Four months after the first public release of Envoy Gateway (EG), we’re very pleased to announce the immediate availability of version 0.3. This latest release is the culmination of hard work by several Tetrands, along with others from across the community. Envoy Gateway now supports the entire Kubernetes Gateway API, including the experimental parts—adding some powerful new features and moving this free open-source software ever-closer to being a fully-featured API Gateway.
Advancing Towards a Fully-Featured API Gateway
A big feature of EG is that it’s configured with the new Gateway API, rather than the old and very limited Ingress API, or any of the proprietary APIs that have proliferated as a result of the inadequacies of Ingress. While EG 0.2 implemented the core parts of the Gateway API (giving full support for “basic” HTTP routing), EG 0.3 goes further in its Gateway API support, and this is probably the best way to understand its new features:
- Support for more HTTP features, like URL rewriting, response-header manipulation, and traffic mirroring. These come from extended fields in the API spec.
- Support for routing gRPC, UDP, and raw TCP. These come from experimental new parts of the API.
- Support for rate limiting of requests. This isn’t yet modeled by the Gateway API, so we’ve defined our own extension for it.
- Support for end-user authentication using JWTs. Again this isn’t yet covered by the Gateway API, so we’ve extended it in this area too.
Just a note on those API extensions: we’re working hard to get useful features to real users, now. The SIG-NETWORK community—the folks who look after the Gateway API specification—has a mandate to ensure the quality and longevity of the API, so naturally their work takes a little time. As implementers, we’re more free to blaze a trail ahead of the concrete spec—but we’re already working upstream to get these extensions standardized. This kind of experimentation with new capabilities in a working implementation is an important step to getting proposed new APIs accepted by any group—which is good for everyone.
These exciting new features really move the Envoy Gateway project beyond a curiosity, to a place where it serves many real-world use cases. Importantly, it’s able to offer all this while being based on an open-standards API, and being free and open-source software with no paid tier.
It’s really easy to try out Envoy Gateway 0.3 for yourself, just head over to the quickstart guide to get going! If you’d like more in-depth instructions for trying it locally using minikube, most of the hands-on guide for EG 0.2 is still applicable, though you will need to use a little initiative.
###
If you’re new to service mesh, we have a bunch of free online courses available at Tetrate Academy that will quickly get you up to speed with Istio and Envoy.
If you’re looking for a fast way to get to production with Istio, check out Tetrate Istio Distribution (TID), Tetrate’s hardened, fully upstream Istio distribution, with FIPS-verified builds and support available. It’s a great way to get started with Istio knowing you have a trusted distribution to begin with, an expert team supporting you, and also have the option to get to FIPS compliance quickly if you need to.
As you add more apps to the mesh, you’ll need a unified way to manage those deployments and to coordinate the mandates of the different teams involved. That’s where Tetrate Service Bridge comes in. Learn more about how Tetrate Service Bridge makes service mesh more secure, manageable, and resilient here, or contact us for a quick demo.