data-plane-api/docs/root/start/distro/ambassador.rst

.. _install_ambassador:

Envoy as an API Gateway in Kubernetes
=====================================

A common scenario for using Envoy is deploying it as an edge service (API
Gateway) in Kubernetes. `Ambassador <https://www.getambassador.io>`_ is an open
source distribution of Envoy designed for Kubernetes. Ambassador uses Envoy for
all L4/L7 management and Kubernetes for reliability, availability, and
scalability. Ambassador operates as a specialized control plane to expose
Envoy's functionality as Kubernetes annotations.

This example will walk through how you can deploy Envoy on Kubernetes via
Ambassador.

Deploying Ambassador
--------------------

Ambassador is configured via Kubernetes deployments. To install Ambassador/Envoy
on Kubernetes, run the following if you're using a cluster with RBAC enabled:

.. code-block:: console

   kubectl apply -f https://www.getambassador.io/yaml/ambassador/ambassador-rbac.yaml

or this if you are not using RBAC:

.. code-block:: console

   kubectl apply -f https://www.getambassador.io/yaml/ambassador/ambassador-no-rbac.yaml

The above YAML will create a Kubernetes deployment for Ambassador that includes
readiness and liveness checks. By default, it will also create 3 instances of
Ambassador. Each Ambassador instance consists of an Envoy proxy along with the
Ambassador control plane.

We'll now need to create a Kubernetes service to point to the Ambassador
deployment. In this example, we'll use a ``LoadBalancer`` service. If your
cluster doesn't support ``LoadBalancer`` services, you'll need to change to a
``NodePort`` or ``ClusterIP``.

.. code-block:: yaml

  ---
  apiVersion: v1
  kind: Service
  metadata:
    labels:
      service: ambassador
    name: ambassador
  spec:
    type: LoadBalancer
    ports:
    - port: 80
      targetPort: 80
    selector:
      service: ambassador

Save this YAML to a file ``ambassador-svc.yaml``. Then, deploy this service to
Kubernetes:

.. code-block:: console

   kubectl apply -f ambassador-svc.yaml

At this point, Envoy is now running on your cluster, along with the Ambassador
control plane.

Configuring Ambassador
----------------------

Ambassador uses Kubernetes annotations to add or remove configuration. This
sample YAML will add a route to Google, similar to the basic configuration
example in the :ref:`Getting Started guide <start>`.

.. code-block:: yaml

  ---
  apiVersion: v1
  kind: Service
  metadata:
    name: google
    annotations:
      getambassador.io/config: |
        ---
        apiVersion: ambassador/v0
        kind:  Mapping
        name:  google_mapping
        prefix: /google/
        service: https://google.com:443
        host_rewrite: www.google.com        
  spec:
    type: ClusterIP
    clusterIP: None

Save the above into a file called ``google.yaml``. Then run:

.. code-block:: console

   kubectl apply -f google.yaml

Ambassador will detect the change to your Kubernetes annotation and add the
route to Envoy. Note that we used a dummy service in this example; typically,
you would associate the annotation with your real Kubernetes service.

Testing the mapping
-------------------

You can test this mapping by getting the external IP address for the Ambassador
service, and then sending a request via ``curl``.

.. code-block:: console

   $ kubectl get svc ambassador
   NAME         CLUSTER-IP     EXTERNAL-IP     PORT(S)        AGE
   ambassador   10.19.241.98   35.225.154.81   80:32491/TCP   15m
   $ curl -v 35.225.154.81/google/

More
----

Ambassador exposes multiple Envoy features on mappings, such as CORS, weighted
round robin, gRPC, TLS, and timeouts. For more information, read the
`configuration documentation
<https://www.getambassador.io/reference/configuration>`_.