What is Envoy Gateway and How Does it Work on EKS?
What is Envoy Gateway and How Does it Work on EKS?
Envoy Proxy is known for its high performance, but managing it in its raw form (raw Envoy configuration) is quite difficult. Envoy Gateway is a project that makes this power easier to use by combining it with the Kubernetes Gateway API standard.
You can create a powerful traffic management layer using Envoy Gateway on Amazon EKS.
Envoy Gateway Features
- Modern API: Full support for Kubernetes Gateway API (v1).
- Rate Limiting: Global and route-based rate limiting.
- Authentication: Support for OIDC, JWT, and Basic Auth.
- Observability: Prometheus metrics and OpenTelemetry tracing come natively.
EKS Integration
On EKS, Envoy Gateway typically runs behind a LoadBalancer service. AWS NLB (Network Load Balancer) forwards traffic to Envoy pods. Envoy processes this traffic (SSL termination, authorization) and distributes it to backend microservices.
Installation: Can be easily installed with Helm:
helm install eg oci://docker.io/envoyproxy/gateway-helm --version v0.0.0-latest -n envoy-gateway-system --create-namespace
Envoy Gateway is a more flexible alternative to AWS ALB, especially in cases requiring complex routing rules (Header routing, Mirroring) between microservices.