Huabing Blog

Bringing Full L7 Power to Istio Ambient Mesh with Envoy Gateway

Use Envoy Gateway as the Unified Ingress Gateway and Waypoint Proxy for Ambient Mesh

In this article, we’ll look at how you can use Envoy Gateway, an Envoy project open source solution, together with Istio when running in Ambient mode. This will allow you to easily leverage the power of Envoy’s L7 capabilities for Ingress traffic and east-west traffic in your mesh with easy-to-use CRDs.

Posted by Huabing Zhao & Ric Hincapie on Thursday, July 24, 2025

Envoy Gateway Policies: Unlocking the Full Power of Envoy Proxy for API Gateways

KubeCon Japan 2025

This presentation will delve into Envoy Gateway's API extensions: ClientTrafficPolicy, BackendTrafficPolicy, SecurityPolicy, and EnvoyExtensionPolicy. We'll explore their practical applications in managing and securing edge traffic, showcasing advanced features like JWT authorization, rate limiting, OIDC integration, external processing, and WASM plugins.

Istio Ambient 模式流量管理实现机制详解（一）

HBONE 隧道原理

Istio ambient 模式采用了被称为 HBONE 的方式来连接 ztunnel 和 waypoint proxy。HBONE 是 HTTP-Based Overlay Network Environment 的缩写。虽然是一个新的名词，但其实 HBONE 并不是 Istio 创建出来的一个新协议，而只是利用了 HTTP 协议标准提供的隧道能力。简单地说，ambient 模式采用了 HTTP 的 CONNECT 方法在 ztunnel 和 waypoint proxy 创建了一个隧道，通过该隧道来传输数据。本文将分析 HBONE 的实现机制和原理。

Posted by 赵化冰 on Monday, May 26, 2025

Fixing High CPU Usage in VS Code

A small shell script to limit CPU usage of node processes in VS Code remote server.

Posted by Huabing Zhao on Friday, May 16, 2025

Envoy Gateway OIDC Authentication & Authorization Demo

In this demo, I’ll walk you through how to use Envoy Gateway’s SecurityPolicy to enforce OIDC authentication and authorization, using Amazon Cognito as the identity provider.

Securing the Gateway: A Deep Dive into Envoy Gateway's Advanced Security Policy

KubeCon Europe 2025

Envoy Gateway's Security Policy simplifies access to Envoy's robust security features, eliminating the need for users to navigate complex Envoy configurations. These features include CORS, JWT authentication, Basic Auth, OpenID Connect (OIDC), External Authentication (Ext Auth), and more. This session includes a demo showcasing OIDC authentication and authorization based on JWT claims, offering practical insights for enhancing application security—whether you're an experienced Envoy user or new to open source.

Envoy Gateway v 1.2.0 版本发布：新功能与改进介绍

Envoy Gateway（本文中简称 EG）在 11 月 6 日发布了最新的 1.2 版本。该版本带来了一系列激动人心的新特性和改进，本文将为您一一介绍。

Posted by Huabing Blog on Tuesday, November 5, 2024

Beyond Gateway API: Introducing Envoy Gateway's Gateway API Extensions

As the official Gateway Controller for the Envoy, Envoy Gateway provides full support for all the features of the Kubernetes Gateway API. In addition, Envoy Gateway extends the Gateway API by introducing a range of enhancements for traffic management, security features, and custom extensions that go beyond the standard API. In this post, we’ll dive into these Envoy Gateway extensions and explore their use cases.

Posted by Huabing Zhao（Envoy Gateway Maintainer） on Saturday, August 31, 2024

超越 Gateway API：深入探索 Envoy Gateway 的扩展功能

作为 Envoy 社区推出的 Ingress Gateway 实现，Envoy Gateway 全面支持了 Kubernetes Gateway API 的所有能力。除此之外，基于 Gateway API 的扩展机制，Envoy Gateway 还提供了丰富的流量管理、安全性、自定义扩展等 Gateway API 中并不包含的增强功能。本文将介绍 Envoy Gateway 的 Gateway API 扩展功能，并深入探讨这些功能的应用场景。

Posted by 赵化冰（Envoy Gateway Maintainer） on Saturday, August 31, 2024

Highlights of Envoy Gateway v1.1.0: What’s New and Improved

Envoy Gateway (EG) released its latest version, 1.1.0, on July 22. This update marks the first feature release since the 1.0 GA (General Availability) version and includes multiple new features and improvements. In this article, I will highlight some of the most important new features.

Posted by Huabing Blog on Monday, July 22, 2024

CNCF Ambassador, engineer @tetrate.io, creator @Aeraki Mesh, open-source enthusiast, technical writer and life adventurer

QUICK LINKS

FEATURED TAGS

aeraki aeraki mesh ambient mesh api gateway bitcoin blockchain cryptocurrency dubbo envoy envoy gateway istio kubecon kubernetes metaprotocol microservice onap service mesh

PUBLICATIONS