An Envoy Proxy-based API Gateway

Gloo Edge is an API gateway and ingress controller built on Envoy Proxy to facilitate and secure application traffic at the edge

What is Gloo Edge?

An API gateway directs requests from users or applications on the edge to the appropriate applications and microservices. The API gateway handles ingress and egress, as it’s the entry point for inbound connections and responses, also called “North-South traffic.” For example, your operating environment manages incoming connection requests, like from a mobile app, a web portal, or from other internal applications. An API gateway can also handle connections coming from different operating environments, be they on-premises, hybrid, one cloud, or multi-cloud. The open source project Envoy Proxy is the most popular API gateway for Kubernetes and cloud environments, as it was designed to be modern and native, not a retrofit of older, legacy API software. Solo’s Gloo Edge builds on the strengths of Envoy Proxy.

Now GA - Gloo Edge Version 1.8

The latest release of our popular API gateway includes SOAP/XLST transforms, Helm usability improvements, improved Flagger for CI/CD, schema for CRDs, access log redaction, interactive feature change-logs, and over 40 new customer and community enhancements.

How It Works

Gloo Edge receives requests from clients, and manages ingress by applying your routing rules and filters on traffic. It enforces zero-trust security and can handle high availability, load balancing, and failover. Gloo Edge also discovers upstream resources, defines your policies, and gives you visibility for troubleshooting and audits. WebAssembly lets you do advanced customization of your filters.

how it works diagram

Feature Comparisons

Here's a list of selected features in each edition, sorted by the value they bring.

Download Comparison Sheet >

Gloo Edge

Request Trial

Gloo Edge
Open Source


Basic Open Source
Envoy Proxy

Transport layer security (TLS & mTLS)
Provides end-to-end encryption to protect data in motion between end points
Secrets (with Kubernetes & Hashicorp Vault)
Manages sensitive credentials like passwords, tokens, and keys
Access logging (with redaction) & usage stats
Provides complete observability and auditability of all activity across the system
Built-in web application firewall (WAF)
Open source ModSecurity screens traffic for threats and stops attacks
Data loss prevention (DLP)
Monitors for data breaches or exfiltration to prevent data loss and data leaks
Extensible authentication
Integrates with API keys, JSON web tokens (JWT), lightweight directory access protocol (LDAP), OAuth, OpenID Connect (OIDC), and custom services
Federated role-based access control
Grants permissions to users appropriate to their responsibility and applies them consistently everywhere
Open Policy Agent (OPA) for authorization
Defines service API policies as code
Vulnerability scanning and publications
Finds, addresses, and alerts on weaknesses in the system
Dynamic routing for HTTP, TCP, gRPC
Directs inbound (ingress) and outbound (egress) connections for layer 4 (TCP) and layer 7 (HTTP/S) traffic
Set limits on application traffic to meet desired workloads
Health checks
Confirm that the system is operating as expected
Retries, circuit breaker, timeouts
Handle exceptions and issues in connections gracefully
Advanced rate limiting (metrics, server config, rate limit config)
Define custom policies to handle more complex situations
Configuration validation
Makes sure that the system is deployed and defined correctly
Service level agreements (SLAs)
Provide assurance that issues are responded to in a timely manner
Global failover & routing
Redirects application traffic to other resources in the event of an outage
Cross-origin resource sharing (CORS)
Set policies for and pre-verifies which origins are allowed to connect to specified resources
Prometheus integration
Collects system metrics for observability to monitor and troubleshoot, and auditing for investigation
Grafana integration
Displays system metrics in user-friendly graphs and enables building custom dashboards
Automatic service discovery
Finds and defines upstream resources (applications/microservices) that can be targets for connections
Admin dashboard GUI with multi-cluster views
Gives centralized observability and control of the whole system
Gloo Developer Portal (API mgmt)
Enables publishing, sharing, GitOps calling, and monetization of defined APIs
Simplified API
Makes it easier to configure and use Envoy Proxy
Long-term version support
Covers releases of Envoy for at least a year so you can upgrade on your schedule
N-3 version patching & back-porting
Fixes bugs and security issues in current and three previous releases of Envoy
Expert help on Slack
For fast response to all your questions by an active public community and Solo engineers worldwide
Enterprise support
Helps quickly resolve issues in production environments via Slack, email, and phone
Automated, federated traffic mgmt policy configuration
Defines and enforces application connection behavior consistently everywhere
Automated reconcile of policy changes
Verifies and applies new configurations and policies
Your choice of cloud & on-premises environments
Lets you run consistently anywhere you choose to operate your applications
Serverless functions integration
Enables connections to AWS Lambda alongside containers and other upstream resources
Virtual machines (VMs) support
Enables connections to VMs alongside containers and serverless upstream resources
Shape, shift, & transform traffic
To define exactly how you want requests to be processed and presented, and connect to diverse protocols
Federated multi-cluster operations & policies
Manage and observe across clusters and even hybrid and multi-cloud deployments
Simple object access protocol (SOAP) transforms
Tie in XML messaging protocols for legacy applications
A/B testing with Flagger
Test application updates as canaries with a specified slice of inbound connections
WebAssembly (Wasm)
Provides the ability to define extensible custom filters for security and control
Designed to operate naturally with K8s containers making it pluggable and leveraging custom resources (CRDs)
Schema in Gloo Edge CRDs
Enable the use of schemas to validate CRD functions, required with Kubernetes 1.22 and newer
Helm usability improvements
Define your applications and configuration, including node affinity with the desired resource characteristics
Envoy Proxy-based
Enhances the popular open source project as a solid foundation for future-proof innovation

