One of our new segments, Community Corner, features weekly deep dives into common questions we get in our Community across our products: Edge Stack, Telepresence, and Blackbird. As one of the core members of our customer team, one of the most common questions I see revolves around the key differences between our open-source offering, Emissary-Ingress, and our commercial product, Edge Stack API Gateway.
Watch Instead of Read
The TL/DR:
Edge Stack is Ambassador’s licensed API Gateway. It’s a closed-source product that has been adopted by companies in various industries around the world to manage traffic to their cloud-based services.
Emissary-Ingress is an open-source gateway project developed by Ambassador. A fun fact: originally, Emissary went by our company name (Ambassador), but when we donated it to the CNCF, we changed the name to Emissary-Ingress.
Similarities
Both Edge Stack and Emissary-Ingress are built on Envoy and use Envoy Proxy as their core proxy. For those who want a refresher, Envoy is an open-source, high-performance proxy originally written by Lyft (the rideshare company). In both Edge Stack and Emissary-Ingress, you can configure Envoy more easily.
Additionally, architecturally speaking, Edge Stack and Emissary-Ingress are both ideally suited for Kuberentes-based environments where you want to route external traffic to your microservices.
Differences:
There are three distinct areas where Emissary and Edge Stack differ (other than the obvious- open source v.s a paid product). The main differences you’ll notice relate to the release schedules, regular maintenance, the feature set, and of course, continued support.
Release Schedule and Maintenance
As Ambassador’s licensed API Gateway, Edge Stack is maintained and regularly updated by Ambassador’s in-house engineering teams. Edge Stack releases are made regularly for bug fixes, efficiency improvements, and enhancements. Our latest release, as of June 2024, was Version 3.11.0.
For example, when it comes to Common Vulnerabilities and Exposures (CVEs) and security-impacting issues, we have a process for evaluating whether these issues impact Edge Stack’s functionality and performance. If there are impacts, we implement a fix for Edge Stack in a minor version release. Occasionally, customers and users will ask about a particular CVE and we share with them our evaluation results. With Edge Stack, you can expect regular support, maintenance, and protection against vulnerabilities to avoid disruption in your workflow.
Emissary-ingress, on the other hand, does not have a determined release schedule currently. In late 2023, Ambassador made the choice to decouple the Emissary release schedule from Edge Stack’s schedule, and we moved the Emissary Slack Community over to the CNCF Community. Ambassador no longer serves as the primary maintainer of Emissary but works alongside other active community maintainers on the project. This change was in response to several things, including requests from CNCF, marketplace factors, and, most importantly, efforts to recenter our focus on the needs of our Edge Stack customers and our new API development tool, Blackbird.
Although we do still merge PRs for CVEs that impact Emissary, we’re not planning for any future releases. Emissary-ingress has always been a community project, and the release schedule going forward will depend on the maintainers collectively. The last release of Emissary-ingress was 3.9.1 in November 2023.
Different Feature Sets
Edge Stack
Edge Stack leverages key features in Envoy (service discovery, authorization, authentication, circuit breaking, retries, timeouts, logging, and distributed tracing) and makes them available and more easily configurable.
As an API Gateway, Edge Stack’s primary job is to route traffic securely to your services, and it does this through declarative Custom Resource Definitions, which are highly configurable. So you can determine how you want Edge Stack to listen for your traffic, what ports you want it to use, the granularity of your routes, and a host of other factors to fine-tune access to your services and service availability. Edge Stack is highly scalable as well which means it performs in high-demand, high-load environments better than many other gateways not built on Envoy. And you can employ both horizontal and vertical scaling strategies.
Some of the key features of Edge Stack include:
- Authentication: OAuth2, OIDC, JWT, and Single Sign On
- Rate Limiting
- Web Application Firewall solution (WAF): configured to help protect your web applications by preventing and mitigating many common attacks.
- Network Security With Cert-Manager Integration: TLS, mTLS and CORS Request Resiliency Observability
Emissary Features
On the other end, Emissary offers the following:
- Circuit breakers, automatic retries, timeouts Observability: distributed tracing, real-time L7 metrics
- L4/L7 load balancing and routing for your traffic protocols.
You’ll note that Emissary doesn’t include authentication, rate limiting, WAF, Single-sign on, or Network Security With Cert-Manager Integration so adopters would need to implement these features independently or build them internally.
In the end, Emissary-ingress is really more of an ingress with limited functionality, like the name suggests, whereas Edge Stack has the full feature set that provides everything you need at the edge in a fully fledged API Gateway.
Continued Support
The final difference between the two, and critical in a business-focused production environment, is that Edge Stack is fully supported by Ambassador’s knowledgeable and reputable Support team. Support is available on a 5 x 8 or 24 x 7 basis, depending on your needs. Users can raise tickets and get speedy responses and assistance. Users can also join our Slack channel, where we discuss implementation topics and new releases and keep everyone up to date with the latest versions, updates, and news.
Customers can also employ our new Knowledge Base. Hosted on our Support Portal, the Knowledge Base is a self-service collection of technical articles, FAQs, and best practices written by our Support team. As it dives deeper into custom use cases and configuration details based on user questions, it's meant to be a resource on various implementation topics in addition to our formal docs.
On the other hand, since its inception, Emissary-ingress has been a community project, and going forward, it will be supported by the community on a peer-to-peer basis and by the maintainers collectively. There is a wide-reaching Emissary community and knowledge sharing among its members in the CNCF Slack channel and on GitHub. You can join that community via CNCF Slack here.
Which Should I Choose?
Now this might sound biased coming from the Ambassador team, but if you want the most actively supported, feature-rich, scalable, and configurable API Gateway option, Edge Stack is the obvious choice. If price is your barrier, we do offer a free tier to test out all the proprietary features, such as authentication, Single Sign-On, and rate limiting as a trial with 10,000 requests per Month (RPMs). Our Growth plan option is also great for small teams and low-volume users, starting at only $1,000 a month.
Learn more about Edge Stack. And thank you for joining us on this community corner deep dive!
Top comments (0)