Envoy Gateway 1.3 Release Highlights
The Envoy Gateway 1.3 release enhances security, traffic management, and operational capabilities. It also brings essential improvements such as API k
Tetrate 
The Envoy Gateway 1.3 release enhances security, traffic management, and operational capabilities. It also brings essential improvements such as API key authentication, support for HTTPRoute Retries, and infrastructure management flexibility.
Contact us to learn more about how you can use these features to simplify your ingress traffic handling.
What Has Really Changed from 1.2 to 1.3?
This release’s key updates include significant improvements in security features, enhanced traffic management capabilities, and better operational controls. It also introduces several breaking changes to improve security and reliability, adding new authentication and traffic management features.
A detailed list of changes includes:
- 22 new features spanning security, traffic management, and operations
- 26 bug fixes improving stability and reliability
This article summarizes the most impactful updates in Envoy Gateway 1.3.
Feature Highlights
Security: Enhanced Authentication and Access Management
- API Key Authentication: New support in SecurityPolicy API enables API key-based access control, simplifying migration from other Gateway solutions
- Security Policy Improvements: Enhanced capabilities for ext-auth server integration and JWKS configuration with custom TLS configurations
- Client IP from XFF Header: Simplified true client IP retrieval from X-Forwarded-For header
- Extension Service calls now fail-closed by default: Ensuring that any error returned from the extension server will replace the affected resource with an “Internal Server Error” immediate response.
Traffic Management: Advanced Routing and Control
- Extended Protocol Support: Added support for routing to Backend resources in GRPCRoute, TCPRoute, and UDPRoute APIs
- Response Compression: New support for response compression in the BackendTrafficPolicy API
- Implemented GEP-1731: GEP-1731: HTTPRoute Retries for the Kubernetes Gateway API is now implemented in Envoy Gateway, which now enables you to make specific retries via the Gateway API rather than Envoy Gateway API.
- Dynamic Cost Based Rate Limiting: Added support for cost specifier in the rate limit API able to take values from dynamic metadata, allowing you to control client usage when serving requests have different costs
- User-Defined Route Order: Added support for preserving the user-defined HTTPRoute match order in the EnvoyProxy CRD.
Operations: Improved Infrastructure Management
- Enhanced HPA Support: New capabilities available for configuring EnvoyProxy HPA and PDB configurations
- Improved IPv6 Support: Improved dual-stack support and fixed IPv6-related issues
- Graceful Termination: Enhanced endpoint management during graceful termination periods
Observability: Better Monitoring and Control
- Tracing Improvements: Better control of tracing sampling by defining sample with fractions
- Enhanced Metrics: New metrics and dashboards for monitoring Envoy Gateway panics
- Extension Processing: Improved attribute handling and configuration options for external processors
Summary
Envoy Gateway 1.3 empowers teams with robust security features, advanced traffic management capabilities, and streamlined operations. These updates provide enhanced authentication mechanisms, improved routing capabilities, and better operational controls for production environments.
Get in touch with us to learn more about how you can leverage these features to simplify your ingress traffic handling.
Tetrate 
