Running Emissary-ingress in production

This section of the documentation is designed for operators and site reliability engineers who are managing the deployment of Emissary-ingress. Learn more below:

• Global Configuration: The Ambassador module is used to set system-wide configuration.
• Exposing Emissary-ingress to the Internet: The Listener CRD defines which ports are exposed, including their protocols and security models. The Host CRD defines how Emissary-ingress manages TLS, domains, and such.
• Load Balancing: Emissary-ingress supports a number of different load balancing strategies as well as different ways to configure service discovery
• Gzip Compression
• Deploying Emissary-ingress: On Amazon Web Services | Google Cloud | general security and operational notes, including running multiple Emissary-ingresses on a cluster
• TLS/SSL: Simultaneously Routing HTTP and HTTPS | HTTP -> HTTPS Redirection | Mutual TLS | TLS origination
• Statistics and Monitoring: Integrating with Prometheus, DataDog, and other monitoring systems
• Extending Emissary-ingress Emissary-ingress can be extended with custom plug-ins that connect via HTTP/gRPC interfaces. Custom Authentication | The External Auth protocol | Custom Logging | Rate Limiting | Distributed Tracing
• Troubleshooting: Diagnostics | Debugging
• Scaling Emissary-ingress: Scaling Emissary-ingress
• Ingress: Emissary-ingress can function as an Ingress Controller
• Error Response Overrides: Emissary-ingress can override 4xx and 5xx responses with custom response bodies