KubernetesConceptBeginner · 4 min read

What Is Envoy Proxy in Kubernetes: Simple Explanation and Example

Envoy Proxy in Kubernetes is a lightweight service proxy that manages network traffic between microservices. It acts like a smart traffic controller, handling requests, retries, and security inside a Kubernetes cluster.

⚙️

How It Works

Imagine a busy post office where many letters (requests) need to be sorted and sent to the right destinations (services). Envoy Proxy acts like the postmaster who directs each letter efficiently, making sure it reaches the correct address quickly and safely.

In Kubernetes, Envoy runs as a sidecar container alongside your application. It intercepts all incoming and outgoing network traffic, managing it with features like load balancing, retries, and security checks. This helps your services communicate smoothly without worrying about network details.

💻

Example

This example shows a simple Envoy configuration that routes HTTP traffic to a backend service inside Kubernetes.

yaml

static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address:
        address: 0.0.0.0
        port_value: 8080
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          stat_prefix: ingress_http
          route_config:
            name: local_route
            virtual_hosts:
            - name: backend
              domains: ["*"]
              routes:
              - match: { prefix: "/" }
                route: { cluster: service_backend }
          http_filters:
          - name: envoy.filters.http.router
  clusters:
  - name: service_backend
    connect_timeout: 0.25s
    type: STRICT_DNS
    lb_policy: ROUND_ROBIN
    load_assignment:
      cluster_name: service_backend
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: backend-service.default.svc.cluster.local
                port_value: 80

Output

Envoy listens on port 8080 and forwards all HTTP requests to the backend service at backend-service.default.svc.cluster.local:80

🎯

When to Use

Use Envoy Proxy in Kubernetes when you want to improve how your microservices talk to each other. It helps with:

Load balancing traffic evenly to avoid overload
Retrying failed requests automatically
Securing communication with encryption
Observing traffic for monitoring and debugging

Envoy is often used in service meshes like Istio to add these features without changing your application code.

✅

Key Points

Envoy is a sidecar proxy that manages network traffic in Kubernetes.
It provides load balancing, retries, and security features.
Envoy helps microservices communicate reliably and securely.
Commonly used in service meshes like Istio for advanced traffic control.

✅

Key Takeaways

Envoy Proxy manages and controls network traffic between Kubernetes services.

It runs as a sidecar container to handle retries, load balancing, and security.

Envoy improves reliability and observability without changing application code.

It is a core component in service meshes like Istio for advanced traffic management.