Route external HTTP and gRPC traffic to the correct backend services running inside a Kubernetes cluster using CRD configuration.
Set up rate limiting and authentication checks at the gateway level so individual services do not need to implement them separately.
Run a canary deployment by sending a small percentage of production traffic to a new service version before rolling it out fully.
Configure TLS termination at the gateway so backend services communicate over plain HTTP internally.
Requires a running Kubernetes cluster and familiarity with CRD configuration and Envoy Proxy concepts.
Emissary-ingress is an open-source API gateway designed to run inside a Kubernetes cluster. Kubernetes is a system for running many software services together on shared servers, and an API gateway is the front door that controls how traffic from the outside world gets routed to those services. Emissary is a CNCF incubating project, which means it's part of the same foundation that governs Kubernetes itself. It was formerly called Ambassador API Gateway. Under the hood, Emissary uses Envoy Proxy to handle the actual routing of network traffic. You configure it by writing Kubernetes configuration files using a format called CRDs (custom resource definitions), or by adding annotations to existing service definitions. This keeps the gateway's configuration close to the rest of your infrastructure rather than in a separate tool. The feature set covers the main concerns of running a production API: load balancing across multiple backend instances, support for standard protocols including gRPC, HTTP/2, TCP, and WebSockets, TLS termination, authentication hooks, rate limiting, sticky sessions, circuit breaking, and canary releases (which let you send a small percentage of traffic to a new version before rolling it out fully). It also connects to monitoring tools like Grafana, Prometheus, and Datadog, and can integrate with service meshes including Consul, Linkerd, and Istio. The README notes that the original parent company has stepped back from direct involvement in the project, so the community now drives development. The active development branch is called main, older release branches are frozen. Building requires running a make command that uses a tool called goreleaser to produce container images. For non-technical readers: this is infrastructure software for engineering teams managing cloud-hosted applications. It is not a tool for individual developers or end users. The quickstart documentation and the CNCF Slack channel are the recommended starting points for anyone looking to contribute or get help.
← emissary-ingress on gitmyhub — every repo by this author, as a profile.
Verify against the repo before relying on details.