Securing Egress Traffic with kgateway, Istio Ambient Mesh, and Kyverno: LFX Mentorship Blog

[AryanParashar24]

Description

This pull request adds a new Security blog post introducing the integration of kgateway with Istio Ambient Mesh, focusing on managing egress traffic and the benefits of a sidecar-less data plane. The post outlines the architecture, advantages, and policy management capabilities of kgateway within Istio's ambient mesh environment.

Change Logs

New blog post on Istio Ambient Mesh and kgateway:

• Added content/blog/egress-traffic-with-kgateway-and-Istio-integration.md with an overview of Ambient Mesh, its separation of L4 and L7 layers, and how kgateway integrates as a pluggable waypoint for Istio.
• Described the benefits of Ambient Mesh for reducing computational overhead and improving security and resource usage, as well as the unique features of kgateway such as shared observability and unified configuration.
• Included sections for future elaboration on Istio authorization policies, external authorization management, CEL-based RBAC policies, and a demo to show Traffic.

Summary

This blog post discusses the integration of kgateway with Istio, highlighting its benefits, features, and how it manages egress traffic effectively. It covers the differences between Layer 4 and Layer 7 authorization policies and provides insights into the advantages of using kgateway in various scenarios.

[AryanParashar24]

Made some changes, Let me know if we should change anything else!

[npolshakova]

I think ServiceEntries aren't supported for agentgateway yet, so let's call out you can also use agentgateway for more advanced LLM routing use-cases. I guess we could also change the example in this blog to not use ollama (and use a simple httpbin example instead), then in the next blog use ollama with the AI Backend type and agentgateway.

[Nadine2016]

not sure if we typically mention other relevant blogs that people can explore??

[npolshakova]

I think we can upload the video to the kgateway youtube! @linsun do you have permissions for the youtube account?

[npolshakova]

Blog looks great! Let's update the title and then I think it's good from my end!

[npolshakova]

LGTM! Great job! 🎉

[npolshakova]

I think this will need a publishDate to show up on the blog page! See this example:

kgateway.dev/content/blog/llm-d-kgateway.md

Line 4 in 47a8cd3

publishDate: 2025-05-20T10:00:00-00:00

[artberger]

Thanks for writing up your experiences. Overall, it looks good. Nina's comment about the publishDate needs to be addressed so that it shows up.

Style-wise, I left some non-blocking comments that would apply throughout. We typically prefer second-person you (not first-person we), active over passive verbs, and non-positional language (previous or following instead of above or below). But because this is a blog, we can be more flexible, so I will approve.

[npolshakova]

Looks like there's an invalid image. Please clean up and rebase.

[npolshakova]

🎉 LGTM!