Introducing Envoy Gateway
An Envoy Proxy-based Gateway for Kubernetes
Today, we’re excited to announce Envoy Gateway to the world, in partnership with the Envoy Proxy project, Fidelity, Tetrate, and VMware. Envoy Gateway is an open source API Gateway, with an emphasis on simplicity and ease-of-use. Before I talk more about Envoy Gateway, I wanted to tell you a story …
Five years ago, I had been spending time learning about microservices with John Billings and Joseph Lynch at Yelp, and they told me about this new project, Envoy, that this guy Matt Klein had been sharing with a bunch of the tech companies in Silicon Valley. Long story short, I tracked down Matt, and invited him to speak at the 2017 Microservices Practitioner Summit, and he introduced Lyft’s Envoy Proxy to the world.
After listening to Matt’s talk, I knew immediately that Envoy represented the future. A few months later, we started building what became the Ambassador API Gateway for Kubernetes, built on Envoy Proxy. A year later, I wrote in more detail about why we chose Envoy over NGINX and HAProxy. The rationale in that article has stood the test of time, and Ambassador API Gateway (now renamed Emissary-ingress) is now deployed in tens of thousands of companies and is an official CNCF incubating project.
Introducing Envoy Gateway
As Envoy and Kubernetes have gained broader adoption, ingress controllers and Kubernetes gateways have proliferated. This has caused a lot of confusion for users (I’ve learned more than I ever thought I would on ingress controllers!).
So I’m excited to announce that we’ll be joining the new Envoy Gateway project, alongside Matt, Fidelity, Tetrate, and VMware, to build a new Envoy Gateway that combines everything we’ve learned in the past five years with these other amazing engineering teams.
What is Envoy Gateway?
Envoy Gateway is an open source API Gateway, powered by Envoy Proxy, with an emphasis on simplicity and ease-of-use. Envoy Gateway is a CNCF project hosted under the Envoy Proxy project. Envoy Gateway will first support Kubernetes, with support for non-Kubernetes platforms planned in subsequent releases.
Envoy Gateway will support a multitude of ingress and L4/L7 traffic routing use cases and contains design elements from Emissary-ingress and Contour, as well as new elements. The project is being built using Golang, the existing Envoy go-control-plane, and will use Kubebuilder-based APIs.
One of the key design goals of Envoy Gateway is to support both the application developer and infrastructure administrators, similar to how Emissary-ingress and the Gateway API approaches configuration. Thus, Envoy Gateway uses the Kubernetes Gateway API for configuration, which decouples routing from management in its API.
Conceptually, Envoy Gateway is a common, batteries included control plane with a set of common extension points to leverage all the features of Envoy Proxy, without reengineering common control plane elements.
From a commercial perspective, Envoy Gateway will contain basic, common elements (e.g., routing, observability) that are common to all API Gateways, with extension APIs to enable adding more value-added functionality.
The GitHub repository is here: https://github.com/envoyproxy/gateway.
Why are we joining Envoy Gateway?
In short, it’s better for the community and our users. By taking the best of what we’ve learned from Emissary-ingress and Contour, and adding the service mesh expertise of Tetrate, and the technical and community expertise of Matt — we’re going to be able to create a better ingress controller for everyone.
We have just started developing the code and the core team is iterating aggressively on design choices with our partners, with an initial release scheduled for later this summer.
I’m using Emissary-ingress and Edge Stack -– what does this mean for me?
Our goal is to make any changes invisible to you.
If you’re an Emissary-ingress user, we’ll be adding support for migrating to Envoy Gateway.
If you’re an Edge Stack user, we’ll be using Envoy Gateway’s extension APIs to add support for authentication and rate limiting and all the other features in Edge Stack that won’t be shipping as part of Envoy Gateway. And, of course, our support team will be with you every step of the way.
If you’re using Ambassador Cloud, we’ll be adding support for Envoy Gateway, so you and your team will be able to manage your full GitOps workflow from our cloud UI and service catalog.
And finally, if you’re thinking about your API management strategy and where you should go, reach out to us! We’re happy to help.
Going Full Circle
Kubernetes and Envoy Proxy adoption has exploded over the past few years. Yet for the 99% who aren’t in the cloud-native echo chamber, we’re only at the beginning of the journey. We need to continue to simplify the operator experience and the developer experience for everyone — and Envoy Gateway is the next step in that direction. It’s an exciting time!
