Introducing Auth and Rate Limiting in Gloo Open Source
Over the past few months, we have seen an increase in the use of Gloo as a production API gateway, using Gloo to configure and route requests through Envoy Proxy to applications. As the community around Gloo has grown, we’ve been working hard to respond to feedback and make Gloo the top choice for different production API gateway use cases.
To that end, we’re pleased to announce that with the latest release, Open Source Gloo now supports configuring Authentication, Authorization, and Rate Limiting in Envoy. These capabilities have been available in Gloo Enterprise for some time, and now they are also available in open source.
Auth and Rate Limiting in Envoy Proxy
Many organizations need their API gateway to support external auth and rate limiting to successfully deploy their applications to their end users. Envoy Proxy already supports these use cases by defining APIs that can be implemented by external services. Gloo, as a control plane for Envoy Proxy, is able to implement and enforce these configurations to control traffic and access.
As of Gloo v0.20.7, these Envoy Proxy APIs are exposed, so that users can configure open source Gloo with their own implementations of external auth and rate limiting.
In Gloo enterprise, we distribute additional services that implement these APIs and expose a rich set of additional features. For instance, the external auth service in enterprise Gloo natively supports basic authentication, OAuth 2.0, OpenID Connect, JWTs, API keys, OPA, and LDAP — and it has an extensibility point for writing small Golang plugins to support further customization.
Like with open source, enterprise Gloo also allows admins to deploy their own services implementing Envoy’s rate limiting and external auth APIs, instead of using the native implementations.