MCP Catalog Now Available: Simplified Discovery, Configuration, and AI Observability in Tetrate Agent Router Service

Learn more

Envoy Gateway is Emerging as the Enterprise Standard for Ingress

Discover how Envoy Gateway has seen rapid adoption growth in 2025 with deployments at SAP, The Trade Desk, Docker, and Ory—becoming the trusted enterprise standard for Kubernetes ingress.

Tetrate
Envoy Gateway is Emerging as the Enterprise Standard for Ingress

Envoy Gateway has seen a rapid increase in adoption in 2025, with use at scale across companies such as SAP, The Trade Desk, Docker, Ory (via the Tetrate Enterprise Gateway), and many others. The solution emerged more than three years ago, when the Kubernetes community agreed to move from the Ingress API to the Gateway API.

In May 2022, Tetrate, together with the Envoy community, Matt Klein, and Joe Beda from VMware and CNCF, announced the goals of the Envoy Gateway project and plans to enable users to easily leverage the power of the battle-tested Envoy Proxy in Kubernetes, as documented in this blog. Thanks to the efforts of Tetrate engineers and the Envoy community, the Envoy Gateway reached version 1.0 and GA in March 2024 and has since seen a more than tenfold increase in adoption. The decision to build upon Envoy was straightforward, as it is the most battle-tested and widely adopted cloud-native proxy, with 54% of enterprises utilizing it.

This blog post shares the drivers behind the growth of Envoy Gateway’s adoption and the emerging patterns from its adopters.

Envoy Gateway monthly pulls growth chart
Envoy Gateway monthly pulls growth chart
Envoy Gateway monthly pulls growth chart

Extensible by Design

In the same spirit as the Gateway API itself, which was designed to be extensible, allowing implementations to expand on it, Envoy Gateway was designed for builders and adopters to extend to fit their use cases.

Within the Envoy Project ecosystem itself, you can find Envoy AI Gateway, which is the AI extension of Envoy Gateway for the AI domain. Allowing you to leverage all the features of Envoy Gateway as well as the added features for handling AI traffic-specific needs, such as Token-Based rate limiting, a unified LLM API interface, MCP Routing, and so much more. The AI Gateway solution itself even has a growing community of contributors and adopters.

When talking about ingress, organizations often face a dilemma: build a bespoke control plane or adopt a CNCF project that may not fully meet their needs.


Envoy Gateway offers a hybrid solution with a Kubernetes-native, standardized approach that covers most use cases but allows for customization via control plane extensibility.

As Guy Daich, SAP, and Teju Nareddy, Confluent, describe in their EnvoyCon talk “One Size Doesn’t Fit All: Adding Org-Specific Gateway API Extensions with Envoy Gateway”, the power of Envoy Gateway’s extensibility enables adopters to rely on the solid foundation of a control plane without having to write a complete one themselves.

Three Key Reasons Fueling Demand

Open Source Feature Richness and Ease of Use

The main attraction for Envoy Gateway users is the set of key features in a fully open-source solution that many enterprises need, such as OIDC, global rate limiting, and mTLS. Other popular features include the ability to route outside Kubernetes with ease via the Backend resource and to extend data-plane functionality with external or processing filters. Today, users can even leverage the flexibility of the Envoy Proxy Lua filters with ease through Kubernetes configurations.

Envoy Gateway keeps adding more features with every release, improving performance and scale, while keeping up with the evolving Kubernetes Gateway API. The well-documented solution, which also powers the AI-assistant chat on the documentation site, helps users get going quickly, as does the friendly and supportive community of users, maintainers, and contributors.

Proven and Battle-Tested Data-Plane

One of the main reasons for the adoption growth we are seeing in Envoy Gateway is that Envoy is a proven, reliable data plane capable of handling enterprise and internet-scale applications. According to statistics from the Cloud Native Computing Foundation (CNCF), 54% of enterprises are using Envoy, and most Kubernetes users are now adopting Envoy Gateway.

A notable Envoy Gateway adopter is SAP, which has successfully deployed Envoy Gateway at scale after exploring and having unsatisfactory experiences with other market options. Their case study illustrates how they began using Envoy Gateway and subsequently contributed key features to enhance its capabilities, achieving successful enterprise-scale adoption. Read their story here: From Evaluation to Integration: SAP’s Journey with Envoy Gateway.

