By 
Author: Varun Talwar, Co-Founder, Tetrate
Bio: Varun Talwar is co-founder of Tetrate. Previously at Google, Varun co-created Istio and gRPC. Varun has also worked as a partner product manager for YouTube Live and technical account manager for Google India. Varun is passionate about bringing positive change to the world through technology.
In Paris this March at KubeCon+CloudNativeCon Europe, spring will be in the air. Not just because the city will once again come alive as the weather breaks and the cafés buzz with energy, but because one of the most anticipated projects in the Kubernetes ecosystem will be ready for prime time.
At the event, the Envoy community is scheduled to release version 1.0 of Envoy Gateway, signaling its readiness for the rigors of production environments.
Envoy Gateway is an open source project hosted by the Cloud Native Computing Foundation (CNCF) for managing Envoy Proxy as a Kubernetes-based application gateway, using Gateway API resources to dynamically provision and configure the managed Envoy Proxies. It simplifies how Envoy is deployed and managed, allowing application developers to focus on delivering business value. Most importantly, it supports running natively in Kubernetes environments.
Envoy Gateway: A Game Changer for Kubernetes Ingress
The Envoy Gateway project has one primary goal: attract more users to Envoy by lowering barriers to adoption through expressive, extensible, role-oriented APIs that support a multitude of Ingress and traffic routing use cases at L7/L4. Envoy Gateway natively supports Gateway API, which is the new standard that seamlessly integrates with the Kubernetes resources, including Services and Endpoints. It addresses the same core ‘expose a service’ challenge, with a modern multi-tenant, role-based use case. It is also much more expressive, extensible, and re-usable.
Although Kubernetes does not include a built-in implementation of the Gateway API, a variety of both commercial and open source options are available for use, such as the Istio service mesh and Envoy Gateway.
Open source Envoy Gateway is the most complete implementation of Gateway API. Its APIs are comprehensive, unified, and standardized for managing traffic into and out of a Kubernetes cluster. Additionally, it delivers more powerful and granular control, including expanded protocol support (like UDP routing for voice applications) and routing options (like gRPC routing). It also provides flexible configuration for a diversity of use cases like header modifications and jwt authentication.
The Limitations of Ingress Thus Far
Before Envoy Gateway 1.0, Ingress in Kubernetes has been managed by tools like NGINX and HAProxy. These technologies are useful, but they were not designed with distributed environments like Kubernetes in mind.
The design of the Ingress Controller concept supported ad-hoc extensions by way of labels, annotations, config maps, and templating. This quickly resulted in a very fragmented ecosystem. Multiple open source projects and commercial vendors sought to add features and create differentiation to stand out amongst the dozens of alternatives in the space.
Users were left bewildered. There was no obvious ‘best choice’ that provided broad functionality, was well-supported by a user community and well-maintained by a developer community, was portable and avoided lock-in, and which integrated well into the increasingly-complex, multi-tenant configuration pipelines that Enterprise users were relying on.
Some vendors started using Envoy for Ingress controllers but then a variety showed up; some were closed, some were open with very little differentiation, and they were almost always maintained by a single vendor.
Envoy Gateway is Built for Kubernetes Ingress
The introduction of the Gateway API, replacing the aging Ingress resource, unlocked the next generation of development for Ingress solutions. Gateway API addresses the same core ‘expose a service’ challenge, but with an API that is aware of modern multi-tenant, role-based use cases, and is much more expressive than the simple Ingress resource. And by design, it is extensible in simple and re-usable ways from the outset.
Concurrently, the Envoy proxy was gaining popularity and battle-hardened reliability. Envoy was designed for fast-changing, API-driven configuration. It also had a strong developer community behind it, rapidly delivering integrations with other Kubernetes ecosystem projects.
Envoy Gateway is a modern, purpose-built, open source tool that’s designed specifically with Ingress for Kubernetes and distributed architectures in mind.
Why LOB Owners Should Care
The delivery speed and availability of customer-facing services are deeply tied to Kubernetes Ingress. Speed is not just how performant the Ingress solution is (though Envoy certainly is battle-proven and fast), it’s more about how easily a dev team can configure Kubernetes Ingress without waiting for another team. Modern Ingress should give dev teams the ability to define Kubernetes Ingress in a self-service way.
On the flip side, a modern Ingress approach should also allow the infrastructure owner to reconfigure Ingress and define guardrails such that the Ingress controller can dynamically reconfigure without downtime, and best of all, mistakes from one dev team do not take down another team’s services.
The GA of Tetrate Enterprise Envoy Gateway
As the Envoy community releases Envoy Gateway 1.0, Tetrate will release Tetrate Enterprise Envoy Gateway (TEG) into general availability (GA). TEG is an enterprise-grade and fully supported distribution of Envoy Gateway with upstream APIs, modernizing Ingress for everyone using Kubernetes. It is a 100% upstream distribution of Envoy Gateway, powered by a fully upstream API set for consistency and stability.
Tetrate engineers have led the Envoy community as contributors and maintainers of the Envoy Gateway project and worked with early TEG customers to help deliver version 1.0 of the open source Envoy Gateway project, as well as the GA of the TEG distribution.
The Time for a Modern Kubernetes Ingress Option is Here
Now is an ideal time for the paradigm change. The world has been running on an Ingress controller designed for a bygone era of static infrastructure. Today the confluences of three forces are creating a new chapter for Kubernetes Ingress:
- The users are ready: The previous generation of API Gateway vendors do not provide dedicated Ingress solutions for Kubernetes, so there is a void for users who want more speed and availability.
- The standard is ready: Kubernetes Gateway API is widely anointed as the go-forward standard for Kubernetes Ingress.
- The project is ready: Envoy Gateway is now 1.0, and it is based on a battle-tested project — Envoy.
Learn more about Envoy Gateway at the project website, and visit Tetrate at booth J14 to learn more about Tetrate Enterprise Envoy Gateway.
###
To learn more about Kubernetes and the cloud native ecosystem, join us at KubeCon + CloudNativeCon Europe in Paris from March 19-22.
