Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Tight integration of Ambassador and Istio

See original GitHub issue

Ambassador has an integration with Istio by using an Envoy-Proxy as sidecar. But this is only done to integrate Ambassador with Istio’s mTLS, Prometheus and Jaeger. All other possibilities of Istio are not integrated. So if I have a service which gets called by Ambassador and also in a service to service call then I have to establish some rules (e.g. CiruitBreaker, …) in 2 different places. The first place is Ambassador for ingress traffic and the second place is Istio’s VirtualService and DestinationRule for inner service mesh communication.

Would it be possible to integrate Ambassador with Istio in a way that VirtualService and DestinationRule can also be used by Ambassador?

On the other side I want to use Ambassador for authentication und rate limiting where Istio’s alternatives are not fitting very well.

Is it possible to use a VirtualService with a connection to Ambassador? Something like this:

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: my-service
spec:
  hosts:
  - "*"
  gateways:
  - ambassador
  - mesh

Issue Analytics

State:
Created 3 years ago
Reactions:10
Comments:14 (5 by maintainers)

Top GitHub Comments

3reactions

hendrikhalkowcommented, Aug 16, 2020

I think what we need the ability to route traffic from Ambassador Mappings to Istio VirtualServices instead of Services. Idea for a workaround: Create an internal Istio gateway, route Ambassador traffic to that internal Istio gateway service.

0reactions

cindymullins-dwcommented, Mar 1, 2022

The Kubernetes Gateway API (https://istio.io/latest/docs/tasks/traffic-management/ingress/gateway-api/) is currently in alpha and is supported by Ambassador Edge Stack (https://www.getambassador.io/docs/edge-stack/latest/topics/using/gateway-api/). In our view this is the likely path forward to common interoperability. @agill17 , @blhagadorn, @hendrikhalkow , @mikejamesowen @hofmannmich

Top Results From Across the Web

Tight integration of Ambassador and Istio · Issue #2858 - GitHub

Ambassador has an integration with Istio by using an Envoy-Proxy as sidecar. But this is only done to integrate Ambassador with Istio's mTLS ......

Istio integration | Edge Stack

Ambassador Edge Stack and Istio can be deployed together on Kubernetes. In this configuration, Ambassador Edge Stack manages traditional edge functions such as ......

Integrating Ambassador API Gateway and Istio Service Mesh ...

Ambassador gives an easy setup for Ingress traffic to Kubernetes, Istio provides flexible and secure methods to manage service-to-service traffic. Combining ...

Ambassador and Istio: Edge proxy and service mesh - ITNEXT

Ambassador and Istio can be deployed together on Kubernetes. In this configuration, incoming traffic from outside the cluster is first routed through ...

Emissary-ingress now officially supported by top service mesh ...

Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and ...