I’ve been thinking about gateways lately. Not the kind you walk through, but the digital kind that manage traffic between services. In my work with microservices, I’ve seen how a messy network of direct service-to-service calls can quickly become a tangled web that’s hard to manage and even harder to change. This complexity is what pushed me to explore a better way. Today, I want to share a practical approach to building a smart, type-safe entry point for your services. Think of it as a helpful traffic director for your digital city.

Why does this matter? As systems grow, you need a single, reliable point to handle common tasks. This includes checking who’s making a request, deciding where to send it, and making sure no single service gets overwhelmed. Doing this in each service is repetitive and error-prone. A central gateway solves this.

Let’s start with the core components. We’ll use Envoy Proxy as the high-performance engine that actually handles the requests. It’s incredibly fast and packed with features. To tell Envoy where services are, we’ll use Consul. Consul acts as a dynamic phone book, keeping track of which services are healthy and available. The brain of our operation will be a custom control plane written in TypeScript. This is where we write the logic to watch Consul and instruct Envoy on how to route traffic.

Have you ever wondered how large platforms instantly know about new services without manual updates? That’s the magic of dynamic discovery.

First, we need to set up our environment. Create a new project directory and a basic structure. We’ll use Docker Compose to run everything together smoothly.

# docker-compose.yml
version: '3.8'
services:
  consul:
    image: consul:latest
    ports:
      - "8500:8500"
  envoy:
    image: envoyproxy/envoy:latest
    ports:
      - "8080:8080"
    volumes:
      - ./config/envoy.yaml:/etc/envoy.yaml
  control-plane:
    build: ./control-plane
    ports:
      - "18000:18000"

Our TypeScript control plane needs a few key packages. We’ll use the consul library to connect to our service registry and @grpc/grpc-js to communicate with Envoy using its native protocol.

// package.json excerpt
{
  "dependencies": {
    "consul": "^1.2.0",
    "@grpc/grpc-js": "^1.9.0",
    "zod": "^3.22.4"
  }
}

Now, let’s give Envoy a simple starting configuration. This file tells Envoy to listen on port 8080 and where to find our control plane for its real instructions.

# config/envoy.yaml
static_resources:
  listeners:
  - name: main_listener
    address:
      socket_address:
        address: 0.0.0.0
        port_value: 8080
dynamic_resources:
  cds_config:
    resource_api_version: V3
    api_config_source:
      api_type: GRPC
      transport_api_version: V3
      grpc_services:
        - envoy_grpc:
            cluster_name: xds_cluster

The real intelligence begins in our control plane. Its first job is to connect to Consul and watch for changes. When a new service registers itself, our code needs to know.

// control-plane/src/consulWatcher.ts
import consul from 'consul';

export class ConsulWatcher {
  private client: consul.Consul;

  constructor(host: string) {
    this.client = new consul({ host });
  }

  async watchServices(callback: (services: string[]) => void) {
    const watcher = this.client.watch({
      method: this.client.catalog.service.list,
      options: {}
    });

    watcher.on('change', (data) => {
      const serviceNames = Object.keys(data);
      callback(serviceNames);
    });
  }
}

What happens when a service goes down? Our gateway needs to be smart enough to stop sending it traffic. This is where health checks come in.

With a list of healthy services, we can now build routing rules. Let’s say we have a /users path that should go to the user-service. We need to translate this intention into a format Envoy understands, called a RouteConfiguration.

// control-plane/src/configGenerator.ts
import { RouteConfiguration } from './types';

export function generateRouteConfig(serviceMap: Map<string, string[]>): RouteConfiguration {
  const routes = [];

  for (const [serviceName, instances] of serviceMap) {
    routes.push({
      match: { prefix: `/${serviceName}` },
      route: {
        cluster: serviceName,
        timeout: '5s'
      }
    });
  }

  return { name: 'main_routes', virtual_hosts: [{ name: 'backend', domains: ['*'], routes }] };
}

But routing is just the start. We also need to balance load between multiple instances of the same service. If you have three copies of your product-service, the gateway should spread requests evenly. Envoy supports several algorithms for this, like round-robin or least request.

