Huabing Blog

Envoy Gateway Policies: Unlocking the Full Power of Envoy Proxy for API Gateways

KubeCon Japan 2025

This presentation will delve into Envoy Gateway's API extensions: ClientTrafficPolicy, BackendTrafficPolicy, SecurityPolicy, and EnvoyExtensionPolicy. We'll explore their practical applications in managing and securing edge traffic, showcasing advanced features like JWT authorization, rate limiting, OIDC integration, external processing, and WASM plugins.

Envoy Gateway Architecture Diagrams

I put together these diagrams to get a clearer picture of the Envoy Gateway's architecture. If you’re trying to understand how Envoy Gateway works under the hood, you might find them useful too.

Securing the Gateway: A Deep Dive into Envoy Gateway's Advanced Security Policy

KubeCon Europe 2025

Envoy Gateway's Security Policy simplifies access to Envoy's robust security features, eliminating the need for users to navigate complex Envoy configurations. These features include CORS, JWT authentication, Basic Auth, OpenID Connect (OIDC), External Authentication (Ext Auth), and more. This session includes a demo showcasing OIDC authentication and authorization based on JWT claims, offering practical insights for enhancing application security—whether you're an experienced Envoy user or new to open source.

Envoy Gateway v 1.2.0 版本发布:新功能与改进介绍

Envoy Gateway(本文中简称 EG)在 11 月 6 日发布了最新的 1.2 版本。该版本带来了一系列激动人心的新特性和改进,本文将为您一一介绍。

Beyond Gateway API: Introducing Envoy Gateway's Gateway API Extensions

As the official Gateway Controller for the Envoy, Envoy Gateway provides full support for all the features of the Kubernetes Gateway API. In addition, Envoy Gateway extends the Gateway API by introducing a range of enhancements for traffic management, security features, and custom extensions that go beyond the standard API. In this post, we’ll dive into these Envoy Gateway extensions and explore their use cases.

超越 Gateway API:深入探索 Envoy Gateway 的扩展功能

作为 Envoy 社区推出的 Ingress Gateway 实现,Envoy Gateway 全面支持了 Kubernetes Gateway API 的所有能力。除此之外,基于 Gateway API 的扩展机制,Envoy Gateway 还提供了丰富的流量管理、安全性、自定义扩展等 Gateway API 中并不包含的增强功能。本文将介绍 Envoy Gateway 的 Gateway API 扩展功能,并深入探讨这些功能的应用场景。

Highlights of Envoy Gateway v1.1.0: What’s New and Improved

Envoy Gateway (EG) released its latest version, 1.1.0, on July 22. This update marks the first feature release since the 1.0 GA (General Availability) version and includes multiple new features and improvements. In this article, I will highlight some of the most important new features.

Envoy Gateway v 1.1.0 版本发布:新功能与改进介绍

Envoy Gateway(本文中简称 EG)在 7 月 23 日发布了最新的 1.1 版本。1.1 版本 EG 在 1.0 GA (General Availability)版本后的第一个功能更新版本,那么该版本中有哪些重要的新特性和改进呢?本文将为您一一介绍。

How to Get the Client’s “Real” IP Address with Envoy Gateway ?

Just as a river flows from its source through various bends before reaching the sea, a typical HTTP request travels from a client across multiple network hops until it reaches its destination server. During this journey, the request’s original IP address is lost as it moves through multiple network infrastructures such as proxy servers and load balancers. This happens because some of these hops terminate the TCP connection and create a new TCP connection with the next hop.

如何通过 Envoy Gateway 得到客户端的真实 IP 地址?

本文将介绍使用 X-Forwarded-For Header、自定义 HTTP Header 和代理协议这些方法来获取客户端真实地址的原理,以及如何采用 Envoy Gateway 来方便地获取到客户端的真实 IP 地址,并基于客户端 IP 地址进行对请求进行访问控制、限流等操作,以提高应用的安全性和可用性。