Envoy Gateway Resources

Mon, 01 Jan 0001 00:00:00 +0000

There are several resources that play a part in enabling you to meet your Kubernetes ingress traffic handling needs. This page provides a brief overview of the resources you’ll be working with.

Overview

There are several resources that play a part in enabling you to meet your Kubernetes ingress traffic handling needs. This page provides a brief overview of the resources you’ll be working with.

Kubernetes Gateway API Resources

GatewayClass: Defines a class of Gateways with common configuration.
Gateway: Specifies how traffic can enter the cluster.
Routes: HTTPRoute, GRPCRoute, TLSRoute, TCPRoute, UDPRoute: Define routing rules for different types of traffic.

Envoy Gateway (EG) API Resources

EnvoyProxy: Represents the deployment and configuration of the Envoy proxy within a Kubernetes cluster, managing its lifecycle and settings.
EnvoyPatchPolicy, ClientTrafficPolicy, SecurityPolicy, BackendTrafficPolicy, EnvoyExtensionPolicy, BackendTLSPolicy: Additional policies and configurations specific to Envoy Gateway.
Backend: A resource that makes routing to cluster-external backends easier and makes access to external processes via Unix Domain Sockets possible.

Resource	API	Required	Purpose	References	Description
GatewayClass	Gateway API	Yes	Gateway Config	Core	Defines a class of Gateways with common configuration.
Gateway	Gateway API	Yes	Gateway Config	GatewayClass	Specifies how traffic can enter the cluster.
HTTPRoute GRPCRoute TLSRoute TCPRoute UDPRoute	Gateway API	Yes	Routing	Gateway	Define routing rules for different types of traffic. Note:For simplicity these resources are referenced collectively as Route in the References column
Backend	EG API	No	Routing	N/A	Used for routing to cluster-external backends using FQDN or IP. Can also be used when you want to extend Envoy with external processes accessed via Unix Domain Sockets.
ClientTrafficPolicy	EG API	No	Traffic Handling	Gateway	Specifies policies for handling client traffic, including rate limiting, retries, and other client-specific configurations.
BackendTrafficPolicy	EG API	No	Traffic Handling	Gateway, Route	Specifies policies for traffic directed towards backend services, including load balancing, health checks, and failover strategies. Note:Most specific configuration wins
SecurityPolicy	EG API	No	Security	Gateway, Route	Defines security-related policies such as authentication, authorization, and encryption settings for traffic handled by Envoy Gateway. Note:Most specific configuration wins
BackendTLSPolicy	Gateway API	No	Security	Service	Defines TLS settings for backend connections, including certificate management, TLS version settings, and other security configurations. This policy is applied to Kubernetes Services.
EnvoyProxy	EG API	No	Customize & Extend	GatewayClass, Gateway	The EnvoyProxy resource represents the deployment and configuration of the Envoy proxy itself within a Kubernetes cluster, managing its lifecycle and settings. Note:Most specific configuration wins
EnvoyPatchPolicy	EG API	No	Customize & Extend	GatewayClass, Gateway	This policy defines custom patches to be applied to Envoy Gateway resources, allowing users to tailor the configuration to their specific needs. Note:Most specific configuration wins
EnvoyExtensionPolicy	EG API	No	Customize & Extend	Gateway, Route, Backend	Allows for the configuration of Envoy proxy extensions, enabling custom behavior and functionality. Note:Most specific configuration wins
HTTPRouteFilter	EG API	No	Customize & Extend	HTTPRoute	Allows for the additional request/response processing.

Concepts on Envoy Gateway

Envoy Gateway Resources

Overview

Kubernetes Gateway API Resources

Envoy Gateway (EG) API Resources