Guest Author

Envoy Gateway 0.5.0 Release

All you need to know

This is the third article in our ongoing series on Envoy Gateway releases, covering the July 2023 release of v0.5.0. Our goal with this series is not just to rehash the release notes or cover them in full but to highlight major and minor changes we think are important and provide context. This release includes:

• Support for data plane proxy telemetry
• Support for the Envoy Patch Policy API
• Admin server for Envoy Gateway
• Added best practices default edge settings to xDS resources

If you need a refresher on what Envoy Gateway is and the project goals, check out our previous post on the v0.4.0 release.

Improvements to the documentation and installation process

With the release of v0.5.0, the documentation has been updated to include necessary instructions for the following topics:

• Installation using the Helm package manager
• Customization of the Helm charts
• Usage of cert-manager for TLS termination
• Documentation on the presentation links
• Documentation on the configuration of multiple TLS certificates per listener

These additions to documentation make getting started and working with Envoy Gateway easier. Apart from the documentation, there have also been improvements to the installation process. Some of them are:

• Support for configuring Envoy Gateway label and annotations using Helm
• Increase in default resource defaults for Envoy Gateway to 100m CPU and 256Mi memory
• Possibility for users to bring their own TLS certificates by adding an opt-in field to skip certificate creation for the control plane

New and exciting API features

The API has probably received the biggest number of new features and improvements in this release, which include:

• Support for Envoy Patch Policy: This release has finally brought the support for Envoy Patch Policy to the Envoy Gateway, allowing advanced users to be able to leverage Envoy Proxy functionality not exposed by Envoy Gateway APIs. The users can now modify the output xDS configuration generated by Envoy Gateway using JSON patch semantics.
• Support for Envoy Proxy Telemetry: Users can now keep an eye on the Control Plane as well as the underlying Envoy Proxy instances. For collecting logs from the Envoy Proxy instance, FluentBit is used, and the collected logs are then forwarded to Loki for storage whileTraces are stored using Tempo. Finally, OpenTelemetry is used as a means to receive, process, and export the telemetry data, allowing the users to have observability over logging, traces, and metrics.
• Addition of admin server for Envoy Gateway: With the improved installation process, the admin server is now available at port 19000 of the local host by default, allowing easy management of the different aspects of the server.
• Support for Envoy Proxy and rate limiting specific configuration options: This new release allows users to configure Envoy Proxy Pod labels, deployment strategy settings, volumes, and volume mounts. This release also allows users to configure envoy proxy as a NodePort type server. Distinct rate limiting for different IP addresses is now possible, as well as the conversion of JWT claims to headers to be used for Rate Limiting.

The next Envoy Gateway release

The next release of Kubernetes Gateway API will be v0.6.0 with a theme of “Preparation for GA.” The majority of work being done is visible in the 0.6.0-rc.1 milestone on GitHub. We’ll provide an update when that release is available!