Achieve Compliance, Zero Trust with Istio Ambient Mesh


Kubernetes API Gateway

Series: Kubernetes API Gateway

What is an API Gateway?

An API gateway sits between external clients and the applications running in your datacenter and clouds. APIs (application programming interfaces) define how applications can communicate, without the client having to know where or how they are implemented. An API gateway validates incoming requests, routes them to the appropriate backend service based on defined policies, and then returns the appropriate result to the client.

Architecturally, API gateways have both a data plane and a control plane. The data plane is where traffic flows from your external clients through the proxies to the backend services. The control plane is where your configuration and policies are defined. These configurations are pushed to the proxies to adjust the flow of traffic or to add security checks like authentication. With adoption of Kubernetes containers and cloud-native architectures for modern applications, technologies like the open source Envoy Proxy and Istio have emerged to enable application networking for distributed systems. Envoy has become the most popular proxy at the edge, and also as the sidecar to handle internal traffic in an Istio service mesh.

Why you need a modern API gateway

Legacy API gateways were not designed for the highly dynamic environments like cloud and Kubernetes. They require additional infrastructure and a lot of effort to become highly-available and production ready. And legacy API gateways are often deployed centrally which conflicts with the distributed nature of modern applications.

APIs are the interfaces which applications use to communicate and the gateway is the control point for routing, shaping, and securing that traffic. As the API gateway intercepts the incoming request, security rules can be applied to inspect the request, authenticate the client, and rate limit the request to protect the backend service from exploit or failure. API gateways can route and shape traffic to support use cases like canary deployments and traffic shadowing to ensure safer application deployments and to maintain a great end user experience.

Incoming traffic is filtered and routed to the appropriate services.

Why choose as the API gateway for your modern apps’s Gloo Mesh Gateway and Gloo Edge deliver robust API gateways by enhancing open source Istio and Envoy Proxy. By default, basic open source distributions of Istio and Envoy don’t go far enough to deliver features needed for comprehensive application networking. Traffic routing alone isn’t enough, and if you use pure open source you inherit the burden of developing and maintaining missing enterprise features forever. adds comprehensive functionality to your API gateways, reducing complexity while increasing security, reliability, and observability for consistent applications and microservices connectiv

Manage API ingress and egress at the edge

With traffic from external sources coming in over the Internet, you’ll need routing, circuit breaking, rate limiting, load balancing, and locality-aware failover to maintain reliable connections to your services.

Comprehensively secure all connections

Establish a zero-trust environment where every inbound connection is validated before being allowed. Integrate with your existing external authentication and authorization servers. Use mTLS encryption to protect data-in-motion on all connections.

Federate configurations and policies as code

Manage application networking with common policies implemented consistently everywhere. Developers and operators can use declarative CRDs, usually as part of a DevOps or GitOps process, to manage traffic, implement security policy, and configure observability.

Define custom rules and behaviors

Set up a filter chain to enforce rules in priority order, create inline transformations, and make your own custom filters, in any language, with WebAssembly (Wasm.)

Build a developer portal

Fully integrated with Gloo Mesh Gateway and Gloo Edge, Gloo Portal abstracts the complexity and enables developers to publish, document, share, discover, and use APIs with rich controls and comprehensive security information.

Limit access to resources

Use granular role-based access controls and delegation to limit which clients and administrators have permissions to applications, resources, and management tools.