Skip to content

2025

  • in stock
  • 4 min read

VT

Financial Analysis Report: Vanguard Total World Stock ETF (VT)

1. Executive Summary

The Vanguard Total World Stock ETF (VT) provides investors with a globally diversified equity portfolio, tracking the FTSE Global All Cap Index. This ETF encompasses large-, mid-, and small-cap stocks from both developed and emerging markets, making it a core holding for long-term investors seeking global diversification. The fund has a low expense ratio and has historically delivered competitive returns relative to global equity markets. This report analyzes VT's key financial metrics, portfolio composition, performance trends, risk factors, and investment outlook.

2. Fund Overview

2.1 Fund Objective and Strategy

VT aims to provide broad exposure to global equities by passively tracking the FTSE Global All Cap Index, ensuring long-term capital appreciation. Its holdings span multiple geographies and sectors, reflecting the global market composition.

2.2 Key Details

  • Fund Sponsor: Vanguard
  • Inception Date: June 24, 2008
  • Expense Ratio: 0.07%
  • Assets Under Management (AUM): $42.417 billion (as of February 2025)
  • Number of Holdings: Over 9,000 stocks
  • Dividend Yield: 2.88% (Trailing 12 Months)
  • Ticker Symbol: VT
  • Exchange: NYSE Arca

3. Portfolio Composition & Asset Allocation

3.1 Regional Allocation

VT provides exposure to a diversified set of equities worldwide, with the following approximate allocation: - North America: 60% (U.S. and Canada) - Europe: 15% - Asia-Pacific: 15% - Emerging Markets: 10%

3.2 Sector Allocation

As of December 31, 2024, VT's sector allocations are: - Technology: 27.6% - Financials: 15.0% - Consumer Discretionary: 14.5% - Industrials: 13.6% - Healthcare: 9.4% - Consumer Staples: 4.7% - Energy: 4.0% - Basic Materials: 3.1% - Utilities: 2.8% - Real Estate: 2.7% - Telecommunications: 2.6%

3.3 Top Holdings

VT holds a wide range of stocks, with its largest holdings being: 1. Apple Inc. (AAPL) 2. Microsoft Corp. (MSFT) 3. Amazon.com Inc. (AMZN) 4. NVIDIA Corp. (NVDA) 5. Alphabet Inc. (GOOGL)

These top five holdings account for a significant portion of the fund’s total assets and contribute to its strong historical performance.

4. Performance Analysis

4.1 Historical Performance

Year VT Price Return (%) Benchmark Return (%)
2024 14.2% 14.5%
2023 17.3% 17.8%
2022 -18.4% -18.1%
2021 21.2% 21.5%
2020 16.5% 16.8%

Over the past decade, VT has provided an average annual return of 9.53%, closely tracking the global equity market.

4.2 Year-to-Date (YTD) Performance

As of February 8, 2025, VT has delivered a YTD return of 3.24%, driven by strong technology sector performance and continued economic resilience in the U.S.

4.3 Dividend History

VT provides a dividend yield of 2.88%, with quarterly distributions. The ETF's dividend growth rate over the past five years has averaged 10.85% annually.

5. Risk Factors

5.1 Market Risk

Since VT is a globally diversified fund, it is subject to broad market fluctuations based on economic conditions, interest rate changes, and global economic cycles.

5.2 Currency Risk

VT holds assets in multiple currencies, exposing investors to foreign exchange fluctuations. A strong U.S. dollar can negatively impact returns from non-U.S. holdings.

5.3 Emerging Market Volatility

Approximately 10% of VT’s holdings are in emerging markets, which are subject to political instability, inflation, and regulatory changes.

5.4 Economic Downturns

A global recession or economic slowdown in major markets could negatively impact VT’s performance, reducing corporate earnings and market valuations.

6. Investment Outlook & Recommendations

6.1 Bull Case (Positive Scenario)

  • Continued Technology Growth: If the technology sector maintains its momentum, VT could see significant gains.
  • U.S. Market Strength: A resilient U.S. stock market, which comprises a majority of VT, could further boost returns.
  • Emerging Market Recovery: A rebound in emerging markets would enhance diversification benefits and overall returns.

6.2 Bear Case (Negative Scenario)

  • Global Recession Risks: Economic slowdowns in key markets could lead to declining stock valuations.
  • Geopolitical Tensions: Trade disputes, conflicts, or political instability in major regions could negatively impact VT’s performance.
  • Interest Rate Hikes: If central banks maintain a tight monetary policy, equity valuations could face downward pressure.

6.3 Recommendation

For long-term investors, VT remains a strong choice due to its broad diversification, low expense ratio, and exposure to global markets. However, investors with a short-term horizon should be cautious about market volatility.

  • Risk-Averse Investors: Hold VT as a core component of a well-diversified portfolio.
  • Aggressive Investors: Consider adding sector-specific ETFs for higher returns while keeping VT as a foundational investment.

