FEATURE RELEASE
AES 1.12: Continuous Delivery with Argo, Fast Path Endpoint Routing
API Gateway 1.12 and Edge Stack 1.12 generally available with Argo integration
We’ve released Ambassador API Gateway and Edge Stack 1.12, along with a brand-new Argo Rollouts integration. With this release, users are able to directly integrate Ambassador into their continuous integration workflows for canary releases. This release also adds significantly improved performance for users who are using endpoint routing, among other features and fixes.
Canary Releases on Kubernetes
Canary releases are a powerful strategy for reducing production risk by incrementally releasing a new version of software to subsets of a users. Today, we’re releasing a native integration between Argo Rollouts (part of the CNCF Argo Project) and Edge Stack, which dramatically simplifies the practice of using canary releases. You can create a Rollout resource that references an Edge Stack mapping:
apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
name: echo-rollout
annotations:
spec:
replicas: 5
revisionHistoryLimit: 2
selector:
matchLabels:
app: echo
template:
metadata:
labels:
app: echo
spec:
containers:
- image: hashicorp/http-echo
args:
- "-text=VERSION 137"
- -listen=:8080
imagePullPolicy: Always
name: echo-v1
ports:
- containerPort: 8080
strategy:
canary:
stableService: echo-stable
canaryService: echo-canary
trafficRouting:
ambassador:
mapping: echo
steps:
- setWeight: 20
- pause: {duration: 10s}
- setWeight: 50
- pause: {duration: 10s}
- setWeight: 100
- pause: {duration: 10}Note the bolded section above, which references the Ambassador mapping resource named echo:
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
name: echo
spec:
prefix: /echo
rewrite: /echo
service: echo-stable:80Applying these configurations to your cluster will start a rollout of the echo-canary service that will route 20% of traffic to the canary for 10 seconds, then ramp up to 50 seconds for 10 seconds, before ramping to 100%.
Argo Early Adopter Program
Many of our users have been working to integrate Edge Stack directly into their continuous delivery workflow. We’re continuing to do more work in this area. If you’re interested in giving feedback and trying out some enhanced functionality for canary workflows with Edge Stack and Argo, we’re also announcing the Argo Early Adopter Program today. As part of this program, you’ll collaborate directly with the Ambassador engineering team on continuous delivery and your use case. (We do have a limited capacity, so please sign up soon if you’re interested).
L7 load balancing and endpoint routing in Kubernetes
By default, Kubernetes useskube-proxy for load balancing, which balances traffic at Layer 4. Edge Stack and API Gateway have long had the ability to bypass kube-proxy altogether and route traffic directly to Kubernetes pods, enabling direct L7 routing. We call this feature endpoint routing. By bypassing kube-proxy, routing is controlled directly by Envoy Proxy. This enables users to take full advantage of Envoy’s sophisticated L7 routing capabilities such as using different load balancing algorithms.
Endpoint Routing in 1.12
With 1.12, endpoint data is routed on a special “fast path” configuration code path, enabling faster real-time routing decisions. This should dramatically improve performance of endpoint routing on clusters with frequent configuration changes and/or large numbers of services. Note the actual configuration options for endpoint routing have not changed; this should be an in-place upgrade.
As a reminder, you can configure endpoint routing on a per Mapping basis. This enables you to use different load balancing algorithms for different services. For example, you may have a legacy service that requires sticky sessions, while you want to use round robin for other services.
More in 1.12
The following additional enhancements and fixes are also part of both API Gateway and Edge Stack in the 1.12 release:
- Significantly improved endpoint routing performance in clusters with frequent reconfigurations.
- All Ambassador installations now contain human-readable annotations on critical metadata consistent with the schema at a8r.io.
- A scrubbed ambassador snapshot is now accessible outside the pod at
:8005/snapshot-external. This port is exposed on theambassador-adminKubernetes service. - Support configuring the maximum lifetime of an upstream connection via the
cluster_max_connection_lifetime_msparameter. After the configured time, upstream connections are drained and closed. - The Ambassador module now supports
cluster_request_timeout_msto set a global default requesttimeout_msforMappingresources. - The Ambassador module now supports
suppress_envoy_headersto prevent Ambassador from setting additional headers on requests and responses. These headers are typically used for diagnostic purposes and are safe to omit when they are not desired. headers_with_underscores_actionis now configurable in the Ambassador module.- The Ambassador Module configuration now supports
strip_matching_host_portto control whether the port should be removed from the host/Authority header before any processing by request filters / routing. This behavior only applies if the port matches the associated Envoy listener port. - Ambassador now does a better job of cleaning up gRPC connections when shutting down.
- Prevent potential reconcile loop when updating the status of an
Ingress.
Edge Stack only enhancements
The following changes only apply to Edge Stack:
- Add integration with the Ambassador Service Catalog
edgectl loginnow automatically logs in to the Service Catalogedgectl installwill automatically connect to Service Catalog when using the--cloud-connect-tokenargumentAES_AUTH_TIMEOUTnow allows you to configure the timeout of the Edge Stack authentication service- Prevent Dev Portal from sporadically responding with upstream connect timeout when loading content
Get Started
Get started with Edge Stack today with our five minute quick start. Questions? We’re hosting a session of our Ambassador Developer Office Hours dedicated to unpacking all the features in this release on April 1. Register for the session here, and don’t forget to join us on Slack!
