This is the third in a series of articles on Tetrate Enterprise Gateway for Envoy (TEG), the enterprise-ready distribution of Envoy Gateway, the cloud-native service gateway. Get access to TEG today and sign up for our webinar, Using Envoy Gateway as Your Kubernetes Gateway with TEG ›
If you are wondering how to handle ingress traffic to Kubernetes in 2024 and beyond, the answer is to use the Kubernetes Gateway API to configure your preferred gateway implementation.
The Gateway API gives you the flexibility and traffic management functionality you need for Kubernetes-hosted applications without being implementation-specific. It allows you the peace of mind that you can swap the Gateway implementation in the future without changing how it is configured. I won’t bore you with all the reasons I believe Envoy Gateway is the natural choice for a Kubernetes Gateway solution in this blog, because you can read about that here: Is Less More for API Gateways? The 80% Case for Envoy Proxy.
Why Did the Gateway API Come About?
The Gateway API emerged as we needed more advanced traffic management solutions than what the Kubernetes Ingress API could manage. The limitations of the Ingress API led to overloading the Ingress resource and the emergence of bespoke implementation and vendor-specific configurations to handle the requirements of, for example, canary releases and blue-green deployments.
To address these challenges, the Kubernetes Gateway API had to be far from an “Ingress API 2.0.” It had to fundamentally change how we think about ingress traffic to Kubernetes.
Instead of only one resource type, Ingress, the Gateway API gives us multiple resource types (like GatewayClass, Gateway, HTTPRoute, TCPRoute, etc.), allowing us to manage each aspect of traffic separately. This separation of concerns provides clarity, security, and control, making it easier to extend and adapt to various use cases without overloading a single resource type.
Today, the Gateway API and the available implementations are mature enough that you should consider how to start adopting and benefiting from Gateway API-configured solutions.
Quick Milestone Recap for Gateway API and Envoy Gateway
- October 2023: the Kubernetes Gateway API becomes Generally Available (GA)
- March 2024: Envoy Gateway reaches GA, allowing you to configure and use Envoy as a cloud-native Kubernetes Gateway.
- April 2024: Tetrate launches Tetrate Enterprise Gateway for Envoy, which provides enterprise support and CVE protection to Envoy Gateway adopters.
See the list of implementations of the Gateway API here ›
Note: If you’re wondering, “what’s the difference between a Gateway API and an API Gateway?” check this out: Kubernetes Gateway API – “What is the difference between a Gateway API and an API Gateway?”
Advantages of the Gateway API
- Fine-Grained Traffic Management: Unlike the traditional Ingress API, the Gateway API allows for detailed control over traffic routing. You can define multiple routes within a single Gateway, facilitating complex routing strategies like canary releases and blue-green deployments.
- Enhanced Security and Multi-Tenancy: The Gateway API introduces stronger boundaries between resources, which enhances security and supports multi-tenant configurations more naturally. Each component — from GatewayClass to individual routes — can be controlled with specific permissions, reducing the risk of misconfigurations and security breaches.
- Extensibility and Customization: One of the hallmark features of the Gateway API is its extensibility. Vendors can extend the API with additional features without breaking the core functionality and, hence, meet the emerging requirements of clients without waiting for upstream changes.
- Unified API across Environments: The Gateway API is native to Kubernetes and will work across various environments, whether on-premises, in public clouds, or at the edge. This unified approach simplifies operations and ensures consistency, regardless of the underlying infrastructure.
Industry Adoption and Support
The Gateway API is not just a theoretical improvement. It’s a solution backed by significant industry support, including major cloud providers and Kubernetes service providers. This broad adoption provides confidence in the API’s design and its ability to meet the complex demands of modern applications.
It is an open standard, cloud native way of configuring your Kubernetes ingress traffic.
Summary
The Gateway API is promising a more adaptable, secure, and efficient way to handle traffic. Its design principles reflect the needs of modern applications and the complexities of current software environments. As Kubernetes continues to evolve, the Gateway API is poised to become more feature-rich and is a solid foundation as the standard for ingress traffic management.
###
If you’re new to service mesh, Tetrate has a bunch of free online courses available at Tetrate Academy that will quickly get you up to speed with Istio and Envoy.
Are you using Kubernetes? Tetrate Enterprise Gateway for Envoy (TEG) is the easiest way to get started with Envoy Gateway for production use cases. Get the power of Envoy Proxy in an easy-to-consume package managed by the Kubernetes Gateway API. Learn more ›
Getting started with Istio? If you’re looking for the surest way to get to production with Istio, check out Tetrate Istio Subscription. Tetrate Istio Subscription has everything you need to run Istio and Envoy in highly regulated and mission-critical production environments. It includes Tetrate Istio Distro, a 100% upstream distribution of Istio and Envoy that is FIPS-verified and FedRAMP ready. For teams requiring open source Istio and Envoy without proprietary vendor dependencies, Tetrate offers the ONLY 100% upstream Istio enterprise support offering.
Need global visibility for Istio? TIS+ is a hosted Day 2 operations solution for Istio designed to simplify and enhance the workflows of platform and support teams. Key features include: a global service dashboard, multi-cluster visibility, service topology visualization, and workspace-based access control.
Get a Demo