Why Higress 1.0 Is the Next‑Gen Cloud‑Native Gateway for Kubernetes

Introduction

Kubernetes standardizes gateway access through Ingress and Gateway APIs, and Higress 1.0 (GA) is the official production‑ready open‑source gateway that consolidates traffic, security, and microservice gateways into a single cloud‑native solution.

Early Development (May‑Nov 2020)

The project originated from Alibaba’s internal “local life” campaign, aiming to enable direct RPC between Alibaba and Ant business domains that are network‑isolated. The core requirement was hot‑update of gateway configuration, because traditional reload‑based updates cause connection drops and traffic spikes. After evaluating options, the team chose Envoy for its fast‑growing adoption as a K8s Ingress provider and built a two‑layer gateway (traffic + business) that could handle tens of thousands of requests per second during major sales events.

Evolution and Expanded Scenarios (Dec 2020‑Oct 2021)

Following successful deployments inside Alibaba and Ant, Higress expanded to support east‑west and north‑south traffic, cross‑domain RPC, hybrid‑cloud scenarios, and integration with Alibaba Cloud’s MSE cloud‑native gateway. It now routes traffic for services such as DingTalk Docs, Alibaba Video Cloud, DAMO Lab’s Store‑XiaoMi, and intelligent digital humans.

Open‑Source Release and Community Growth (Nov 2021‑Present)

After the GA release, community feedback highlighted high‑frequency demands: plugin extensions, WAF protection, multi‑registry support, Nginx Ingress annotation compatibility, and HTTP‑to‑Dubbo translation. Higress responded by delivering a highly integrated gateway that combines traffic, microservice, and security functions, and deeply integrates with Dubbo, Nacos, and Sentinel.

Technical Advantages

High integration with service discovery : Leveraging Envoy’s Cluster types (EDS, DNS, STATIC), Higress can discover services via Nacos, Zookeeper, K8s Service, DNS, or static IP.

Example of service‑discovery configuration in the console:

Extensible Wasm plugin lifecycle : Development, distribution, and runtime phases are managed through OCI‑based Wasm images. Plugins can be hot‑updated without breaking connections, and run in a sandbox to prevent gateway crashes.

Wasm plugin OCI image spec: https://higress.io/zh-cn/docs/user/wasm-image-spec

Plugin distribution uses an OCI image that bundles README, configuration schema, and the Wasm binary, which can be pulled from any OCI‑compatible registry and enabled via the Higress console.

Standardization and reduced migration cost : Higress implements Ingress API natively and offers experimental support for the beta Gateway API, allowing seamless migration between the two standards.

apiVersion: gateway.networking.k8s.io/v1beta1</code>
<code>kind: HTTPRoute</code>
<code>metadata:</code>
<code>  name: foo</code>
<code>spec:</code>
<code>  parentRefs:</code>
<code>  - name: foo-example</code>
<code>  hostnames:</code>
<code>  - "foo.example.com"</code>
<code>  rules:</code>
<code>  - matches:</code>
<code>    - path:</code>
<code>        type: PathPrefix</code>
<code>        value: /foo</code>
<code>      headers:</code>
<code>      - type: Prefix</code>
<code>        name: x-higress-header</code>
<code>        value: hi</code>
<code>      queryParams:</code>
<code>      - type: Exact</code>
<code>        name: higressQuery</code>
<code>        value: hi</code>
<code>      method: POST</code>
<code>    backendRefs:</code>
<code>    - name: foo-service</code>
<code>      port: 5678

Observability : Higress ships built‑in Prometheus and Grafana, and can integrate with external monitoring systems.

Installation : One‑click Helm deployment.

helm repo add higress.io https://higress.io/helm-charts</code>
<code>helm install higress -n higress-system higress.io/higress --create-namespace --render-subchart-notes --set higress-console.domain=console.higress.io

For local testing on k3s/kind:

helm install higress -n higress-system higress.io/higress --create-namespace --render-subchart-notes --set global.local=true --set higress-console.o11y.enabled=false --set higress-console.domain=console.higress.io --set higress-console.admin.password.value=admin

Microservice ecosystem integration : Supports Dubbo and Spring Cloud services regardless of whether they run inside K8s.

Dubbo integration guide: https://cn.dubbo.apache.org/zh-cn/overview/what/ecosystem/gateway/higress/

Spring Cloud integration guide: https://higress.io/zh-cn/docs/user/spring-cloud

Performance : While HTTP/1 performance is comparable to Nginx, Higress outperforms Nginx on HTTP/2 and gRPC (up to 4× higher throughput for gRPC).

gRPC benchmark: https://gist.github.com/johnlanni/aac7480c17b0fde05fa64a20fc93b165

K8s Nginx Ingress comparison: https://xie.infoq.cn/article/0a2c9ac4ed139bc28f881d7c3

Production Practices

Higress provides built‑in observability, Helm‑based installation, and seamless integration with existing microservice stacks. It has been adopted by multiple enterprises, with over 13 releases, 183 merged PRs, and a vibrant community contributing plugins and extensions.

Community roadmap (post‑GA):

1.1 (June): HTTP2RPC API, non‑K8s support

1.2 (July): deeper integration with SkyWalking, full Gateway API implementation

1.3 (August): API‑management productization, independent Wasm plugin marketplace

The Wasm plugin ecosystem will remain a long‑term focus, with ongoing challenges and hackathons encouraging contributions.

Community and Acknowledgments

Since the 1.0 GA, Higress continues a monthly release cadence, with contributions from dozens of external developers and many corporate partners. The project invites new contributors via GitHub issues and provides support channels for real‑world deployments.

Higress GitHub issue: https://github.com/alibaba/higress/issues/1