No items found.
Sebastian Maniak
agentgateway

Your First AI Route: Connecting to OpenAI with AgentGateway

February 12, 2026
Sebastian Maniak

Introduction

This is a how-to guide to setup AgentGateway and get your first AI route working with OpenAI. We’ll walk through the complete setup from scratch - creating a Kubernetes cluster, installing AgentGateway, and connecting it to OpenAI’s API.

What is AgentGateway?

AgentGateway is an open source, AI-native data plane built in Rust for connecting, securing, and observing AI traffic. Originally created by Solo.io and now a Linux Foundation project, it acts as a purpose-built proxy layer between your applications and AI services like LLMs, MCP tool servers, and other AI agents.

  • Traditional API gateways don’t fit AI workloads — AI inference requests are long-running (minutes vs milliseconds), have larger payloads, and can consume entire GPUs, unlike standard web traffic.
  • Connectivity — Unified interface to route requests to LLM providers (OpenAI, Anthropic, Bedrock, etc.), self-hosted models, and MCP tool servers.
  • Security — Built-in auth, RBAC, and secrets management for API keys and sensitive data.
  • Observability — Automatic token counting, cost tracking, and OpenTelemetry-compatible structured logs.
  • MCP support — Can federate multiple MCP servers behind a single endpoint, and expose legacy REST APIs as MCP tools via OpenAPI integration.
  • A2A support — Native Agent-to-Agent protocol for secure inter-agent communication..

In this tutorial, we’ll focus on one of AgentGateway’s most common use cases: routing requests to an LLM provider (OpenAI) with secure credential management and built-in cost observability.

What You’ll Learn

  • Create a Kubernetes cluster and install AgentGateway
  • Set up secure OpenAI API key storage
  • Configure AgentGateway to route to OpenAI
  • Test chat completions, embeddings, and model listings
  • Monitor real AI requests and track costs
  • Troubleshoot common issues

Prerequisites

  • Docker installed and running
  • kubectl CLI tool
  • Helm 3.x installed
  • Valid OpenAI API Key with credits (get from OpenAI Platform)
  • Basic understanding of Kubernetes and OpenAI API structure

Step 1: Environment Setup

In this step, we’ll create a local Kubernetes cluster using kind (Kubernetes in Docker) and install AgentGateway. This gives us a complete testing environment that mirrors production setups but runs entirely on your local machine.

Install Kind

Kind creates Kubernetes clusters using Docker containers as nodes. This is perfect for development and testing because it’s lightweight, fast to spin up, and doesn’t require cloud resources.

# On macOS
brew install kind

# On Linux
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.22.0/kind-linux-amd64
chmod +x ./kind && sudo mv ./kind /usr/local/bin/kind

Create Kind Cluster

This creates a single-node Kubernetes cluster that will host our AgentGateway installation. The cluster provides the foundation for all the networking, security, and routing capabilities we’ll configure.

# Create the cluster
kind create cluster --name agentgateway

# Verify cluster is ready
kubectl get nodes

Install AgentGateway

AgentGateway installation happens in three phases: First we install the Kubernetes Gateway API (the standard for ingress traffic), then AgentGateway’s custom resources, and finally the control plane that manages everything. This separation allows for better modularity and easier upgrades.

# 1. Install Gateway API CRDs (version 1.4.0)
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.0/standard-install.yaml

# 2. Install AgentGateway CRDs
helm upgrade -i --create-namespace \
 --namespace agentgateway-system \
 --version v2.2.0 agentgateway-crds \
 oci://ghcr.io/kgateway-dev/charts/agentgateway-crds

# 3. Install AgentGateway control plane
helm upgrade -i -n agentgateway-system agentgateway \
 oci://ghcr.io/kgateway-dev/charts/agentgateway \
 --version v2.2.0

# 4. Verify installation
kubectl get pods -n agentgateway-system

Step 2: OpenAI API Key Setup

Security is paramount when working with AI services. Instead of embedding API keys directly in configurations, we’ll use Kubernetes secrets to store credentials securely. This approach ensures keys are encrypted at rest and can be rotated without changing application code.

Get Your OpenAI API Key

OpenAI uses API keys for authentication and billing. Each key is tied to your account and usage limits, making it essential to secure them properly.

  1. Visit OpenAI Platform
  2. Navigate to API Keys section and create a new key
  3. Set usage limits to control costs
  4. Copy your API key securely

Test Your API Key

Before integrating with AgentGateway, we’ll verify the API key works directly with OpenAI’s API. This eliminates the key as a potential issue if something goes wrong later in the setup.

# Set your OpenAI API key (replace with your actual key)
export OPENAI_API_KEY="sk-your-openai-api-key-here"

# Test the key directly
curl -s "https://api.openai.com/v1/models" \
 -H "Authorization: Bearer $OPENAI_API_KEY" \
 | jq '.data[0:3] | .[].id'

Create Kubernetes Secret

Kubernetes secrets provide a secure way to store sensitive data like API keys. We format the key as a complete Authorization header (Bearer sk-...) so AgentGateway can use it directly without modification. The --dry-run=client -o yaml | kubectl apply -f - pattern ensures the secret is created safely even if it already exists.

# Create secret with proper authorization header format
kubectl create secret generic openai-secret \
 -n agentgateway-system \
 --from-literal="Authorization=Bearer $OPENAI_API_KEY" \
 --dry-run=client -o yaml | kubectl apply -f -

# Verify secret creation
kubectl get secret openai-secret -n agentgateway-system

Step 3: Configure AgentGateway

Now we’ll configure the core components that make AI routing work. AgentGateway follows the Kubernetes Gateway API pattern with three main resources: Gateway (the entry point), Backends (destination services), and HTTPRoutes (traffic routing rules). This declarative approach makes configurations version-controllable and environment-portable.

