Understanding Envoy Gateway

Terminology

Envoy Gateway is an open-source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway.
Gateway API is a Kubernetes-official collection of CRDs for declaring routing rules and traffic management policies. Envoy Gateway is one implementation of the Gateway API specification.
Gateway or gatewayapi/gateway is a CR defined by the Gateway API specification.
envoy-gateway instance is Envoy Gateway instance and all its related resources running in a Kubernetes cluster.
envoy-gateway-operator is a helm-operator wrapper around Envoy Gateway and use EnvoyGatewayCtl to simplify the deployment and management of envoy-gateway instance.
EnvoyProxy is a CR defined by the Envoy Gateway specification, used by envoy-gateway instance to manage envoy-proxy instance.
envoy-proxy instance is a running deployment which handles incoming traffic.

Architecture

After installing the envoy-gateway-operator, it watch EnvoyGatewayCtl and deploys an envoy-gateway instance along with a default GatewayClass.
When you create a Gateway that references this GatewayClass and specifies an EnvoyProxy configuration, the envoy-gateway instance deploys an envoy-proxy instance to handle incoming traffic.
HTTP, TCP, or UDP Route resources can then be created and attached to this Gateway to define traffic routing policies.
For more granular configuration, you can create ClientTrafficPolicy or BackendTrafficPolicy resources and attach them to routes to implement advanced traffic management features.

Envoy Gateway and envoy-gateway-operator introduce additional CRDs that, combined with the Gateway API CRDs, comprehensively control all aspects of gateway deployment and routing policy configurations.

`Gateway API` Related CRDs

CRD	Description
GatewayClass	An `envoy-gateway instance` knows which GatewayClasses it manages, and thereby knows which Gateways it should control.
Gateway	Defines three essential components: 1. GatewayClass reference - References the GatewayClass that controls this Gateway via `.spec.gatewayClassName` 2. Listeners configuration - Specifies which ports, hostnames, and TLS certificates to use for traffic handling via `.spec.listeners` 3. Infrastructure parameters - Configures deployment specifics like replicas, resources by referencing an `EnvoyProxy` via `.spec.infrastructure.parametersRef`
HTTP/TCP/UDP Route	Defines four essential components: 1. Multiple matching rule sets - Various conditions to match incoming traffic 2. Backend destinations - Target services for each matching rule set 3. Traffic policies - Per-rule configurations including retries, timeouts, redirects, etc. 4. Gateway listeners attachment - Defined via `.spec.parentRefs` to connect routes to specific `Gateway` listeners

For more details about these resources, please refer to the Gateway API Concepts.

CRD	Description
EnvoyProxy	Defines the configuration for `envoy-proxy instances`, such as replicas, resources, and scheduling constraints

In the recommended deployment pattern, each Gateway uses .spec.infrastructure.parametersRef to reference its own dedicated EnvoyProxy resource.

This one-to-one mapping allows users to control the Gateway's deployment configuration (replicas, resources, scheduling, etc.) by modifying the corresponding EnvoyProxy resource.

CRD	Description
EnvoyGatewayCtl	Controls the deployment of a specific `envoy-gateway instance`.

We recommend deploying a single envoy-gateway instance via EnvoyGatewayCtl per cluster, which is sufficient for typical use cases.

However, the EnvoyGatewayCtl resource allows you to deploy multiple envoy-gateway instance within the same cluster, enabling more flexible control and isolation for advanced scenarios such as different deployment mode

Next Steps

Install Envoy Gateway via Operator

Additional resources:

Resource	Description
Envoy Gateway	Official documentation for Envoy Gateway
Gateway API	Official documentation for Gateway API
Install Envoy Gateway via Operator	Guide for installing Envoy Gateway using the operator
Configure GatewayAPI Gateway	Guide for configuring Gateway in our platform via web console or yaml
Configure GatewayAPI Route	Guide for configuring Route in our platform via web console or yaml
Tasks for Envoy Gateway	Common tasks and operations for Envoy Gateway

Understanding Envoy Gateway

Terminology

Envoy Gateway is an open-source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway.
Gateway API is a Kubernetes-official collection of CRDs for declaring routing rules and traffic management policies. Envoy Gateway is one implementation of the Gateway API specification.
Gateway or gatewayapi/gateway is a CR defined by the Gateway API specification.
envoy-gateway instance is Envoy Gateway instance and all its related resources running in a Kubernetes cluster.
envoy-gateway-operator is a helm-operator wrapper around Envoy Gateway and use EnvoyGatewayCtl to simplify the deployment and management of envoy-gateway instance.
EnvoyProxy is a CR defined by the Envoy Gateway specification, used by envoy-gateway instance to manage envoy-proxy instance.
envoy-proxy instance is a running deployment which handles incoming traffic.

