Choosing a Kubernetes Ingress Strategy
Do you have services running in Kubernetes? Or planning to?
You’d be looking for a Kubernetes gateway that allows you to manage traffic to Kubernetes-hosted services and potentially services external to Kubernetes. In that case, Envoy Gateway can simplify your setup while giving you access to rate limiting, advanced traffic management policies, and security features.
Envoy Gateway allows you to control and configure a fleet of Envoy Proxies to handle Kubernetes ingress traffic. It will enable you to route to both Kubernetes services and services external to Kubernetes.
Envoy Gateway implements the Kubernetes Gateway API and extends it with custom resources, making it easier than ever to leverage advanced Envoy features.
When validating if any solution is what you need, you should ask yourself three questions:
- Functionality: Does it do what I need today?
- Roadmap: Will it do what I need tomorrow?
- Enterprise Readiness: Does it fit my enterprise technology strategy?
Let’s look at these questions in relation to Envoy Gateway.
Tetrate offers an enterprise-ready, 100% upstream distribution of Envoy Gateway, Tetrate Enterprise Gateway for Envoy (TEG). TEG is the easiest way to get started with Envoy for production use cases. Get access now ›
Does It Do What I Need Today?
Envoy Gateway excels in three main areas: Traffic Management, Observability, and Security. When using Envoy Gateway, the data plane that handles the incoming traffic is Envoy Proxy. Envoy Proxy is a well-established and widely used proxy for microservice-based architectures. It has advanced traffic management capabilities, customizable and detailed observability, and many security and authorization features.
Ultimately, the functionality serves the common core needs for traffic handling in systems with many services inside and outside Kubernetes while providing extensibility and customization.
Over the next few weeks we will be diving further into the impact of Traffic Management, Observability, and Security, so follow along and subscribe to our blog to get notified as our posts are published.
Ready to Dig Deep?
Want all the details? Check out the documentation of the core functionality here. And remember, you can always leverage the ExtAuth filter for your custom authorization needs or the ExtProc filter for more complex custom code execution.
Want to try it out? Check out this quick start guide to get started evaluating if Envoy Gateway is suitable for you.
Want help figuring out if Envoy Gateway is right for you? Talk to our experts who can help you evaluate if Envoy Gateway can help address your challenges.
Will It Do What I Need Tomorrow?
How do you know if it will? The best gauge is to look at the project’s velocity and the community around the solution.
Envoy Gateway has an active community and releases every three months. Recent evidence of the project’s velocity is the number of features added between version 1.0 and 1.1. Between these two versions, we are seeing many new features that enable you to leverage more of Envoy Proxy’s advanced traffic-handling features and provide additional security and access control solutions.
The Envoy community is large and diverse, as it is a multi-company graduated CNCF project. The Envoy Gateway project has an active Slack channel that you can join for community meetings, and, as always, you can raise issues within the GitHub project to propose new features.
As Envoy Proxy is the backbone and solution of many cloud load balancers and service meshes, the community is driving shared solutions to our shared problems today and tomorrow.
Does It Fit My Long-Term Strategy?
Picking a solution always involves considerations such as the risk of the solution becoming end-of-life, whether enterprise support is available, and the risk of vulnerabilities in the code.
If you want assurances about the security of the build and support for your usage, Tetrate offers enterprise support for Envoy Gateway. This allows you to rest assured that you are getting a secure build and have 24/7 enterprise support available.
Choosing a multi-company, open-source project like Envoy Gateway for your long-term solution is a smart move. The likelihood of such a solution becoming end-of-life is significantly lower than that of a proprietary commercial solution, giving you peace of mind about your investment.
Lastly, if you get enterprise support from a company committed to maintaining and contributing to the project, you are part of making sure it stays active and maintained.
Summary
Suppose you look at Envoy Gateway’s features and conclude that it meets your current functionality requirements. It does what you need it to do today.
Thanks to the active, diverse community, high project velocity, and wide adoption of Envoy Proxy, you should feel confident that the project will continue to meet your future needs.You should feel confident that it fits your long-term strategy with a low vendor risk profile. It is a multi-company open-source CNCF project, and you can get enterprise support for the 100% upstream version of the project from Tetrate.
###
If you’re new to service mesh, Tetrate has a bunch of free online courses available at Tetrate Academy that will quickly get you up to speed with Istio and Envoy.
Are you using Kubernetes? Tetrate Enterprise Gateway for Envoy (TEG) is the easiest way to get started with Envoy Gateway for production use cases. Get the power of Envoy Proxy in an easy-to-consume package managed by the Kubernetes Gateway API. Learn more ›
Getting started with Istio? If you’re looking for the surest way to get to production with Istio, check out Tetrate Istio Subscription. Tetrate Istio Subscription has everything you need to run Istio and Envoy in highly regulated and mission-critical production environments. It includes Tetrate Istio Distro, a 100% upstream distribution of Istio and Envoy that is FIPS-verified and FedRAMP ready. For teams requiring open source Istio and Envoy without proprietary vendor dependencies, Tetrate offers the ONLY 100% upstream Istio enterprise support offering.
Need global visibility for Istio? TIS+ is a hosted Day 2 operations solution for Istio designed to simplify and enhance the workflows of platform and support teams. Key features include: a global service dashboard, multi-cluster visibility, service topology visualization, and workspace-based access control.
Get a Demo