7. Conclusion

The Vanguard Total World Stock ETF (VT) is a compelling investment for those seeking global diversification at a low cost. Its broad exposure to equities worldwide makes it a resilient choice for long-term investors. While risks exist, VT has historically delivered solid returns and remains an attractive option for those looking to gain exposure to the entire global equity market.

Disclosures

This report is for informational purposes only and does not constitute financial advice. Investors should conduct further research or consult a financial advisor before making investment decisions.

  • in stock
  • 3 min read

VTI

Financial Analyst Report: Vanguard Total Stock Market ETF (VTI)

Ticker: VTI

Exchange: NYSE Arca

Asset Class: Equity

Category: Broad Market U.S. Stock ETF

Issuer: Vanguard

Expense Ratio: 0.03%

Dividend Yield: ~1.5%

1. Overview

Vanguard Total Stock Market ETF (VTI) is one of the most widely held exchange-traded funds (ETFs), designed to provide broad exposure to the entire U.S. equity market. The fund tracks the CRSP US Total Market Index, encompassing large-, mid-, small-, and micro-cap stocks, thereby reflecting the overall performance of the U.S. stock market.

2. Performance & Returns

Period YTD (%) 1-Year (%) 3-Year (%) 5-Year (%) 10-Year (%)
VTI 11.2% 17.5% 10.3% 12.7% 13.8%
S&P 500 10.5% 16.9% 9.8% 12.1% 13.4%

Data as of latest quarter-end

VTI has outperformed the S&P 500 in the long term due to its broader market exposure, particularly benefiting from small- and mid-cap stocks during economic expansions. However, during market downturns, its exposure to smaller, more volatile stocks can contribute to slightly higher drawdowns.

3. Holdings & Sector Allocation

VTI holds over 4,000 stocks, offering significant diversification. The top holdings include major tech companies, reflecting their large market capitalizations.

Top 5 Holdings (Approximate Weights)
  1. Apple Inc. (AAPL) – 7.2%
  2. Microsoft Corp. (MSFT) – 6.4%
  3. Amazon.com Inc. (AMZN) – 3.1%
  4. NVIDIA Corp. (NVDA) – 2.9%
  5. Alphabet Inc. (GOOGL) – 2.3%
Sector Breakdown:
Sector Allocation (%)
Technology 28.5%
Health Care 13.1%
Consumer Discretionary 12.4%
Financials 12.0%
Industrials 10.2%
Other 23.8%

The heavy weighting in technology has been a key driver of returns, benefiting from growth in artificial intelligence, cloud computing, and digital transformation.

4. Risk Factors

  1. Market Volatility – VTI is exposed to the overall stock market, meaning it will experience downturns in periods of economic uncertainty or market corrections.
  2. Interest Rate Sensitivity – Higher interest rates could put pressure on equities, particularly growth stocks.
  3. Sector Concentration – The technology sector comprises a large portion of the fund, posing risks if the sector underperforms.
  4. Small-Cap Exposure – While adding potential for higher returns, small-cap stocks can be more volatile and sensitive to economic downturns.

5. Investment Suitability & Recommendations

Investor Profile: VTI is ideal for long-term investors seeking broad diversification at a low cost. It is suitable for retirement portfolios, passive investors, and those looking for exposure to the entire U.S. stock market.

Pros: - Extremely low expense ratio (0.03%) - High diversification (~4,000 stocks) - Strong historical performance - Liquid and widely traded

Cons: - No active management (passive index tracking) - Exposure to market downturns - Heavy reliance on tech sector performance

Recommendation: VTI remains a strong long-term core holding for investors seeking U.S. equity exposure. Given its broad market reach and low expense ratio, it is a superior choice for passive investors. However, investors should monitor market conditions, particularly interest rate trends and sector-specific risks, to manage portfolio volatility effectively.

6. Conclusion

Vanguard Total Stock Market ETF (VTI) is one of the most efficient and diversified ways to gain exposure to the U.S. equity market. Its low expense ratio, broad coverage, and historical performance make it a top choice for investors with a long-term horizon. While short-term volatility remains a concern, its diversified structure mitigates risks associated with individual stock declines. Investors should consider adding VTI as a foundational component of their portfolio, complementing it with international or bond ETFs for a well-rounded allocation.

  • in stock
  • 1 min read

VTWO

The Vanguard Russell 2000 ETF (VTWO) is designed to replicate the performance of the Russell 2000 Index, which measures the performance of small-capitalization stocks in the United States.

As of February 7, 2025, VTWO is trading at $91.40, reflecting a 1.20% decrease from the previous close.

The fund has an expense ratio of 0.10% and manages nearly $8 billion in assets.

The ETF's top holdings include FTAI Aviation Ltd. (FTAI) at 0.54%, Sprouts Farmers Market, Inc. (SFM) at 0.47%, and Insmed Incorporated (INSM) at 0.44%.

