B1-Envoy Service Mesh Configuration Basics Cover Copy@2x

By on May 16, 2022

Kong Inc. supports the newly announced Envoy Gateway project to reduce fragmentation in the Envoy ecosystem

Today, the Envoy community has introduced Envoy Gateway, a new project to better support Kubernetes deployments via the new Kubernetes Gateway API, which is the next generation Ingress specification in Kubernetes world.

Kong has been deeply invested in the success of Envoy since we started developing Kuma in 2019 – now used in Kong Mesh (built on top of Kuma).  We are therefore committed to contribute to this new project through its working group and help provide a strong Kubernetes foundation to the whole Envoy ecosystem. 

Let’s take a deeper look at what Envoy Gateway is and why we need it.

Diagram illustrating how Kong Mesh expands Kuma and Envoy with more enterprise capabilities, security features, distributions and 24/7/365 support among the others.

Kong Mesh expands Kuma and Envoy with more enterprise capabilities, security features, distributions and 24/7/365 support among the others.

 

Envoy for Kubernetes

It is already possible to run Envoy proxy on Kubernetes through one of the many ingress controllers (like Contour) that are available to end users. And while having many options introduces the benefit of choice, it also introduces fragmentation in the ecosystem for what should be a native capability of Envoy itself: being able to properly run in Kubernetes out of the box without having to choose among any of these ingress controllers.

Today, the Envoy community announced that they will start working on a new official Kubernetes distribution for Envoy proxy called “Envoy Gateway”. With this new project, the Envoy community wants to provide an easier and default way for users to use Envoy on K8s without having to navigate through any other implementations.

Envoy Gateway will support the Kubernetes Gateway API natively, in addition to its very own xDS API, as stated in the goals of the project: “The API will be the Kubernetes-native Gateway API, plus Envoy-specific extensions and extension points. This expressive and familiar API will make Envoy accessible to more users, especially application developers, and make Envoy a stronger option for “getting started” as compared to other proxies. Application developers will use the API out of the box without needing to understand in-depth concepts of Envoy Proxy or use OSS wrappers. The API will use familiar nouns that users understand.”.

One of the main goals of this new project is to provide an official wrapper around Envoy that can properly translate Kubernetes Gateway API resources into xDS resources at runtime. The underlying core of Envoy will not change, rather this new project will be built on top of Envoy proxy as a wrapper, in a very similar way to what other ingress controllers are doing.

Diagram illustrating Envoy Gateway interaction with Kubernetes cluster.

The Envoy Gateway will listen to events in the Kubernetes cluster and automatically convert Kubernetes Gateway API resources into xDS resources that Envoy proxy understands.

With the creation of Envoy Gateway, the community hopes to reduce the fragmentation in the ecosystem by giving the users an easy and “default” choice to run Envoy in Kubernetes, while at the same time being a neutral home for all contributions that otherwise would be spread out across multiple projects. Thus, Envoy Gateway can become a solid foundation and a new “primitive” for further innovation in the space, like the work that Kong and other vendors are doing on top of Envoy, without having to reinvent the wheel.

 

Envoy Gateway at Kong

Kong develops API connectivity tools and products that are built on top of Envoy, primarily Kong Mesh, Kuma and the built-in Kuma Gateway. Therefore, Kong is invested in reducing ecosystem fragmentation and supports standardizing the implementation of the Kubernetes Gateway API with the official Envoy Gateway.

Today’s announcement for Envoy Gateway is just a beginning. Over the next few weeks and months, the community will need to get together and start working on the actual implementation of the project. Kong is committed to help with this process. One of the main benefits that Envoy Gateway brings to Kong’s world is a more solid foundation for the experimental Kuma (and therefore Kong Mesh) built-in gateway implementation, that already supports the Kubernetes Gateway API natively..

By building on top of the new Envoy Gateway, Kong can now better focus on contributions that add value on top of this essential capability – such as communication across virtual meshes by leveraging a centralized builtin gateway in the service mesh deployment – and therefore create new innovation with better efficiency, while making sure that every contribution to this foundational layer trickles down to benefit the entire Envoy community.

Kong  has been involved with the Kubernetes Gateway API for a while. In fact, Kong is one of the founding members of the K8s Gateway API committee that helped release the first set of specifications. The work on Envoy Gateway can be seen as a net extension of this effort with a broader scope and a net benefit to Kuma users and Kong Mesh customers.

In summary, we are extremely excited to be working on this new project to advance the adoption of Envoy in the industry.

To learn more about the Envoy Gateway project in the context of Kong’s roadmap, feel free to ask questions in the Kuma slack channel.

Share Post

Tags: