Profile
Ambassador is a Kubernetes-native API gateway and edge stack platform designed to manage traffic into and between microservices. Built on Envoy Proxy, it provides sophisticated traffic management, security controls, and developer self-service capabilities specifically for cloud-native environments. The platform consists of two distinct offerings: the open-source Emissary-ingress project under CNCF governance, and the commercial Ambassador Edge Stack with enterprise features. Its primary value proposition lies in enabling organizations to implement comprehensive API management while maintaining Kubernetes-native workflows and declarative configuration.
Focus
Ambassador addresses the fundamental challenge of managing external access to services running in Kubernetes clusters while enabling developer self-service. The platform eliminates traditional operational bottlenecks by allowing development teams to independently configure and manage their service exposure through declarative Kubernetes resources. It solves complex requirements around authentication, traffic management, and observability in microservices architectures without requiring deep networking expertise. The tool primarily serves platform engineering teams and application developers working with Kubernetes-based microservices, particularly in organizations pursuing DevOps practices and API-first architectures.
Background
Originally developed by Ambassador Labs (formerly Datawire), the project began as an open-source API gateway built on Envoy Proxy. The core technology was later donated to the Cloud Native Computing Foundation as Emissary-ingress, achieving incubating status. Notable production deployments include Daisy Health's healthcare platform and PTC's migration to microservices on Azure Kubernetes Service. Following acquisition by Gravitee, the platform has evolved into distinct tracks: the community-maintained Emissary-ingress project and the commercially supported Edge Stack product, each with separate development trajectories.
Main features
Declarative traffic management with advanced routing control
The platform implements sophisticated traffic management through Kubernetes Custom Resource Definitions (CRDs), enabling declarative configuration of routing rules, load balancing, and protocol support. It handles HTTP, HTTP/2, gRPC, WebSockets, and raw TCP traffic, with intelligent load balancing based on factors like response times and connection counts. The system supports advanced patterns including canary releases, traffic shadowing, and A/B testing through percentage-based traffic splitting. Organizations can implement progressive delivery strategies and manage complex routing scenarios without custom code or manual intervention.
Enterprise-grade authentication and authorization framework
Ambassador provides comprehensive security controls through a flexible authentication and authorization framework. The system supports integration with OpenID Connect providers, enabling single sign-on with major identity platforms like Azure Active Directory and Auth0. Authentication can be configured per-service or per-route, with transparent credential validation and user information injection into requests via headers. The framework includes rate limiting capabilities for protecting backend services, with support for sophisticated policies including per-user quotas and tiered rate limits based on customer subscriptions.
Comprehensive observability and monitoring integration
The platform delivers extensive observability capabilities through native integration with industry-standard tools. It exposes detailed metrics about request patterns, response times, and service health through Prometheus integration, enabling sophisticated monitoring and alerting. The system supports distributed tracing through multiple backends including Jaeger and Zipkin, providing end-to-end request visibility across service boundaries. Detailed logging captures authentication decisions, rate limiting actions, and routing choices, offering comprehensive audit trails and debugging capabilities through structured JSON output.