VTWO offers a dividend yield of 1.18%, with an annual dividend of $1.08 per share. Dividends are distributed quarterly, with the most recent ex-dividend date on December 23, 2024.

Analyst consensus rates VTWO as a "Moderate Buy," with an average 12-month price target of $115.96, suggesting potential upside.

Investors should be aware that small-cap stocks can exhibit higher volatility compared to large-cap stocks. Recent analyses have highlighted concerns about the quality of holdings within the Russell 2000 Index, suggesting that VTWO may have exposure to lower-quality stocks.

In summary, VTWO provides diversified exposure to U.S. small-cap equities with a low expense ratio. However, potential investors should consider the inherent volatility and quality of the underlying holdings when evaluating this ETF for their portfolios.

  • in stock
  • 2 min read

VUG

The Vanguard Growth ETF (VUG) is a prominent exchange-traded fund that offers investors exposure to large-cap U.S. growth stocks. As of February 8, 2025, VUG is trading at $418.82, reflecting a slight decrease of 0.01% from the previous close.

Fund Overview

Launched on January 26, 2004, VUG seeks to replicate the performance of the CRSP US Large Cap Growth Index, which encompasses large-cap companies exhibiting strong growth characteristics. The fund boasts assets under management exceeding $153 billion, positioning it among the largest ETFs in its category.

Sector Allocation and Top Holdings

VUG's portfolio is heavily weighted towards the Information Technology sector, accounting for approximately 46.8% of its holdings. Consumer Discretionary and Telecommunications sectors follow, rounding out the top three allocations. The fund's top holdings include industry leaders such as Apple Inc. (11.52%), NVIDIA Corp., and Microsoft Corp. Collectively, the top ten holdings represent about 56.78% of the fund's total assets.

Performance Metrics

Over the past year, VUG has delivered a return of approximately 30.27%. The fund's beta stands at 1.12, indicating a slightly higher volatility compared to the broader market. Its standard deviation over the trailing three-year period is 23.15%, reflecting moderate risk within its investment space.

Analyst Insights

Analysts maintain a favorable outlook on VUG, with a consensus rating of "Strong Buy." The average 12-month price target is $479.29, suggesting potential upside from its current price. This optimism is underpinned by the fund's strategic focus on high-growth sectors and its inclusion of companies with robust earnings trajectories.

Expense Ratio and Dividend Yield

VUG is recognized for its cost-efficiency, featuring an annual operating expense ratio of 0.04%, which is competitive within the ETF landscape. The fund offers a 12-month trailing dividend yield of 0.47%, providing investors with a modest income stream alongside capital appreciation potential.

Conclusion

The Vanguard Growth ETF presents a compelling opportunity for investors aiming to gain exposure to large-cap growth stocks in the U.S. market. Its diversified portfolio, strong performance history, and low expense ratio make it an attractive option for those seeking growth-oriented investments.

Please note that past performance is not indicative of future results. It's essential to consider your individual financial situation and consult with a financial advisor before making investment decisions.

  • in stock
  • 3 min read

VYM

Financial Analysis Report: Vanguard High Dividend Yield ETF (VYM)

1. Overview of VYM

The Vanguard High Dividend Yield ETF (VYM) is an exchange-traded fund designed to provide investors with exposure to high-dividend-yielding stocks in the U.S. equity market. Managed by Vanguard, VYM tracks the FTSE High Dividend Yield Index, which consists of companies that typically pay above-average dividends. The fund is popular among income-focused investors seeking steady cash flows and potential long-term capital appreciation.

2. Key Facts
  • Ticker Symbol: VYM
  • Issuer: Vanguard
  • Expense Ratio: 0.06%
  • Dividend Yield (TTM): Approximately 2.74% as of 2024 - Assets Under Management (AUM): Approximately $61.426 billion as of 2025
  • Holdings: Over 530 large-cap U.S. companies
  • Inception Date: November 10, 2006
  • Index Tracked: FTSE High Dividend Yield Index
3. Performance Analysis
Historical Returns (as of January 31, 2025)
Period VYM Return S&P 500 Return
YTD 3.74% 3.52%
1-Year 21.08% 25.02%
5-Year 11.12% 13.29%
10-Year 10.50% 13.29%
  • YTD (Year-to-Date): VYM has returned 3.74%, slightly outperforming the S&P 500's 3.52%.
  • 1-Year: VYM delivered a 21.08% return, underperforming the S&P 500's 25.02%.
  • 5-Year: VYM achieved an annualized return of 11.12%, compared to the S&P 500's 13.29%.
  • 10-Year: VYM's annualized return was 10.50%, while the S&P 500 returned 13.29%.
Dividend Growth
  • In 2024, VYM provided a dividend yield of approximately 2.74%. - The ETF has a history of consistent dividend growth, typically increasing its payout annually.
  • Dividends are distributed quarterly, offering regular income to investors.
4. Portfolio Composition
Sector Allocation
Sector Allocation (%)
Financials 23.0%
Consumer Staples 12.7%
Information Technology 12.6%
Industrials 12.0%
Health Care 11.2%
Energy 9.3%
Consumer Discretionary 7.2%
Utilities 6.5%
Communication Services 3.2%
Materials 2.4%
Real Estate 0.0%
  • VYM has significant allocations in Financials and Consumer Staples, sectors known for stable and high dividend yields.
  • Compared to broader market ETFs like the Vanguard Total Stock Market ETF (VTI), VYM has less exposure to technology stocks, which often have lower or no dividend payouts.
Top Holdings
Company Ticker % of Portfolio
Broadcom Inc. AVGO 6.00%
JPMorgan Chase & Co. JPM 3.84%
Exxon Mobil Corp. XOM 2.75%
Procter & Gamble Co. PG 2.25%
Walmart Inc. WMT 2.23%
  • The fund is well-diversified with over 530 holdings, reducing company-specific risk.
5. Risk and Volatility
  • Lower Volatility: VYM tends to be less volatile than growth-oriented funds like the Invesco QQQ Trust (QQQ), due to its focus on mature, dividend-paying companies.
  • Interest Rate Sensitivity: Dividend stocks are sensitive to interest rate changes; when rates rise, high-yield stocks may become less attractive compared to fixed-income investments.
  • Sector Risks: Heavy exposure to financials and consumer staples means VYM’s performance can be affected by economic downturns or regulatory changes impacting these industries.
6. Suitability for Investors

VYM is best suited for: - Income-focused investors looking for consistent and growing dividend payouts. - Long-term investors who prefer stable, large-cap dividend stocks. - Those seeking broad diversification in dividend-paying U.S. companies. - Investors desiring lower volatility compared to growth-heavy ETFs like QQQ.

Not ideal for: - Investors seeking high growth or tech-heavy exposure. - Short-term traders, as dividend ETFs typically reward long-term holders. - Those who prioritize total return over income, as VYM may underperform during bull markets.

7. Conclusion

The Vanguard High Dividend Yield ETF (VYM) is an excellent choice for income investors seeking a steady and growing dividend stream with moderate capital appreciation. Its low expense ratio, strong diversification, and history of stable dividends make it a reliable core holding in dividend-focused portfolios. However, investors should be aware of interest rate sensitivity and sector concentration risks before investing.

Investment Verdict: 🟢 BUY for Long-Term Income Investors

  • in stock
  • 2 min read

XLP

The Consumer Staples Select Sector SPDR Fund (XLP) is an exchange-traded fund (ETF) that aims to replicate the performance of the Consumer Staples Select Sector Index, which represents the consumer staples sector of the S&P 500 Index. This sector includes industries such as food and staples retailing, beverages, food products, tobacco, household products, and personal care products.

As of February 7, 2025, XLP is trading at $79.35, reflecting a slight decrease of 0.14% from the previous close. The fund's net asset value (NAV) is $79.50, with assets under management totaling approximately $16.5 billion. Notably, on January 31, 2025, the fund's expense ratio was reduced from 0.09% to 0.08%, making it a cost-effective option for investors seeking exposure to the consumer staples sector.

XLP comprises 38 holdings, with the top allocations as follows:

Company Ticker Allocation
Costco Wholesale Corporation COST 11.23%
Walmart Inc. WMT 10.78%
The Procter & Gamble Company PG 9.60%
The Coca-Cola Company KO 5.93%
Philip Morris International Inc. PM 5.45%

The fund's beta is 0.30, indicating lower sensitivity to overall market movements, which can be beneficial during market volatility. Additionally, XLP offers a dividend yield of 2.74%, with an annual dividend of $2.18 per share, distributed quarterly.

Analyst consensus rates XLP as a "Moderate Buy," with an average 12-month price target of $86.58, suggesting potential upside from its current price.

In summary, XLP provides targeted exposure to the consumer staples sector, offering potential for stable returns and income through dividends. Its low expense ratio and defensive characteristics make it an attractive option for investors seeking to mitigate risk in their portfolios.

  • in zh
  • 2 min read

CANSLIM 選股法

CANSLIM 方法由 威廉·歐尼爾(William O'Neil) 開發,是一種強大的選股與投資策略,旨在找出具有高成長潛力的股票,並在其大幅上漲之前發掘機會。這種方法結合了 基本分析與技術分析,因此深受尋求高回報股票的交易者與投資者喜愛。

CANSLIM 是由 七大關鍵選股標準 組成的縮寫:

C – 當季盈餘成長(Current Earnings Growth)

「最近一季的盈餘快速增長」

選股時最重要的指標之一是 最近一季的盈餘成長。CANSLIM 方法建議投資者尋找 每股盈餘(EPS)與去年同期相比增長至少 25% 以上 的公司。盈餘的快速提升顯示出公司的業務動能強勁。

