Envoy Gateway — Operations¶
Scope
Production deployment patterns, operational procedures, performance tuning, and troubleshooting for Envoy Gateway.
Deployment¶
# Install via Helm
helm install eg oci://docker.io/envoyproxy/gateway-helm \
--version v1.3.0 -n envoy-gateway-system --create-namespace
# Verify
kubectl get gatewayclass
Gateway API Resources¶
Gateway Definition¶
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: eg
spec:
gatewayClassName: eg
listeners:
- name: http
protocol: HTTP
port: 80
- name: https
protocol: HTTPS
port: 443
tls:
mode: Terminate
certificateRefs:
- name: tls-cert
HTTPRoute¶
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: backend
spec:
parentRefs:
- name: eg
rules:
- matches:
- path:
type: PathPrefix
value: /api
backendRefs:
- name: backend-svc
port: 8080
Rate Limiting¶
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: BackendTrafficPolicy
metadata:
name: rate-limit
spec:
targetRefs:
- group: gateway.networking.k8s.io
kind: HTTPRoute
name: backend
rateLimit:
type: Global
global:
rules:
- limit:
requests: 100
unit: Minute
Common Issues¶
| Issue | Diagnosis | Fix |
|---|---|---|
| Route not working | kubectl get httproute |
Check parentRefs, gateway listeners |
| TLS errors | Check certificate secret | Verify cert/key in correct namespace |
| 503 responses | kubectl get endpointslice |
Check backend service health |