How Gloo Mesh helps you
Gloo Mesh is an Istio-based service mesh and control plane that simplifies and unifies the configuration, operation and visibility of the service-to-service connectivity within distributed applications.
How It Works
Gloo Mesh manages your service mesh, including API gateways for Ingress and the application edge.
1
Gloo Gateway
Istio-based north-south API gateway to govern and manage requests for services
- Certificate management and rotation
- Integrate with Identity & Access Management systems to leverage existing security policies
- Enforce authentication, authorization, and encryption including mTLS
- Manage request routing, rate-limiting, load balancing, circuit breaking and failover traffic based on locality and affinity rules
- Protect against attacks with a built-in web application firewall (WAF)
- Guard against sensitive info breaches with data loss prevention (DLP)
- Collect metrics for observability, troubleshooting, and auditing with Prometheus and Grafana
- Transformations filter / SOAP
2
Gloo Mesh Core
Manage cluster ingress (and egress) for Kubernetes clusters, VMs, and legacy applications:
- FIPS-ready Istio-based service mesh
- Automated service and API discovery
- Enforce zero-trust security with authentication, authorization, and encryption
- Apply custom policies to route, filter, and transform L4 and L7 traffic
- Manage retries, timeouts, and circuit breakers
- Load balance and failover traffic based on locality and affinity rules
- Guard against sensitive info breaches with data loss prevention
- Collect metrics for observability, troubleshooting, and auditing with Prometheus and Grafana
3
Gloo GraphQL
Gloo Mesh integrates with GraphQL to enable a secure and scalable approach to querying your APIs directly in your service mesh. Key capabilities include:
- A unified endpoint to query all your services and data
- A complete description of the data in an API
- No need to build separate GraphQL servers or manage libraries
- Use GraphQL with Gloo Portal for GitOps and CI/CD
4
Gloo Mesh Extensions
Extend and customize your API infrastructure with tooling for WebAssembly, plugins, and operators
- Delegate authentication using OpenID Connect
- Pre-built support for external authentication (OIDC/OAuth), API Key, LDAP, and OPA Auth
- Extend Envoy Proxy capabilities with pre-built extensions including:
- Web Application Firewall (WAF)
- Data Lost Prevention (DLP)
- AWS Lambda
- Request and Response Transition
- SOAP
- Create custom Envoy Proxy filters with Web Assembly (Wasm)
5
Developer Portal
Catalog, publish, and securely share APIs via a self-service portal
- CRD driven and works flawlessly with existing GitOps and CI/CD processes
- Accelerate developer onboarding with self-service documentation, and self-service sign up
- Manage gRPC APIs and REST APIs in the same developer portal
- Upload existing OpenAPI and proto documents to build the catalog
- Communicatie authentication/authorization, usage plans and policies
- Showback, chargeback, and usage tracking of APIs
- Supports REST and gRPC APIs
- No database required
Gloo Mesh provides a Kubernetes-native management plane, an enhanced Istio distribution, and enhancements to Envoy Proxy delivering API gateway and service mesh capabilities.
Key Capabilities Include:
- Istio Lifecycle Management
- Security
- Traffic Management
- Global Routing & Failover
- Policy Management
- Global Service Discovery
- Multi-tenancy & RBAC
- Extensibility
- Multi-cluster Observability
- Multi-cluster Operations






Feature ComparisonsCompare Gloo Mesh editions and basic open source Istio. DOWNLOAD COMPARISON SHEET > |
Basic Open Source Istio |
---|
Secure

TLS/mTLS encryptionProvides end-to-end encryption to protect data in motion between end points
|
|||
Multi-tenancy and isolationLets service meshes share resources securely
|
|||
Federated trust domainsSafely authenticate users and applications across environments
|
|||
Federated role-based access control and delegationGrants permissions to users appropriate to their responsibility and applies them consistently everywhere
|
|||
Safe handling of signing cert and Root rotationManage and execute SSL certificates from a centralized platform
|
|||
Multi-cluster observability metrics/graphProvides complete observability and auditability of all activity across the system
|
|||
FIPS (140-2) compliantValidated to meet strict security standards
|
|||
Secure configuration model for cluster relaySafely shares configurations across the system
|
|||
Secrets integration (with Kubernetes & HashiCorp Vault)Manages sensitive credentials like passwords, tokens, and keys
|
|||
OIDC/Oauth 2.0 flowsManages authentication of users and applicationsManages authentication of users and applications
|
|||
Built-in web application firewall (WAF)Open source ModSecurity screens traffic for threats and stops attacks
|
|||
Data loss prevention (DLP)Monitors for data breaches or exfiltration to prevent data loss and data leaks
|
|||
External AuthenticationIntegrates with API keys, JSON web tokens (JWT), lightweight directory access protocol (LDAP), OAuth, OpenID Connect (OIDC), and custom services
|
|||
Open Policy Agent (OPA) for authorizationDefines service API policies as code
|
|||
Vulnerability scanning and publicationsFinds, addresses, and alerts on weaknesses in the system
|
Reliable