Envoy Gateway now runs reliably across hundreds of clusters worldwide on multiple infrastructure providers.


– Guy Daich, SAP

Another adopter worth noting is TradeDesk, a large-scale public company in marketing automation that is using Envoy Gateway. If you are attending KubeCon in Atlanta 2025, one of their engineers is speaking. Mark your conference schedule to make sure you don’t miss their talk.

On-Prem Load Balancing Reimagined: Serving 20 Million QPS With Gateway API and EnvoyGateway.


– Isaac Wilson, The Trade Desk

Flexibility of Deployment and Usage

Envoy Gateway can be deployed in different ways, and its popularity has grown exponentially due to its diverse use cases. It is primarily used as a north-south gateway in various cloud-native architectures.

There are three patterns that adopters are using that stand out in particular:

  • The two-tier Gateway Pattern. This pattern is similar to what you can read about in the AI Gateway blog post on the reference architecture. The two tier gateway pattern has led many enterprises to achieve a couple of key benefits: a) set up high availability by improving failover and reducing shared fate outages and b) set up better separation of concerns between platform and application teams.
  • The Shared Gateway Pattern. This pattern works best for multi-tenant clusters. Read more about it in our blog post on this particular pattern.
  • The Dedicated Gateway per Namespace Pattern. Use this pattern for full isolation between namespaces. Read this article to learn more.

Other deployments include integrating Envoy Gateway with Istio-based mesh deployments, where you can deploy Envoy Gateway as a Unified Ingress and Waypoint Proxy for Istio Ambient Mesh.

Why Envoy Gateway is a Trusted Control Plane

Envoy Gateway is the control plane maintained and built within the Envoy Project community, for the Envoy proxy. There is strong cross-collaboration among contributors and maintainers across the proxy, data plane, and control plane developers. Many engineers contribute to both projects, and features are being launched across the solutions within the ecosystem.

The community behind Envoy Gateway is diverse, with maintainers and contributors from both end-user companies and vendors. The diversity of people and companies keeping the project alive and using it means not only that the features developed cover the needs of real users, but also that it is constantly being tested and validated in real environments. The community’s diversity ensures that real use cases are validated.

Conclusion

Envoy Gateway experienced impressive growth in 2025, highlighting its strong design and community support. With its extensibility, rich open-source features, user-friendly interface, reliable data plane, and flexible deployment options, it has become the preferred choice for enterprises seeking to address the complexities of modern cloud-native architectures.

As the Kubernetes landscape evolves, Envoy Gateway remains a trusted control plane, backed by a diverse community committed to meeting the real-world needs of its users, ensuring its ongoing relevance and widespread adoption.

Learn more about Tetrate Enterprise Gateway to see how it can help you implement Envoy Gateway in your enterprise environment.

Contact us to learn how Tetrate can help your journey. Follow us on LinkedIn for latest updates and best practices.

Tetrate
Product background Product background for tablets
New to service mesh?

Get up to speed with free online courses at Tetrate Academy and quickly learn Istio and Envoy.

Learn more
Using Kubernetes?

Tetrate Enterprise Gateway for Envoy (TEG) is the easiest way to get started with Envoy Gateway for production use cases. Get the power of Envoy Proxy in an easy-to-consume package managed via the Kubernetes Gateway API.

Learn more
Getting started with Istio?

Tetrate Istio Subscription (TIS) is the most reliable path to production, providing a complete solution for running Istio and Envoy securely in mission-critical environments. It includes:

  • Tetrate Istio Distro – A 100% upstream distribution of Istio and Envoy.
  • Compliance-ready – FIPS-verified and FedRAMP-ready for high-security needs.
  • Enterprise-grade support – The ONLY enterprise support for 100% upstream Istio, ensuring no vendor lock-in.
    • Learn more
    Need global visibility for Istio?

    TIS+ is a hosted Day 2 operations solution for Istio designed to streamline workflows for platform and support teams. It offers:

  • A global service dashboard
  • Multi-cluster visibility
  • Service topology visualization
  • Workspace-based access control
    • Learn more
    Decorative CTA background pattern background background
    Tetrate logo in the CTA section Tetrate logo in the CTA section for mobile

    Ready to enhance your
    network
    with more
    intelligence?