Tetrate Previews API Gateway Based on Envoy
Tetrate today at the Kubecon + CloudNativeCon conference previewed an application programming interface (API) gateway for Kubernetes clusters based on open source Envoy proxy software.
The Tetrate Enterprise Envoy Gateway is based on Envoy Gateway (EG), an instance of the open source project for building API gateways that is jointly curated by Ambassador Labs, Fidelity Investments, Tetrate and VMware and is being advanced under the auspices of the Cloud Native Computing Foundation (CNCF) alongside Envoy proxy software.
Tetrate CEO Varun Talwar said the Envoy Gateway provides IT teams with an alternative to a service mesh such as Istio to manage APIs. That option is critical for organizations that lack the expertise to deploy and manage Istio.
Capabilities of the gateway include turnkey installation, cross-cluster service discovery and load balancing, support for OpenID Connect (OIDC) and OAuth2, an integrated web application firewall (WAF), rate limiting and an ability to use ingress-of-ingresses deployments to route API traffic based on policies defined by IT teams.
Tetrate has been providing an instance of Istio that can manage APIs across a Kubernetes environment and legacy monolithic applications running on virtual machines.
The Tetrate Enterprise Envoy Gateway provides a simpler alternative that organizations can adopt before determining they need to manage APIs at a level of scale that requires Istio, said Talwar.
API management is becoming more challenging as more applications based on microservices are built and deployed. Each microservice has its own API, so organizations can find themselves managing hundreds, potentially thousands, of internal and external-facing APIs.
As organizations address that challenge, most of them will wind up deploying a mix of proxy software, gateways and service meshes based on the number of APIs they need to manage and their overall level of expertise, noted Talwar.
Initially developed by Lyft, Envoy is a complex piece of software that requires a significant level of engineering expertise to master. However, as IT teams look to become more agile, the need for a layer of abstraction that reduces application networking complexity has become apparent.
Less clear is who within IT teams is responsible for API management. Developers create APIs, but the management of those APIs is increasingly being centralized. DevOps teams are often taking the lead on those efforts, but in other instances, network operation teams are extending their purview into the realm of application networking. Conversely, other organizations are extending the reach of DevOps teams to include network operations now that it is more feasible to programmatically manage network overlays. In fact, with the rise of platform engineering as a methodology for centralizing the management of DevOps, it’s only a matter of time before networking becomes more integrated into those workflows.
Regardless of approach, the management of APIs, along with the rest of IT, is converging as various roles and responsibilities continue to overlap in enterprise IT organizations. It may take a while to achieve that goal, but with the advent of API gateways and service meshes, the process is already well underway.