Use Cases

API Gateway

Microservices and distributed applications require an API Gateway to act as a central point of access between the end users and potentially hundreds of backend services.
Learn More

Kubernetes Ingress

Kubernetes requires an ingress controller as part of the orchestration platform to manage incoming traffic to the containerized applications. Gloo provides a robust Kubernetes ingress controller.
Learn More

Developer Portal

Improve team communication and collaboration with a Kubernetes-native API developer portal built to run natively with Istio and Envoy Proxy that enables GitOps and CI/CD workflows
Learn More

Get started in 15 minutes

Follow our quick tutorial

Try it now

Discover Gloo Mesh

An Istio-based service mesh

Learn more

See a recorded demo

Tour key features

Watch now

Modern & Open

Run Anywhere
  • AWS
  • Azure
  • Google Cloud
  • Hashicorp Nomad
  • Kubernetes
  • Red Hat Openstack
  • VMware
Connect Microservices
  • Containers
  • Monoliths
  • Serverless Functions
Serverless Integrations
  • AWS Lambda
  • Azure Functions
  • Google Functions
Security Integrations
  • Hashicorp Vault
  • Let’s Encrypt
  • Open Policy Agent (OPA)
Service Mesh Integrations
  • AWS App Mesh
  • Gloo Mesh
  • Hashicorp Consul
  • Istio
  • Linkerd

Gameforge wanted to find new ways to optimise how our players access the 500+ servers for our online, browser-based, and mobile games. Gloo Edge as an API gateway combines perfectly with our Kubernetes clusters to prepare our technology stack for future challenges. Gloo Edge fulfilled all our requirements, including custom resources (CRDs), dynamic routing with JSON Web Tokens (JWT), and integration with Grafana.

Hannes Anders
CTO, Gameforge

ParkMobile partnered with because we were looking for the most innovative and flexible solutions on the market to power our growing platform. With over 16 million users of our application and a complex ecosystem of integrations, ParkMobile relies on Gloo Edge Enterprise and the supporting product suite for best-in-class API gateway and hybrid application communications that also adds in the power of monitoring and security to ensure peak performance of our platform at all times” 

Matt Ball
CTO, ParkMobile