Huabing Blog

Envoy Gateway Policies: Unlocking the Full Power of Envoy Proxy for API Gateways

KubeCon Japan 2025

This presentation will delve into Envoy Gateway's API extensions: ClientTrafficPolicy, BackendTrafficPolicy, SecurityPolicy, and EnvoyExtensionPolicy. We'll explore their practical applications in managing and securing edge traffic, showcasing advanced features like JWT authorization, rate limiting, OIDC integration, external processing, and WASM plugins.

Envoy Gateway Architecture Diagrams

I put together these diagrams to get a clearer picture of the Envoy Gateway's architecture. If you’re trying to understand how Envoy Gateway works under the hood, you might find them useful too.

Posted by "赵化冰" on Monday, May 12, 2025

Securing the Gateway: A Deep Dive into Envoy Gateway's Advanced Security Policy

KubeCon Europe 2025

Envoy Gateway's Security Policy simplifies access to Envoy's robust security features, eliminating the need for users to navigate complex Envoy configurations. These features include CORS, JWT authentication, Basic Auth, OpenID Connect (OIDC), External Authentication (Ext Auth), and more. This session includes a demo showcasing OIDC authentication and authorization based on JWT claims, offering practical insights for enhancing application security—whether you're an experienced Envoy user or new to open source.

Envoy Gateway v 1.2.0 版本发布：新功能与改进介绍

Envoy Gateway（本文中简称 EG）在 11 月 6 日发布了最新的 1.2 版本。该版本带来了一系列激动人心的新特性和改进，本文将为您一一介绍。

Posted by Huabing Blog on Tuesday, November 5, 2024

Beyond Gateway API: Introducing Envoy Gateway's Gateway API Extensions

As the official Gateway Controller for the Envoy, Envoy Gateway provides full support for all the features of the Kubernetes Gateway API. In addition, Envoy Gateway extends the Gateway API by introducing a range of enhancements for traffic management, security features, and custom extensions that go beyond the standard API. In this post, we’ll dive into these Envoy Gateway extensions and explore their use cases.

Posted by Huabing Zhao（Envoy Gateway Maintainer） on Saturday, August 31, 2024

超越 Gateway API：深入探索 Envoy Gateway 的扩展功能

作为 Envoy 社区推出的 Ingress Gateway 实现，Envoy Gateway 全面支持了 Kubernetes Gateway API 的所有能力。除此之外，基于 Gateway API 的扩展机制，Envoy Gateway 还提供了丰富的流量管理、安全性、自定义扩展等 Gateway API 中并不包含的增强功能。本文将介绍 Envoy Gateway 的 Gateway API 扩展功能，并深入探讨这些功能的应用场景。

Posted by 赵化冰（Envoy Gateway Maintainer） on Saturday, August 31, 2024

Highlights of Envoy Gateway v1.1.0: What’s New and Improved

Envoy Gateway (EG) released its latest version, 1.1.0, on July 22. This update marks the first feature release since the 1.0 GA (General Availability) version and includes multiple new features and improvements. In this article, I will highlight some of the most important new features.

Posted by Huabing Blog on Monday, July 22, 2024

Envoy Gateway v 1.1.0 版本发布：新功能与改进介绍

Envoy Gateway（本文中简称 EG）在 7 月 23 日发布了最新的 1.1 版本。1.1 版本 EG 在 1.0 GA （General Availability）版本后的第一个功能更新版本，那么该版本中有哪些重要的新特性和改进呢？本文将为您一一介绍。

Posted by Huabing Blog on Wednesday, July 10, 2024

How to Get the Client’s “Real” IP Address with Envoy Gateway ?

Just as a river flows from its source through various bends before reaching the sea, a typical HTTP request travels from a client across multiple network hops until it reaches its destination server. During this journey, the request’s original IP address is lost as it moves through multiple network infrastructures such as proxy servers and load balancers. This happens because some of these hops terminate the TCP connection and create a new TCP connection with the next hop.

Posted by Huabing Blog on Monday, May 20, 2024

如何通过 Envoy Gateway 得到客户端的真实 IP 地址？

本文将介绍使用 X-Forwarded-For Header、自定义 HTTP Header 和代理协议这些方法来获取客户端真实地址的原理，以及如何采用 Envoy Gateway 来方便地获取到客户端的真实 IP 地址，并基于客户端 IP 地址进行对请求进行访问控制、限流等操作，以提高应用的安全性和可用性。

Posted by Huabing Blog on Monday, May 20, 2024

CNCF Ambassador, engineer @tetrate.io, creator @Aeraki Mesh, open-source enthusiast, technical writer and life adventurer

QUICK LINKS

FEATURED TAGS

aeraki aeraki-mesh ambient-mesh api-gateway bitcoin blockchain cryptocurrency dubbo envoy envoy-gateway istio kubecon kubernetes metaprotocol microservice onap service-mesh

PUBLICATIONS