範例: 如果某公司的 EPS 去年為 $1.00,而 今年為 $1.50,那麼 增長率為 50%,是一個強烈的盈餘成長訊號。

A – 年度盈餘成長(Annual Earnings Growth)

「過去數年的盈餘持續增長」

穩定的 年度盈餘成長 是重要的選股指標。投資者應尋找 過去 3–5 年內 EPS 成長率維持 15–20% 或以上 的公司。持續的盈餘成長代表公司擁有穩健的營運模式。

範例: 若某公司過去四年的 EPS 為 $2.00、$2.50、$3.25、$4.00,顯示 穩定的成長趨勢,符合 CANSLIM 標準。

N – 新產品、新管理或新高(New Products, New Management, or New Highs)

「具備未來成長動能的新產品、新管理或創新高」

要讓股價有 顯著增長,企業必須推出 新的成長動能,如: - 新產品或新服務,開拓新市場。 - 新管理團隊,改善運營效率。 - 併購或市場擴張,創造新收入來源。

範例: 科技公司推出創新的 AI 產品,或零售企業進軍 海外市場

S – 供需關係(Supply and Demand)

「需求上升的小型股」

股價受 供需法則 影響。歐尼爾強調,投資者應關注 流通股數較少但需求強勁的股票,特別是 小型至中型市值公司

範例: 一檔流通股數僅 5000 萬股 的小型股,若獲得機構投資者關注,可能會因供不應求而快速上漲。

📌 提示: 低流通股(Low Float)股票因供應有限,當需求增加時價格波動性通常更大。

L – 領導股或落後股(Leader or Laggard?)

「價格與盈餘表現優異的股票」

成功的投資者應 投資市場領導者,而非落後者。市場領導者是 股價表現與盈餘增長均優於產業競爭者的股票

如何識別領導股? - 相對強弱指數(RS)RS 值高於 80(表示其表現超過 80% 的股票)是強勢股的標誌。 - 比較同行業競爭者,選擇表現最優秀的股票。

範例: 若兩家公司皆從事電動車業務,應選擇 盈餘增長率更高、股價趨勢更強、機構投資人更青睞的公司

I – 機構投資者進場(Institutional Sponsorship)

「機構投資者開始買進」

機構投資者(如 避險基金、共同基金、養老基金)是推動股價上漲的重要力量。當某股票的 機構持股比例逐步增加,代表專業投資人看好其前景。

範例: 若某股票的 機構持股比例連續數個季度上升,則意味著大資金正在流入。

📌 提示: 避免機構持股 超過 90% 的股票,因為當機構開始賣出時,股價可能會大幅下跌。

M – 市場趨勢(Market Direction)

「整體市場不應處於下跌趨勢」

即使股票符合 CANSLIM 標準,在 熊市 中投資仍可能遭受損失。因此,投資前應 分析整體市場趨勢

如何判斷市場趨勢? - 監測 主要指數(S&P 500、NASDAQ、道瓊工業指數)。 - 觀察移動平均線(50 日與 200 日均線)。 - 追蹤 市場廣度指標(上漲與下跌股票比例)。 - 關注聯準會(Fed)貨幣政策,特別是利率變化。

範例:S&P 500 和 NASDAQ 正處於明確的上升趨勢,通常是較安全的投資時機。若市場處於下跌趨勢,應耐心等待轉折點。

CANSLIM 投資策略的總結

CANSLIM 方法結合基本與技術分析,幫助投資者選出最有潛力的成長股。 然而,這並非被動投資策略,投資者須 密切關注市場趨勢並適時調整策略

關鍵重點:

尋找強勁的盈餘增長(季增與年增)。關注擁有創新產品、新管理或強勁動能的公司。投資市場領導者,避免落後股。追蹤機構投資者的資金流向。僅在市場趨勢向上時進場投資。

透過 CANSLIM 方法,投資者可以提高發掘 高成長股的成功機率

📌 你有使用 CANSLIM 方法選股嗎?歡迎在評論區分享你的看法!
  • 3 min read

Ambassador API Gateway - A Cloud-Native Approach to API Management

In the era of microservices and cloud-native applications, API gateways play a crucial role in managing and securing communication between services. Ambassador API Gateway has gained popularity as a Kubernetes-native solution designed to handle API traffic efficiently. This blog post explores the key features of Ambassador, its architecture, and how it compares to traditional API gateways.

What is an API Gateway?

An API Gateway acts as an entry point for microservices, providing essential functionalities such as: - Authentication and Authorization – Managing access control via OAuth, JWT, or API keys. - Traffic Management – Routing, load balancing, and rate limiting. - Security – TLS termination, request validation, and protection against attacks. - Observability – Logging, tracing, and monitoring API usage.

Traditional API gateways like Kong, Apigee, and AWS API Gateway have been widely used in monolithic and hybrid architectures. However, Kubernetes-native applications require more dynamic, scalable, and DevOps-friendly solutions—this is where Ambassador comes in.

