1 - 使用 Helm 安装

Helm 是 Kubernetes 的包管理器,可自动在 Kubernetes 上发布和管理软件。

Envoy Gateway 可以通过 Helm Chart 经过几个简单的步骤进行安装, 具体取决于您是首次部署、从现有安装升级 Envoy Gateway 还是从 Envoy Gateway 迁移。

开始之前

Envoy Gateway Helm Chart 托管在 DockerHub 中。

它发布在 oci://docker.io/envoyproxy/gateway-helm

使用 Helm 安装

Envoy Gateway 通常从命令行部署到 Kubernetes。如果您没有 Kubernetes,则应该使用 kind 来创建一个。

安装 Gateway API CRD 和 Envoy Gateway:

helm install eg oci://docker.io/envoyproxy/gateway-helm --version v0.0.0-latest -n envoy-gateway-system --create-namespace

等待 Envoy Gateway 变为可用:

kubectl wait --timeout=5m -n envoy-gateway-system deployment/envoy-gateway --for=condition=Available

安装 GatewayClass、Gateway、HTTPRoute 和示例应用程序:

kubectl apply -f https://github.com/envoyproxy/gateway/releases/download/latest/quickstart.yaml -n default

注意:quickstart.yaml 定义 Envoy Gateway 将侦听 80 端口及其全局可路由 IP 地址的流量, 以便轻松使用浏览器测试 Envoy Gateway。当 Envoy Gateway 发现其侦听器正在使用特权端口(<1024)时, 它会在内部将其映射到非特权端口,以便 Envoy Gateway 不需要额外的特权。了解此映射很重要,因为您在调试时可能需要考虑它。

自定义 Helm Chart

下面是使用 helm install 命令进行 Envoy Gateway 安装的一些快速方法。

增加副本数

helm install eg oci://docker.io/envoyproxy/gateway-helm --version v0.0.0-latest -n envoy-gateway-system --create-namespace --set deployment.replicas=2

更改 kubernetesClusterDomain 名称

如果您使用不同的域名安装了集群,则可以使用以下命令。

helm install eg oci://docker.io/envoyproxy/gateway-helm --version v0.0.0-latest -n envoy-gateway-system --create-namespace --set kubernetesClusterDomain=<domain name>

**注意:**以上是我们可以直接用于自定义安装的一些方法。但如果您正在寻找更复杂的更改, values.yaml 可以帮助您。

使用 values.yaml 文件进行复杂安装

deployment:
  envoyGateway:
    resources:
      limits:
        cpu: 700m
        memory: 128Mi
      requests:
        cpu: 10m
        memory: 64Mi
  ports:
    - name: grpc
      port: 18005
      targetPort: 18000
    - name: ratelimit
      port: 18006
      targetPort: 18001

config:
  envoyGateway:
    logging:
      level:
        default: debug

在这里,我们对 value.yaml 文件进行了三处更改。将 CPU 的资源限制增加到 700m, 将 gRPC 的端口更改为 18005,将限流端口更改为 18006,并将日志记录级别更新为 debug

您可以通过以下命令使用 value.yaml 文件安装 Envoy Gateway。

helm install eg oci://docker.io/envoyproxy/gateway-helm --version v0.0.0-latest -n envoy-gateway-system --create-namespace -f values.yaml

开放端口

这些是 Envoy Gateway 和托管 Envoy 代理使用的端口。

Envoy Gateway

Envoy Gateway地址端口是否可配置
Xds EnvoyProxy Server0.0.0.018000No
Xds RateLimit Server0.0.0.018001No
Admin Server127.0.0.119000Yes
Metrics Server0.0.0.019001No
Health Check127.0.0.18081No

EnvoyProxy

Envoy Proxy地址端口
Admin Server127.0.0.119000
Heath Check0.0.0.019001

2 - 使用 Kubernetes YAML 安装

此任务将引导您完成在 Kubernetes 集群中安装 Envoy Gateway。

手动安装过程不允许像 Helm 安装方法那样对配置进行更多控制, 因此如果您需要对 Envoy Gateway 安装进行更多控制,建议您使用 Helm。

开始之前

Envoy Gateway 设计为在 Kubernetes 中运行以进行生产。最重要的要求是:

  • Kubernetest 1.25+ 版本
  • kubectl 命令行工具

使用 YAML 安装

Envoy Gateway 通常从命令行部署到 Kubernetes。如果您没有 Kubernetes,则应该使用 kind 来创建一个。

  1. 在终端中,运行以下命令:

    kubectl apply -f https://github.com/envoyproxy/gateway/releases/download/latest/install.yaml
    
  2. 后续步骤

    Envoy Gateway 现在应该已成功安装并运行,但是为了体验 Envoy Gateway 的更多功能,您可以参考任务

3 - 使用自定义证书的控制平面身份验证

Envoy Gateway 为 Envoy Gateway Pod 和 Envoy 代理队列之间的控制平面通信建立了安全的 TLS 连接。 此处使用的 TLS 证书是自签名的,并使用在创建 Envoy Gateway 之前运行的 Job 生成, 并且这些证书被安装到 Envoy Gateway 和 Envoy 代理 Pod 上。

此任务将引导您完成为控制平面身份验证配置自定义证书。

开始之前

我们使用 Cert-Manager 来管理证书。 您可以按照官方指南安装它。

为控制平面配置自定义证书

  1. 首先您需要设置 CA 颁发者,在此任务中,我们以 selfsigned-issuer 为例。

    您不应在生产中使用自签名颁发者,您应该使用真实的 CA 颁发者。

    cat <<EOF | kubectl apply -f -
    apiVersion: cert-manager.io/v1
    kind: Issuer
    metadata:
      labels:
        app.kubernetes.io/name: envoy-gateway
      name: selfsigned-issuer
      namespace: envoy-gateway-system
    spec:
      selfSigned: {}
    ---
    apiVersion: cert-manager.io/v1
    kind: Certificate
    metadata:
      name: envoy-gateway-ca
      namespace: envoy-gateway-system
    spec:
      isCA: true
      commonName: envoy-gateway
      secretName: envoy-gateway-ca
      privateKey:
        algorithm: RSA
        size: 2048
      issuerRef:
        name: selfsigned-issuer
        kind: Issuer
        group: cert-manager.io
    ---
    apiVersion: cert-manager.io/v1
    kind: Issuer
    metadata:
      labels:
        app.kubernetes.io/name: envoy-gateway
      name: eg-issuer
      namespace: envoy-gateway-system
    spec:
      ca:
        secretName: envoy-gateway-ca
    EOF
    
  2. 为 Envoy Gateway 控制器创建一个证书,该证书将存储在 envoy-gatewy Secret 中。

    cat<<EOF | kubectl apply -f -
    apiVersion: cert-manager.io/v1
    kind: Certificate
    metadata:
      labels:
        app.kubernetes.io/name: envoy-gateway
      name: envoy-gateway
      namespace: envoy-gateway-system
    spec:
      commonName: envoy-gateway
      dnsNames:
      - "envoy-gateway"
      - "envoy-gateway.envoy-gateway-system"
      - "envoy-gateway.envoy-gateway-system.svc"
      - "envoy-gateway.envoy-gateway-system.svc.cluster.local"
      issuerRef:
        kind: Issuer
        name: eg-issuer
      usages:
      - "digital signature"
      - "data encipherment"
      - "key encipherment"
      - "content commitment"
      secretName: envoy-gateway
    EOF
    
  3. 为 Envoy 代理创建一个证书,该证书将存储在 envoy Secret 中。

    cat<<EOF | kubectl apply -f -
    apiVersion: cert-manager.io/v1
    kind: Certificate
    metadata:
      labels:
        app.kubernetes.io/name: envoy-gateway
      name: envoy
      namespace: envoy-gateway-system
    spec:
      commonName: "*"
      dnsNames:
      - "*.envoy-gateway-system"
      issuerRef:
        kind: Issuer
        name: eg-issuer
      usages:
      - "digital signature"
      - "data encipherment"
      - "key encipherment"
      - "content commitment"
      secretName: envoy
    EOF
    
