Announcing Ambassador 0.50 GA: The Kubernetes-Native Gateway Now Includes SNI, Auth Improvement, and Envoy v2 Support

Over the past year, usage of Ambassador has skyrocketed, with companies such as AppDirect, Chick-Fil-A, Onefootball, and Google Kubeflow using Ambassador as an API Gateway in Kubernetes. Today, we’re thrilled to announce the general availability release of Ambassador 0.50, which adds a raft of new capabilities for both our new and existing customers.

Organizations that are migrating to microservices can use Ambassador as a common API Gateway or edge proxy to all their applications, both legacy and cloud-native.

We needed a Kubernetes-based API Gateway and Ingress solution that could handle our 6,000 request/second workload reliably and efficiently. We wanted to deploy an Ingress to remove the dependencies of load-balanced services on Kubernetes, but we also wanted to use something that could be easily extendable. At first, we intended to only use Ambassador as an Ingress solution. But once we needed API gateway functionality like load balancing and observability, everything was there, ready to use.

— Jonathan Beber and Rodrigo Vieira Del Monte, Onefootball (read more from their interview here)

With Ambassador 0.50, organizations can now:

• Securely host multiple domains with a single Ambassador instance, with Server Name Indication (SNI) support.
• Serve APIs with HMAC-type authentication, thanks to the enhanced AuthService API.
• Dynamically manage rate limits, thanks to the new request labels functionality.
• Seamlessly manage TLS connections, thanks to certificate reload and extensive integration work with many different load balancers

Traditionally, centralizing all your traffic in an API Gateway requires a dedicated edge operations team or an API management team. With Ambassador, the configuration is decentralized, minimizing management overhead. Operators can still specify global configuration, but individual product development teams can configure application releases, service routing, and traffic management (such as canary releases). Ambassador 0.50 further extends these capabilities with:

• Zero-downtime configuration changes. Configuration changes now happen in milliseconds, courtesy of the integration of the new Envoy gRPC Aggregated Discovery Service (ADS) API. This architecture better supports larger teams that make configuration changes every minute or every hour.
• A brand-new Developer Guide for application developers who want to learn how Ambassador can be used for self-service routing, safely testing in production, and for controlling incremental releases.
• An improved Operator Guide for operations and SRE teams that are looking to implement a GitOps style workflow for edge operations, the generation of top-level metrics and distributed tracing, and global rate limiting.

All of this new functionality builds upon the features that were available in the previous releases of Ambassador, such as:

• Decentralized self-service configuration. Manage your Ambassador configuration as part of your Kubernetes workflow, without waiting for centralized operations.
• Test safely with real production traffic. Dynamically adjust traffic weights per route for canary releases. Copy and route production traffic with traffic shadowing.
• GitOps friendly. Ambassador uses declarative Kubernetes syntax, and all configuration can be stored under source control.
• Secure your services. Encrypt all L7 connections with TLS, and require authentication on all inbound requests.
• Detect issues and determine root cause faster. Automatic L7 metrics collection, distributed tracing, and integration with popular monitoring systems.

For a full list of new features, enhancements, and guidelines for upgrading to this latest version, please see our accompanying Ambassador 0.50 release notes post.