Tetrate Enterprise Gateway for Envoy (TEG)Version: v1.2.x
Core Concepts
There are several resources that play a part in enabling you to meet your Kubernetes ingress traffic handling needs. This page provides a brief overview of the resources you’ll be working with.
TEG installs a Gateway Class called teg
and an Envoy Proxy resource called teg-envoy-proxy-config
for you.
Kubernetes Gateway API Resources
- GatewayClass: Defines a class of Gateways with common configuration.
- Gateway: Specifies how traffic can enter the cluster.
- Routes: HTTPRoute, GRPCRoute, TLSRoute, TCPRoute, UDPRoute: Define routing rules for different types of traffic.
Envoy Gateway (EG) API Resources
- EnvoyProxy: Represents the deployment and configuration of the Envoy proxy within a Kubernetes cluster, managing its lifecycle and settings.
- EnvoyPatchPolicy, ClientTrafficPolicy, SecurityPolicy, BackendTrafficPolicy, EnvoyExtensionPolicy, BackendTLSPolicy: Additional policies and configurations specific to Envoy Gateway.
- Backend: A resource that makes routing to cluster-external backends easier and makes access to external processes via Unix Domain Sockets possible.
Resource | API | Required | Purpose | References | Description |
---|---|---|---|---|---|
GatewayClass | Gateway API | Yes | Gateway Config | Core | Defines a class of Gateways with common configuration. |
Gateway | Gateway API | Yes | Gateway Config | GatewayClass | Specifies how traffic can enter the cluster. |
HTTPRoute GRPCRoute TLSRoute TCPRoute UDPRoute | Gateway API | Yes | Routing | Gateway | Define routing rules for different types of traffic. Note:For simplicity these resources are referenced collectively as Route in the References column |
Backend | EG API | No | Routing | N/A | Used for routing to cluster-external backends using FQDN or IP. Can also be used when you want to extend Envoy with external processes accessed via Unix Domain Sockets. |
ClientTrafficPolicy | EG API | No | Traffic Handling | Gateway | Specifies policies for handling client traffic, including rate limiting, retries, and other client-specific configurations. |
BackendTrafficPolicy | EG API | No | Traffic Handling | Gateway Route | Specifies policies for traffic directed towards backend services, including load balancing, health checks, and failover strategies. Note:Most specific configuration wins |
SecurityPolicy | EG API | No | Security | Gateway Route | Defines security-related policies such as authentication, authorization, and encryption settings for traffic handled by Envoy Gateway. Note:Most specific configuration wins |
BackendTLSPolicy | Gateway API | No | Security | Service | Defines TLS settings for backend connections, including certificate management, TLS version settings, and other security configurations. This policy is applied to Kubernetes Services. |
EnvoyProxy | EG API | No | Customize & Extend | GatewayClass Gateway | The EnvoyProxy resource represents the deployment and configuration of the Envoy proxy itself within a Kubernetes cluster, managing its lifecycle and settings. Note:Most specific configuration wins |
EnvoyPatchPolicy | EG API | No | Customize & Extend | GatewayClass Gateway | This policy defines custom patches to be applied to Envoy Gateway resources, allowing users to tailor the configuration to their specific needs. Note:Most specific configuration wins |
EnvoyExtensionPolicy | EG API | No | Customize & Extend | Gateway Route, Backend | Allows for the configuration of Envoy proxy extensions, enabling custom behavior and functionality. Note:Most specific configuration wins |