Ambassador Edge Stack (AES) includes a high-performance Ingress controller and a high-performance
API gateway that are built on top of Envoy Proxy. AES allows you to use various features
of Envoy with Custom Resource Definitions (CRDs). These features include rate limiting,
identity verification, load balancing, and observability. This topic describes how
to use AES to expose the API of an application that is deployed in a Container Service
for Kubernetes (ACK) cluster.
Step 1: Deploy AES
- Deploy AES.
kubectl apply -f https://www.getambassador.io/yaml/aes-crds.yaml
kubectl wait --for condition=established --timeout=90s crd -lproduct=aes
kubectl apply -f https://www.getambassador.io/yaml/aes.yaml
kubectl -n ambassador wait --for condition=available --timeout=90s deploy -lproduct=aes
- Verify that AES is deployed.
kubectl get pod -n ambassador
Expected output:
NAME READY STATUS RESTARTS AGE
ambassador-566d496b77-tg6ng 1/1 Running 0 2m
ambassador-redis-5fbd59f4fb-88gm8 1/1 Running 0 2m
If the pod where Ambassador is deployed is in the Running state, AES is deployed.
Step 2: Expose the API of an application
- Create an application and a Service.
cat <<-EOF | kubectl apply -f -
---
apiVersion: v1
kind: Service
metadata:
name: quote
namespace: ambassador
spec:
ports:
- name: http
port: 80
targetPort: 8080
selector:
app: quote
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: quote
namespace: ambassador
spec:
replicas: 1
selector:
matchLabels:
app: quote
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: quote
spec:
containers:
- name: backend
image: docker.io/datawire/quote:0.4.1
ports:
- name: http
containerPort: 8080
EOF
- Verify that the application and Service are created.
- Verify that the application is deployed.
kubectl get pod -n ambassador -l app=quote
Expected output:
NAME READY STATUS RESTARTS AGE
quote-d57b799b4-**** 1/1 Running 0 6m29s
If the pod where the application is deployed is in the Running state, the application
is deployed.
- Verify that the Service is deployed.
kubectl get svc -n ambassador quote
Expected output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
quote ClusterIP 172.23.XX.XX <none> 80/TCP 5m45s
If the output displays the name of the Service, the Service is deployed.
- Create a Mapping CRD to expose the application API.
cat <<-EOF | kubectl apply -f -
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
name: backend
namespace: ambassador
spec:
prefix: /backend/
service: quote
EOF
- Verify that the Mapping CRD is created.
kubectl get mappings -n ambassador
Expected output:
NAME PREFIX SERVICE STATE REASON
ambassador-devportal /docs/ 12*. *. *.*:8500
ambassador-devportal-api /openapi/ 12*. *. *.*:8500
quote-backend /backend/ quote
If the output displays the Mapping CRD, the Mapping CRD is deployed.
- Obtain the service IP address of AES.
kubectl get -n ambassador service ambassador -o "go-template={{range .status.loadBalancer.ingress}}{{or .ip .hostname}}{{end}}"
Expected output:
47.94.**. **
- Call the exposed application API.
curl -k https://{{IP}}/backend/
{
"server": "frosty-kiwi-ewe7vk96",
"quote": "A principal idea is omnipresent, much like candy.",
"time": "2020-08-01T08:41:37.054259819Z"
}
Replace ${IP}
with the service IP address of AES that is obtained in Step 5.