HashiCorp Consul integrates with Ambassador to securely route Ingress traffic to Consul Service Mesh when using Kubernetes. When onboarding applications onto a service mesh or when integrating with existing applications outside of the Mesh, a north south API gateway is typically required for communications with clients outside of the network. Ambassador is a Kubernetes API Gateway that allows you to route incoming traffic to your Consul Service Mesh proxies while also providing the ability to leverage advanced API Gateway functionalities such as rate limiting and authentication.
2. ● Cloud native comms require intentional design
● Bootstrap your skills in a K8s playground
● Ambassador manages ingress traffic
● Consul manages service-to-service traffic
● Evolve through proof-of-concept to production
tl;dr
8. Ambassador Edge Stack
● K8s-native and Envoy powered
● Designed for dev self-service
● CRD-driven config (GitOps friendly)
● Easy config of TLS (via ACME/Let’s Encrypt)
● User auth / rate limiting / developer portal
9. ● Multi-platform with excellent K8s support, and deployed as self-
managed or managed service on AWS/Azure
● Native multi-region and multi-cluster support
● Envoy-powered
● CRD-driven config (1.9+)
○ Intentions for service to service authorization
○ Layer 7 Traffic Routing
● Easy config of mTLS and Vault Integration
Consul Service Mesh
13. Proof-of-concept
Goals:
● “Dancing skeleton” in production-like env
● Feedback from all stakeholders
Pain points:
● Flushing out all requirements
● Impact “shift left” quality (testing and security)
14. Production
Goals:
● Hardening the solution
● Resilience: technology, processes, people
Pain points:
● Expect the unexpected
● Optimizing for the ability to iterate… fast!
15. ● Cloud native comms require intentional design
● Ambassador manages ingress traffic
● Consul manages service-to-service traffic
● Bootstrap your skills in a K8s playground
● Evolve through proof-of-concept to production
Conclusion