Envoy Gateway

The Gateway to a New Frontier

Manage Envoy as an Application Gateway

Envoy Gateway is an open source project that will manage Envoy as an application gateway. It will provide a suite of services to drive adoption with users and throughout the cloud native ecosystem. Key features of Envoy Gateway are:

Envoy Gateway
  • An xDS control plane to manage a fleet of Envoys.
  • An expressive API, based on Gateway API, with reasonable default settings to simplify the Envoy user experience.
  • Support for heterogeneous environments. Note: The project initially targets Kubernetes.
  • Extensibility to support a multitude of application gateway use cases.
  • Envoy infrastructure provisioning and management.
  • High-quality documentation, tooling, and a diverse group of project maintainers for support.

Envoy Gateway will make it easy for users to leverage the power of Envoy. With its support for multiple user personas, organizations can leave their existing operational models unchanged. For example, infrastructure admins can use Envoy Gateway to provision and manage fleets of Envoys while application developers can simply route application traffic to their backend services. Executives and decision-makers can find comfort in knowing that Envoy Gateway is backed by the Envoy community.

Envoy Background

Envoy is a highly successful open source project, as shown by its adoption in Istio, Tetrate Service Bridge, and its use in the enterprise – Lyft, Slack, and many others. Although Envoy has a wealth of capabilities, it can be daunting for a user to quickly learn and begin utilizing it. Envoy Gateway will abstract these complexities away from users. Envoy Gateway will support Envoy’s rich feature set, including:

  • Traffic management
  • Load-balancing algorithms
  • Weight-based routing
  • Priority routing
  • Circuit breakers (and other resiliency features)
  • Rate limiting
  • Request transformations
  • Authentication and authorization
  • And many others

In other words, Envoy is a feature-rich application gateway. However, it was not initially designed for application developers who routinely author application networking and security policies. Envoy Gateway was created to unlock these capabilities for application developers.

Configuring Envoy Gateway

Although the project does not have an implementation yet, its user interface will be based on Gateway API, an open source project managed by the Kubernetes Network SIG. Here’s a common workflow that can be expected for Envoy Gateway in Kubernetes:

Infrastructure Admin

Install Envoy Gateway:

`kubectl apply -f /my/envoy/gateway/deployment.yaml`.

Create a GatewayClass:

apiVersion: gateway.networking.k8s.io/v1alpha2
kind: GatewayClass
metadata:
 name: internet-facing
spec:
 controllerName: envoyproxy.io/envoy-gateway

The GatewayClass is used to provide configuration parameters to Gateways of this class. The `controllerName` field tells Envoy Gateway that it’s responsible for managing Gateways of this class. Since the GatewayClass does not include a parameterRefs field, Gateways that reference this GatewayClass will use default settings.

Create a Gateway:

apiVersion: gateway.networking.k8s.io/v1alpha2
kind: Gateway
metadata:
 name: example-gateway
 namespace: example
spec:
 gatewayClassName: internet-facing
 listeners:
 - name: http
   protocol: HTTP
   port: 8080

The Gateway triggers Envoy Gateway to provision the Envoy infrastructure. This could mean deploying Envoy proxies to each node in the cluster, adding a listener to an existing Envoy, etc. The `gatewayClassName` field tells Envoy Gateway that any additional configuration parameters come from the GatewayClass named “internet-facing”. The Envoy infrastructure is now provisioned and is listening for HTTP connections on port 8080.

 

App Developer

Create an HTTPRoute:

apiVersion: gateway.networking.k8s.io/v1alpha2
kind: HTTPRoute
metadata:
 name: example-route
 namespace: example
spec:
 parentRefs:
 - name: example-gateway
 rules:
 - matches:
   - path:
       type: PathPrefix
       value: /v1
   backendRefs:
   - name: example
     port: 8080

The HTTPRoute exposes the backend Service named “example” through Gateway “example-gateway”. The route contains rules that provide a wealth of capabilities to match, filter, and forward application-level traffic. In this example, the configuration routes all HTTP traffic with a path prefix of “/v1” to the “example” service.

Envoy Gateway intends on providing a “batteries included” workflow by creating a default GatewayClass and Gateway. This streamlined workflow will be perfect for App Developers who simply need to route traffic to their backend services.

How can I find out more ?

Resources

Report
Tetrate Named a Cool Vendor by Gartner
Tetrate is recognized by Gartner as a Cool Vendor in Cloud Computing. You can read the report to learn what Gartner has to say about Tetrate…

Download Report ›

Tetrate Academy

Certified Istio Administrator

Become a Certified Istio Administrator
Learn, practice & get recognized as a Certified Istio Administrator. Master the internals of Istio, straight from the creators of Istio, and get certified.

Register now ›

Case Study

Encryption & PCI Compliance with Istio Service Mesh
Service mesh architecture provides a rich set of features for controlling and securing communications among services. Encryption in transit…

Read More ›