Create Gateway Resource

The Gateway resource defines the entry point for all incoming traffic. It specifies which ports to listen on, what protocols to accept, and which namespaces can create routes through it. Think of it as the front door to your AI services.

kubectl apply -f- <<'EOF'
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
 name: agentgateway-proxy
 namespace: agentgateway-system
spec:
 gatewayClassName: agentgateway
 listeners:
 - protocol: HTTP
   port: 8080
   name: http
   allowedRoutes:
     namespaces:
       from: All
EOF

Create OpenAI Backend

AgentgatewayBackend resources define how to connect to AI services. The ai.provider.openai section tells AgentGateway this is an AI service that expects OpenAI-compatible requests. The authentication policy references our secret, and the timeout ensures long-running AI requests don’t hang indefinitely.

kubectl apply -f- <<EOF
apiVersion: agentgateway.dev/v1alpha1
kind: AgentgatewayBackend
metadata:
 name: openai-backend
 namespace: agentgateway-system
spec:
 ai:
   provider:
     openai:
       model: gpt-4o-mini
 policies:
   auth:
     secretRef:
       name: openai-secret
EOF

Create HTTP Routes

Create an HTTPRoute resource that routes incoming traffic to the AgentgatewayBackend. The following example sets up a route. Note that agentgateway automatically rewrites the endpoint to the OpenAI /v1/chat/completions endpoint.

Create the HTTP routes:

kubectl apply -f- <<EOF
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
 name: openai-chat
 namespace: agentgateway-system
spec:
 parentRefs:
   - name: agentgateway-proxy
     namespace: agentgateway-system
 rules:
 - matches:
   - path:
       type: PathPrefix
       value: /openai
   backendRefs:
   - name: openai-backend
     namespace: agentgateway-system
     group: agentgateway.dev
     kind: AgentgatewayBackend
EOF

Verify Configuration

Before testing, we’ll check that all our resources are properly created and accepted by the AgentGateway controller. The Accepted status indicates that configurations are valid and the controller can proceed with implementation.

# Check both backends
kubectl get agentgatewaybackend -n agentgateway-system

# Check routes
kubectl get httproute -n agentgateway-system

# Check Gateway
kubectl get gateway agentgateway-proxy -n agentgateway-system

Step 4: Testing Your Setup

With our configuration complete, it’s time to test the AI routing. Since we’re using a local kind cluster, we’ll use port-forwarding to access the Gateway service. In production, this would be handled by a LoadBalancer or Ingress controller.

Setup Port-Forward

Port-forwarding creates a tunnel from your local machine to the AgentGateway service inside the Kubernetes cluster. This lets us test the setup without exposing services publicly.

# Port-forward AgentGateway service in background
kubectl port-forward -n agentgateway-system svc/agentgateway-proxy 8080:8080 &

Test Chat Completions

This is where the magic happens! Our request travels through AgentGateway, gets authenticated using our secret, routed to OpenAI’s API, and returns with a complete AI response. Notice how the response includes token usage information that AgentGateway automatically captures for cost tracking and observability.

# Test basic chat completion
curl -i "localhost:8080/openai/chat/completions" \
 -H "content-type: application/json" \
 -d '{
   "model": "gpt-4o-mini",
   "messages": [
     {
       "role": "user",
       "content": "What are the key benefits of using an AI Gateway?"
     }
   ],
   "max_tokens": 100
 }'

Expected Response:

{
 "id": "chatcmpl-abc123def456",
 "object": "chat.completion",
 "created": 1701234567,
 "model": "gpt-4o-mini-2024-07-18",
 "choices": [
   {
     "index": 0,
     "message": {
       "role": "assistant",
       "content": "An AI Gateway provides unified access to multiple AI providers, centralized security and authentication, comprehensive observability and cost tracking, rate limiting and quotas, and improved reliability through failover and retry mechanisms."
     },
     "finish_reason": "stop"
   }
 ],
 "usage": {
   "prompt_tokens": 15,
   "completion_tokens": 35,
   "total_tokens": 50
 }
}

Test Different Models

AgentGateway allows you to easily switch between different OpenAI models by simply changing the model parameter. The backend automatically routes to the appropriate model while maintaining consistent authentication and observability.

# Test with GPT-4o
curl -s "localhost:8080/openai/chat/completions" \
 -H "content-type: application/json" \
 -d '{
   "model": "gpt-4o",
   "messages": [
     {
       "role": "user",
       "content": "Explain AgentGateway in one sentence."
     }
   ],
   "max_tokens": 50
 }' | jq '.choices[0].message.content'

Troubleshooting

When working with distributed systems like Kubernetes and external APIs, issues can arise at multiple layers. This section covers the most common problems you might encounter and how to systematically diagnose them. The key is to test each layer independently: network connectivity, authentication, resource configuration, and API compatibility.

Common Issues

1. Service Not Found Error: This usually means the service name doesn’t match what was actually created during installation. Different AgentGateway versions or installation methods may create services with different names.

# Check what services exist
kubectl get svc -n agentgateway-system

# If agentgateway-proxy doesn't exist, use the correct service name
kubectl get svc -n agentgateway-system | grep -i gateway

2. Authentication Errors (401): Authentication failures typically indicate either an invalid API key or incorrect secret formatting. Always test the key directly with OpenAI before troubleshooting AgentGateway.

# Verify secret exists
kubectl get secret openai-secret -n agentgateway-system -o yaml

# Test API key directly
curl -s "https://api.openai.com/v1/models" \
 -H "Authorization: Bearer $OPENAI_API_KEY" | jq '.data[0].id'

3. Routes Not Working: Route issues often stem from mismatched resource names or namespaces. The Gateway, HTTPRoute, and Backend must all reference each other correctly for traffic to flow.

