An Envoy Proxy-based API Gateway
Gloo Edge is an API gateway and ingress controller built on Envoy Proxy to facilitate and secure application traffic at the edge
What is Gloo Edge?
An API gateway directs requests from users or applications on the edge to the appropriate applications and microservices. The API gateway handles ingress and egress, as it’s the entry point for inbound connections and responses, also called “North-South traffic.” For example, your operating environment manages incoming connection requests, like from a mobile app, a web portal, or from other internal applications. An API gateway can also handle connections coming from different operating environments, be they on-premises, hybrid, one cloud, or multi-cloud. The open source project Envoy Proxy is the most popular API gateway for Kubernetes and cloud environments, as it was designed to be modern and native, not a retrofit of older, legacy API software. Solo’s Gloo Edge builds on the strengths of Envoy Proxy.
Now GA - Gloo Edge Version 1.8
The latest release of our popular API gateway includes SOAP/XLST transforms, Helm usability improvements, improved Flagger for CI/CD, schema for CRDs, access log redaction, interactive feature change-logs, and over 40 new customer and community enhancements.
How It Works
Gloo Edge receives requests from clients, and manages ingress by applying your routing rules and filters on traffic. It enforces zero-trust security and can handle high availability, load balancing, and failover. Gloo Edge also discovers upstream resources, defines your policies, and gives you visibility for troubleshooting and audits. WebAssembly lets you do advanced customization of your filters.
Feature ComparisonsHere's a list of selected features in each edition, sorted by the value they bring. Download Comparison Sheet > |  Basic Open Source |
|---|
Secure
Transport layer security (TLS & mTLS)Provides end-to-end encryption to protect data in motion between end points | |||
Secrets (with Kubernetes & Hashicorp Vault)Manages sensitive credentials like passwords, tokens, and keys | |||
Access logging (with redaction) & usage statsProvides complete observability and auditability of all activity across the system | |||
Built-in web application firewall (WAF)Open source ModSecurity screens traffic for threats and stops attacks | |||
Data loss prevention (DLP)Monitors for data breaches or exfiltration to prevent data loss and data leaks | |||
Extensible authenticationIntegrates with API keys, JSON web tokens (JWT), lightweight directory access protocol (LDAP), OAuth, OpenID Connect (OIDC), and custom services | |||
Federated role-based access controlGrants permissions to users appropriate to their responsibility and applies them consistently everywhere | |||
Open Policy Agent (OPA) for authorizationDefines service API policies as code | |||
Vulnerability scanning and publicationsFinds, addresses, and alerts on weaknesses in the system |
Reliable
Dynamic routing for HTTP, TCP, gRPCDirects inbound (ingress) and outbound (egress) connections for layer 4 (TCP) and layer 7 (HTTP/S) traffic | |||
QuotasSet limits on application traffic to meet desired workloads | |||
Health checksConfirm that the system is operating as expected | |||
Retries, circuit breaker, timeoutsHandle exceptions and issues in connections gracefully | |||
Advanced rate limiting (metrics, server config, rate limit config)Define custom policies to handle more complex situations | |||
Configuration validationMakes sure that the system is deployed and defined correctly | |||
Service level agreements (SLAs)Provide assurance that issues are responded to in a timely manner | |||
Global failover & routingRedirects application traffic to other resources in the event of an outage |
Unified
Cross-origin resource sharing (CORS)Set policies for and pre-verifies which origins are allowed to connect to specified resources | |||
Prometheus integrationCollects system metrics for observability to monitor and troubleshoot, and auditing for investigation | |||
Grafana integrationDisplays system metrics in user-friendly graphs and enables building custom dashboards | |||
Automatic service discoveryFinds and defines upstream resources (applications/microservices) that can be targets for connections | |||
Admin dashboard GUI with multi-cluster viewsGives centralized observability and control of the whole system | |||
Gloo Developer Portal (API mgmt)Enables publishing, sharing, GitOps calling, and monetization of defined APIs |
Easy
Simplified APIMakes it easier to configure and use Envoy Proxy | |||
Long-term version supportCovers releases of Envoy for at least a year so you can upgrade on your schedule | |||
N-3 version patching & back-portingFixes bugs and security issues in current and three previous releases of Envoy | |||
Expert help on SlackFor fast response to all your questions by an active public community and Solo engineers worldwide | |||
Enterprise supportHelps quickly resolve issues in production environments via Slack, email, and phone | |||
Automated, federated traffic mgmt policy configurationDefines and enforces application connection behavior consistently everywhere | |||
Automated reconcile of policy changesVerifies and applies new configurations and policies |
Comprehensive
Your choice of cloud & on-premises environmentsLets you run consistently anywhere you choose to operate your applications | |||
Serverless functions integrationEnables connections to AWS Lambda alongside containers and other upstream resources | |||
Virtual machines (VMs) supportEnables connections to VMs alongside containers and serverless upstream resources | |||
Shape, shift, & transform trafficTo define exactly how you want requests to be processed and presented, and connect to diverse protocols | |||
Federated multi-cluster operations & policiesManage and observe across clusters and even hybrid and multi-cloud deployments | |||
Simple object access protocol (SOAP) transformsTie in XML messaging protocols for legacy applications | |||
A/B testing with FlaggerTest application updates as canaries with a specified slice of inbound connections | |||
WebAssembly (Wasm)Provides the ability to define extensible custom filters for security and control |
Modern & Open
Kubernetes-nativeDesigned to operate naturally with K8s containers making it pluggable and leveraging custom resources (CRDs) | |||
Schema in Gloo Edge CRDsEnable the use of schemas to validate CRD functions, required with Kubernetes 1.22 and newer | |||
Helm usability improvementsDefine your applications and configuration, including node affinity with the desired resource characteristics | |||
Envoy Proxy-basedEnhances the popular open source project as a solid foundation for future-proof innovation |
Use Cases
Modern & Open
Run Anywhere
- AWS
- Azure
- Google Cloud
- Hashicorp Nomad
- Kubernetes
- Red Hat Openstack
- VMware
Connect Microservices
- Containers
- Monoliths
- Serverless Functions
Serverless Integrations
- AWS Lambda
- Azure Functions
- Google Functions
Security Integrations
- Hashicorp Vault
- Let’s Encrypt
- Open Policy Agent (OPA)
Service Mesh Integrations
- AWS App Mesh
- Gloo Mesh
- Hashicorp Consul
- Istio
- Linkerd
Gameforge wanted to find new ways to optimise how our players access the 500+ servers for our online, browser-based, and mobile games. Gloo Edge as an API gateway combines perfectly with our Kubernetes clusters to prepare our technology stack for future challenges. Gloo Edge fulfilled all our requirements, including custom resources (CRDs), dynamic routing with JSON Web Tokens (JWT), and integration with Grafana.
“ParkMobile partnered with Solo.io because we were looking for the most innovative and flexible solutions on the market to power our growing platform. With over 16 million users of our application and a complex ecosystem of integrations, ParkMobile relies on Gloo Edge Enterprise and the supporting product suite for best-in-class API gateway and hybrid application communications that also adds in the power of monitoring and security to ensure peak performance of our platform at all times”