Ambassador and Istio: Edge Proxy and Service Mesh
Ambassador and Istio: Edge Proxy and Service Mesh
Learn how to get Ambassador, a Kubernetes-native API Gateway, working with Istio, a service mesh for microservices designed for observability, routing, and resilience.
Join the DZone community and get the full member experience.
Join For FreeContainerized Microservices require new monitoring. Read the eBook that explores why a new APM approach is needed to even see containerized applications.
Ambassador is a Kubernetes-native API Gateway for microservices. Ambassador is deployed at the edge of your network, and routes incoming traffic to your internal services (aka "north-south" traffic). Istio is a service mesh for microservices, and designed to add L7 observability, routing, and resilience to service-to-service traffic (aka "east-west" traffic). Both Istio and Ambassador are built using Envoy.
Ambassador and Istio can be deployed together on Kubernetes. In this configuration, incoming traffic from outside the cluster is first routed through Ambassador, which then routes the traffic to Istio. Ambassador handles authentication, edge routing, TLS termination, and other traditional edge functions.
This allows the operator to have the best of both worlds: a high performance, modern edge service (Ambassador) combined with a state-of-the-art service mesh (Istio). Istio's basic ingress controller, the ingress controller is very limited and has no support for authentication or many of the other features of Ambassador.
Getting Ambassador Working With Istio
Getting Ambassador working with Istio is straightforward. In this example, we'll use the bookinfo sample application from Istio.
- Install Istio on Kubernetes, following the default instructions.
- Next, install the Bookinfo sample application, following the instructions.
- Verify that the sample application is working as expected.
By default, the Bookinfo application uses the Istio ingress. To use Ambassador, we need to:
- Install Ambassador. See the quickstart guide.
- Update the
bookinfo.yamlmanifest to include the necessary Ambassador annotations. See below.
apiVersion: v1
kind: Service
metadata:
name: productpage
labels:
app: productpage
annotations:
getambassador.io/config: |
---
apiVersion: ambassador/v0
kind: Mapping
name: productpage_mapping
prefix: /productpage/
rewrite: /productpage
service: productpage:9080
spec:
ports:
- port: 9080
name: http
selector:
app: productpage- Optionally, delete the Ingress controller from the
bookinfo.yamlmanifest by typingkubectl delete ingress gateway. - Test Ambassador by going to
$AMBASSADOR_IP/productpage/. You can get the actual IP address for Ambassador by typingkubectl get services ambassador.
Automatic Sidecar Injection
Newer versions of Istio support Kubernetes initializers to automatically inject the Istio sidecar. With Ambassador, you don't need to inject the Istio sidecar -- Ambassador's Envoy instance will automatically route to the appropriate service(s). If you're using automatic sidecar injection, you'll need to configure Istio to not inject the sidecar automatically for Ambassador pods. There are several approaches to doing this that are explained in the documentation.
Discover how to automatically manage containers and microservices with better control and performance using Instana APM. Try it for yourself today.
Like This Article? Read More From DZone
Published at DZone with permission of Richard Li . See the original article here.
Opinions expressed by DZone contributors are their own.
{{ parent.title || parent.header.title}}
{{ parent.tldr }}
{{ parent.linkDescription }}
{{ parent.urlSource.name }}