Multi-cluster dynamic routingSteers connections on-the-fly to available resources across clusters as needed
|
Limited
|
||
Retries, circuit breaker, timeoutsHandle exceptions and issues in connections gracefully
|
|||
Priority failover routingDefines in which order alternate resources should receive re-directed traffic in the event of a service outage
|
|||
No-interruption updatesRolls out new configurations and policies without requiring restarts or pausing operations
|
|||
Published SLAsProvide assurance that issues are responded to in a timely manner
|
|||
Dynamic scaling to thousands of nodesRobustly manages regular and unexpected variations and spikes in workloads
|
|||
Simplified Global-Service NamingUse consistent naming across all clusters
|
Limited
|
||
Health checksConfirm that the system is operating as expected
|
|||
Advanced rate limitingDefine custom policies to handle more complex situations
|
|||
Configuration validationMakes sure that the system is deployed and defined correctly
|
Unified

Distributed tracing (integration with Jaeger)Facilitates root cause analysis of issues across the system
|
|||
Multi-cluster security policiesImplement consistently across all environments to avoid exposure or risk of errors
|
|||
Multi-version compatibilityEnables running different versions of Istio together so you can upgrade at will
|
|||
Multi-mesh supportGives you the ability to operate and manage heterogeneous multiple service meshes together
|
|||
Multi-cluster observability (including Prometheus and Grafana)Collects system metrics for observability to monitor and troubleshoot, and auditing for investigation
Displays system metrics in user-friendly graphs and enables building custom dashboards |
|||
Cross-origin resource sharing (CORS)Set policies for and pre-verifies which origins are allowed to connect to specified resources
|
|||
Global service discoveryFinds and defines upstream resources (applications/microservices) that can be targets for connections
|
|||
Admin dashboard GUI with multi-cluster viewsGives centralized observability and control of the whole system
|
|||
Gloo Developer Portal (API mgmt)Enables publishing, sharing, GitOps calling, and monetization of defined APIs
|
|||
Workspace for multi-tenancyUsers can work within their own workspace domain
|
Easy

Simplified APIMakes it easier to configure and use Istio and Envoy Proxy
|
|||
Long-term version supportCovers releases of Istio and Envoy for at least a year so you can upgrade on your schedule
|
|||
N-4 version patching & back-portingFixes bugs and security issues in current and four previous releases of Istio and Envoy
|
|||
Expert help on SlackFor fast response to all your questions by an active public community and Solo engineers worldwide
|
|||
Enterprise supportHelps quickly resolve issues in production environments via Slack, email, and phone
|
|||
Federated multi-cluster operations & policiesManage, push configurations, and observe across clusters and even hybrid and multi-cloud deployments
|
|||
Istio lifecycle managementAutomated deployment, patching, and upgrades
|
Comprehensive

Global service routingDirects application connections across any environment for choice and reliability
|
|||
Locality-aware load balancingManages routing of workloads across distributed resources to achieve best performance and results
|
|||
Support for ARM processorsOperates efficiently on high performance processors for compute
|
|||
Virtual machines (VMs) supportEasy bootstrapping of VMs to connect with containers and serverless upstream resources
|
|||
Your choice of cloud & on-premises environmentsLets you run consistently anywhere you choose to operate your applications
|
|||
Serverless functions integrationEnables connections to AWS Lambda alongside containers and other upstream resources
|
|||
Shape, shift, & transform trafficTo define exactly how you want requests to be processed and presented, and connect to diverse protocols
|
|||
Simple object access protocol (SOAP) transformsTie in XML messaging protocols for legacy applications
|
|||
GitOpsManage applications and operations on-demand
|
Modern & Open

Upstream IstioEnhances the popular open source project as a solid foundation for future-proof innovation
|
|||
Upstream Envoy Proxy (managed by Istio)Enhances the popular open source project as a solid foundation for future-proof innovation
|
|||
Upstream GraphQLEmbeds GraphQL querying into Gloo Mesh
|
|||
Kubernetes-nativeDesigned to operate naturally with K8s containers making it pluggable and leveraging custom resources (CRDs)
|
|||
Hybrid and multi-cloud supportManage services running anywhere
|
|||
Multi-cluster WebAssembly (Wasm)Provides the ability to define extensible custom filters for security and control
|
Gloo Portal is now included with Gloo Mesh Enterprise
Gloo Mesh Enterprise now includes a multi-cluster, Istio-based developer portal
Gloo Mesh Gateway is now available with Gloo Mesh Enterprise
Gloo Mesh Gateway is an Istio-based API gateway to manage North-South traffic
Gloo GraphQL (coming soon) for Gloo Mesh Enterprise
Query GraphQL APIs using your Gloo Mesh service mesh