Introducing the Envoy Operator for Kubernetes

Today, Solo.io is pleased to announce a new open source project, the Envoy Operator. The Envoy Operator is a tool designed to simplify deploying, scaling, and managing Envoy instances inside of Kubernetes. This operator was made possible thanks to the folks at CoreOS who just open-sourced the incredibly useful Operator SDK, which we used to build the Envoy Operator.

Through our work on Gloo, Solo.io’s function gateway built on Envoy, we are regularly deploying and bootstrapping Envoy instances inside of Kubernetes. Configuring Envoy with its initial config can be complicated, particularly when each instance requires a unique configuration.

One popular solution to this problem has been the use of an agent, a process that lives alongside Envoy and can be used to create the bootstrap configuration before manually starting the Envoy process itself. We felt this solution would be an overkill for our use case, particularly in Kubernetes where the Operator pattern has already been used to provide similar functionality for applications such as etcd, Vault, and Prometheus.

The Envoy Operator allows Envoy instances to be managed like any other Kubernetes resource — using a declarative, stateless API, and a controller that will manage the lifecycle of pods and configuration files used to run Envoy.

Our initial release features an operator which deploys Envoy as a standalone pod, with support for ADS-based configuration. The user specifies important details of the Envoy config in a CRD, and the operator automatically ensures that the desired number of Envoy instances are deployed with a matching bootstrap configuration.

Our roadmap for this project includes

  • Support for the injection of Envoy sidecars into running pods, for use in service meshes such as Istio.
  • Support for hot restarts to enable a completely agentless Envoy experience in the near future.
  • Open-source enhancements to Envoy, such as the Cilium Project, which promises to optimize both performance and security in Envoy through eBPF.

We would like to extend a special thank-you to Brandon Phillips, CoreOS and the authors of the Operator SDK for making the Envoy Operator possible. We invite all Envoy users — from novice to advanced — to try the Envoy Operator today. Thanks for reading, and stay tuned for more innovation from Solo.io!