Skip to main content

ExtAuth with Ambassador Edge Stack

To use Gate as an ExtAuth service with Ambassador Edge Stack, you must create a Filter and Filter Policy resource:

---
apiVersion: getambassador.io/v3alpha1
kind: Filter
metadata:
  name: "gate-filter"
  namespace: "ambassador" # this must match the namespace where Edge Stack is deployed
spec:
  External: # must be External
    auth_service: http://gate.default:5000 # this must match the service name, namespace, and port of the Gate deployment
    proto: grpc # Gate only supports the full Envoy gRPC protocol
    protocol_version: v3 # Must be set to `v3`
---
apiVersion: getambassador.io/v3alpha1
kind: FilterPolicy
metadata:
  name: "gate-filter-policy"
  namespace: "ambassador" # this must match the namespace where Edge Stack is deployed
spec:
  rules:
    - host: "*" # to be configured based on your needs
      path: /* # to be configured based on your needs
      filters:
        - name: gate-filter # must match the name of the Filter resource created above

Note that:

  • Filter and FilterPolicy are custom resource definitions (CRDs) for Ambassador Edge Stack, and must be installed first (see our guide

  • You must deploy Gate in ExtAuth mode first (see our example or guide)