Architecture

After installing the envoy-gateway-operator, it watch EnvoyGatewayCtl and deploys an envoy-gateway instance along with a default GatewayClass.
When you create a Gateway that references this GatewayClass and specifies an EnvoyProxy configuration, the envoy-gateway instance deploys an envoy-proxy instance to handle incoming traffic.
HTTP, TCP, or UDP Route resources can then be created and attached to this Gateway to define traffic routing policies.
For more granular configuration, you can create ClientTrafficPolicy or BackendTrafficPolicy resources and attach them to routes to implement advanced traffic management features.

`Gateway API` Related CRDs

CRD	Description
GatewayClass	An `envoy-gateway instance` knows which GatewayClasses it manages, and thereby knows which Gateways it should control.
Gateway	Defines three essential components: 1. GatewayClass reference - References the GatewayClass that controls this Gateway via `.spec.gatewayClassName` 2. Listeners configuration - Specifies which ports, hostnames, and TLS certificates to use for traffic handling via `.spec.listeners` 3. Infrastructure parameters - Configures deployment specifics like replicas, resources by referencing an `EnvoyProxy` via `.spec.infrastructure.parametersRef`
HTTP/TCP/UDP Route	Defines four essential components: 1. Multiple matching rule sets - Various conditions to match incoming traffic 2. Backend destinations - Target services for each matching rule set 3. Traffic policies - Per-rule configurations including retries, timeouts, redirects, etc. 4. Gateway listeners attachment - Defined via `.spec.parentRefs` to connect routes to specific `Gateway` listeners

For more details about these resources, please refer to the Gateway API Concepts.

CRD	Description
EnvoyProxy	Defines the configuration for `envoy-proxy instances`, such as replicas, resources, and scheduling constraints

In the recommended deployment pattern, each Gateway uses .spec.infrastructure.parametersRef to reference its own dedicated EnvoyProxy resource.

This one-to-one mapping allows users to control the Gateway's deployment configuration (replicas, resources, scheduling, etc.) by modifying the corresponding EnvoyProxy resource.

CRD	Description
EnvoyGatewayCtl	Controls the deployment of a specific `envoy-gateway instance`.

We recommend deploying a single envoy-gateway instance via EnvoyGatewayCtl per cluster, which is sufficient for typical use cases.

Next Steps

Install Envoy Gateway via Operator

Additional resources:

Resource	Description
Envoy Gateway	Official documentation for Envoy Gateway
Gateway API	Official documentation for Gateway API
Install Envoy Gateway via Operator	Guide for installing Envoy Gateway using the operator
Configure GatewayAPI Gateway	Guide for configuring Gateway in our platform via web console or yaml
Configure GatewayAPI Route	Guide for configuring Route in our platform via web console or yaml
Tasks for Envoy Gateway	Common tasks and operations for Envoy Gateway

ACP CLI (ac)

Node Management

Managed Clusters

Import Clusters

Public Cloud Cluster Initialization

Network Initialization

Storage Initialization

How to

How to

Backup Management

Recovery Management

Architecture

Concepts

Guides

How To

ALB

Trouble Shooting

Concepts

Guides

How To

Troubleshooting

Object Storage

Guides

How To

Install

Concepts

Guides

How To

Disaster Recovery

Concepts

Guides

How To

Guides

How To

Compliance

HowTo

API Refiner

User

Guides

Group

Guides

Role

Guides

IDP

Guides

Troubleshooting

User Policy

Guides

Overview

Images

Guides

How To

Virtual Machine

Guides

How To

Troubleshooting

Network

Guides

How To

Storage

Guides

Backup and Recovery

Guides

Concepts

Namespaces

Creating Applications

Operation and Maintaining Applications

Application Rollout

KEDA(Kubernetes Event-driven Autoscaling)

How To

Workloads

Configurations

Application Observability

How To

How To

Install

How To

Overview

Install

Upgrade