# Check backend status
kubectl describe agentgatewaybackend openai-backend -n agentgateway-system

# Check route status
kubectl describe httproute openai-chat -n agentgateway-system

# Check Gateway status
kubectl describe gateway agentgateway-proxy -n agentgateway-system

4. Port-Forward Issues: Port conflicts are common on development machines. If port 8080 is busy, either stop the conflicting service or use a different port.

# Check if port 8080 is in use
lsof -i :8080

# Try a different port
kubectl port-forward -n agentgateway-system svc/agentgateway-proxy 8081:8080 &
export GATEWAY_PORT="8081"

Debug Commands

# View all AgentGateway resources
kubectl get agentgatewaybackend,gateway,httproute -n agentgateway-system

# Check pod logs for errors
kubectl logs deploy/agentgateway -n agentgateway-system --tail=20

# Test connectivity from inside cluster
kubectl exec -n agentgateway-system deploy/agentgateway -- \
 curl -v https://api.openai.com/v1/models \
 -H "Authorization: Bearer $OPENAI_API_KEY"

Cleanup

When you’re done experimenting, it’s important to clean up resources to free up system resources and avoid any potential costs. The cleanup process should happen in reverse order: stop network connections first, then remove application resources, and finally remove infrastructure.

Stop Port-Forward

# Kill the port-forward process
kill $PORTFORWARD_PID

Remove Resources (Optional)

This removes all the AgentGateway configuration we created, but leaves the AgentGateway installation intact for future experiments. Remove resources in dependency order: routes first (they reference backends), then backends, then the Gateway.

# Remove all OpenAI configuration
kubectl delete httproute openai-chat openai-models -n agentgateway-system
kubectl delete agentgatewaybackend openai-backend openai-models-backend -n agentgateway-system
kubectl delete gateway agentgateway-proxy -n agentgateway-system
kubectl delete secret openai-secret -n agentgateway-system

Remove Kind Cluster (Optional)

This completely removes the Kubernetes cluster and all associated resources. Only do this if you’re completely done with the tutorial, as you’ll need to recreate everything from Step 1 to run it again.

# Delete the entire cluster
kind delete cluster --name agentgateway

Next Steps

Now that you have a working AI gateway, you can build on this foundation to create production-ready AI infrastructure:

  • Add more providers - Configure Anthropic, AWS Bedrock, or Azure OpenAI for multi-provider setups and failover scenarios
  • Implement security - Add rate limiting, authentication, and guardrails to protect against abuse and unexpected costs
  • Set up monitoring - Configure Grafana dashboards and alerting to track performance, costs, and usage patterns across teams
  • Explore advanced routing - Implement path-based, header-based, and weighted routing to direct different types of requests to optimal models

Key Takeaways

This tutorial demonstrates several important concepts for production AI systems:

  • AgentGateway provides a unified interface to AI providers with minimal overhead, making it easy to switch providers or implement failover
  • Proper secret management is essential for production deployments - never embed API keys in code or configuration files
  • Built-in observability gives immediate insights into costs and performance without requiring additional tooling or instrumentation
  • The Gateway API pattern makes routing configuration declarative and portable across different Kubernetes environments
  • Dual backend types (AI-aware vs static HTTP) allow you to handle both complex AI workloads and simple metadata requests efficiently
  • Kind clusters are perfect for local development and testing, providing a production-like environment without cloud costs

Your AgentGateway is now successfully routing requests to OpenAI with enterprise-grade security, observability, and cost control! You’ve built a foundation that can scale from development to production while maintaining visibility and control over your AI infrastructure. 🎯

Featured content

See More

Your First AI Route: Connecting to OpenAI with AgentGateway

Read Blog

Getting started with Multi-LLM provider routing

Read Blog

What Comes After Ingress NGINX? A Migration Guide to Gateway API

Ingress NGINX is being retired. This guide walks through migrating Ingress configs to Kubernetes Gateway API using ingress2gateway and kgateway.

Read Blog

Why Traditional Gateways Failed AI Workloads - and How Kgateway's Rust-powered Agentgateway Fixes It

Most AI gateways patch legacy proxies. Kgateway starts from first principles, rethinking the gateway for the agentic era with a data plane built specifically for modern AI traffic.

Read Blog

Context-aware Security for Agentic AI Gateways

If your gateway can’t tell the difference between a tool call and a model invocation, it can’t enforce meaningful security. Agentic systems demand a new class of context-aware, AI-native gateways.

Read Blog

Kgateway: The Best Alternative for Ingress NGINX

Learn how kgateway, a CNCF-hosted project built on Envoy, offers a trusted path forward for Ingress NGINX.

Read Blog

The Linux Foundation’s new Agentic AI Foundation and Secure MCP Infrastructure

Read Blog

Security Holes in MCP Servers and How To Plug Them

Learn how to close the major security gaps in Model Context Protocol (MCP) with a proper AI Gateway. This guide walks you through deploying MCP Servers on Kubernetes, adding authentication, locking down tools, and strengthening your organization’s overall MCP security posture.

Read Blog

Announcing Gloo Mesh Support for Amazon ECS

Latest Gloo Mesh release now provides support and enterprise-grade service mesh capabilities for Amazon ECS workloads.

Read Blog

Gloo Mesh 2.11: Expands Support to Amazon ECS and Brings Multi-Tenant Flexibility to Enterprises.

Latest Gloo Mesh release expands support to Amazon ECS and brings multi-tenant flexibility to enterprises.

