Envoy Gateway Resources
3 minute read
There are several resources that play a part in enabling you to meet your Kubernetes ingress traffic handling needs. This page provides a brief overview of the resources you’ll be working with.
Overview
There are several resources that play a part in enabling you to meet your Kubernetes ingress traffic handling needs. This page provides a brief overview of the resources you’ll be working with.
Kubernetes Gateway API Resources
- GatewayClass: Defines a class of Gateways with common configuration.
- Gateway: Specifies how traffic can enter the cluster.
- Routes: HTTPRoute, GRPCRoute, TLSRoute, TCPRoute, UDPRoute: Define routing rules for different types of traffic.
Envoy Gateway (EG) API Resources
- EnvoyProxy: Represents the deployment and configuration of the Envoy proxy within a Kubernetes cluster, managing its lifecycle and settings.
- EnvoyPatchPolicy, ClientTrafficPolicy, SecurityPolicy, BackendTrafficPolicy, EnvoyExtensionPolicy, BackendTLSPolicy: Additional policies and configurations specific to Envoy Gateway.
- Backend: A resource that makes routing to cluster-external backends easier and makes access to external processes via Unix Domain Sockets possible.
| Resource | API | Required | Purpose | References | Description |
|---|---|---|---|---|---|
| GatewayClass | Gateway API | Yes | Gateway Config | Core | Defines a class of Gateways with common configuration. |
| Gateway | Gateway API | Yes | Gateway Config | GatewayClass | Specifies how traffic can enter the cluster. |
| HTTPRoute GRPCRoute TLSRoute TCPRoute UDPRoute | Gateway API | Yes | Routing | Gateway | Define routing rules for different types of traffic. Note:For simplicity these resources are referenced collectively as Route in the References column |
| Backend | EG API | No | Routing | N/A | Used for routing to cluster-external backends using FQDN or IP. Can also be used when you want to extend Envoy with external processes accessed via Unix Domain Sockets. |
| ClientTrafficPolicy | EG API | No | Traffic Handling | Gateway | Specifies policies for handling client traffic, including rate limiting, retries, and other client-specific configurations. |
| BackendTrafficPolicy | EG API | No | Traffic Handling | Gateway Route | Specifies policies for traffic directed towards backend services, including load balancing, health checks, and failover strategies. Note:Most specific configuration wins |
| SecurityPolicy | EG API | No | Security | Gateway Route | Defines security-related policies such as authentication, authorization, and encryption settings for traffic handled by Envoy Gateway. Note:Most specific configuration wins |
| BackendTLSPolicy | Gateway API | No | Security | Service | Defines TLS settings for backend connections, including certificate management, TLS version settings, and other security configurations. This policy is applied to Kubernetes Services. |
| EnvoyProxy | EG API | No | Customize & Extend | GatewayClass Gateway | The EnvoyProxy resource represents the deployment and configuration of the Envoy proxy itself within a Kubernetes cluster, managing its lifecycle and settings. Note:Most specific configuration wins |
| EnvoyPatchPolicy | EG API | No | Customize & Extend | GatewayClass Gateway | This policy defines custom patches to be applied to Envoy Gateway resources, allowing users to tailor the configuration to their specific needs. Note:Most specific configuration wins |
| EnvoyExtensionPolicy | EG API | No | Customize & Extend | Gateway Route, Backend | Allows for the configuration of Envoy proxy extensions, enabling custom behavior and functionality. Note:Most specific configuration wins |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.