- Product
- Gloo Gateway
API Gateway and Kubernetes Ingress
Gloo Gateway is an integrated part of the Gloo Platform, delivering API Gateway and Kubernetes Ingress functionality.
Announcing GraphQL for Gloo Gateway!
Block Log4Shell attacks with Gloo Gateway
The Advantages of an Envoy-based API Gateway
An API gateway receives requests from clients (e.g. external clients like web and mobile applications or applications and services located on-premises, in the cloud or mixed in hybrid environments) and manages ingress to the appropriate services within its domain. The API gateway sits in the data plane and manages “North/South” traffic by providing services including security, reliability, filtering, transformations, and routing. Working collectively, the API gateway can provide higher-level services such as high availability, load balancing, failover, zero-trust security, tracing, and metrics gathering.
“Next-generation” gateways are also purpose-built for highly dynamic, ephemeral environments like Kubernetes and built with the design principles of declarative configuration, decentralized ownership, and self-service collaboration. In addition, next-gen gateways use declarative CRDs enabling you to seamlessly integrate them into your GitOps workflow.
Gloo Gateway extends Envoy Proxy with a rich set of Security, Scalability, Resiliency, Cloud Integrations, and Ease of Use capabilities. Gloo Gateway’s architecture enables customers to significantly reduce their API-Gateway footprint (vs. legacy API Gateways), as well as improve overall scalability and reduce application latency. Gloo Gateway is part of the broader Gloo Platform framework for centralized deployments and policy management, integrated with GitOps best-practices.
How it Works
Gloo Gateway can be deployed in either a Layered Gateway configuration or a Virtual Gateway configuration depending on the requirements of your network architecture.
Layered Gateway
In a Layered Gateway configuration, an Application Edge Gateway is configured to control and secure access to different container clusters and VMs in your environment.
This enables different traffic management, security policy and resiliency configurations to be applied at different layers in your application network.
Virtual Gateway
In a Virtual Gateway configuration, multiple API gateways create a “virtual” destination eliminating any single points of failure and reduce network latency.
The Virtual Gateway provides a single configuration point but is implemented as a decentralized API gateway. The Virtual Gateway can also be implemented across containers, VMs and hybrid services.
Feature ComparisonsCompare Gloo Edge editions and basic open source Istio. DOWNLOAD COMPARISON SHEET > |
Basic Open Source Envoy |
|---|
Secure
Transport layer security (TLS and mTLS)Provides end-to-end encryption to protect data in motion between end points
|
|||
Secrets (with Kubernetes and HashiCorp Vault)PrManages sensitive credentials like passwords, tokens, and keys
|
|||
Access logging (with redaction) & usage statsProvides complete observability and auditability of all activity across the system
|
|||
Built-in web application firewall (WAF)Open source ModSecurity screens traffic for threats and stops attacks
|
|||
Data loss prevention (DLP)Monitors for data breaches or exfiltration to prevent data loss and data leaks
|
|||
Extensible authenticationIntegrates with API keys, JSON web tokens (JWT), lightweight directory access protocol (LDAP), OAuth, OpenID Connect (OIDC), and custom services
|
|||
Federated role-based access controlGrants permissions to users appropriate to their responsibility and applies them consistently everywhere
|
|||
Open Policy Agent (OPA) for authorizationDefines service API policies as code
|
|||
Vulnerability scanning and publicationsFinds, addresses, and alerts on weaknesses in the system
|
Reliable
Dynamic routing for HTTP, TCP, gRPCDirects inbound (ingress) and outbound (egress) connections for layer 4 (TCP) and layer 7 (HTTP/S) traffic
|
|||
QuotasSet limits on application traffic to meet desired workloads
|
|||
Health checksConfirm that the system is operating as expected
|
|||
Retries, circuit breaker, timeoutsHandle exceptions and issues in connections gracefully
|
|||
Advanced rate limiting (metrics, server config, rate limit config)Define custom policies to handle more complex situations
|
|||
Configuration validationMakes sure that the system is deployed and defined correctly
|
|||
Service level agreements (SLAs)Provide assurance that issues are responded to in a timely manner
|
|||
Global failover and routingRedirects application traffic to other resources in the event of an outage
|
Unified
Cross-origin resource sharing (CORS)Set policies for and pre-verifies which origins are allowed to connect to specified resources
|
|||
Prometheus integrationCollects system metrics for observability to monitor and troubleshoot, and auditing for investigation
|
|||
Grafana integrationDisplays system metrics in user-friendly graphs and enables building custom dashboards