  4. 创建限流证书,该证书将存储在 envoy-rate-limit Secret 中。

    cat<<EOF | kubectl apply -f -
    apiVersion: cert-manager.io/v1
    kind: Certificate
    metadata:
      labels:
        app.kubernetes.io/name: envoy-gateway
      name: envoy-rate-limit
      namespace: envoy-gateway-system
    spec:
      commonName: "*"
      dnsNames:
      - "*.envoy-gateway-system"
      issuerRef:
        kind: Issuer
        name: eg-issuer
      usages:
      - "digital signature"
      - "data encipherment"
      - "key encipherment"
      - "content commitment"
      secretName: envoy-rate-limit
    EOF
    
  5. 现在您可以按照 helm Chart 安装指南使用自定义证书安装 Envoy Gateway。

4 - Gateway Addons Helm Chart

Version: v0.0.0-latest Type: application AppVersion: latest

An Add-ons Helm chart for Envoy Gateway

Homepage: https://gateway.envoyproxy.io/

Maintainers

NameEmailUrl
envoy-gateway-steering-committeehttps://github.com/envoyproxy/gateway/blob/main/GOVERNANCE.md
envoy-gateway-maintainershttps://github.com/envoyproxy/gateway/blob/main/CODEOWNERS

Source Code

Requirements

RepositoryNameVersion
https://fluent.github.io/helm-chartsfluent-bit0.30.4
https://grafana.github.io/helm-chartsalloy0.9.2
https://grafana.github.io/helm-chartsgrafana8.0.0
https://grafana.github.io/helm-chartsloki4.8.0
https://grafana.github.io/helm-chartstempo1.3.1
https://open-telemetry.github.io/opentelemetry-helm-chartsopentelemetry-collector0.108.0
https://prometheus-community.github.io/helm-chartsprometheus25.21.0

