PRODUCT RELEASE

Introducing the Ambassador Edge Stack 1.0 with Automatic HTTPS and the Edge Policy Console

Plus, all the features of Ambassador Pro and Dev Portal

Today, we’re excited to announce the Ambassador Edge Stack 1.0. The Ambassador Edge Stack gives platform engineers a comprehensive self-service edge stack for managing the boundary between end users and Kubernetes services, and is available for free today as part of our early access program.

Why the Ambassador Edge Stack?

Organizations that have successfully adopted Kubernetes embrace a self-service platform strategy. In this approach, individual application development teams directly manage and configure the infrastructure services necessary for their applications. App dev teams thus are able to take both development and operational responsibility for a given application. Adopting this approach is crucial to scaling an organization as more and more services are directly exposed to end users in a microservices architecture.

A platform engineering team builds and maintains the necessary infrastructure services for the app dev teams. For most platform engineering teams today, Kubernetes provides the basic starting point. However, Kubernetes alone does not provide all the infrastructure services needed for a full self-service platform. One of the major missing components from Kubernetes is a way to expose applications to the end user.

With the Ambassador Edge Stack, platform engineers can offer a complete suite of edge services to their application developers.

The Ambassador Edge Stack

The Ambassador Edge Stack (AES) is built on the popular open source Ambassador API Gateway and Envoy Proxy edge proxy. The AES includes the following capabilities:

• Edge Policy Console. The Edge Policy Console works seamlessly with the Kubernetes API to give platform engineers and developers the ability to easily configure, manage, and visualize edge policies with the ease-of-use and visibility of a graphical interface.
• Easy-to-Use security. Securing a microservice shouldn’t be hard. The AES includes automatic TLS setup via ACME integration, OAuth/OpenID Connect integration, rate limiting, and fine-grained access control.
• Availability. Microservices may crash, but your application shouldn’t. The AES includes support for automatic retries, timeouts, circuit breakers, and rate limiting to maximize application availability.
• Developer Onboarding. Your developer community, both internal and external, needs to understand your APIs. The AES includes an API catalog, Swagger/OpenAPI documentation support, and a fully customizable developer portal.
• Observability. Understanding what’s going on within your system is key to troubleshooting and improving your application. The AES natively supports distributing tracing, metrics collection, and logging.
• Modern traffic management. Microservices today communicate using a wide variety of protocols. The AES supports TCP, HTTP/1.x, HTTP/2, gRPC, gRPC-Web, and WebSockets traffic. With these protocols, the AES provides traffic management controls including traffic shadowing, canary routing, header-based routing, cross-origin resource sharing, and more.

Self-Service and Ease-of-Use

Core to the AES are the principles of self-service and ease-of-use. Given the wide spectrum of Ambassador users — platform engineers, senior application developers, application developers new to Kubernetes — our goal is to deliver an edge stack that doesn’t require expert knowledge to manage and configure.

To simplify usage, the AES:

• Fully integrates with existing Kubernetes workflows. All AES functionality is managed as Kubernetes Custom Resource Definitions (CRDs). No REST APIs and config files to edit here!
• Supports automatic HTTPS. The AES automatically obtains and renews TLS certificates automatically.
• Adds fast developer onboarding. The AES includes an integrated Developer Portal that onboards your developers to the AES and the available APIs quickly and easily.
• Includes a UI, the Edge Policy Console, to make it easy for developers to directly manage and configure edge policies.

Edge Policy Console: A GitOps-style UI

Ambassador pioneered using a decentralized, declarative model for edge configuration. With the Ambassador Edge Stack, users can now manage configuration by directly managing CRDs or using the new Edge Policy Console administrative user interface.

Traditional user interfaces force end users to choose between a declarative, GitOps-style model for configuration or a UI-driven model. Keeping changes made in the UI in sync with configuration YAML (and vice versa) is a challenge.

The Ambassador Edge Stack uses declarative CRDs as the canonical source of truth for all configuration. This enables the Edge Policy Console and declarative CRD configuration to always be in sync, and supports seamless round-tripping between CRDs and the UI. A YAML change that is applied to the cluster will immediately show up in the UI. Likewise, a configuration change in the UI will create a CRD that can be downloaded as YAML and applied to the cluster.

Ambassador API Gateway, Ambassador Pro, and the Developer Portal

We’re consolidating all the functionality of the current Ambassador API Gateway, Ambassador Pro, and the Developer Portal into the Ambassador Edge Stack. If you’re a user of any of these products, you should upgrade to the AES.

Functionally, the AES provides:

• All the capabilities of the existing Ambassador API Gateway, including routing, multi-protocol support, resilience, and observability.
• All the capabilities of Ambassador Pro, including OpenID Connect integration, rate limiting, and filters.
• All the capabilities of Ambassador Developer Portal, including the API Catalog and Swagger/OAPI support.
• New capabilities such as automatic HTTPS and the Edge Policy Console.

The Ambassador Edge Stack is available in two editions.

• Free Community Edition. This bundles the open source Ambassador core with all the Pro and Developer Portal features. The Community Edition is free for use in both development and production. The Community Edition limits the Developer Portal to displaying 5 APIs and authentication requests to no more than 5 requests per second (RPS). Note that if you’re not using authentication, your AES will support unlimited workloads.
• Commercial Enterprise Edition. This includes Enterprise support (with a 24x7x365 option) as well as removing all of the API and RPS limits in Community Edition.

If you don’t expect to use the full functionality of the Ambassador Edge Stack such as the Edge Policy Console, automatic HTTPS, authentication, rate limiting, or the dev portal, the core Ambassador API Gateway is still available under the Apache Software License as 100% open source software.

More information

The Ambassador Edge Stack is available for free today as part of our early access program, and will be generally available later this month in both free Community and Enterprise editions. You can read the release notes here. To get started with the early access program, check out the documentation here.

If you have more questions about the Ambassador Edge Stack, please check out our FAQ and join our Slack channel.