|
|||
Automatic service discoveryFinds and defines upstream resources (applications/microservices) that can be targets for connections
|
|||
Admin dashboard GUI with multi-cluster viewsGives centralized observability and control of the whole system
|
|||
Gloo Developer Portal (API mgmt)Enables publishing, sharing, GitOps calling, and monetization of defined APIs
|
|||
GraphQL embeddedRun and query GraphQL servers on Gloo Edge
|
Easy
Simplified APIMakes it easier to configure and use Envoy Proxy
|
|||
Long-term version supportCovers releases of Envoy for at least a year so you can upgrade on your schedule
|
|||
N-3 version patching and back-portingFixes bugs and security issues in current and three previous releases of Envoy
|
|||
Expert help on SlackFor fast response to all your questions by an active public community and Solo engineers worldwide
|
|||
Enterprise supportHelps quickly resolve issues in production environments via Slack, email, and phone
|
|||
Automated, federated traffic mgmt policy configurationDefines and enforces application connection behavior consistently everywhere
|
|||
Automated reconcile of policy changesVerifies and applies new configurations and policies
|
Comprehensive
Your choice of cloud and on-premises environmentsLets you run consistently anywhere you choose to operate your applications
|
|||
Serverless functions integrationEnables connections to AWS Lambda alongside containers and other upstream resources
|
|||
Virtual machines (VMs) supportEasy bootstrapping of VMs to connect with containers and serverless upstream resources
|
|||
Shape, shift, and transform trafficTo define exactly how you want requests to be processed and presented, and connect to diverse protocols
|
|||
Federated multi-cluster operations and policiesManage and observe across clusters and even hybrid and multi-cloud deployments
|
|||
Simple object access protocol (SOAP) transformsTie in XML messaging protocols for legacy applications
|
|||
A/B testing with Flagger integrationsCustomize how you test application updates as canaries with a specified slice of inbound connections
|
Limited
|
||
WebAssembly (Wasm)Provides the ability to define extensible custom filters for security and control
|
Modern & Open
Kubernetes-nativeDesigned to operate naturally with K8s containers making it pluggable and leveraging custom resources (CRDs)
|
|||
Schema in Gloo Edge CRDsEnable the use of schemas to validate CRD functions, required with Kubernetes 1.22 and newer
|
|||
Helm usability improvementsDefine your applications and configuration, including node affinity with the desired resource characteristics
|
|||
Envoy Proxy-basedEnhances the popular open source project as a solid foundation for future-proof innovation
|
|||
Upstream GraphQLEmbeds GraphQL querying into Gloo Edge
|
Use Cases
API Gateways
Reduce complexity while increasing security, reliability, and observability for your applications.
LEARN MORE
Modern & Open
Gloo Gateway is built on extensible, cloud-native, Kubernetes-native open source software that can run in any environment.
Run
Anywhere
- AWS
- Azure
- Google Cloud
- HashiCorp Nomad
- Kubernetes
- Red Hat Openstack
- VMware
Connect Microservices
- Containers
- Monoliths
- Serverless Functions
Serverless Integrations
- AWS Lambda
- Azure Functions
- Google Functions
Security Integrations
- HashiCorp Vault
- Let’s Encrypt
- Open Policy Agent (OPA)
Service Mesh Integrations
- AWS App Mesh
- Gloo Mesh
- HashiCorp Consul
- Istio
- Linkerd
GraphQL Integration
- Lifecycle
- Security
- Reliability
- Scalability
- Observability
-
ParkMobile partnered with Solo.io because we were looking for the most innovative and flexible solutions on the market to power our growing platform. With over 16 million users of our application and a complex ecosystem of integrations, ParkMobile relies on Gloo Gateway and the supporting product suite for best-in-class API gateway and hybrid application communications that also adds in the power of monitoring and security to ensure peak performance of our platform at all times.
Matt BallCTO, ParkMobile -
Gameforge wanted to find new ways to optimise how our players access the 500+ servers for our online, browser-based, and mobile games. Gloo Gateway as an API gateway combines perfectly with our Kubernetes clusters to prepare our technology stack for future challenges. Gloo Gateway fulfilled all our requirements, including custom resources (CRDs), dynamic routing with JSON Web Tokens (JWT), and integration with Grafana.
Hannes AndersCTO, Gameforge -
As we look to break out our monolithic backend and deploy new microservices into Kubernetes, we needed a highly scalable API Gateway to not only aggregate the microservices into a coherent API, but remove duplication from within these microservices by centralizing features such as authentication and rate limiting. The configuration of Gloo Gateway via CRDs is a major advantage for our Infrastructure team and fits within our existing GitOps workflow.
Jon WaltonDevOps architect