Values

KeyTypeDefaultDescription
alloy.alloy.configMap.contentstring"// Write your Alloy config here:\nlogging {\n level = \"info\"\n format = \"logfmt\"\n}\nloki.write \"alloy\" {\n endpoint {\n url = \"http://loki.monitoring.svc:3100/loki/api/v1/push\"\n }\n}\n// discovery.kubernetes allows you to find scrape targets from Kubernetes resources.\n// It watches cluster state and ensures targets are continually synced with what is currently running in your cluster.\ndiscovery.kubernetes \"pod\" {\n role = \"pod\"\n}\n\n// discovery.relabel rewrites the label set of the input targets by applying one or more relabeling rules.\n// If no rules are defined, then the input targets are exported as-is.\ndiscovery.relabel \"pod_logs\" {\n targets = discovery.kubernetes.pod.targets\n\n // Label creation - \"namespace\" field from \"__meta_kubernetes_namespace\"\n rule {\n source_labels = [\"__meta_kubernetes_namespace\"]\n action = \"replace\"\n target_label = \"namespace\"\n }\n\n // Label creation - \"pod\" field from \"__meta_kubernetes_pod_name\"\n rule {\n source_labels = [\"__meta_kubernetes_pod_name\"]\n action = \"replace\"\n target_label = \"pod\"\n }\n\n // Label creation - \"container\" field from \"__meta_kubernetes_pod_container_name\"\n rule {\n source_labels = [\"__meta_kubernetes_pod_container_name\"]\n action = \"replace\"\n target_label = \"container\"\n }\n\n // Label creation - \"app\" field from \"__meta_kubernetes_pod_label_app_kubernetes_io_name\"\n rule {\n source_labels = [\"__meta_kubernetes_pod_label_app_kubernetes_io_name\"]\n action = \"replace\"\n target_label = \"app\"\n }\n\n // Label creation - \"job\" field from \"__meta_kubernetes_namespace\" and \"__meta_kubernetes_pod_container_name\"\n // Concatenate values __meta_kubernetes_namespace/__meta_kubernetes_pod_container_name\n rule {\n source_labels = [\"__meta_kubernetes_namespace\", \"__meta_kubernetes_pod_container_name\"]\n action = \"replace\"\n target_label = \"job\"\n separator = \"/\"\n replacement = \"$1\"\n }\n\n // Label creation - \"container\" field from \"__meta_kubernetes_pod_uid\" and \"__meta_kubernetes_pod_container_name\"\n // Concatenate values __meta_kubernetes_pod_uid/__meta_kubernetes_pod_container_name.log\n rule {\n source_labels = [\"__meta_kubernetes_pod_uid\", \"__meta_kubernetes_pod_container_name\"]\n action = \"replace\"\n target_label = \"__path__\"\n separator = \"/\"\n replacement = \"/var/log/pods/*$1/*.log\"\n }\n\n // Label creation - \"container_runtime\" field from \"__meta_kubernetes_pod_container_id\"\n rule {\n source_labels = [\"__meta_kubernetes_pod_container_id\"]\n action = \"replace\"\n target_label = \"container_runtime\"\n regex = \"^(\\\\S+):\\\\/\\\\/.+$\"\n replacement = \"$1\"\n }\n}\n\n// loki.source.kubernetes tails logs from Kubernetes containers using the Kubernetes API.\nloki.source.kubernetes \"pod_logs\" {\n targets = discovery.relabel.pod_logs.output\n forward_to = [loki.process.pod_logs.receiver]\n}\n// loki.process receives log entries from other Loki components, applies one or more processing stages,\n// and forwards the results to the list of receivers in the component’s arguments.\nloki.process \"pod_logs\" {\n stage.static_labels {\n values = {\n cluster = \"envoy-gateway\",\n }\n }\n\n forward_to = [loki.write.alloy.receiver]\n}"
alloy.enabledboolfalse
alloy.fullnameOverridestring"alloy"
fluent-bit.config.filtersstring"[FILTER]\n Name kubernetes\n Match kube.*\n Merge_Log On\n Keep_Log Off\n K8S-Logging.Parser On\n K8S-Logging.Exclude On\n\n[FILTER]\n Name grep\n Match kube.*\n Regex $kubernetes['container_name'] ^envoy$\n\n[FILTER]\n Name parser\n Match kube.*\n Key_Name log\n Parser envoy\n Reserve_Data True\n"
fluent-bit.config.inputsstring"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n multiline.parser docker, cri\n Tag kube.*\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n"
fluent-bit.config.outputsstring"[OUTPUT]\n Name loki\n Match kube.*\n Host loki.monitoring.svc.cluster.local\n Port 3100\n Labels job=fluentbit, app=$kubernetes['labels']['app'], k8s_namespace_name=$kubernetes['namespace_name'], k8s_pod_name=$kubernetes['pod_name'], k8s_container_name=$kubernetes['container_name']\n"
fluent-bit.config.servicestring"[SERVICE]\n Daemon Off\n Flush {{ .Values.flush }}\n Log_Level {{ .Values.logLevel }}\n Parsers_File parsers.conf\n Parsers_File custom_parsers.conf\n HTTP_Server On\n HTTP_Listen 0.0.0.0\n HTTP_Port {{ .Values.metricsPort }}\n Health_Check On\n"
fluent-bit.enabledbooltrue
fluent-bit.fullnameOverridestring"fluent-bit"
fluent-bit.image.repositorystring"fluent/fluent-bit"
fluent-bit.podAnnotations.“fluentbit.io/exclude”string"true"
fluent-bit.podAnnotations.“prometheus.io/path”string"/api/v1/metrics/prometheus"
fluent-bit.podAnnotations.“prometheus.io/port”string"2020"
fluent-bit.podAnnotations.“prometheus.io/scrape”string"true"
fluent-bit.testFramework.enabledboolfalse
grafana.adminPasswordstring"admin"
grafana.dashboardProviders.“dashboardproviders.yaml”.apiVersionint1
grafana.dashboardProviders.“dashboardproviders.yaml”.providers[0].disableDeletionboolfalse
grafana.dashboardProviders.“dashboardproviders.yaml”.providers[0].editablebooltrue
grafana.dashboardProviders.“dashboardproviders.yaml”.providers[0].folderstring"envoy-gateway"
grafana.dashboardProviders.“dashboardproviders.yaml”.providers[0].namestring"envoy-gateway"
grafana.dashboardProviders.“dashboardproviders.yaml”.providers[0].options.pathstring"/var/lib/grafana/dashboards/envoy-gateway"
grafana.dashboardProviders.“dashboardproviders.yaml”.providers[0].orgIdint1
grafana.dashboardProviders.“dashboardproviders.yaml”.providers[0].typestring"file"
grafana.dashboardsConfigMaps.envoy-gatewaystring"grafana-dashboards"
grafana.datasources.“datasources.yaml”.apiVersionint1
grafana.datasources.“datasources.yaml”.datasources[0].namestring"Prometheus"
grafana.datasources.“datasources.yaml”.datasources[0].typestring"prometheus"
grafana.datasources.“datasources.yaml”.datasources[0].urlstring"http://prometheus"
grafana.enabledbooltrue
grafana.fullnameOverridestring"grafana"
grafana.service.typestring"LoadBalancer"
grafana.testFramework.enabledboolfalse
loki.backend.replicasint0
loki.deploymentModestring"SingleBinary"
loki.enabledbooltrue
loki.fullnameOverridestring"loki"
loki.gateway.enabledboolfalse
loki.loki.auth_enabledboolfalse
loki.loki.commonConfig.replication_factorint1
loki.loki.compactorAddressstring"loki"
loki.loki.memberliststring"loki-memberlist"
loki.loki.rulerConfig.storage.typestring"local"
loki.loki.storage.typestring"filesystem"
loki.monitoring.lokiCanary.enabledboolfalse
loki.monitoring.selfMonitoring.enabledboolfalse
loki.monitoring.selfMonitoring.grafanaAgent.installOperatorboolfalse
loki.read.replicasint0
loki.singleBinary.replicasint1
loki.test.enabledboolfalse
loki.write.replicasint0
opentelemetry-collector.config.exporters.debug.verbositystring"detailed"
opentelemetry-collector.config.exporters.loki.endpointstring"http://loki.monitoring.svc:3100/loki/api/v1/push"
opentelemetry-collector.config.exporters.otlp.endpointstring"tempo.monitoring.svc:4317"
