← Back to overview

Running Envoy Gateway as DaemonSet

When running Envoy Gateway with a Service type of NodePort, you most likely want to ensure that your Gateway is being deployed as DaemonSet on your cluster to be able to forward the traffic to all your worker nodes.

By default, Envoy Gateway utilises Deployment resources to start Envoy on your cluster.

In order to configure Envoy Gateway to utilise a DaemonSet over a Deployment you will need to create a resource of type EnvoyProxy which is a Envoy Gateway CRD that can be used to alter the default behaviour of the underlying Envoy instance. It can either be attached to a Gateway or to a GatewayClass and thereby affecting all Gateway objects that are derived from it.

apiVersion: gateway.envoyproxy.io/v1alpha1
kind: EnvoyProxy
metadata:
  name: envoy-proxy-config
  namespace: envoy-gateway-system
spec:
  provider:
    type: Kubernetes
    kubernetes:
      envoyDaemonSet: {}
      envoyService:
        type: NodePort

The EnvoyProxy manifest above instructs Envoy to spawn a DaemonSet instead of a Deployment. The envoyDaemonSet object offers a few more configuration keys to adjust how the DaemonSets are being spawned and named.

You can find out more about the available configuration parameters by running the following command or by checking out the Envoy Gateway API Reference.

Terminal window
kubectl explain envoyproxy.spec.provider.kubernetes.envoyDaemonSet