Introducing Ambassador API Gateway

Ambassador is an Envoy-based API gateway designed for Kubernetes. It serves as an ingress controller and facilitates north-south (external) traffic management for microservices.

Key Features of Ambassador

  1. Kubernetes-Native

  2. Ambassador is built specifically for Kubernetes, leveraging Custom Resource Definitions (CRDs) for configuration instead of traditional static config files.

  3. Envoy Proxy as the Core

  4. Ambassador uses Envoy Proxy under the hood, benefiting from its advanced networking capabilities, resilience, and extensibility.

  5. Decentralized Configuration

  6. Unlike monolithic API gateways, Ambassador enables microservices teams to configure routing and policies independently.

  7. Authentication and Security

  8. Supports OAuth2, JWT validation, and external authentication services.

  9. Implements mTLS (Mutual TLS) for secure service-to-service communication.

  10. Traffic Control and Rate Limiting

  11. Offers advanced load balancing, circuit breaking, and failover strategies.

  12. Implements rate limiting to prevent abuse and ensure fair usage.

  13. Observability and Monitoring

  14. Integrates seamlessly with Prometheus, Grafana, and OpenTelemetry for real-time insights.
  15. Provides built-in support for distributed tracing with Jaeger and Zipkin.

How Ambassador API Gateway Works

1. Deployment Architecture

  • Ambassador runs as a Kubernetes deployment and is typically exposed via a Kubernetes Service.
  • It integrates with Ingress Controllers such as NGINX or the Kubernetes API server to manage external traffic.
  • Each microservice can define its own routing rules using Kubernetes annotations or CRDs.

2. Traffic Routing Example

Below is an example of configuring a route for a microservice using AmbassadorMapping CRD:

apiVersion: getambassador.io/v3alpha1
kind: Mapping
metadata:
  name: my-service
spec:
  prefix: /my-api/
  service: my-service.default.svc.cluster.local:8080
  timeout_ms: 5000

This mapping ensures that requests to /my-api/ are routed to my-service running on port 8080.

3. Authentication Example

To integrate JWT authentication, you can define the following configuration:

apiVersion: getambassador.io/v3alpha1
kind: AuthService
metadata:
  name: jwt-auth
spec:
  auth_service: auth-service.default:443
  proto: http
  allowed_request_headers:
    - "Authorization"

This setup ensures that all incoming requests must include a valid JWT token before being forwarded to microservices.

Comparison: Ambassador vs. Traditional API Gateways

Feature Ambassador Kong AWS API Gateway Apigee
Kubernetes-Native ✅ Yes ⚠️ Partial ❌ No ❌ No
Envoy Proxy ✅ Yes ❌ No ❌ No ❌ No
CRD-based Config ✅ Yes ❌ No ❌ No ❌ No
Authentication ✅ Yes ✅ Yes ✅ Yes ✅ Yes
Observability ✅ Prometheus, Grafana ✅ Kong Vitals ✅ CloudWatch ✅ Stackdriver
Serverless Support ⚠️ Limited ✅ Yes ✅ Yes ✅ Yes
Cloud-Native Integration ✅ Yes ✅ Yes ✅ Yes ✅ Yes

When to Use Ambassador API Gateway?

Ambassador is an excellent choice if: ✅ Your application is Kubernetes-native and relies on microservices. ✅ You want a fully declarative and GitOps-friendly API Gateway. ✅ You need high performance with Envoy Proxy. ✅ You require scalability with dynamic routing and service discovery.

However, if you need deep API monetization, fine-grained analytics, or serverless API support, traditional gateways like Apigee or AWS API Gateway might be a better fit.

Conclusion

Ambassador API Gateway provides a powerful, Kubernetes-native solution for managing API traffic in microservices architectures. With its Envoy-based foundation, decentralized configuration, and first-class support for Kubernetes, it offers a scalable and developer-friendly alternative to traditional API gateways.

If you’re running microservices on Kubernetes and looking for an efficient, scalable API gateway, Ambassador is definitely worth considering!

Do you use Ambassador in your Kubernetes setup? Share your experience in the comments!

  • in zh
  • 2 min read

Ambassador API Gateway:雲端原生 API 管理方法

在微服務和雲端原生應用的時代,API Gateway 在管理和保護服務之間的通信方面發揮著至關重要的作用。Ambassador API Gateway 作為 Kubernetes 原生解決方案而廣受歡迎,能夠高效處理 API 流量。本文將探討 Ambassador 的關鍵功能、其架構以及與傳統 API Gateway 的比較。

什麼是 API Gateway?