opentelemetry-collector.config.exporters.otlp.tls.insecurebooltrue
opentelemetry-collector.config.exporters.prometheus.endpointstring"[${env:MY_POD_IP}]:19001"
opentelemetry-collector.config.extensions.health_check.endpointstring"[${env:MY_POD_IP}]:13133"
opentelemetry-collector.config.processors.attributes.actions[0].actionstring"insert"
opentelemetry-collector.config.processors.attributes.actions[0].keystring"loki.attribute.labels"
opentelemetry-collector.config.processors.attributes.actions[0].valuestring"k8s.pod.name, k8s.namespace.name"
opentelemetry-collector.config.receivers.datadog.endpointstring"[${env:MY_POD_IP}]:8126"
opentelemetry-collector.config.receivers.jaeger.protocols.grpc.endpointstring"[${env:MY_POD_IP}]:14250"
opentelemetry-collector.config.receivers.jaeger.protocols.thrift_compact.endpointstring"[${env:MY_POD_IP}]:6831"
opentelemetry-collector.config.receivers.jaeger.protocols.thrift_http.endpointstring"[${env:MY_POD_IP}]:14268"
opentelemetry-collector.config.receivers.otlp.protocols.grpc.endpointstring"[${env:MY_POD_IP}]:4317"
opentelemetry-collector.config.receivers.otlp.protocols.http.endpointstring"[${env:MY_POD_IP}]:4318"
opentelemetry-collector.config.receivers.prometheus.config.scrape_configs[0].job_namestring"opentelemetry-collector"
opentelemetry-collector.config.receivers.prometheus.config.scrape_configs[0].scrape_intervalstring"10s"
opentelemetry-collector.config.receivers.prometheus.config.scrape_configs[0].static_configs[0].targets[0]string"[${env:MY_POD_IP}]:8888"
opentelemetry-collector.config.receivers.zipkin.endpointstring"[${env:MY_POD_IP}]:9411"
opentelemetry-collector.config.service.extensions[0]string"health_check"
opentelemetry-collector.config.service.pipelines.logs.exporters[0]string"loki"
opentelemetry-collector.config.service.pipelines.logs.processors[0]string"attributes"
opentelemetry-collector.config.service.pipelines.logs.receivers[0]string"otlp"
opentelemetry-collector.config.service.pipelines.metrics.exporters[0]string"prometheus"
opentelemetry-collector.config.service.pipelines.metrics.receivers[0]string"datadog"
opentelemetry-collector.config.service.pipelines.metrics.receivers[1]string"otlp"
opentelemetry-collector.config.service.pipelines.traces.exporters[0]string"otlp"
opentelemetry-collector.config.service.pipelines.traces.receivers[0]string"datadog"
opentelemetry-collector.config.service.pipelines.traces.receivers[1]string"otlp"
opentelemetry-collector.config.service.pipelines.traces.receivers[2]string"zipkin"
opentelemetry-collector.config.service.telemetry.metrics.addressstring"[${env:MY_POD_IP}]:8888"
opentelemetry-collector.enabledboolfalse
opentelemetry-collector.fullnameOverridestring"otel-collector"
opentelemetry-collector.image.repositorystring"otel/opentelemetry-collector-contrib"
opentelemetry-collector.modestring"deployment"
prometheus.alertmanager.enabledboolfalse
prometheus.enabledbooltrue
prometheus.kube-state-metrics.enabledboolfalse
prometheus.prometheus-node-exporter.enabledboolfalse
prometheus.prometheus-pushgateway.enabledboolfalse
prometheus.server.fullnameOverridestring"prometheus"
prometheus.server.global.scrape_intervalstring"15s"
prometheus.server.image.repositorystring"prom/prometheus"
prometheus.server.persistentVolume.enabledboolfalse
prometheus.server.readinessProbeInitialDelayint0
prometheus.server.securityContextobject{}
prometheus.server.service.typestring"LoadBalancer"
tempo.enabledbooltrue
tempo.fullnameOverridestring"tempo"
tempo.service.typestring"LoadBalancer"

