Concepts on Envoy Gateway

The Gateway API

Mon, 01 Jan 0001 00:00:00 +0000

Before You Begin

You may want to be familiar with:

Overview

The Gateway API is a Kubernetes API designed to provide a consistent, expressive, and extensible method for managing network traffic into and within a Kubernetes cluster, compared to the legacy Ingress API. It introduces core resources such as GatewayClass and Gateway and various route types like HTTPRoute and TLSRoute, which allow you to define how traffic is routed, secured, and exposed.

API Gateways

Mon, 01 Jan 0001 00:00:00 +0000

Overview

An API gateway is a centralized entry point for managing, securing, and routing requests to backend services. It handles cross-cutting concerns, like authentication, rate limiting, and protocol translation, so individual services don’t have to. Decoupling clients from internal systems simplifies scaling, enforces consistency, and reduces redundancy.

Use Cases

Use an API Gateway to:

Avoid duplicating logic across microservices.
Create a central point of control for access, monitoring, and traffic rules.
Expose internal services to the public internet.
Provide protocol support for HTTP, gRPC, or TLS.
Enforce policies and see traffic metrics at the edge.

API Gateways in relation to Envoy Gateway

Under the hood, Envoy Proxy is a powerful, production-grade proxy that supports many of the capabilities you’d expect from an API Gateway, like traffic routing, retries, TLS termination, observability, and more. However, configuring Envoy directly can be complex and verbose.

Proxy

Mon, 01 Jan 0001 00:00:00 +0000

Overview

A proxy server is an intermediary between a client (like a web browser) and another server (like an API server). When the client makes a request, the proxy forwards it to the destination server, receives the response, and then sends it back to the client.

Proxies are used to enhance security, manage traffic, anonymize user activity, or optimize performance through caching and load balancing features. In cloud environments, they often handle critical tasks such as request routing, TLS termination, authentication, and traffic shaping.

Load Balancing

Mon, 01 Jan 0001 00:00:00 +0000

Overview

Load balancing distributes incoming requests across multiple backend services to improve availability, responsiveness, and scalability. Instead of directing all traffic to a single backend, which can cause slowdowns or outages, load balancing spreads the load across multiple instances, helping your applications stay fast and reliable under pressure.

Use Cases

Use load balancing to:

Handle high traffic by distributing it across multiple service instances
Keep services available even if one or more backends go down
Improve response time by routing to less busy or closer backends

Load Balancing in Envoy Gateway

Envoy Gateway supports several load balancing strategies that determine how traffic is distributed across backend services. These strategies are configured using the BackendTrafficPolicy resource and can be applied to Gateway, HTTPRoute, or GRPCRoute resources either by directly referencing them using the targetRefs field or by dynamically selecting them using the targetSelectors field, which matches resources based on Kubernetes labels.

Rate Limiting

Mon, 01 Jan 0001 00:00:00 +0000

Overview

Rate limiting is a technique for controlling the number of incoming requests over a defined period. It can be used to control usage for business purposes, like agreed usage quotas, or to ensure the stability of a system, preventing overload and protecting the system from, e.g., Denial of Service attacks.

Use Cases

Rate limiting is commonly used to:

Prevent Overload: Protect internal systems like databases from excessive traffic.
Enhance Security: Block or limit abusive behavior such as brute-force attempts or DDoS attacks.
Ensure Fair Usage: Enforce quotas and prevent resource hogging by individual clients.
Implement Entitlements: Define API usage limits based on user identity or role.

Rate Limiting in Envoy Gateway

Envoy Gateway supports two types of rate limiting: