Announcing Tetrate Agent Operations Director for GenAI Runtime Visibility and Governance

Learn more
< Back

Envoy Gateway 1.3 Release Highlights

The Envoy Gateway 1.3 release enhances security, traffic management, and operational capabilities. It also brings essential improvements such as API k

Envoy%20Gateway%201.3%20Release%20Highlights

The Envoy Gateway 1.3 release enhances security, traffic management, and operational capabilities. It also brings essential improvements such as API key authentication, support for HTTPRoute Retries, and infrastructure management flexibility.

Contact us to learn more about how you can use these features to simplify your ingress traffic handling.

What Has Really Changed from 1.2 to 1.3?

This release’s key updates include significant improvements in security features, enhanced traffic management capabilities, and better operational controls. It also introduces several breaking changes to improve security and reliability, adding new authentication and traffic management features.

A detailed list of changes includes:

  • 22 new features spanning security, traffic management, and operations
  • 26 bug fixes improving stability and reliability

This article summarizes the most impactful updates in Envoy Gateway 1.3.

Feature Highlights

Security: Enhanced Authentication and Access Management

  • API Key Authentication: New support in SecurityPolicy API enables API key-based access control, simplifying migration from other Gateway solutions
  • Security Policy Improvements: Enhanced capabilities for ext-auth server integration and JWKS configuration with custom TLS configurations
  • Client IP from XFF Header: Simplified true client IP retrieval from X-Forwarded-For header
  • Extension Service calls now fail-closed by default: Ensuring that any error returned from the extension server will replace the affected resource with an “Internal Server Error” immediate response.

Traffic Management: Advanced Routing and Control

  • Extended Protocol Support: Added support for routing to Backend resources in GRPCRoute, TCPRoute, and UDPRoute APIs
  • Response Compression: New support for response compression in the BackendTrafficPolicy API
  • Implemented  GEP-1731: GEP-1731: HTTPRoute Retries for the Kubernetes Gateway API is now implemented in Envoy Gateway, which now enables you to make specific retries via the Gateway API rather than Envoy Gateway API.
  • Dynamic Cost Based Rate Limiting: Added support for cost specifier in the rate limit API able to take values from dynamic metadata, allowing you to control client usage when serving requests have different costs
  • User-Defined Route Order: Added support for preserving the user-defined HTTPRoute match order in the EnvoyProxy CRD.

Operations: Improved Infrastructure Management

  • Enhanced HPA Support: New capabilities available for configuring EnvoyProxy HPA and PDB configurations
  • Improved IPv6 Support: Improved dual-stack support and fixed IPv6-related issues
  • Graceful Termination: Enhanced endpoint management during graceful termination periods

Observability: Better Monitoring and Control

  • Tracing Improvements: Better control of tracing sampling by defining sample with fractions
  • Enhanced Metrics: New metrics and dashboards for monitoring Envoy Gateway panics
  • Extension Processing: Improved attribute handling and configuration options for external processors

Summary

Envoy Gateway 1.3 empowers teams with robust security features, advanced traffic management capabilities, and streamlined operations. These updates provide enhanced authentication mechanisms, improved routing capabilities, and better operational controls for production environments.

Get in touch with us to learn more about how you can leverage these features to simplify your ingress traffic handling.

Product background Product background for tablets
New to service mesh?

Get up to speed with free online courses at Tetrate Academy and quickly learn Istio and Envoy.

Learn more
Using Kubernetes?

Tetrate Enterprise Gateway for Envoy (TEG) is the easiest way to get started with Envoy Gateway for production use cases. Get the power of Envoy Proxy in an easy-to-consume package managed via the Kubernetes Gateway API.

Learn more
Getting started with Istio?

Tetrate Istio Subscription (TIS) is the most reliable path to production, providing a complete solution for running Istio and Envoy securely in mission-critical environments. It includes:

  • Tetrate Istio Distro – A 100% upstream distribution of Istio and Envoy.
  • Compliance-ready – FIPS-verified and FedRAMP-ready for high-security needs.
  • Enterprise-grade support – The ONLY enterprise support for 100% upstream Istio, ensuring no vendor lock-in.
  • Learn more
    Need global visibility for Istio?

    TIS+ is a hosted Day 2 operations solution for Istio designed to streamline workflows for platform and support teams. It offers:

  • A global service dashboard
  • Multi-cluster visibility
  • Service topology visualization
  • Workspace-based access control
  • Learn more
    Decorative CTA background pattern background background
    Tetrate logo in the CTA section Tetrate logo in the CTA section for mobile

    Ready to enhance your
    network

    with more
    intelligence?