5 - Gateway Helm Chart

Version: v0.0.0-latest Type: application AppVersion: latest

The Helm chart for Envoy Gateway

Homepage: https://gateway.envoyproxy.io/

Maintainers

NameEmailUrl
envoy-gateway-steering-committeehttps://github.com/envoyproxy/gateway/blob/main/GOVERNANCE.md
envoy-gateway-maintainershttps://github.com/envoyproxy/gateway/blob/main/CODEOWNERS

Source Code

Values

KeyTypeDefaultDescription
certgenobject{"job":{"affinity":{},"annotations":{},"nodeSelector":{},"resources":{},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}},"tolerations":[],"ttlSecondsAfterFinished":30},"rbac":{"annotations":{},"labels":{}}}Certgen is used to generate the certificates required by EnvoyGateway. If you want to construct a custom certificate, you can generate a custom certificate through Cert-Manager before installing EnvoyGateway. Certgen will not overwrite the custom certificate. Please do not manually modify values.yaml to disable certgen, it may cause EnvoyGateway OIDC,OAuth2,etc. to not work as expected.
config.envoyGateway.gateway.controllerNamestring"gateway.envoyproxy.io/gatewayclass-controller"
config.envoyGateway.logging.level.defaultstring"info"
config.envoyGateway.provider.typestring"Kubernetes"
createNamespaceboolfalse
deployment.envoyGateway.image.repositorystring""
deployment.envoyGateway.image.tagstring""
deployment.envoyGateway.imagePullPolicystring""
deployment.envoyGateway.imagePullSecretslist[]
deployment.envoyGateway.resources.limits.memorystring"1024Mi"
deployment.envoyGateway.resources.requests.cpustring"100m"
deployment.envoyGateway.resources.requests.memorystring"256Mi"
deployment.envoyGateway.securityContext.allowPrivilegeEscalationboolfalse
deployment.envoyGateway.securityContext.capabilities.drop[0]string"ALL"
deployment.envoyGateway.securityContext.privilegedboolfalse
deployment.envoyGateway.securityContext.runAsGroupint65532
deployment.envoyGateway.securityContext.runAsNonRootbooltrue
deployment.envoyGateway.securityContext.runAsUserint65532
deployment.envoyGateway.securityContext.seccompProfile.typestring"RuntimeDefault"
deployment.pod.affinityobject{}
deployment.pod.annotations.“prometheus.io/port”string"19001"
deployment.pod.annotations.“prometheus.io/scrape”string"true"
deployment.pod.labelsobject{}
deployment.pod.nodeSelectorobject{}
deployment.pod.tolerationslist[]
deployment.pod.topologySpreadConstraintslist[]
deployment.ports[0].namestring"grpc"
deployment.ports[0].portint18000
deployment.ports[0].targetPortint18000
deployment.ports[1].namestring"ratelimit"
deployment.ports[1].portint18001
deployment.ports[1].targetPortint18001
deployment.ports[2].namestring"wasm"
deployment.ports[2].portint18002
deployment.ports[2].targetPortint18002
deployment.ports[3].namestring"metrics"
deployment.ports[3].portint19001
deployment.ports[3].targetPortint19001
deployment.priorityClassNamestringnil
deployment.replicasint1
global.images.envoyGateway.imagestringnil
global.images.envoyGateway.pullPolicystringnil
global.images.envoyGateway.pullSecretslist[]
global.images.ratelimit.imagestring"docker.io/envoyproxy/ratelimit:master"
global.images.ratelimit.pullPolicystring"IfNotPresent"
global.images.ratelimit.pullSecretslist[]
kubernetesClusterDomainstring"cluster.local"
podDisruptionBudget.minAvailableint0
service.annotationsobject{}

6 - 兼容性表格

本节包含关于 Envoy Gateway 的兼容性表格。

Envoy Gateway 依赖于 Envoy Proxy 和 Gateway API,并在 Kubernetes 集群中运行。 这些产品的所有版本并非都可以与 Envoy Gateway 一起运行。下面列出了支持的版本组合; 粗体类型表示实际编译到每个 Envoy Gateway 版本中的 Envoy Proxy 和 Gateway API 的版本。

Envoy Gateway 版本Envoy Proxy 版本Rate Limit 版本Gateway API 版本Kubernetes 版本
v1.0.0distroless-v1.29.219f2079fv1.0.0v1.26, v1.27, v1.28, v1.29
v0.6.0distroless-v1.28-latestb9796237v1.0.0v1.26, v1.27, v1.28
v0.5.0v1.27-lateste059638dv0.7.1v1.25, v1.26, v1.27
v0.4.0v1.26-latest542a6047v0.6.2v1.25, v1.26, v1.27
v0.3.0v1.25-latestf28024e3v0.6.1v1.24, v1.25, v1.26
v0.2.0v1.23-latestv0.5.1v1.24
latestdev-latestmasterv1.0.0v1.29, v1.30, v1.31, v1.32