Are you struggling to manage all ingress traffic configurations for your Kubernetes cluster? If you still use Kubernetes ingress, you are missing out on flexibility and features.
With a Kubernetes Gateway, you have separate configuration resources for gateways and routes. This allows your application teams to manage their Routes in their namespace while being able to attach them to a shared Kubernetes Gateway. A Gateway that a Platform and Infrastructure team can manage.
This separation of configuration with separate resources makes management more straightforward and less error-prone.
Envoy Gateway is a Gateway API implementation that extends the Gateway API with traffic management features leveraging Envoy Proxy.
Is a Shared Gateway in the Kubernetes cluster the right approach for you? Let’s take a look!
This post is the second in a series exploring how to leverage Envoy Gateway for powerful, streamlined traffic management within Kubernetes. Subscribe to stay up to date.
Tetrate offers an enterprise-ready, 100% upstream distribution of Envoy Gateway, Tetrate Enterprise Gateway for Envoy. Schedule a time to talk to an expert to learn if Envoy Gateway can help accelerate your cloud architecture strategy.
Talk to an expert ›
Should You Consider a Shared Gateway?
A Shared Gateway might be the right choice for your Kubernetes architecture if this is important to you:
- Multi-tenant cluster: You have many teams deploying apps into the same Kubernetes cluster.
- Consistent policies: You want consistent security policies applied for all traffic entering your system.
- Simplicity of network: You prefer lean simplicity in network infrastructure. For a more industrial approach to a shared Gateway architecture, see our post on Platform Clusters.
What Is a Shared Gateway?
A Shared Gateway in Kubernetes is a single entry point for traffic across multiple services, namespaces, or teams.
Instead of deploying multiple gateways per namespace, you manage traffic through one centralized Gateway instance, simplifying your architecture.
This setup enables consistent routing, traffic policies, security features like mTLS, common OIDC integration across apps, and observability across your entire cluster while reducing the operational burden of managing multiple gateways.
Why Shared Gateways Matter
Using a Shared Gateway in Kubernetes ensures efficiency and control. It allows you to:
- Reduce Overhead: With one gateway handling traffic for multiple namespaces or services, you’ll reduce resource consumption.
- Unify Security: Apply consistent policies like mTLS or rate-limiting across all services to boost security.
- Streamline Management: A single management point simplifies updates, version upgrades, and monitoring for your gateway services.
This approach makes scaling your platform easier by consolidating resources and unifying traffic management policies.
Ready to Get Started?
You can implement a shared gateway without reworking your Kubernetes setup. Start by installing the latest Gateway API, which can be done without upgrading your Kubernetes version.
Then, deploy Envoy Gateway to manage your traffic into your cluster. As your architecture grows, you can add more advanced features like rate-limiting, load balancing, authentication, and custom routing logic.
Check out this guide to get started with Envoy Gateway. The helm chart will install the necessary Gateway API resources.
Let’s Talk
Are you curious about how a Shared Gateway architecture can optimize traffic management in your Kubernetes environment? Contact us to explore how we can help you design and deploy an efficient, scalable solution for your platform.
###
If you’re new to service mesh, Tetrate has a bunch of free online courses available at Tetrate Academy that will quickly get you up to speed with Istio and Envoy.
Are you using Kubernetes? Tetrate Enterprise Gateway for Envoy (TEG) is the easiest way to get started with Envoy Gateway for production use cases. Get the power of Envoy Proxy in an easy-to-consume package managed by the Kubernetes Gateway API. Learn more ›
Getting started with Istio? If you’re looking for the surest way to get to production with Istio, check out Tetrate Istio Subscription. Tetrate Istio Subscription has everything you need to run Istio and Envoy in highly regulated and mission-critical production environments. It includes Tetrate Istio Distro, a 100% upstream distribution of Istio and Envoy that is FIPS-verified and FedRAMP ready. For teams requiring open source Istio and Envoy without proprietary vendor dependencies, Tetrate offers the ONLY 100% upstream Istio enterprise support offering.
Need global visibility for Istio? TIS+ is a hosted Day 2 operations solution for Istio designed to simplify and enhance the workflows of platform and support teams. Key features include: a global service dashboard, multi-cluster visibility, service topology visualization, and workspace-based access control.
Get a Demo