API Gateway 充當微服務的入口,提供以下核心功能: - 身份驗證與授權 – 透過 OAuth、JWT 或 API 金鑰來管理存取控制。 - 流量管理 – 路由、負載平衡和速率限制。 - 安全性 – TLS 終止、請求驗證和防止攻擊。 - 可觀察性 – 記錄、追蹤和監控 API 使用情況。

傳統的 API Gateway(如 Kong、Apigee 和 AWS API Gateway)廣泛應用於單體和混合架構。然而,Kubernetes 原生應用需要更動態、可擴展且適合 DevOps 的解決方案——這正是 Ambassador 發揮作用的地方。

介紹 Ambassador API Gateway

Ambassador 是基於 Envoy 的 API Gateway,專為 Kubernetes 設計。它作為 Ingress 控制器,促進 北-南(外部)流量 管理。

Ambassador 的關鍵功能

  1. Kubernetes 原生

  2. Ambassador 專為 Kubernetes 打造,使用自訂資源定義(CRDs)進行配置,而非傳統的靜態配置文件。

  3. 基於 Envoy Proxy

  4. Ambassador 採用 Envoy Proxy 作為核心,從其先進的網路功能、彈性和可擴展性中受益。

  5. 去中心化配置

  6. 與單體 API Gateway 不同,Ambassador 允許微服務團隊獨立配置路由和策略。

  7. 身份驗證與安全性

  8. 支援 OAuth2、JWT 驗證和外部身份驗證服務

  9. 實施 mTLS(雙向 TLS),確保服務間安全通信。

  10. 流量控制與速率限制

  11. 提供先進的 負載平衡、熔斷機制和故障轉移策略

  12. 實施 速率限制,防止濫用並確保公平使用。

  13. 可觀察性與監控

  14. 無縫整合 Prometheus、Grafana 和 OpenTelemetry 以獲取即時洞察。
  15. 內建 分佈式追蹤 支援,如 Jaeger 和 Zipkin。

Ambassador API Gateway 的運作方式

1. 部署架構

  • Ambassador 以 Kubernetes 部署 運行,通常透過 Kubernetes Service 曝露。
  • 它與 Ingress Controllers(如 NGINX 或 Kubernetes API Server)集成,管理外部流量。
  • 每個微服務都可以透過 Kubernetes 註解或 CRD 定義自己的路由規則。

2. 流量路由範例

以下是使用 AmbassadorMapping CRD 配置微服務路由的示例:

apiVersion: getambassador.io/v3alpha1
kind: Mapping
metadata:
  name: my-service
spec:
  prefix: /my-api/
  service: my-service.default.svc.cluster.local:8080
  timeout_ms: 5000

此配置確保 /my-api/ 的請求被路由到運行於 8080 端口的 my-service

3. 身份驗證範例

要整合 JWT 身份驗證,可以定義以下配置:

apiVersion: getambassador.io/v3alpha1
kind: AuthService
metadata:
  name: jwt-auth
spec:
  auth_service: auth-service.default:443
  proto: http
  allowed_request_headers:
    - "Authorization"

此設置確保所有傳入請求都必須包含有效的 JWT 令牌,才會被轉發到微服務。

Ambassador 與傳統 API Gateway 的比較

功能 Ambassador Kong AWS API Gateway Apigee
Kubernetes 原生 ✅ 是 ⚠️ 部分支援 ❌ 否 ❌ 否
Envoy Proxy ✅ 是 ❌ 否 ❌ 否 ❌ 否
基於 CRD 的配置 ✅ 是 ❌ 否 ❌ 否 ❌ 否
身份驗證 ✅ 是 ✅ 是 ✅ 是 ✅ 是
可觀察性 ✅ Prometheus、Grafana ✅ Kong Vitals ✅ CloudWatch ✅ Stackdriver
無伺服器支援 ⚠️ 限制 ✅ 是 ✅ 是 ✅ 是
雲端原生整合 ✅ 是 ✅ 是 ✅ 是 ✅ 是

何時應使用 Ambassador API Gateway?

如果您的應用符合以下條件,Ambassador 會是一個絕佳選擇: ✅ 應用 Kubernetes 原生,並依賴微服務架構。 ✅ 需要 完全聲明式與 GitOps 友好的 API Gateway。 ✅ 需要 高效能 並基於 Envoy Proxy。 ✅ 需要 可擴展性,支援 動態路由和服務發現

然而,如果您需要 深入的 API 商業化、細粒度分析或伺服器無 API 支援,傳統 Gateway(如 Apigee 或 AWS API Gateway)可能更合適。

結論

Ambassador API Gateway 提供了一個強大的 Kubernetes 原生解決方案,用於管理微服務架構中的 API 流量。憑藉其 Envoy 核心去中心化配置Kubernetes 的一流支援,它提供了一個可擴展且開發者友好的 API Gateway 替代方案。

如果您正在 Kubernetes 上運行微服務,並尋找一個高效可擴展的 API Gateway,Ambassador 絕對值得考慮!

您是否在 Kubernetes 設置中使用 Ambassador?歡迎在評論中分享您的經驗!

