Lean but full of features: Leverage a Shared Gateway for Your Kubernetes Cluster
Are you struggling to manage all ingress traffic configurations for your Kubernetes cluster? If you still use Kubernetes ingress, you are missing out
Erica Hughberg 
Are you struggling to manage all ingress traffic configurations for your Kubernetes cluster? If you still use Kubernetes ingress, you are missing out on flexibility and features.
With a Kubernetes Gateway, you have separate configuration resources for gateways and routes. This allows your application teams to manage their Routes in their namespace while being able to attach them to a shared Kubernetes Gateway. A Gateway that a Platform and Infrastructure team can manage.
This separation of configuration with separate resources makes management more straightforward and less error-prone.
Envoy Gateway is a Gateway API implementation that extends the Gateway API with traffic management features leveraging Envoy Proxy.
Is a Shared Gateway in the Kubernetes cluster the right approach for you? Let’s take a look!
This post is the second in a series exploring how to leverage Envoy Gateway for powerful, streamlined traffic management within Kubernetes. Subscribe to stay up to date.
Tetrate offers an enterprise-ready, 100% upstream distribution of Istio, Tetrate Istio Subscription (TIS). TIS is the easiest way to get started with Istio for production use cases. TIS+, a hosted Day 2 operations solution for Istio, adds a global service registry, unified Istio metrics dashboard, and self-service troubleshooting.
Should You Consider a Shared Gateway?
A Shared Gateway might be the right choice for your Kubernetes architecture if this is important to you:
- Multi-tenant cluster: You have many teams deploying apps into the same Kubernetes cluster.
- Consistent policies: You want consistent security policies applied for all traffic entering your system.
- Simplicity of network: You prefer lean simplicity in network infrastructure. For a more industrial approach to a shared Gateway architecture, see our post on Platform Clusters.
What Is a Shared Gateway?
A Shared Gateway in Kubernetes is a single entry point for traffic across multiple services, namespaces, or teams.
Instead of deploying multiple gateways per namespace, you manage traffic through one centralized Gateway instance, simplifying your architecture.
This setup enables consistent routing, traffic policies, security features like mTLS, common OIDC integration across apps, and observability across your entire cluster while reducing the operational burden of managing multiple gateways.
Why Shared Gateways Matter
Using a Shared Gateway in Kubernetes ensures efficiency and control. It allows you to:
- Reduce Overhead: With one gateway handling traffic for multiple namespaces or services, you’ll reduce resource consumption.
- Unify Security: Apply consistent policies like mTLS or rate-limiting across all services to boost security.
- Streamline Management: A single management point simplifies updates, version upgrades, and monitoring for your gateway services.
This approach makes scaling your platform easier by consolidating resources and unifying traffic management policies.
Ready to Get Started?
You can implement a shared gateway without reworking your Kubernetes setup. Start by installing the latest Gateway API, which can be done without upgrading your Kubernetes version.
Then, deploy Envoy Gateway to manage your traffic into your cluster. As your architecture grows, you can add more advanced features like rate-limiting, load balancing, authentication, and custom routing logic.
Check out this guide to get started with Envoy Gateway. The helm chart will install the necessary Gateway API resources.
Let’s Talk
Are you curious about how a Shared Gateway architecture can optimize traffic management in your Kubernetes environment? Contact us to explore how we can help you design and deploy an efficient, scalable solution for your platform.
Erica Hughberg 
