Envoy Gateway — Commands & Recipes
Installation
# Install via Helm
helm install eg oci://docker.io/envoyproxy/gateway-helm \
--version v1.7.1 -n envoy-gateway-system --create-namespace
# Verify
kubectl get pods -n envoy-gateway-system
kubectl get gatewayclass
Basic Gateway + HTTPRoute
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: my-gateway
spec:
gatewayClassName: eg
listeners:
- name: http
protocol: HTTP
port: 80
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: myapp-route
spec:
parentRefs:
- name: my-gateway
hostnames: ["app.example.com"]
rules:
- matches:
- path:
type: PathPrefix
value: /api
backendRefs:
- name: myapp-svc
port: 8080
Security Policy (JWT)
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: SecurityPolicy
metadata:
name: jwt-auth
spec:
targetRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: my-gateway
jwt:
providers:
- name: auth0
issuer: https://my-tenant.auth0.com/
remoteJWKS:
uri: https://my-tenant.auth0.com/.well-known/jwks.json
Traffic Splitting (Canary)
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: canary
spec:
parentRefs:
- name: my-gateway
rules:
- backendRefs:
- name: myapp-v1
port: 8080
weight: 90
- name: myapp-v2
port: 8080
weight: 10
Sources