  • 3 min read

Envoy Proxy vs NGINX for Your Architecture

When it comes to modern cloud-native applications and microservices, choosing the right proxy plays a critical role in ensuring performance, scalability, and security. Two popular choices in this space are Envoy Proxy and NGINX. While both are powerful, they cater to different use cases and design philosophies. This post explores their key differences, strengths, and best use cases.

Overview

NGINX

NGINX started as a high-performance web server and later evolved into a powerful reverse proxy and load balancer. It has been widely adopted for traditional and modern web applications due to its efficiency in handling HTTP and TCP traffic.

Envoy Proxy

Envoy is a modern, high-performance proxy designed by Lyft for cloud-native architectures. It serves as a key component in service meshes like Istio and Consul, offering advanced observability, dynamic configuration, and deep integration with microservices environments.

Architecture and Design Philosophy

Feature Envoy Proxy NGINX
Design Built for cloud-native, microservices-based architectures Initially designed as a web server, later evolved into a proxy
Configuration Uses dynamic service discovery and APIs (xDS) Static configuration, requires reload for changes
Performance Highly optimized for distributed architectures Efficient for traditional web traffic
Observability Advanced telemetry with metrics, logs, and tracing Basic logging and monitoring capabilities
Extensibility gRPC-based APIs, filters, and dynamic routing Lua scripting, limited dynamic capabilities

Configuration and Management

NGINX Configuration

NGINX relies on a configuration file (nginx.conf) where changes require a reload to take effect. While this is suitable for traditional applications, it poses challenges in dynamic microservices environments.

Example configuration:

server {
    listen 80;
    location / {
        proxy_pass http://backend;
    }
}

Envoy Configuration

Envoy follows a more dynamic approach with APIs like xDS (Extensible Discovery Service) that allow real-time updates without restarting the proxy.

Example Envoy configuration snippet:

static_resources:
  listeners:
    - name: listener_0
      address:
        socket_address:
          address: 0.0.0.0
          port_value: 10000
      filter_chains:
        - filters:
            - name: envoy.filters.network.http_connection_manager
              typed_config:
                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
                stat_prefix: ingress_http
                route_config:
                  name: local_route
                  virtual_hosts:
                    - name: backend
                      domains: ["*"]
                      routes:
                        - match:
                            prefix: "/"
                          route:
                            cluster: service_backend

Key Differences: - Envoy supports dynamic configuration updates via APIs, while NGINX relies on manual configuration and reloads. - Envoy is designed for service meshes, making it a natural choice for microservices.

Performance and Scalability

  • NGINX is known for its high throughput and efficient event-driven architecture, making it an excellent choice for serving static content and traditional web applications.
  • Envoy is optimized for service-to-service communication, handling gRPC and HTTP/2 traffic efficiently, and offering out-of-the-box observability and resilience.
  • Latency: NGINX performs slightly better for static content, while Envoy excels in dynamic routing and service discovery.

Observability and Telemetry

Observability is a crucial factor when choosing a proxy.

  • NGINX provides logging and some basic monitoring capabilities, but requires third-party integrations for deeper observability.
  • Envoy is designed for observability, with built-in support for:
  • Metrics (Prometheus, StatsD)
  • Distributed Tracing (Zipkin, Jaeger, OpenTelemetry)
  • Logging with structured output

Example Envoy tracing configuration:

tracing:
  http:
    name: envoy.tracers.zipkin
    typed_config:
      "@type": type.googleapis.com/envoy.config.trace.v3.ZipkinConfig
      collector_cluster: zipkin
      collector_endpoint: "/api/v2/spans"

Key Takeaway: If deep observability is required, Envoy is the better choice.

Security Features

Feature Envoy Proxy NGINX
mTLS Support Yes, native support Requires additional configuration
RBAC Yes No
JWT Authentication Built-in Requires plugins
WAF (Web Application Firewall) No (requires integration) Available in NGINX Plus

Key Takeaway: Envoy has stronger built-in security features, but NGINX Plus offers commercial WAF capabilities.

Use Cases

When to Choose NGINX

✅ You need a high-performance web server for handling HTTP/TCP traffic.

✅ Your architecture is monolithic or follows a traditional load-balancing model.

✅ You require lightweight static configurations and minimal dependencies.

When to Choose Envoy Proxy

✅ You are working with microservices or service mesh architectures.

✅ You need dynamic service discovery, advanced telemetry, and tracing.

✅ Your application heavily relies on gRPC, HTTP/2, or API Gateway patterns.

Conclusion

Both Envoy Proxy and NGINX are excellent choices depending on your architecture and use case.

  • NGINX remains a top choice for traditional web applications, load balancing, and reverse proxying.
  • Envoy Proxy excels in cloud-native, microservices environments, and service meshes.

Ultimately, the best choice depends on your application’s needs. If you're building highly scalable, cloud-native applications, Envoy is the better option. For traditional web workloads, NGINX still reigns supreme.

What’s Your Choice?

Are you using Envoy or NGINX in your architecture? Share your experience in the comments below!