Gloo Platform 2.4
We are excited to announce the release of Gloo Platform 2.4. This is a big release with a ton of great features that increase the security, high availability, and connectivity in your service mesh. The latest release includes more than 330 new improvements and a hundred new features. Some of our users were able to test the four beta releases, but today it’s available to all.
In this release, we had a number of features that existed in Beta or Alpha states in previous releases, but are now GA. Namely, Egress, AWS Lambda, and TrimConfigProxy settings are all certified for production use across your environments.
Now let’s get into some of the exciting features of Gloo Platform 2.4.
Virtual Machine Integration
With this release, you can now effortlessly bootstrap Virtual Machines (VMs) using meshctl, streamlining the process of installing critical components like istiod-agent, Spire, and Otel services directly onto the VM. This integration empowers you to achieve seamless orchestration and communication between your VMs and the cluster, ensuring optimal performance and security.
Using the Gloo Platform user interface, you gain comprehensive visibility into crucial details such as Instance, Subnet, and VPC/Network information, enabling you to make informed decisions about resource allocation and network configurations. This powerful tool empowers you to optimize your cloud environment for peak efficiency.
Security is at the heart of our new feature set. Identity issuance and management are handled seamlessly by the Spire Agent, utilizing the same Certificate Authority (CA) as the cluster the agent is registered with. This ensures that identity information is derived directly from the attributes of the runtime platforms, such as GCP Service Account or AWS Role, providing a solid foundation for secure interactions within your cloud environment. Communication between the agent and the cluster is fortified through mutual Transport Layer Security (mTLS), adding an extra layer of protection to your operations.
The Gloo Platform has introduced a significant enhancement in v2.4, allowing users to exert control over egress traffic and implement TLS origination for outbound communication from their service mesh.
Prior to this development, Istio users were tasked with devising their own security measures for managing traffic that left the mesh or creation of Istio Custom Resources (CRs), a laborious and error-prone process. For instance, one user’s development team was creating hundreds of Service Entries (SEs) and Destination Rules (DRs) manually. With this new feature in place, these tasks will now be vastly simplified, promising a more streamlined operational experience.
In order to ensure that traffic doesn’t circumvent the Egress Gateway, customers are advised to implement a Kubernetes network policy, which can also be managed by Gloo Platform.
In the latest version of Gloo Platform 2.4, our OpenTelemtry (OTel) pipeline seamlessly integrates with Jaeger for tracing as its designated tracing platform. Jaeger, an open-source tool, facilitates the tracking of a request’s journey as it traverses between microservices. The Gloo OTel pipeline effectively captures this sequence of events and interactions, presenting them in the integrated Jaeger UI within the Gloo user interface. This invaluable data serves as a powerful resource for troubleshooting potential complications within your microservices architecture and pinpointing areas of performance constraint.
High Availability Across Regions
From day one, Gloo Platform introduced a form of high availability that enabled the scaling of the management plane to multiple replicas. This feature provided users with a safety net in case any one instance encountered disruption. While this form of high availability met most users’ needs, some users sought additional fail-safes to address potential outages stemming from entire cluster or region-wide disruptions.
In the latest iteration of Gloo Platform, we’ve incorporated a new capability: the option to establish two instances of the management plane across two distinct regions. This empowers customers to leverage their own cross-regional Redis setup to synchronize the configurations between these dual management planes. With this arrangement, in the event of a complete region outage — let’s say AWS East experiences a disruption — users can still make configuration adjustments within their environment, thanks to an automated failover mechanism. This enhancement provides an extra layer of resilience for your operations.
For more information, please see the technical deep dive blog.
Gloo Platform is now available in the AWS marketplace for private offers. AWS customers can now use their committed AWS spend to purchase our platform through the marketplace.
For the trial version in AWS you can visit the market place here. For paid versions you can contract through AWS using a private offer that will count against your committed AWS spend.
Other Key Updates:
- Cilium – Solo has added our own custom builds of Cilium that allow for long term support that enterprise customers need. We’ve also added a Grafana dashboard and Cilium flow log aggregation to our metrics collection.
- OPA 2.4 – Our existing OPA feature now includes support for distributed OPA bundles and enables many extauth servers to consume bundles from a centralized location; also, we now support BYO OPA servers for customers who manage their own, or want to use enterprise Styra opa images.
- Claims-based authN/authZ – Claims rules can now be defined directly in the JwtPolicy, eliminating the need for converting claims to headers and using OPA to validate.
Try Gloo Platform today!
Test drive Gloo Platform 2.4 today by requesting a free trial. If you would like to learn more about Gloo Platform or any of the component products in the Gloo Platform, our documentation page has all the details. If you still have questions (or just want to reach out with feedback), we have a public Slack community available for anyone to join and chat with us. We’d love to hear from you!BACK TO BLOG