Envoy Gateway 0.4.0: Extending the API for Customization

In this blog post, we will discuss the new customizations available in this release and their significance for users.

Copyright
This is an original article by Jimmy Song. You may repost it, but please credit this source: https://jimmysong.io/en/blog/envoy-gateway-customization/

Envoy Gateway, the open-source API Gateway based on Envoy Proxy, has just released version 0.4.0. This release is centered around customization, with the goal of enabling more use cases for end-users. In this blog post, we will discuss the new customizations available in this release and their significance for users.

Customizing Envoy Proxy Infrastructure

One of the main customizations in this release is the ability to configure the exact type of EnvoyProxy (CRD) deployment. You can define the number of replicas, images, and resource limits that EnvoyProxy deploys. You can also add annotations to EnvoyProxy deployments and services. This makes different use cases possible, such as:

  • Linking Envoy Gateway to external load balancers like AWS, NLB, ELB, and GCP.
  • Injecting a sidecar alongside EnvoyProxy is very useful for managing the North-South traffic in the Envoy Gateway at the ingress layer and for managing the East-West traffic and enabling mutual TLS (mTLS) in the service mesh layer with the Envoy sidecar. This custom feature eliminates the need for users to create their own certificates, as it is based on Istio certificate management.

Refer to the Envoy Gateway documentation for more customized features on Envoy Gateway.

Multi-Tenant Deployment Modes

Furthermore, Envoy Gateway has added support for other deployment modes in addition to the default Kubernetes single-tenant mode, such as multi-tenancy, as shown in Figure 1 below.

image
Figure 1: Envoy Gateway multi-tenancy deployment mode.

Deploy an Envoy Gateway Controller to each tenant’s namespace, which watches HTTPRoute and Service resources in Kubernetes, and creates and manages EnvoyProxy deployments in their respective namespaces.

Customizing Envoy xDS Bootstrap

Another significant customization in this release is the ability to customize the Envoy xDS Bootstrap. With this feature, users can provide a bootstrap configuration to configure some static resources when starting up Envoy. A good case is configuring access logging, tracing and metrics to be sent to SkyWalking, which can work as an APM. Additionally, the release adds a lot of CLI tooling to help validate user configuration. Users can use the CLI as a dry run to change a specific field in Bootstrap, and it will fail if the config is not syntactically correct.

Extending the Control Plane

Envoy Gateway now provides the ability to allow vendors and extension developers to add gRPC hooks at different stages of the Envoy Gateway pipeline to further extend its functionality, allowing users to do things like enhance the xDS configuration being sent to Envoy, which was not possible before.

Summary

In conclusion, Envoy Gateway 0.4.0 extends the API for customization and enables more use cases for end-users. The new customizations include the ability to customize Envoy deployment, Envoy xDS Bootstrap, and the control plane. With the release of this version, Envoy Gateway is becoming more user-friendly and is positioning itself as a great alternative to ingress-nginx.

This blog was initially published at tetrate.io.

Last updated on Nov 7, 2024