Showing results for tag Security

Multi-cluster global access control for Kubernetes and Service Mesh

In this blog series, we will dig into specific challenge areas for multi-cluster Kubernetes and service mesh architecture, considerations and approaches in solving them. In a previous blog post we covered Identity Federation for Multi-Cluster Kubernetes and Service Mesh which is the foundation for multi-cluster global access control. We explained how to setup each Istio cluster with a different […]

Denis Jannot | October 19, 2020
Read More

Zero Trust Application Networking with Envoy Proxy

Security is an evergreen requirement for any system, and in recent years, the concept of Zero Trust has gained in popularity as a different security model to protect organizations and their IT portfolio from the increasing business risk of security incidents. Traditional security practices and tools are designed to secure the perimeter and by default […]

Betty Junod | October 12, 2020
Read More

[Tutorial] External Authorization of Service Requests in Istio Service Mesh

Istio is an open source and platform-independent service mesh that provides functionality for traffic management, policy enforcement and telemetry collection in Kubernetes application environments. As a service mesh, Istio solves the service-to-service communication for the applications deployed within the cluster. Istio has a robust feature set to address these east-west traffic concerns.  In fact, we are huge Istio […]

Jim Barton | October 5, 2020
Read More

Webinar Recap – Protecting Applications with L4 and L7 Network Encryption for TLS/mTLS

API Gateways act as a control point for accessing backend application services by external clients and end users. Depending on the request path and the service the client is connecting to, organizations may want to secure it by encrypting the communications.  Gloo is a next generation API Gateway and Kubernetes Ingress controller that connects, manages […]

Betty Junod | August 3, 2020
Read More

Hoot Livestream Series to Learn All About Envoy Proxy

In our previous Hoot series, we looked at the different service meshes and API gateway solutions available today, compared their architecture and philosophies. In our new series Chief Architect, Yuval Kohavi will provide a deep dive into Envoy Proxy.  What is Envoy Proxy? Envoy is an open source edge and service proxy designed for cloud-native […]

Betty Junod | July 19, 2020
Read More

[Videos] Avoiding Downtime With Istio 1.6 Certificate Rotation

Istio uses certificates to issue workload identity following the SPIFFE specification. To manage issuing, signing, and rotating these certificates at runtime, Istio has a built in CA component (in Istio 1.5 and newer, you’ll see this co-located with the istiod component in the control plane). These workload certificates are used to establish mTLS, assert identity, […]

Christian Posta | July 14, 2020
Read More

Webinar Recap – Advanced Rate Limiting with Envoy Proxy and Gloo API Gateway

In last week’s webinar, Rick Ducott covered advanced use cases of rate limiting with Envoy as the edge proxy managed by Gloo API Gateway. Rate limiting is a strategy that can prevent service outages by protecting the service from being overrun with more requests than it’s resources can process and respond to within the agreed […]

Betty Junod | June 30, 2020
Read More

Improve Application Security and Prevent Data Loss with Gloo API gateway 

Many publicly facing applications are designed to connect businesses with their customers and partner ecosystem to manage their accounts, fulfill purchases and process transactions that use personally identifying and financial information or other sensitive data. With that in mind, we’ll dig into the role of an API gateway to improve security with features to prevent […] Engineering | April 28, 2020
Read More

Gloo Security Update for Envoy Proxy CVE-2020-8659, CVE-2020-8661, CVE-2020-8664, CVE-2020-8660

  Yesterday, Envoy Proxy announced version 1.13.1 and 1.12.3 to address four CVEs ranging from severity medium to high. Gloo Open Source versions 1.3.11 and 1.2.23 and Gloo Enterprise versions 1.3.0-beta4 and 1.2.10 have been released and include the latest version of Envoy Proxy with CVEs addressed. We recommend that all end users upgrade to […] Engineering | March 4, 2020
Read More

Custom Auth Plugins for Envoy based API Gateway

At, Gloo is our cloud-native, next-generation API Gateway built on Envoy Proxy and runs natively on Kubernetes (and Consul, and elsewhere). Gloo has been built from its foundations to be extensible and pluggable, from the proxy itself to the control plane. One aspect of extensibility we often hear from our users and customers is […]

Christian Posta | November 5, 2019
Read More

Gloo Security Update to Address Envoy Proxy Denial-of-Service CVE

Yesterday, Envoy Proxy announced Envoy version v1.11.2 addressing two CVEs where denial of service by remote attackers is possible through over consumption of memory, CPU and abnormal process termination to the proxies. Gloo Open Source 0.20.4 and Enterprise 0.20.2 have been released and include the latest version of Envoy with CVEs addressed. We recommend that […] Engineering | October 9, 2019
Read More

Webinar Recap — Zero Trust Networks for Securing Microservices with API Gateways

This week we hosted our first of two security webinars following the introduction of new product features focused around improving the security posture and reducing the risk exposure of microservices environments. Rick Ducott, our Director of Engineering spoke this week about how API Gateways can be used in microservices architecture to deploy a zero trust […]

Betty Junod | September 27, 2019
Read More