Emissary Ingress Traffic Routing is a Kubernetes Ingress Controller that uses the Envoy proxy to route traffic to applications. It is an open-source project hosted by the Cloud Native Computing Foundation (CNCF) and is part of the Ambassador Edge Stack which was designed to be secure, extensible, and easy to use. Emissary Ingress Controller provides a number of features such as authentication, traffic routing, rate-limiting, TLS, and mutual TLS with client certificates. In addition, it provides advanced features such as dynamic routing, traffic shadowing, and circuit breaking.
In this post, you’ll learn about Emissary’s approach to Kubernetes Ingress Traffic Routing:
How Does Emissary-ingress work?
Emissary-ingress is a comprehensive and user-friendly solution built on the Envoy Proxy, which provides advanced traffic management features. It utilizes Kubernetes Custom Resource Definitions (CRDs) for a declarative, self-service model and supports continuous delivery workflows. Additionally, it can be used independently or integrated with other observability, tracing, and service mesh tools.
Emissary-ingress is a Kubernetes ingress controller that uses Emissary, a service mesh platform, to route traffic to services within a Kubernetes cluster. It works by watching for ingress resources in the Kubernetes API and configuring Emissary to route traffic to the appropriate service based on the rules defined in the ingress resource. Emissary-ingress also provides additional functionality such as authentication, rate limiting, and request rewriting.
The architecture of Emissary-ingress typically consists of the following components:
- Kubernetes API: The Emissary-ingress controller watches for ingress resources in the Kubernetes API and uses them to configure routing rules within Emissary.
- Envoy Proxy: Emissary-ingress uses Envoy Proxy as the data plane for traffic management. Envoy handles load balancing, circuit breaking, rate limiting, and automatic retries.
- Emissary Control Plane: The Emissary control plane provides the management plane for the service mesh and is responsible for configuring and managing the Envoy proxies.
- Kubernetes Services: Emissary-ingress routes traffic to the appropriate Kubernetes service based on the rules defined in the ingress resource.
- Emissary-ingress API Gateway: The Emissary-ingress API Gateway provides additional functionality such as authentication, rate limiting, and request rewriting.
- gRPC-based Aggregated Discovery Service (ADS) API: Allows for the discovery of services within the mesh by gathering the service discovery data from multiple sources and providing a single point for service discovery using gRPC protocol, which makes it efficient and low latency.
How Emissary’s solution can be used to improve application performance and security
Emissary’s solution can be used to improve the performance and security of applications in several ways:
- Enhancing Security: Emissary provides advanced traffic management and security features such as service-to-service authentication, mutual Transport Layer Security (mTLS), and access control. These features help to protect the communication between services within the mesh and ensure that only authorized services can access one another.
- Improving application performance: Emissary uses Envoy Proxy as the data plane for traffic management. Envoy provides features such as load balancing, circuit breaking, rate limiting, and automatic retries. These features help to improve the performance of applications by distributing traffic across multiple instances of a service and by handling failures gracefully.
- Simplifying management: Emissary provides a self-service model for managing the service mesh, built on Kubernetes Custom Resource Definitions (CRDs). This allows for continuous delivery workflows and simplifies the management of the service mesh.
- Improving availability: Emissary allows you to define and configure traffic management rules, such as load balancing, service discovery, and service configuration, which allows you to improve the availability of your applications by distributing traffic across multiple instances of a service and by handling failures gracefully.
Features of Emissary Ingress Traffic Routing
- Rate Limiting: Emissary ingress provides rate-limiting capabilities, allowing you to protect your services from excessive traffic and ensure that resources are used efficiently.
- Dynamic Routing: Emissary ingress provides dynamic routing capabilities, allowing you to configure traffic routing rules based on a variety of criteria such as hostname, path, and headers.
- Load balancing: Emissary ingress supports load balancing, allowing you to distribute traffic across multiple instances of a service.
- Circuit Breaking: Emissary ingress provides circuit-breaking capabilities, allowing you to handle failures gracefully by automatically stopping traffic to a service that is experiencing issues.
- Automatic Retries: Emissary ingress provides automatic retries, allowing you to handle failures gracefully by automatically retrying failed requests.
- Request Rewriting: Emissary ingress allows you to rewrite incoming requests, allowing you to modify the request path, headers, and other attributes.
- Authentication and Authorization: Emissary ingress provides authentication and authorization capabilities, allowing you to secure access to your services and ensure that only authorized services can access one another.
In conclusion, Emissary is a powerful Kubernetes ingress traffic routing solution that provides advanced features such as dynamic routing, load balancing, circuit breaking, rate limiting, automatic retries, request rewriting, and authentication and authorization. Its self-service model built on Kubernetes Custom Resource Definitions (CRDs) enables continuous delivery workflows, simplifies management, and improves the availability of the service mesh. Emissary’s solution can improve your applications’ performance and security by providing advanced traffic management and security features. This blog post provides an overview of the features of Emissary ingress traffic routing and how it can be used to improve the performance and security of your applications. To know more about it you can watch the interview here:
If you have questions related to this topic, feel free to book a meeting with one of our solutions experts, mail to email@example.com.