Microservice tool provider Datawire has released the first major version of its Ambassador Edge Stack (AES), a microservice API gateway for Kubernetes which offers security features amongst other things.
Datawire describes AES as a way of “managing the boundary between end users and Kubernetes services”, allowing teams to “rapidly publish, monitor, and update services for end users”. It also comes with load balancing capabilities and the ability to serve as an Ingress Controller…so pretty much what a service mesh would do nowadays.
The new version provides users with a web user interface for the Ambassador API gateway, which is built on the edge and service proxy Envoy and has also been bumped to version 1.0. Meanwhile devs preferring to work via the command line now have the option of using an edgectl program for Ambassador interaction.
To cater to the growing need for security measures, the AES has been fitted with automatic TLS setup, and OAuth/OpenID Connect integration. It now also offers rate limiting and fine-grained access control. Enterprises looking into sharing their APIs with devs, now also have access to a customisable developer portal.
The announcement coincides with the 1.0 release of the stack’s core, Ambassador API Gateway. It should be quicker in processing events emitted by Kubernetes and now automatically redirects from HTTP to HTTPs should termination contexts be present. Apart from that, telling Ambassador which domains to handle and how has become easier, and there are more status updates for better feedback.
Under the hood, service resolution has changed which leads to Ambassador assuming that upstream services are in the same namespace as its resource. This might lead to old code breaking, so a look into the migration guides provided by the project might be helpful. CRDs have been moved to apiVersion:getambassador.io/v2 and are now the officially recommended approach.
The Ambassador Edge Stack is available in an open source, a community, and an enterprise edition. The latter mainly distinguishes itself by the round-the clock support and unlimited requests per minute when using rate limiting or the OAuth/OpenID Connect integration. Pricing is only available upon request, though the open source and community edition are free to use.