Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

KubeCon NA 2017: Ambassador and Envoy (Envoy Salon)


Published on

Ambassador is an open source Kubernetes-native API Gateway built on the Envoy proxy. We talked about why and how we built Ambassador during the Envoy salon at KubeCon.

Published in: Software
  • Be the first to comment

KubeCon NA 2017: Ambassador and Envoy (Envoy Salon)

  1. 1. 1 Ambassador and Envoy Flynn
  2. 2. 2 Ambassador Kubernetes API gateway
  3. 3. 3 Ambassador annotation annotation annotation annotation
  4. 4. 4 Ambassador annotation annotation annotation annotation
  5. 5. 5 Ambassador
  6. 6. 6 Why? Envoy for generalists Native Kubernetes feel Easy to get started Still possible to grow
  7. 7. 7 How? Configuration engine Diagnostic service External authentication mechanism Kubernetes synchronization
  8. 8. 8 How? Configuration engine Read K8s annotations and secrets, create Envoy config Update config as annotations change Diagnostic service Show user what we read, and the resulting Envoy config
  9. 9. 9 How? --- apiVersion: ambassador/v0 kind: Mapping name: canary_50_mapping prefix: /demo/ headers: x-demo-mode: canary service: https://demo2 weight: 50
  10. 10. 10 How? External Auth service Ask an external service whether it’s OK for a request to proceed Envoy filter, so custom Envoy build for now
  11. 11. 11 How? Kubernetes synchronization using hot restart Less cool than xDS… …but simpler to deploy and operate Avoids instability due toV1 xDS polling latency (keeping a careful eye onV2 though!)
  12. 12. 12 Challenges Configuration design Sacrificing flexibility for simplicity means a lot of non-simple decisions Feedback is the way to tackle this one Careful thought helps too
  13. 13. 13 Challenges Documentation Reference documentation is (kind of) easy Task-based documentation is necessary, but not so easy Feedback - especially about what tasks real users face! - is, again, the way to go
  14. 14. 14 Challenges Layers upon layers in debugging You just got a 404 — quick, where do you look?What caused it? How do you fix it Might be Ambassador, Envoy, Kubernetes, maybe Istio Diagnostic service is a huge help here, but we need more focus and visibility
  15. 15. 15 Challenges Kubernetes development process Reaching into the cluster to iterate and debug adds a lot of complexity In general, hunt for any tricks you can find to streamline the dev cycle Shameless plug: Datawire has tools to help here
  16. 16. 16 Questions? Thanks!!