Securing the Gateway: A Deep Dive Into Envoy Gateway's Advanced Security Policies

This conference talk explores Envoy Gateway's advanced security features, focusing on its Security Policy implementation. Learn how this growing project within the Envoy ecosystem has evolved through version 1.3, gaining adoption across production environments. Discover how Envoy Gateway manages Envoy-based application gateways while fully complying with Kubernetes Gateway API standards and extending functionality through custom resource definitions (CRDs). Understand how Security Policy simplifies access to Envoy's powerful security capabilities—including CORS, JWT authentication, Basic Auth, OpenID Connect (OIDC), and External Authentication—without requiring complex Envoy configurations. Watch a practical demonstration of OIDC authentication and authorization based on JWT claims, gaining valuable insights to enhance application security regardless of your experience level with Envoy or open source technologies.