Read Blog

Reducing the costs and complexity of your cloud native architecture with Ambient Mesh

Learn how Istio's Ambient Mesh simplifies cloud-native connectivity and dramatically reduces the cost and complexity of connecting, securing, and observing services across on-prem, cloud, or hybrid environments — without sidecars.

Read Blog

Introducing Solo Enterprise for agentgateway

From pilots to production with context-aware AI networking

Read Blog

Introducing Gloo Gateway 2.0

We're excited to introduce Gloo Gateway 2.0, built on the CNCF kgateway project and Kubernetes Gateway API. This release unifies open-source innovation with enterprise-grade extensions, ambient mesh integration, and AI-ready data planes to deliver secure, scalable, and future-proof API gateway capabilities for cloud-native and agentic workloads.

Read Blog

Ambient mesh deployments made easy with Gloo Operator

This article discusses different ways to install Istio ambient mesh, and contrasts the Helm approach with the Gloo Operator, a new method for installing ambient mesh in Gloo Mesh.

Read Blog

Choosing between installation methods in Gloo Mesh: Helm vs. the Gloo Operator

Explore Istio installation options with Gloo Mesh. Compare Helm for control and flexibility vs. Gloo Operator for simplicity and automation to find the best fit for your environment.

Read Blog

How ambient mesh challenges the security gaps in sidecar workloads

Discover how Istio’s ambient mesh strengthens microservices security beyond sidecars with improved isolation, reduced attack surfaces, and simpler operations.

Read Blog

Migrating from sidecars to ambient with zero downtime

Learn how to migrate from Istio sidecars to ambient mesh with zero downtime. Step-by-step strategies, best practices, and tools to ensure a safe transition.

Read Blog

Comparing Istio's ambient multicluster support with Gloo Mesh's multicluster peering

Compare Istio’s new ambient multicluster support with Gloo Mesh’s multicluster peering. Learn the similarities, key differences, and scalability trade-offs.

Read Blog

The future of Kubernetes is context-aware: Meet Solo Enterprise for kagent

Discover how Solo.io's enterprise version of kagent extends Kubernetes to turn cloud-native infrastructure into agent-native infrastructure.

Read Blog

kgateway as Ingress for Ambient Service Mesh

Explore how kgateway and Istio Ambient Mesh work together to deliver secure ingress, intelligent routing and clear observability.

Read Blog

Tracing GenAI Applications Is Not Enough

Read Blog

Gloo Mesh 2.10: More Secure, Scalable Cloud Connectivity

Gloo Mesh 2.10 adds flat network support, traffic shifting, and policy enforcement for secure, scalable multi-cluster service mesh.

Read Blog

MCP Authorization is a Non-Starter for Enterprise

In this blog, we highlight some of MCP's foundational challenges, alternative proposals in the community, and sharing our opinion on what this should look like in enterprise environments. We know the MCP community is hard at work on revising the specification and we feel future updates will align better with our recommendations here.

Read Blog

Securing and Observing Your Services, Simplified

Istio Ambient Mesh’s ztunnel delivers secure-by-default microservices communication and real-time traffic visibility - without sidecars. Learn how it boosts performance, simplifies management, and reduces costs while enhancing security and observability.

Read Blog

From MCP Servers to Services: Introducing kmcp for Enterprise-Grade MCP Development

Read Blog

The Power of a Single API to Secure, Observe, and Control Traffic in All Directions

Learn how the Omni vision unifies traffic, security, and observability control across cloud-native systems with Gloo Mesh and Gloo Gateway.

Read Blog

Why Building Large Kubernetes Clusters Is (Still) a Bad Idea

Running massive Kubernetes clusters might seem simpler, but it’s a trap. Learn why scaling a single cluster creates hidden performance, security, and reliability issues, and how Gloo Mesh with Ambient Mesh makes multi-cluster networking finally viable.

Read Blog

Fortifying Your Cloud Native Connectivity Security Posture with Solo and Ambient Mesh

Strengthen your cloud-native security posture with Istio and ambient mesh. Learn how ambient enhances zero-trust architecture, simplifies mTLS, reduces attack surface, and decouples security from app logic, all with less operational overhead.

Read Blog

Migrating from Sidecars to Ambient Mesh - Risks, Challenges, and Benefits

Considering migrating from Istio sidecars to ambient mesh? Learn about the key challenges, risks, and benefits of ambient, including improved performance, lower costs, and operational simplicity, plus tips to plan a safe, successful transition.

Read Blog

Overhaul of Agent Gateway supporting A2A, MCP, and Kubernetes Gateway API

Today, we’re excited to share the next major milestone: Agent Gateway is now a full-featured, AI-native gateway that combines deep MCP and A2A protocol awareness, robust traffic policy controls, inference gateway support, Kubernetes Gateway API support, and unified access to major LLMs, all purpose-built with Rust for real-world agentic systems.

Read Blog

How Ambient Mesh Delivers Advanced Resource and Cost Savings

Discover how Ambient Mesh architecture can reduce service mesh infrastructure costs by up to 92% compared to traditional sidecar deployments, with real-world savings

Read Blog

Getting Started with Ambient Mesh: From 0 to 100 mph

Learn how Ambient Mesh revolutionizes service mesh architecture by eliminating sidecars and introducing a split proxy approach for better performance and operational simplicity.

Read Blog

Agent Discovery, Naming, and Resolution - the Missing Pieces to A2A

While the A2A specification provides the critical first steps toward discovery with Agent Cards, the infrastructure for truly dynamic, scalable agent ecosystems requires additional components that the spec intentionally leaves “up to you.” In this blog, we dig into those missing pieces.

Read Blog

Part Two: MCP Authorization The Hard Way

Digging into the details of the MCP Authorization Spec

Read Blog

Part One: MCP Authorization The Hard Way

Deep dive into MCP Authorization, step by step with examples and in-depth detail

Read Blog

Agent Identity and Access Management - Can SPIFFE Work?

