience Observability
  5. 5. Resilience • Advanced load balancing • Circuit breakers • Automatic retries • Timeouts • Auth (via ext_authz) • Rate limiting (via rls.proto) Observability • Distributed tracing • Real-time metrics • Logs (+Envoy output) Cloud-native • Service discovery with Kubernetes and Consul • Zero downtime configuration • Stateless high availability architecture L7 support • HTTP/1.0, HTTP/1.1, HTTP/2 • gRPC, gRPC-Web • TCP, WebSockets • Server Name Indication (SNI) • Gzip compression Emissary Core Features Emissary Core Features 5
  6. 6. Emissary is Built on Envoy Proxy 6
  7. 7. Emissary is Ambassador’s Open Core 7
  8. 8. Use cases
  9. 9. API Gateway for North/South traffic Traffic management App security App development 9
  10. 10. Internal / External 10
  11. 11. Hub and Spoke Traffic management App security App development 11
  12. 12. Service meshes: We’ve got you covered https://www.getambassador.io/docs/edge-stack/latest/howtos/
  13. 13. Configuration
  14. 14. Configuring the Control Plane apiVersion: getambassador.io/v2 kind: Mapping metadata: name: quote-mapping spec: prefix: /quote/ service: quote apiVersion: getambassador.io/v2 kind: Host metadata: name: wildcard-host spec: hostname: “*” acmeProvider: authority: none tlsSecret: name: base-cert apiVersion: getambassador.io/v2 kind: AuthService metadata: name: extauth-service spec: auth_service: example-auth path_prefix: “/extauth” allowed_request_headers: - “x-example-session” allowed_authorization_headers: - “x-example-session” - “x-example-userid” apiVersion: getambassador.io/v2 kind: Mapping metadata: name: quote2-mapping spec: prefix: /quote/ service: fancy-quote weight: 10 apiVersion: getambassador.io/v2 kind: Mapping metadata: name: restricted-mapping spec: host: restricted.example.com prefix: /restricted/ rewrite: /a/very/safe/path/ rewrite_host: safe.example.com service: dangerous-service 15
  15. 15. Configuring the Control Plane apiVersion: getambassador.io/v2 kind: Mapping metadata: name: quote-mapping spec: prefix: /quote/ service: quote apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: ambassador name: example-ingress spec: tls: - hosts: - sslexample.foo.com secretName: sslexample-cert rules: - host: sslexample.foo.com http: paths: - path: /quote/ backend: serviceName: quote servicePort: 80 apiVersion: getambassador.io/v2 kind: Host metadata: name: wildcard-host spec: hostname: “sslexample.foo.com” acmeProvider: authority: none tlsSecret: name: sslexample-cert 16
  16. 16. Gateway API www.getambassador.io/docs/edge-stack/latest/topics/using/gateway-api/
  17. 17. Service meshes: We’ve got you covered https://www.getambassador.io/docs/edge-stack/latest/howtos/
  18. 18. Make Money* with Emissary-Ingress & Linkerd Install add_linkerd_headers: true * Making money not guaranteed!
  19. 19. Emissary + Linkerd https://www.getambassador.io/docs/edge-stack/latest/howtos/linkerd2/ www.youtube.com/watch?v=nWCvine4_Sw
  20. 20. Emissary + HashiCorp Consul www.youtube.com/watch?v=QnvU4vCgAlE blog.getambassador.io/part-3-incremental-app-migration-from-vms-to-kubernetes-amb assador-and-consul-aacf87eea3e8
  21. 21. Observability www.getambassador.io/docs/edge-stack/latest/howtos/prometheus/ www.getambassador.io/docs/edge-stack/latest/topics/running/services/tracing-service/ www.youtube.com/watch?v=hPifPTEAFK0
  22. 22. Observability and understandability www.youtube.com/watch?v=bdvxsEIhHcc a8r.io
  23. 23. Adoption
  24. 24. Four Remarkable Years Initial release, March 2017 Ambassador 1.0 release, Jan 2020 CNCF donation as Emissary, April 2021 3.3K GitHub stars 5000+ Slack members 160+ contributors 500+ forks 25
  25. 25. The cloud native superpower: The people Emissary Ingress could never have come this far without the amazing community that’s grown up around it Many, many thanks! (And we’re only just getting started)
  26. 26. Proven and Growing Rapidly Many production deployments: ● AppDirect: (KubeCon NA 2018 presentation) ● GoSpotCheck: (KubeCon NA 2019 presentation) ● Lifion by ADP ● Ticketmaster ● Chick-Fil-A ● OneFootball (KubeCon EU 2019 presentation) 28
  27. 27. Getting Started with Emissary-Ingress www.getambassador.io/docs/edge-stack/latest/topics/install/install-ambassador-oss/ app.getambassador.io/initializer/
  28. 28. Thanks! @danielbryantuk | db@datawire.io To get involved or ask questions: www.getambassador.io/developer-office-hours/ a8r.io/slack 30

    Seja o primeiro a comentar

By Daniel Bryant, Ambassador Labs We all need to be able to get user traffic into our applications, and your requirements for services running on Kubernetes are no different. "But", I hear you say, "what about the K8s Ingress spec? And how do I observe what's happening under the hood? And who should be responsible for configuring the gateway: dev or ops?" These are all good questions! Join me for a whistle-stop tour of all things emissary-ingress, where we will explore how this new edition to the family of CNCF incubation projects can make your life easier when it comes to routing, observability, and integration into the bigger (people and technology) picture.

Vistos

Vistos totais

110

No Slideshare

0

De incorporações

0

Número de incorporações

3

Ações

Baixados

2

Compartilhados

0

Comentários

0

Curtir

0

×