Tetrate announces Envoy Gateway: the open source, Kubernetes-native ingress

Bart: The host is Bart Farrell . The speaker is Varun Talwar (works for Tetrate).

Varun: My name is Varun. I'm the co-founder of Tetrate. Prior to that, I was a co-founder of two important cloud-native projects, Istio and gRPC, both of which I started at Google, and I founded Tetrate six years ago.

Bart: What news do you want to share with us today?

Varun: What I want to share is about Envoy Gateway. For those who don't know, everyone using Kubernetes needs a modern ingress to expose what they built in Kubernetes. Envoy Gateway is the best gateway API implementation, which brings the power of the full Gateway API that the community has coalesced and agreed upon. It brings the best of Envoy, the most powerful cloud-native proxy in CNCF. This packages all that and is the next generation after ingress controllers that have been running in Kubernetes for many years. It is simple, powerful, and modern, and we see a lot of users moving to it. We think it will become the dominant choice for people running Kubernetes.

Bart: Now, what problems or pain points does Envoy Gateway solve?

Varun: Envoy Gateway is all about managing incoming traffic into Kubernetes, securing that traffic, observing it, routing it, and load balancing it in a way that is fully open source and compliant with the Gateway API, which is the next spec after Ingress. The problem it solves is whether there is an open-source solution that can be put into a Kubernetes cluster to secure, manage, and observe all incoming traffic. This is not a new concept, but previous choices were either closed source or lacked features like OIDC, OAuth, and global rate limiting, which were kept under closed source. Envoy Gateway brings all these features to open source, along with the power of Envoy, dynamic programmability, and XDS, making it easier to decide what to put in a Kubernetes cluster to secure and observe all incoming traffic for APIs, whether HTTP or otherwise. In addition to solving this for API traffic, Envoy Gateway also handles AI traffic, such as routing to different LLM models. Essentially, it is a powerful ingress that can handle all kinds of traffic, web or AI. Before the announcement, if you wanted to achieve this, you would have had to choose from a list of options, either going to a closed-source vendor or picking a sub-optimal choice in terms of data plane. You would have struggled to find a complete, open-source solution with all the features and compliance to industry standards like Gateway API. With Envoy Gateway, this is no longer a problem, as it provides a simple, powerful, and modern solution that is aligned with industry standards and future-proofed for things like AI.

Bart: Is Envoy Gateway open source and part of the CNCF landscape?

Varun: Envoy Gateway is fully open source. It's part of Envoy as a project, which is a part of CNCF. So, it sits inside Envoy and is maintained by Envoy maintainers.

Bart: What is Tetrate's business model?

Varun: Tetrate's business model is selling commercial license software, both as a local deployment or as a SaaS. Specifically, for Envoy Gateway, we have a supported enterprise version called Tetrate Enterprise Gateway for Envoy, which is basically Envoy Gateway but with enterprise support, longer support windows, FIPS, and CVE patching. That's our business model, and that's what we charge for. Tetrate as a company has other offerings, like a similar product for Istio, which is TIE. We also have a complete modern traffic platform for the TSB, another enterprise traffic platform that we sell. These are the products we monetize.

Bart: Who are your main competitors?

Varun: Depends on which product you're talking about. When it comes to service mesh and East-West traffic, Istio is the de facto leading choice. There are other projects in CNCF, like Linkerd, which are well done and cater to a different audience, specifically small and medium companies. They are faster to spin up but lack the feature richness and community support that Istio has. For ingress, there are other options like Emissary Ingress and Contour, which are open source alternatives with smaller communities and limited compliance with modern standards. When it comes to enterprise traffic platforms, there are few options beyond what cloud providers offer for their respective clouds, such as Google's Anthos for Google Cloud Platform and Red Hat's offerings for OpenShift. Our uniqueness lies in being agnostic of environment and compute, working with Kubernetes, non-Kubernetes, any cloud, any data center, and any kind of workload.

Bart: What differentiates Envoy Gateway from the competitions? I mean, when we think about what you're doing at Tetrate with Envoy Gateway, how does that compare?

Varun: fully open source, fully compliant to the modern Gateway API, and making Envoy easy to use, for an ingress use case in Kubernetes, I would say those three.

Bart: And what's next for Tetrate and Envoy Gateway?

Varun: Tetrate is building more capabilities around the Envoy Gateway. In fact, tomorrow in the keynote, there will be a mention from some users on what they are starting to do. We recently announced a partnership with Bloomberg, where they are starting to use the Envoy Gateway. We are going to build more capabilities around handling AI traffic, and we continue to invest in enterprise capabilities in our modern traffic platform, TSB. These are the things that are coming up next.