Envoy proxy, the data plane of Istio service mesh, is used for handling east-west traffic ( service-to-service communication within a data center). However, to make Istio manage a network of multicloud applications, Envoy was configured as a sidecar proxy for handling north-south traffic (traffic in and out of data centers). It was observed that application developers found it difficult to configure Envoy proxy as an API gateway and ingress controller. This was time-consuming, which led the community to use Kubernetes Gateway API as a part of the Envoy project and eventually build Envoy Gateway.
The project was started by a few community members- Matt Kleint (founder of Envoy at Lyft), Ambassador labs, Fidelity investments, Tetrate, and VMware. The community has merged a few CNCF projects, such as Contour, Emissary, and K8s Gateway API, into Envoy Gateway to provide seamless onboarding.
Introducing Envoy Gateway
Envoy Gateway empowers developers to extend Envoy proxy as an API or ingress controller for multicluster and multicloud traffic handling use cases. Envoy Gateway can also act as the control plane to manage Envoy proxies in the cloud applications.
Features of Envoy Gateway
6 key features of Envoy Gateway are:
- API, based on Gateway API with Envoy extensions, to handle north-south traffic.
- Advanced load balancing and traffic management capabilities
- XDS control plane for service discovery.
- Provisioning and dynamic configuration updates for Envoy proxy and ingress
- Extended support for multiclouds and VMS.
- TLS certificate delegation
Envoy Gateway offers multiple features that make it appealing for various teams. E.g., developers can use Envoy Gateway as API for lighter use cases. In addition, Ops or infrastructure teams can use Envoy Gateway to maintain the fleet of Envoy proxy in a service mesh.