Tetrate
introduced Tetrate Enterprise Envoy Gateway (TEG) for tech preview. TEG
is Tetrate's enterprise-grade, fully supported offering of open source
Envoy Gateway, a streamlined API tailored for gateway use cases. TEG is
in technical preview. Interested design partners can learn more at: https://tetrate.io/tetrate-enterprise-envoy-gateway/.
TEG
extends the features of Envoy Gateway, the cloud native service
gateway, with an emphasis on ease-of-use, a quick path to getting
started and easy operations once you're in production. These additional
features include cross-cluster service discovery and load balancing,
OpenID Connect (OIDC), OAuth2, Web Application Firewall (WAF) and rate
limiting out of the box along with Federal Information Processing
Standard (FIPS) 140-2 compliance, ingress-of-ingresses to enable safe
application team self-serve and more.
*About Envoy Gateway, the core of TEG*
Envoy Gateway,
the core of TEG, is an open source project under the umbrella of Envoy
and the CNCF, created in May of 2022 to "bring Envoy to the masses."
Envoy Gateway makes it simple to use Envoy Proxy as a service and API
gateway by leveraging the new Kubernetes Gateway APIs and delivering a
simplified deployment mode aimed at common cloud native use cases.
*Introducing TEG: a fully supported distribution of 100% upstream Envoy Gateway*
TEG,
as a fully supported distribution of 100% upstream Envoy Gateway with
additional tooling and support, including the following:
- Cross-cluster service discovery and load balancing
- OIDC, OAuth2, WAF and rate limiting out of the box
- Support for Ingress-of-Ingresses deployments
- "Per app team" deployments with Tier 1 and Tier 2 logic
- Common Vulnerabilities and Exposures (CVE) alerting and upgrade management
- Simplified lifecycle management
- FIPS 140-2 compliant Envoy
- Turn-key installation and upgrade
- 24/7 support with service level agreements (SLAs)
"Several players in the ecosystem-including Tetrate, Ambassador Labs, VMware and others-have joined forces in the open source Envoy Gateway project to 'democratize ingress,' providing a highly performant solution based on the Kubernetes API," said Bas van Beek,
founding engineer and general manager of TEG at Tetrate. "Envoy Gateway
makes Envoy simple to use, serves as 'API Gateway Lite,' and
essentially commoditizes the control plane so that the ecosystem can
shift our efforts up the stack to provide more value for users.
"In addition to serving as a primary contributor to the Envoy Gateway project,
Tetrate is offering TEG as a fully supported, 100% upstream
distribution of Envoy Gateway with additional tooling and support for
the enterprise. TEG is available today for a free technical preview. We
encourage everyone to give it a try and give us your feedback."
*TEG Use Cases*
TEG
is designed for app teams who want to replace or augment existing load
balancers, are looking for an "API Gateway Lite" solution, or who need
to take advantage of TEG's capabilities for Ingress-of-Ingresses or
multi-cluster applications. Ideal use cases include:
- Modernize
in place: To migrate from monoliths to microservices, pair TEG with
your existing F5 deployment to provide per request control and policy,
enabling self-serve app modernization at the app team's pace.
- Replace
default ingress for per-request control and visibility: TEG is a
drop-in replacement for OpenShift HAProxy ingress or simple NGINX to
unlock control, visibility, authentication, and rate limiting. It can
also be used as a more featureful replacement for stock cloud load
balancers like ELBs for cloud-first deployments.
- Ingress-of-Ingresses
to enable app team self-serve: TEG enables app teams to keep consistent
external addresses and consolidate policies for North-South traffic
while allowing app-team self service. TEG presents a consistent facade
(address, DNS name, etc.) to users while auto-discovering clusters as
they are provisioned and deprovisioned. TEG also supports heterogeneous
applications in each cluster.
- API
Gateway Lite: With TEG, rate limiting and OIDC/OAuth2 authentication
are available out of the box. Enforce authentication for any app,
provide SSO for applications without code change, and rate limit on
IP5-tuple, HTTP headers and more. TEG integrates with API endpoint
protection providers such as Cequence Security.
- Cross-cluster
discovery and failover at ingress: TEG auto-discovers clusters and
their available services based on configuration and rules and
automatically fails over to remotes as local traffic fails, faster than a
GLB can respond. With TEG, failures are identified quickly and outages
are mitigated.
*Availability and Pricing*
A technical preview of TEG is currently available, sign up for a trial today.
TEG will be generally available in Q1 for direct purchase from Tetrate
and for self-service purchase in the AWS Marketplace. TEG software and
supporting service is $5K per cluster per year, with unlimited gateways in each cluster.