A proxy born at Lyft
Envoy was developed internally at Lyft starting 2015 by Matt Klein to manage scaling of the company’s microservices infrastructure. Released as open source in September 2016, version 1.0 arrives in September 2017, simultaneous with CNCF Incubating entry. Graduated in 2018. Apache 2.0 licence.
Technical features
Envoy is an L4/L7 proxy in C++14, designed for cloud-native environments:
- HTTP/1.1, HTTP/2, HTTP/3 (QUIC), gRPC, TCP, WebSocket, Redis, MySQL, PostgreSQL proxy
- Native observability — Prometheus metrics, Jaeger/Zipkin tracing, structured logs
- Dynamic configuration via xDS API (CDS, LDS, RDS, EDS, SDS) — the control plane can update Envoy without restart
- Automatic mTLS, retries, circuit breakers, timeouts, rate limiting, outlier detection
- Advanced load balancing: round robin, least request, ring hash, maglev
As data plane
Envoy is the reference data plane of:
- Istio — control plane for K8s
- Linkerd (v1) — later replaced by Linkerd2-proxy in Rust
- AWS App Mesh
- Google Cloud Traffic Director
- Kong Mesh, Consul Connect, Kuma
- Gloo Gateway, Contour — as ingress controller
Front proxy and ingress
Outside service mesh, Envoy is used as:
- Front proxy (L7 load balancer)
- API Gateway (via derived projects like Emissary, Gloo)
- Kubernetes ingress controller (Contour)
- Edge proxy (technology base of services like Stripe, Apple, Pinterest, Slack)
In the Italian context
Envoy is adopted in Italy via Istio and via managed cloud services embedding it. Rarely used directly by application teams; more common as a component of platforms (OpenShift Service Mesh, GKE, EKS).
References: Envoy Proxy 1.0 (September 2017). Lyft, Matt Klein. CNCF Incubating (September 2017) → Graduated (November 2018). Apache 2.0 licence. xDS API. Data plane of Istio, AWS App Mesh, Kong Mesh.