BestHub
Sign in
Cloud Native 8 min read

Deploy Envoy Gateway on Kubernetes: A Step‑by‑Step Guide with HTTP Routing

This tutorial walks you through installing Envoy Gateway as a CNCF sandbox project on a Kubernetes cluster, compares it with other gateway solutions, and shows how to configure a simple HTTP route, verify the deployment, and access the service using the Gateway API.

Linux Ops Smart Journey
Linux Ops Smart Journey
Linux Ops Smart Journey
Deploy Envoy Gateway on Kubernetes: A Step‑by‑Step Guide with HTTP Routing

Introduction

In cloud‑native architectures, an API gateway is essential for traffic entry, security, and service governance. As the Kubernetes Gateway API matures, many projects adopt it for unified north‑south traffic management. Envoy Gateway (EG), a CNCF sandbox project built on Envoy Proxy, offers a lightweight, extensible, and Gateway‑API‑compliant controller.

Feature Comparison

Core Architecture: NGF uses Nginx, EG uses Envoy, Kong uses Nginx/OpenResty.

Performance: EG provides superior performance and stability under high concurrency.

Configuration Updates: Both NGF and EG support dynamic configuration without reload; Kong uses Admin API or Kubernetes resources.

Key Advantages: EG leverages native Envoy high performance and modern API design.

Metrics: EG uses Envoy’s native statistics, supporting Prometheus/OpenTelemetry and Gateway‑API‑specific metrics.

Installation Steps

Step 0: Choose a Gateway Controller – Use NGF if your team is familiar with Nginx, EG if you prefer Envoy, or Kong for a rich plugin ecosystem.

Step 1: Prepare configuration values

# envoy-gateway-values.yml
global:
  images:
    envoyGateway:
      image: core.jiaxzeng.com/library/envoyproxy/gateway:v1.1.4
      pullPolicy: IfNotPresent
    ratelimit:
      image: core.jiaxzeng.com/library/envoyproxy/ratelimit:49af5cca
      pullPolicy: IfNotPresent
config:
  envoyGateway:
    gateway:
      controllerName: gateway.envoyproxy.io/gatewayclass-controller
    logging:
      level:
        default: info

Step 2: Install the Helm chart

$ helm install envoy-gateway -f envoy-gateway-values.yml -n envoy-gateway-system --create-namespace envoy-gateway
# Output shows the release is deployed and provides commands to check status.

Step 3: Create a GatewayClass

cat <<'EOF' | kubectl apply -f -
---
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: EnvoyProxy
metadata:
  name: global-proxy-config
  namespace: envoy-gateway-system
spec:
  provider:
    type: Kubernetes
    kubernetes:
      envoyDeployment:
        container:
          image: core.jiaxzeng.com/library/envoyproxy/envoy:distroless-v1.31.3
---
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
  name: envoy-proxy-gwc
spec:
  controllerName: gateway.envoyproxy.io/gatewayclass-controller
  parametersRef:
    group: gateway.envoyproxy.io
    kind: EnvoyProxy
    name: global-proxy-config
    namespace: envoy-gateway-system
EOF

Step 4: Create a Gateway resource

cat <<'EOF' | kubectl apply -f -
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: simple-gw
spec:
  gatewayClassName: envoy-proxy-gwc
  listeners:
  - name: http
    protocol: HTTP
    port: 80
EOF

Step 5: Define an HTTPRoute

cat <<'EOF' | kubectl apply -f -
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: simple
spec:
  parentRefs:
  - name: simple-gw
  hostnames:
  - "*.jiaxzeng.com"
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: "/"
    backendRefs:
    - kind: Service
      name: simple
      port: 80
      weight: 1
EOF

Step 6: Verify the deployment

# Check the pod location
kubectl -n envoy-gateway-system get pod -owide -l gateway.envoyproxy.io/owning-gateway-name=simple-gw

# Check the NodePort/LoadBalancer service
kubectl -n envoy-gateway-system get svc -l gateway.envoyproxy.io/owning-gateway-name=simple-gw

Typical output shows the pod running on a node and a LoadBalancer service exposing port 80:31653/TCP.

Access

After confirming the external IP and port, you can reach the service via the configured hostname (e.g., http://example.jiaxzeng.com). The gateway supports wildcard domains, allowing flexible domain routing.

Conclusion

Envoy Gateway, with native support for the Gateway API and Envoy’s powerful proxy capabilities, is emerging as a de‑facto standard for cloud‑native ingress. By following this guide you can quickly set up a modern gateway and lay a solid foundation for future security policies, observability, and traffic management.

As the Gateway API approaches General Availability, operations and platform teams are encouraged to evaluate and adopt this standardized solution early to improve system consistency and maintainability.

Envoy Gateway architecture diagram
Envoy Gateway architecture diagram
cloud-nativeKubernetesIngressEnvoyGateway API
Linux Ops Smart Journey
Written by

Linux Ops Smart Journey

The operations journey never stops—pursuing excellence endlessly.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment