Capabilities
Tetrate Enterprise Gateway for Envoy (TEG) builds on top of the Envoy Gateway project to provide an easy to use and operate ingress with advanced per-request traffic control, easy integration with existing environments, and best in class observability to understand application traffic and ingress health.
Easy to Install, Operate, and Upgrade
Tetrate Enterprise Gateway for Envoy (TEG) focuses on ease of use top to bottom: from first installation to enabling application teams to troubleshooting outages to performing upgrades. TEG's initial installation takes a few minutes, and you can begin to route to applications leveraging advanced features like rate limiting, single sign-on, and canary traffic immediately. Follow the quickstart guide to see for yourself.
Following on that initial value, we make operations easy by fitting into your existing metrics, tracing, and logging pipelines for application traffic and the health of TEG components. We also provide, as part of the demo deployment, a full pre-configured observability stack to evaluate the data EG produces and help with plan how you'll integrate TEG with your existing metrics stack. Follow the telemetry installation guide to plumb that data into your existing pipelines.
Operability: a First-Class Feature
TEG is built by a team with broad experience running large, critical systems in production. When taking on a critical role in the infrastructure — ingress load balancer — we know how critical operations and upgrade are. Envoy Gateway is built by engineers with years of experience serving ingress traffic with Envoy; Tetrate extends Envoy Gateway with a core focus on ease of operations. Everything that goes into TEG has to pass the "3am oncall test": can I understand what's wrong and fix it when I get woken up by the pager at 3am and can barely think straight?
To facilitate that, Tetrate Enterprise Gateway for Envoy (TEG):
- makes vulnerability checking and continuous upgrade easy
- integrates with your existing metrics and tracing provider out of the box; it's easy to fit into your existing operations center
- provides a powerful set of ingress observability dashboards for your existing Grafana deployment
- alerting guidelines as sensible defaults to bootstrap your own alerting on ingress behavior
- tested ingress recipes for exposing common cloud native applications like AWS Lattice, MinIO, ...
See our administration guides and telemetry installation instructions for more.
Integrates with Your Existing Environment
While TEG is an excellent choice for getting started in greenfield deployments, most folks are coming from existing deployments. Tetrate Enterprise Gateway for Envoy (TEG) integrates directly with traditional environments in addition to modern cloud native ones. It can help you bridge the gap between your existing application ecosystem and the cloud native target you're building towards.
Bring Your Existing Observability Stack
You likely already have an observability system at your organization, and your application & operations teams are already trained to use it. Tetrate Enterprise Gateway for Envoy (TEG) fits in to that existing ecosystem, making it simple to slot in to an existing infrastructure and operationalize in your organization.
Tetrate Enterprise Gateway for Envoy (TEG) will enable Envoy's rich set of metrics to be exported so your app teams have best-in-class insight into how their application traffic behaves and see the effect of any configuration changes they make. TEG also provides dashboards and alerting for the platform team running it, enabling you to operate with confidence and resolve issues quickly as they're discovered.
See how to plumb TEG data into your existing pipelines here.
Simple Load Balancing
Envoy is incredibly powerful, but it can be hard to get it going for simple use cases — and systems like Istio that offer Envoy ingress management as part of a larger suite of capabilities also come freighted with many additional features at odds with a simple, streamlined operational experience. This is why Envoy Gateway exists: to make it simple to use the power of Envoy for ingress use cases.
Tetrate Enterprise Gateway for Envoy (TEG) delivers on that promise with a simple and clean installation to enable Envoy at runtime, and documentation and tooling to make your developers successful with the Gateway API to program it.
Kubernetes Ingress, the Easy Way
At its simplest, Tetrate Enterprise Gateway for Envoy (TEG) can be used to expose applications deployed in Kubernetes. It works in both a shared ingress mode (where multiple teams configure the same set of Envoys) or a per-app ingress mode (where each team configures their own Envoy). With TEG in place, application owners simply need to author Routes to enable routing for their applications — putting the power in the application teams' hands to move at their own pace.
See how to use TEG as an ingress for Kubernetes services here.
Cloud Native Load Balancing on Prem
Tetrate Enterprise Gateway for Envoy (TEG) isn't just for advanced workloads deployed in the cloud: it works incredibly well for empowering teams on-prem in their modernization and migration efforts — whether the end destination is modernizing in place on prem or migrating into the cloud.
A Simple API Gateway
The vast majority of API Gateway usage in organizations boils down to three things: authenticate the user making the request; rate limit the user's access to the service behind the API; load balance across the service instances for this API endpoint.
Tetrate Enterprise Gateway for Envoy (TEG) makes it simple to accomplish all three in traditional and cloud native environments. Rate limiting, authentication, and a demo observability stack are all deployed by default alongside TEG. Each application can then opt-in to those features by using them in the Route
configuration they own.
In this way, the platform team can enable agility by delegating control to app teams to move at their own speed.
See how to use TEG to provide rate limiting and authentication for applications.
Configure Once, Opt-in SSO for Applications
Tetrate Enterprise Gateway for Envoy (TEG) centralizes control of the Gateway and core configuration to the platform owner, while delegating how those features are used to platform teams via the Routes APIs. One powerful use case of this is using TEG to integrate with your OIDC provider at install time, then allowing individual teams to opt in to SSO via your existing OIDC provider with simple configuration.
See how to enable authentication for your own applications with TEG here.
- Multi-cluster Routing
- App Team Self-serve Ingress
- Failover at Ingress
- Infra Blue/Green Deployments