Ambassador Edge Stack is an API gateway that serves as an ingress controller into your Kubernetes cluster. Ambassador Edge Stack offers a comprehensive set of security functionality, supports a broad range of protocols, and supports progressive releases with modern traffic management. To learn more about Ambassador Edge Stack, you can read more about it here.
In this exercise,
- You will create an "Ambassador Edge Stack" addon and use it in a custom cluster blueprint
- You will then apply this cluster blueprint to a managed cluster
You have already provisioned or imported one or more Kubernetes clusters using the controller. You can learn more about getting started with clusters here.
Go to the Helm Chart Readme for all available Helm values. Create a values.yaml to customize your helm release, such as setting pod annotations or changing port values.
Navigate to the "Infrastructure" section and select "Add-Ons." Click on the "+ New Add-On" button to create a new add-on.
Select "Bring your own"
Enter "ambassador" in the "Name" section
Select "Helm 3" for the "Type" section
For "Artifact Sync," select the "Pull files from repository" option
For "Repository Type," select the "Helm" option
For "Namespace" Select "ambassador" from the dropdown.
Select the "Create" button
You will notice there is a box underneath your newly created add-on letting you know there are "No Versions Found." Click on "New Version" to add a new version of the add-on.
Enter "edge-stack" in the "Version Name" section
For "Repository" Select "ambassador-labs" from the dropdown
Enter "ambassador" in the "Chart Name" section
Enter "6.9.1" in the "Chart Version" section
(Optional) You may upload the values.yaml file from Step 2 in the "Upload Files" section if you'd like to apply any changes.
Navigate to the "Infrastructure" section and select "Blueprints." Click on the "+ New Blueprint" button to create a new blueprint.
Enter "ambassador-edge-stack" in the "Name" section
Enter "Blueprint for Ambassador Edge Stack install" in the "Description" section
Click "SAVE"
You will notice there is a box underneath your newly created blueprint letting you know there are "No Versions Found." Click on "New Version" to add a new version of the blueprint
Enter "v1.14.1" in the "Version Name" section
Select "rafay-privileged-psp" in the "Pod Security Policies" section
Select the "cluster-scoped" option in the "PSP Policy Type" section
Select "Add More" in the "Add-Ons" section
Enter "ambassador" in the "Name" section
Enter "edge-stack" in the "Version" section
(IMPORTANT) In the "Managed System Add-Ons" be sure to DESELECT "Ingress Controller." The rest of the options you can leave as selected.
Register a DNS name for this endpoint using your preferred registrar.
(Note) For AWS users, you may have a preconstructed hostname that was automatically generated instead of an IP address. Use a tool like dig (dig <hostname> +short) to get an IP address associated with that name.
Nip.io is a dynamic, wildcard DNS server that translates a hostname with an embedded IP address into that IP address itself.
Use the IP address obtained previously and construct a nip.io hostname. For example, if you have an IP address of 169.254.169.254, you can use 169.254.169.254.nip.io as your hostname.
Copy and save the following code in a file with the name quote-test.yaml
Replace "quote.example.com" under hostname with your hostname from step 8
Replace "quote.example.com" under tlsSecret with your hostname from step 8
---apiVersion:getambassador.io/v2kind:Hostmetadata:name:quote-hostspec:hostname:quote.example.com# Replace with your hostname from step above.acmeProvider:authority:https://acme-v02.api.letsencrypt.org/directoryemail:my-email@datawire.io# Replace with your emailtlsSecret:name:quote.example.com# Replace with your hostname from step above. ---apiVersion:getambassador.io/v2kind:Mappingmetadata:name:quote-backendspec:prefix:/backend/service:quote---apiVersion:v1kind:Servicemetadata:name:quotespec:ports:-name:httpport:80targetPort:8000-name:httpsport:443targetPort:8000selector:app:quote---apiVersion:apps/v1kind:Deploymentmetadata:name:quotespec:replicas:1selector:matchLabels:app:quotestrategy:type:RollingUpdatetemplate:metadata:labels:app:quotespec:containers:-name:backendimage:docker.io/datawire/quote:0.4.1ports:-name:httpcontainerPort:8000env:-name:PORTvalue:"8000"resources:limits:cpu:"0.1"memory:100Mi
Navigate to the "Applications" section, and select "Workloads." Select the "+ New Workload" button to create a new workload
Enter "quote-test-service" in the "Name" section
Select the "k8's YAML" in the "Package Type" section
Enter "quote-test" in the "Namespace" section
Select "Continue"
In the "Upload Files section," select "Choose File"
Select your quote-test.yaml file created previously
Go to the "Placement" tab
Set "Drift Action" to "NotSet"
Set "Placement Policy" to "Specific Clusters"
Select your cluster you want the workload in
Select the "Publish" tab or select the "Save And Go To Publish" button
Congratulations! You have successfully created a custom cluster blueprint with the "Ambassador Edge Stack" addon and applied to a cluster. You can now use this blueprint on as many clusters as you require.