Digging into AI identity and how the current SPIFFE models may need to be revised to support AI Agents

Read Blog

Deep Dive into llm-d and Distributed Inference

Digging into the llm-d project and how it does distributed inference.

Read Blog

Gloo Mesh 2.8 simplifies service mesh operations with new enhanced user experience across multi-cluster environments.

Read Blog

Gloo Gateway 1.19 accelerates context-rich, real-time AI apps with Gateway API

Read Blog

llm-d: Distributed Inference Serving on Kubernetes

Read Blog

AI Reliability Engineering For More Dependable Humans

AI Reliability Engineering (AIRE) bringing AI agents to SRE and Platform Engineering workflows for dependable humans

Read Blog

Kubernetes Identity the Right Way with SPIRE and Ambient

Secure Kubernetes workloads with Istio Ambient and SPIRE. Gain robust workload identity, mTLS, and scalable identity management without sidecars.

Read Blog

Optimizing GenAI in Production: High-Value Use Cases for AI Gateways

Read Blog

Solo.io Recognized as a Visionary in the 2024 Gartner® Magic Quadrant™ for API Management for the SECOND year in a row.

Read Blog

Guardians of the Governance: GenAI Gateway Guidance with GitOps and Gloo

Read Blog

Istio Ambient Waypoint Proxy explained

Read Blog

Hands-On with the Kubernetes Gateway API and Envoy Proxy: A Tutorial with GitOps and Gloo Gateway

Read Blog

Istio and the State of DevOps: Enhancing Key Metrics

Read Blog

What is an AI Gateway and its role in AI Applications?

Read Blog

Best practices for secure Istio deployment with Gloo Mesh Core

Read Blog

Motive

Motive modernized its infrastructure using Solo Enterprise for kgateway to boost reliability, developer agility, and fleet innovation.

Read Case Study

Confluent

Discover how Confluent achieved 100% mTLS coverage, FedRAMP-ready FIPS encryption, and real-time observability across 100+ services using Solo Enterprise for Istio.

Read Case Study

Ingenico

Powered by Solo Enterprise for kgateway, Solo.io helped Ingenico modernize its global payments infrastructure—boosting scalability, resilience, and developer autonomy. Explore their journey to building a fault-tolerant, future-ready platform.

Read Case Study

OfferUp

OfferUp leveraged Kubernetes and Solo Enterprise for kgateway to modernize its marketplace, enabling developer self-service, faster deployments, and seamless scaling beyond peer-to-peer transactions.

Read Case Study

ParkMobile

ParkMobile’s Platform Engineering team utilized Kubernetes and Solo Enterprise for kgateway to drive innovation, scalability, and seamless mobility solutions while fostering a culture of collaboration and technological excellence.

Read Case Study

Vonage

Solo.io helped Vonage modernize its cloud infrastructure, enhancing scalability, reliability, and developer autonomy with Solo Enterprise for kgateway. Explore their journey to a building an efficient and agile platform.

Read Case Study

Domino’s Pizza

Powered by Solo Enterprise for Istio and Solo Enterprise for kgateway, Solo.io helped Domino’s UK transition from a monolithic system to a microservices-based architecture. Learn about our 18-month journey to transform the way they operate.

Read Case Study

Introducing Solo Enterprise for agentgateway

Secure, govern, and operationalize AI agent connectivity at scale with Solo Enterprise for agentgateway

Read Datasheet

Comparing Sidecars with Sidecarless Mesh Implementation

Compare sidecar-based Istio with sidecarless Ambient Mesh. Learn how Gloo Mesh simplifies service mesh operations, reduces overhead, and enables scalable, secure, multi-cluster environments — with support for both migration paths.

Read Datasheet

Gloo Mesh Feature Comparison

Compare features across Gloo Mesh Enterprise, Gloo Mesh Open Source, and Basic Open Source Istio.

Read Datasheet

Service Mesh for Developers, Part 1: Exploring the Power of Observability and OpenTelemetry

Navigating the complexity of modern applications requires a key ally – observability. Observability empowers teams to streamline application debugging, and within the architecture of a service mesh, provides valuable insights that increase reliability and performance.

Read Ebook

Service Mesh at Scale

Challenges and approaches to multi-cluster deployment patterns

Read Ebook

Compare Capabilities of the Top Service Mesh Platforms

Using a service mesh as a layer to unify communications between applications, services, and workloads empowers teams to modernize their systems, deliver faster results, and improve performance for modern enterprises.

Read Ebook

Compare Capabilities of the Top API Gateways

Download our Buyer’s Guide to API Gateways and learn about the modern requirements of API gateways in our guide’s comparison of five leading API gateway providers.

Read Ebook

Establishing zero trust security for modern cloud architectures

How your organization can ensure safer cloud architecture by applying a zero trust network security model

Read Ebook

Unlocking the Power of Your API Gateway

With automated API management, organizations save time and resources and streamline the development process.

Read Ebook

API Gateways: Productivity, Resilience, and Security for Next-Generation Cloud Applications

The rise of microservices architecture has brought about a significant shift in how software is developed and deployed, and as such, has presented new technical and organizational challenges.

Read Ebook

Driving Business Value with Istio

How a service mesh can help your organization simplify the adoption of a distributed architecture

Read Ebook

Service Mesh Vendor Comparison

See how top vendors with Istio-based service mesh offerings compare

Read Ebook

Istio Then & Now

Read Infographic

4 Reasons Why You Need an AI Gateway

Integrating LLM models in your applications? See our infographic to learn the top four reasons why you need an AI Gateway!