How do you prevent a single slow service from causing a system-wide failure? This is a critical question for resilience.

We implement patterns like circuit breakers. If a service starts failing, the gateway can stop sending requests to it temporarily, giving it time to recover. Here’s how we might define that in our cluster configuration.

// Adding a circuit breaker to a cluster
const clusterConfig = {
  name: 'user-service',
  connect_timeout: '1s',
  circuit_breakers: {
    thresholds: [
      {
        max_connections: 100,
        max_requests: 1000,
        max_pending_requests: 50
      }
    ]
  }
};

Observability is non-negotiable. We need to see what’s happening. Envoy can export detailed metrics about request counts, errors, and latencies. We can pipe this data into tools like Prometheus. More importantly, we need distributed tracing to follow a single request as it journeys through the gateway and into various services.

Let’s not forget security. The gateway is the perfect place to handle authentication. We can validate JSON Web Tokens (JWTs) before a request ever reaches a business service.

// Example JWT validation filter config
const jwtFilter = {
  name: 'envoy.filters.http.jwt_authn',
  typed_config: {
    "@type": 'type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication',
    providers: {
      my_provider: {
        issuer: 'my-auth-server',
        local_jwks: { inline_string: '...' }
      }
    },
    rules: [{ match: { prefix: '/' }, requires: 'my_provider' }]
  }
};

Putting it all together, our TypeScript control plane becomes a stateful manager. It watches Consul, generates the correct Envoy configurations, and serves them via a gRPC endpoint. The beauty is in the dynamic updates. When you deploy a new version of a service, you can tell Consul, and within seconds, Envoy knows about it.

Testing this setup is crucial. You can use tools like siege or wrk to simulate traffic and see how the gateway behaves under load. Does it fail gracefully? Does it balance correctly? These are the questions you must answer before going live.

This approach gives you a powerful, flexible foundation. It’s type-safe because our TypeScript code catches configuration errors early. It’s dynamic because it reacts to changes in your infrastructure. And it’s resilient because it’s built with failure in mind.

Building this might seem like a big task, but the payoff is immense. You gain clear control over your service traffic, robust observability, and a solid pattern for growth. Start simple, with just routing and discovery. Then, layer in security, resilience, and advanced traffic management as you need it.

What problem in your current system would a smart gateway solve first?

I hope this walkthrough gives you a clear path forward. Building a type-safe gateway has been a game-changer for managing complex systems, and I’m confident it can help you too. If you found this guide useful, please share it with your team or anyone wrestling with microservice communication. I’d love to hear about your experiences or answer any questions in the comments below.

---

As a best-selling author, I invite you to explore my books on Amazon. Don’t forget to follow me on Medium and show your support. Thank you! Your support means the world!

---

101 Books

101 Books is an AI-driven publishing company co-founded by author Aarav Joshi. By leveraging advanced AI technology, we keep our publishing costs incredibly low—some books are priced as low as $4—making quality knowledge accessible to everyone.

Check out our book Golang Clean Code available on Amazon.

Stay tuned for updates and exciting news. When shopping for books, search for Aarav Joshi to find more of our titles. Use the provided link to enjoy special discounts!

---

📘 Checkout my latest ebook for free on my channel!
Be sure to like, share, comment, and subscribe to the channel!

---

Our Creations

Be sure to check out our creations:

Investor Central | Investor Central Spanish | Investor Central German | Smart Living | Epochs & Echoes | Puzzling Mysteries | Hindutva | Elite Dev | JS Schools

---

We are on Medium

Tech Koala Insights | Epochs & Echoes World | Investor Central Medium | Puzzling Mysteries Medium | Science & Epochs Medium | Modern Hindutva