Envoy Gateway is an open-source project for managing Envoy Proxy as a standalone or Kubernetes-native API gateway. It implements the Kubernetes Gateway API, providing a standardized way to expose services.
What Is Envoy Gateway?
Envoy Gateway simplifies Envoy Proxy configuration for API gateway use cases. Instead of writing complex Envoy configs, you use Kubernetes Gateway API resources (Gateway, HTTPRoute, GRPCRoute) that Envoy Gateway translates to Envoy configuration.
Key Features:
- Kubernetes Gateway API implementation
- Automatic TLS certificate management
- Rate limiting
- Authentication (JWT, OIDC, basic auth)
- Traffic splitting for canary deployments
- Request/response transformation
- Circuit breaking
- WebSocket and gRPC support
Installation
# Install via Helm
helm install eg oci://docker.io/envoyproxy/gateway-helm \
--version v1.2.0 -n envoy-gateway-system --create-namespace
# Wait for ready
kubectl wait --timeout=5m -n envoy-gateway-system deployment/envoy-gateway \
--for=condition=Available
Create a Gateway
# Gateway Class (created by Envoy Gateway)
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
name: eg
spec:
controllerName: gateway.envoyproxy.io/gatewayclass-controller
---
# Gateway instance
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: production
namespace: default
spec:
gatewayClassName: eg
listeners:
- name: http
port: 80
protocol: HTTP
- name: https
port: 443
protocol: HTTPS
tls:
mode: Terminate
certificateRefs:
- name: tls-cert
Route Traffic
# Simple HTTP route
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: api-routes
spec:
parentRefs:
- name: production
hostnames:
- "api.example.com"
rules:
- matches:
- path:
type: PathPrefix
value: /v1/users
backendRefs:
- name: user-service
port: 8080
- matches:
- path:
type: PathPrefix
value: /v1/orders
backendRefs:
- name: order-service
port: 8080
---
# Canary deployment with traffic splitting
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: canary-route
spec:
parentRefs:
- name: production
rules:
- backendRefs:
- name: app-v1
port: 8080
weight: 90
- name: app-v2
port: 8080
weight: 10
Rate Limiting
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: BackendTrafficPolicy
metadata:
name: rate-limit
spec:
targetRefs:
- group: gateway.networking.k8s.io
kind: HTTPRoute
name: api-routes
rateLimit:
type: Global
global:
rules:
- clientSelectors:
- headers:
- name: x-api-key
type: Distinct
limit:
requests: 100
unit: Minute
Programmatic Access
from kubernetes import client, config
config.load_kube_config()
custom = client.CustomObjectsApi()
# List all HTTPRoutes
routes = custom.list_namespaced_custom_object(
group="gateway.networking.k8s.io",
version="v1",
namespace="default",
plural="httproutes"
)
for route in routes["items"]:
print(f"Route: {route['metadata']['name']}")
for rule in route["spec"].get("rules", []):
for backend in rule.get("backendRefs", []):
print(f" -> {backend['name']}:{backend['port']} (weight: {backend.get('weight', 1)})")
# List Gateways
gateways = custom.list_namespaced_custom_object(
group="gateway.networking.k8s.io",
version="v1",
namespace="default",
plural="gateways"
)
for gw in gateways["items"]:
for listener in gw["spec"]["listeners"]:
print(f"Gateway: {gw['metadata']['name']}, Listener: {listener['name']}:{listener['port']}")
Resources
- Envoy Gateway Docs
- Envoy Gateway GitHub — 1.5K+ stars
- Kubernetes Gateway API
Need to scrape web data for your API gateway? Check out my web scraping tools on Apify — production-ready actors for Reddit, Google Maps, and more. Questions? Email me at spinov001@gmail.com
Top comments (0)