Read Infographic

Gloo Gateway vs. Kong

Kong Gateway offers a very capable competitor to Gloo Gateway by Solo.io, but there are growing questions about the efficacy and stability of the Nginx open-source community behind the technology.

Read Infographic

Gloo Gateway vs. Apigee

Apigee suits Google Cloud, but its traditional approach clashes with modern practices. In contrast, Gloo Gateway by Solo.io aligns with cloud-native strategies.

Read Infographic

3 Reasons You Need an API Gateway for Microservices Apps

Unlock the full potential of your microservices architecture with the strategic integration of API gateways. While microservices provide flexibility and scalability, they also introduce complexities that can impede seamless communication between services. Discover the crucial role of API gateways in overcoming these challenges and optimizing your microservices ecosystem.

Read Infographic

Introduction to agentregistry

Free Lab: Learn how to curate, publish, and deploy MCP servers and AI skills using agentregistry for unified management of AI-native artifacts.

Read Lab

Build AI agents with agent skills

Free Lab: Learn to build a declarative AI agent in kagent with a Kubernetes deployment skill, enabling automated app deployments and MCP tool integration.

Read Lab

Program agentgateway for LLM consumption

Free Lab: Learn to proxy OpenAI requests through an agentgateway-backed AI gateway with kgateway, managing LLM traffic, credentials, and advanced features.

Read Lab

Local development with the kagent CLI

Free Lab: Learn to build, run, and deploy AI agents with kagent, integrate MCP servers, and manage tools in Kubernetes for AI-native workloads.

Read Lab

Secure your MCP servers with OAuth

Free Lab: Learn to build, proxy, and secure an MCP server with agentgateway and OAuth2, protecting AI-native workloads while enabling safe tool access in Kubernetes.

Read Lab

Improve cloud native operations & troubleshooting with kagent

Free Lab: Use AI agents with kgateway and kagent to automate Kubernetes tasks, provision gateways, route traffic, and manage workloads in a cloud-native environment.

Read Lab

Observe Agent & MCP server interactions

Free Lab: Learn how to use Solo Enterprise for kagent to create, run, and monitor AI agents in Kubernetes with full observability and control.

Read Lab

Multiplex MCP servers & control auth policy

Solo Free Lab: Learn how to use kgateway and agentgateway to deploy, proxy, and secure MCP servers in Kubernetes with AI-native control and traffic routing.

Read Lab

Build, run & deploy MCP servers to Kubernetes

Solo Free Lab: Learn to use the new kmcp tool to easily deploy MCP servers to Kubernetes.

Read Lab

Kagent Lab: Discover kagent and kmcp

Explore the kagent project to build custom agents and tools

Read Lab

Gloo Mesh Lab: OpenTelemetry collectors and relay

Solo.io Free Lab: Learn about the relay of telemetry from a workload cluster to the management cluster in Gloo Mesh.

Read Lab

Gloo Mesh Lab: Extended telemetry from ztunnel

Solo.io Free Lab: Learn how to deploy Istio Ambient Mesh with Gloo Mesh to capture Layer 7 telemetry directly from zTunnel - no waypoints required.

Read Lab

Gloo Mesh Lab: Configure enhanced waypoint proxies

Solo.io Free Lab: Learn how to use Gloo Gateway for your waypoints in Gloo Mesh, instead of Istio's default waypoint proxy.

Read Lab

Gloo Mesh Lab: Multicluster peering

Solo.io Free Lab: Learn how to enable multicluster peering in Gloo Mesh to run services across clusters as a single mesh, making workloads visible and accessible between clusters with global failover and redundancy.

Read Lab

Ambient Mesh Lab: EnvoyFilter Support

Solo.io Free Lab: Learn how to preserve and migrate EnvoyFilter configurations when transitioning from sidecar to ambient mode in Istio using Solo.io’s extended build, with step-by-step guidance and validation.

Read Lab

Ambient Mesh Lab: SPIRE integration with Gloo Mesh in Istio Ambient Mode

Secure your Istio Ambient Mesh with SPIRE. This hands-on lab shows how to integrate SPIRE with Gloo Mesh to issue SPIFFE identities and certificates for ztunnel and mesh workloads.

Read Lab

Ambient Mesh Lab: Introduction to ztunnel in Ambient Mesh

Learn how Ambient Mesh uses ztunnel to secure traffic without sidecars. This free lab walks you through joining workloads, observing traffic, verifying mTLS, and applying Layer 4 policies.

Read Lab

Solo Academy Course: Service Mesh Basics

Solo Academy | Learn the fundamentals of service mesh in this free video-led course and get insights into using a service mesh to enhance your observability, security and reliability of your applications

Read Lab

Solo Academy Course: Istio Basics

Solo Academy | Learn the basics of Istio with our free 101 course. Understand what Istio is, how it works, and its features for traffic management, security, and observability in microservices and Kubernetes.

Read Lab

Solo Academy Course: Envoy Basics

Solo Academy | Master Envoy Proxy basics with our free 101 level course. Learn about the architecture, advanced load balancing, observability, and role in microservices, Kubernetes, and service meshes

Read Lab

Solo Academy Course: API Gateway Basics

Solo Academy | Learn API Gateway fundamentals in Kubernetes with this free beginner level video-led course. Discover how API Gateways control traffic, secure connectivity, and complement microservices architecture

Read Lab

Solo Academy Course: Get Started with Istio Service Mesh

Solo Academy | A fundamental level workshop for developers and operators to learn Istio service mesh. Install Istio, secure services, control traffic, and earn a Solo.io certification through hands-on labs.

Read Lab

Solo Academy Course: Introduction to Envoy Proxy

Solo Academy | Hands-on workshop introducing the core concepts of Envoy Proxy. Learn how Envoy works under the hood from its architecture, filter chains, and request flow and beyond the abstractions of service meshes and API gateways.

