In the Envoy Gateway 1.2 release, you will find enhancements in security, traffic management, observability, and operations. Get in touch with us to learn more about how you can leverage these features to simplify your ingress traffic handling.
What Has Really Changed from 1.1 to 1.2?
First and foremost, Envoy Gateway now implements version 1.2 of the Kubernetes Gateway API. The full list of changes are extensive, including:
- 55 new features
- 30 performance & testing improvements
This article offers an executive summary and guide to the most impactful updates in Envoy Gateway 1.2.
Tetrand Contributions and Leadership
At Tetrate, we are continually impressed with the community’s ability to rally around common needs and drive the evolution of the solution, unlocking even more of the power of Envoy Proxy. Your contributions are invaluable, and we are incredibly proud of the leadership and contributions of our Tetrands Arko, Huabing, Zirain, and Kensei.
Security: Enhanced Authorization and Security Policies
- Resource access control with JWT Claims-Based Authorization: Configure authorization rules based on JWT claims for easier OAuth2.0 enforcement of authorization for resource access.
- Wildcard Matching for CORS configurations: Use wildcard configurations for AllowMethods and AllowHeaders in the SecurityPolicy for more flexibility.
- OIDC Nonce Support: To enable integrations with OIDC Providers that utilize nonce in in the Auth Code Flow
Tetrate offers an enterprise-ready, 100% upstream distribution of Envoy Gateway, Tetrate Enterprise Gateway for Envoy. Schedule a time to talk to an expert to learn if Envoy Gateway can help accelerate your cloud architecture strategy.
Talk to an expert ›
Traffic Management: Advanced Traffic Routing and Flexibility
- IPv4/IPv6 Dual-Stack Support: Adds dual-stack IP support for listeners and BackendRefs, allowing smoother transitions across different IP networks.
- Direct Responses and Header Rewrites: Introduces direct responses, request timeout control, and path/host header rewrites, offering greater flexibility for managing traffic.
- Active/Passive Failover: New Loadbalancing configurations allowing you to configure fallback targets for failovers.
- Session Persistence in HTTPRoute: Adds resilience for client sessions, ensuring more consistent behavior during requests that require sticky sessions.
Observability: Expanded Monitoring and Tracing Options
- Datadog Tracing Support: Enables integration with Datadog for distributed tracing and insights.
- Prometheus Metrics Endpoint in Ratelimit Server: Offers a Prometheus endpoint for the rate-limiting service, providing better visibility of performance and behavior.
- Enhanced Log Configurations for better visibility: Configurations for access logs and metrics, including support for stats on request/response sizes, improve monitoring and debugging capabilities.
- Listener Access Logs: Provides custom access logging for listeners, allowing detailed visibility of requests at the listener level.
Operations: Deployment and Configuration Flexibility
- Envoy Gateway Standalone Mode (experimental): Want to use Envoy Gateway outside of Kubernetes? With this new experimental feature, you can use the Envoy Gateway control plane with Envoy Proxy outside of Kubernetes.
- Enhanced Helm Chart Configurability: Supports new options like NodeSelector, PodDisruptionBudget, SecurityContext, and startup probes for Helm-managed deployments.
- Reloadable Configuration: Allows reconfiguration of Envoy Gateway without redeployment, minimizing downtime and enabling seamless updates.
- Native Debugging Tools: Introduces egctl x collect to gather diagnostics from clusters and egctl translate for file provider validations.
Envoy Gateway 1.2 empowers teams to implement more robust security measures, finer-grained traffic management, and enhanced observability while streamlining operations. These updates offer critical tools to optimize management and improve the reliability of services in production environments.
Get in touch with us to learn more about how you can leverage these features to simplify your ingress traffic handling.
###
If you’re new to service mesh, Tetrate has a bunch of free online courses available at Tetrate Academy that will quickly get you up to speed with Istio and Envoy.
Are you using Kubernetes? Tetrate Enterprise Gateway for Envoy (TEG) is the easiest way to get started with Envoy Gateway for production use cases. Get the power of Envoy Proxy in an easy-to-consume package managed by the Kubernetes Gateway API. Learn more ›
Getting started with Istio? If you’re looking for the surest way to get to production with Istio, check out Tetrate Istio Subscription. Tetrate Istio Subscription has everything you need to run Istio and Envoy in highly regulated and mission-critical production environments. It includes Tetrate Istio Distro, a 100% upstream distribution of Istio and Envoy that is FIPS-verified and FedRAMP ready. For teams requiring open source Istio and Envoy without proprietary vendor dependencies, Tetrate offers the ONLY 100% upstream Istio enterprise support offering.
Need global visibility for Istio? TIS+ is a hosted Day 2 operations solution for Istio designed to simplify and enhance the workflows of platform and support teams. Key features include: a global service dashboard, multi-cluster visibility, service topology visualization, and workspace-based access control.
Get a Demo