The Cloud Native Computing Foundation (CNCF) this week announced the open source Envoy service proxy software originally developed by Lyft has now graduated. Envoy becomes the third CNCF project to achieve this status, following Kubernetes container orchestration and the Prometheus container monitoring project.
Matt Klein, software engineer at Lyft and architect of Envoy, says the elevation of Envoy is a significant milestone because Envoy makes it feasible for IT organizations to deploy the same proxy service software from the network edge to the cloud.
The Envoy service proxy can be used with any application regardless of programming language or runtime. Features of Envoy include support for HTTP/2 and gRPC protocols, external authorization, global rate limiting and a configuration application programming interface (API).
Klein says Envoy can be employed to address myriad activities from simply balancing container workloads to managing APIs. The latter capability is becoming more critical as IT organizations embrace microservices based on containers. Each microservice generates a set of APIs that needs to be managed. As the number of those microservices starts to increase, the management of all those APIs becomes exponentially more challenging. In fact, as the number of microservices being employed by any organization increases, the need to adopt best DevOps practices becomes that much more acute.
However, Klein also concedes Envoy in its current incarnation can be challenging to deploy and manage. Most of that complexity will be hidden from IT organizations as Envoy proxy services become embedded within a wide variety of applications and services. For example, Actapio, a subsidiary of Yahoo Japan, partnered with Heptio, which was just acquired by VMware, to use the Envoy proxy software in a open source Heptio Gimbal project. That project makes it possible to ingress data at scale across hundreds of Kubernetes and OpenStack clusters in the private cloud. As more vendors embrace Envoy there’s a real potential for Envoy to overwhelm rival service proxies simply by the dint of the number of organizations contributing to its ongoing development. That is especially true if that rival service proxy is focused on a narrower set of use cases.
Klein notes that Envoy is optimized for containerized applications, so other types of service proxies that address legacy applications are not going away anytime soon. But service proxies will play a more critical role in the age of microservices. The great irony of microservices is that to make organizations more agile from a software perspective, the way software is built, deployed and managed is becoming more complex. Service proxies are clearly going to play a much bigger role in the enterprise as part of the transition. But it’s not even clear the degree whether developers or IT operations teams ultimately will be responsible for deploying and managing those service proxies.
In the meantime, service proxies are essentially the digital equivalent of good fences that tend to make for good neighbors. Otherwise, the dependencies between microservices become unmanageable to the point where the entire IT environment simply collapses of its own weight.