Read Lab

Solo Academy Course: Deploying Istio for Production

Solo Academy | Free hands-on workshop for operators looking to deploy Istio in production. Learn advanced routing, observability, security, mTLS, and multi-cluster setup and g free certification.

Read Lab

Kgateway Lab: Integrating kgateway with Istio at Ingress

Explore how to integrate kgateway's ingress gateway with Istio Ambient Mesh in this free hands-on lab. Learn to deploy workloads, configure Gateway and Route resources, and enable automatic mutual TLS between the gateway and backend services.

Read Lab

Kgateway Lab: Kgateway as a Waypoint

Learn how to deploy and configure kgateway as a waypoint in Istio Ambient Mesh. This free hands-on lab walks you through managing east-west traffic, applying custom policies, and enhancing service communication with enterprise-grade control.

Read Lab

Kgateway AI Lab: Consumption Reporting

kgateway labs | Consumption Reporting

Read Lab

Kgateway AI Lab: Deploying kgateway as an AI Gateway

Learn how to enable the AI extension, configure gateway parameters, and deploy an AI Gateway using kgateway to route requests to large language models (LLMs) from within your Kubernetes cluster.

Read Lab

Kagent Lab: How to build an AI agent

Create Your First AI Agent with Kagent in Kubernetes

Read Lab

Kagent Lab: Integrate tools from MCP servers with kagent

Kagent Lab: Integrate tools from MCP servers with kagent

Read Lab

Gloo AI Gateway Hands-On Lab: Semantic Caching

Gloo AI Gateway Labs | Semantic Caching with Gloo AI Gateway

Read Lab

Kgateway AI Lab: Credentials Management

kgateway labs | Managing LLM Credentials with kgateway - AI Gateway

Read Lab

Kgateway AI Lab: Prompt Enrichment

Kgateway labs | Managing Prompts for Enhanced LLM Performance

Read Lab

Kgateway AI Lab: Prompt Guards

kgateway labs | Content Safety with Prompt Guards

Read Lab

Ambient Mesh Lab: Migrating from Sidecar to Sidecarless

Ambient Mesh Lab | Migrate from Sidecar-based Service Mesh to Ambient Mesh

Read Lab

Ambient Mesh Lab: Multi-cluster scalability with Istio Ambient Mesh

Mastering Multi-Cluster Scalability with Ambient Mesh

Read Lab

Solo Lab: Gloo Cloud Preview

Simplify Mesh Management with Gloo Cloud: Onboarding, Ingress, Egress, and Service Mesh

Read Lab

Ambient Mesh Lab: Waypoints for Traffic management, Security and Observability

Solo Lab | Waypoints in Ambient Mesh: For L4 and L7 Security, Traffic and Observability Insights

Read Lab

Kgateway Lab: Gateway API inference extensions with kgateway

Exploring the Gateway API Inference Extension with kgateway

Read Lab

Gloo Gateway Lab: Securing access to workloads with Gloo Gateway

Securing Services with Gloo Gateway: TLS Termination and API Keys

Read Lab

Kgateway Lab: Route Delegation in kgateway

Route Delegation in kgateway

Read Lab

Kgateway Lab: Canary releases with Argo Rollouts & kgateway

Canary releases with Argo Rollouts & kgateway

Read Lab

Kgateway Lab: Understanding kgateway and Gateway API policy attachments

Understanding kgateway patterns of extensions

Read Lab

Kgateway Lab: Gateway API support for service mesh with kgateway

GatewayAPI support for service mesh with kgateway

Read Lab

Kgateway Lab: Exploring HTTPRoute resource configurations with kgateway

Exploring HTTPRoute resource configurations with kgateway

Read Lab

Kgateway Lab: Configuring gateways across multiple teams with kgateway

Configuring gateways across multiple teams with kgateway

Read Lab

Kgateway Lab: Configure HTTPS with the Gateway API and kgateway

Configure HTTPS with the Gateway API and kgateway

Read Lab

Kgateway Lab: Understanding the basics of Kubernetes Gateway API with kgateway

Understanding the basics of Kubernetes Gateway API with kgateway

Read Lab

Kgateway Lab: Installing kgateway, an open-source implementation of the Kubernetes Gateway API

Installing kgateway, an open-source implementation of the Kubernetes Gateway API

Read Lab

Ambient Mesh Lab: Employing circuit breaking in Ambient Mesh

Join our free, on-demand lab Employing Circuit Breaking to safeguard services with Istio Ambient mode. Learn to deploy waypoints, configure circuit breaking, and monitor using metrics, logs, and Prometheus.

Read Lab

Ambient Mesh Lab: Configuring Fault Injection in Ambient Mesh

Join our free, on-demand lab Configuring Fault Injection to enhance resiliency with Istio Ambient mode. Learn to observe system latency, configure delays, timeouts, retries, and augment with outlier detection.

Read Lab

Ambient Mesh Lab: Using Outlier Detection with Ambient Mesh

Join our free, on-demand lab Using Outlier Detection to learn how to configure Istio Ambient mode to avoid unhealthy workloads. Discover steps to implement outlier detection, assess workload health, and monitor metrics effectively.

Read Lab

Ambient Mesh Lab: Implementing Timeouts with Ambient Mesh

Join our free on-demand lab, Implementing Timeouts, and learn how to protect applications from slow upstream services with Istio. Discover how to prevent indefinite errors, configure and verify timeouts, and decouple resiliency concerns from your apps.

Read Lab

Kgateway Lab: Exposing, Securing, and Rate Limiting with kgateway

Free K8s Gateway Lab: Deploy, Secure, and Rate Limiting with Solo's Open Source Gateway

Read Lab

Ambient Mesh Lab: Traffic routing with waypoints in Ambient Mesh

Learn how to route traffic using waypoint proxies in ambient mesh.

