A proxy born at Lyft
Envoy was developed internally at Lyft starting 2015 by Matt Klein to manage scaling of the company’s microservices infrastructure. Released as Open Source in September 2016, version 1.0 arrives in September 2017, simultaneous with CNCF Incubating entry. Apache 2.0 licence.
Technical features
Envoy is an L4/L7 proxy in C++14, designed for cloud-native environments:
- HTTP/1.1, HTTP/2, gRPC, TCP, WebSocket, Redis, MySQL, PostgreSQL proxy
- Native observability — Prometheus metrics, Jaeger/Zipkin tracing, structured logs
- Dynamic configuration via xDS API (CDS, LDS, RDS, EDS, SDS) — the control plane can update Envoy without restart
- Automatic mTLS, retries, circuit breakers, timeouts, rate limiting, outlier detection
- Advanced load balancing: round robin, least request, ring hash, maglev
As data plane
Envoy is poised to become the reference data plane of:
- Istio — control plane for K8s (born 2017 on Envoy)
- Linkerd (v1)
- AWS App Mesh
- Gloo Gateway, Contour — as ingress controller
Front proxy and ingress
Outside service mesh, Envoy is used as:
- Front proxy (L7 load balancer)
- API Gateway (via derived projects like Emissary, Gloo)
- Kubernetes ingress controller (Contour)
- Edge proxy (technology base of services like Stripe, Apple, Pinterest, Slack)
In the Italian context
Envoy is beginning to spread in Italy via Istio and via managed cloud services embedding it. Direct use by application teams is rare; more common as a component of platforms (OpenShift Service Mesh, GKE, EKS).
References: Envoy Proxy 1.0 (September 2017). Lyft, Matt Klein. CNCF Incubating (September 2017). Apache 2.0 licence. xDS API.