Read Lab

Ambient Mesh Lab: Secure Your Cluster with Ambient Mesh and mTLS

Learn how to secure services in your Kubernetes cluster using ambient mesh and mTLS.

Read Lab

Ambient Mesh Lab: Access control with authorization policies

Learn how to enforce access control and write authorization policies for L4 and L7 traffic.

Read Lab

Ambient Mesh Lab: Getting Started with Ambient Mesh

Learn the basics of ambient and how to set up your first environment.

Read Lab

Ambient Mesh Lab: Getting L4 and L7 observability

Learn how to view metrics and traces from L4 and L7 traffic in ambient mesh.

Read Lab

Gloo AI Gateway Hands-On Lab: Prompt Management and Prompt Guards

Sign up for the free, hands-on technical labs.

Read Lab

Gloo AI Gateway Hands-On Lab: Rate Limiting and Model Failover

Sign up for the free, hands-on technical labs.

Read Lab

Gloo AI Gateway Hands-On Lab: RAG and Semantic Caching

Sign up for the free, hands-on technical labs.

Read Lab

Gloo AI Gateway Hands-On Lab: Credentials and Access Control

Sign up for the free, hands-on technical labs.

Read Lab

AI Agents in Kubernetes

Read Report

Gartner® Report: How to Adapt Your API Strategy to Succeed in the AI Era

As organizations unlock the potential of generative AI, one thing is clear: a modern, scalable API strategy is essential. In this complimentary Gartner® report learn how software engineering leaders can evolve their API programs to accelerate innovation, reduce risk, and control costs in the AI era.

Read Report

Omni-Directional API Management for Platform Engineering

Get to grips with API management in the age of cloud and AI. Discover the benefits of Omni-directional API management and learn about its pivotal role in architecture modernization.

Read Report

Sidecar-Less Istio Explained

Learn how Solo.io is lowering the barrier to service mesh adoption with Ambient Mode. Discover how you can deploy Istio ambient mode in production with the help of Gloo Mesh.

Read Report

API Gateway Resource Kit

A service mesh is a dedicated infrastructure layer that helps manage and secure communications between microservices within a distributed application.

Read Blog

Service Mesh Resource Kit

A service mesh is a dedicated infrastructure layer that helps manage and secure communications between microservices within a distributed application.

Read Blog

Building Responsive and Resilient Multi-Cluster Applications with Solo’s Ambient Mesh

Read Whitepaper

Busting 10 Myths About Istio Ambient and Sidecarless Service Mesh

Read Whitepaper

Guide to Migrating from Ingress to Gateway API

Migrate your project from ingress-nginx and the Ingress API to the Kubernetes Gateway API with kgateway—an open-source Gateway project powered by Envoy.

Read Whitepaper

Migrating from Sidecars to Sidecarless Istio Ambient Mesh

In our white paper Migrating from Sidecars to Sidecarless to Ambient Mesh, we share how sidecars and Ambient mode can work together, allowing for a gradual migration strategy.

Read Whitepaper

Introduction and Best Practices to AI Gateways

Read Whitepaper

Choosing the Right AI Gateway For You

Read our white paper and learn how to select the right AI Gateway to help you navigate the challenges of working with AI workloads. 

Read Whitepaper

Solo.io’s Guide to Navigating GenAI Complexity

Read Whitepaper

Unlocking Business Efficiency with Service Mesh Updates in AWS

Read Whitepaper

Evolve Your API Management

Read Whitepaper

Transitioning From App Mesh to Istio for AWS EKS

Read Whitepaper

How Service Mesh Supports a Zero Trust Architecture

Read Whitepaper

Achieve Compliance, Zero Trust with Istio Ambient Mode

Read Whitepaper

Get started

See why Solo.io is the leading provider of API Gateway and service mesh solutions.

Learn more

Istio support

Is Istio not working properly for you? Are you having performance issues with your Istio instance? Is there an upgrade you need to manage on multiple clusters?

Get support

Pricing

Reach out for tailored pricing options and step into a future of enhanced connectivity.

Get Started

Book a Gloo AI Gateway demo

Powered by Istio, Gloo Mesh empowers platform engineering teams to boost security, resiliency, and observability.

Get started

Book a Gloo Gateway demo

Gloo Gateway is a fast, Kubernetes-
native API gateway packed with features IT operations teams need to deliver a full lifecycle security strategy for their cloud-native environments.

Get started

Gloo Mesh - Ambient Readiness Assessment

A free program designed to assess your readiness for Istio Ambient adoption and prove the business benefits based on your own environment.

Get started

Book a Gloo Mesh demo

A free program designed to assess your readiness for Istio Ambient adoption and prove the business benefits based on your own environment.

Get started

Case Studies

Learn more

Ebooks

Learn more

Labs

Learn more

Reports

Read Reports

Resource Kits

See Resource Kits

Webinars

A free program designed to assess your readiness for Istio Ambient adoption and prove the business benefits based on your own environment.

Watch Webinars

Whitepapers

A free program designed to assess your readiness for Istio Ambient adoption and prove the business benefits based on your own environment.

Read Whitepapers

Gloo AI Gateway

Secure, observe, and control your AI applications with Gloo AI Gateway, the leading cloud native gateway built on Envoy.

Learn more

Gloo Gateway

The future of cloud APIs is omni.

Learn more

Gloo Mesh

Connecting, securing, controlling, and observing microservice communication is tough. We make it accessible to all.

Learn more

Datasheets

Read Datasheets

Infographics

Read Infographics

Videos

Watch Videos

Cloud connectivity done right

Get started