Gloo Gateway overview
Learn more about Gloo Gateway, its architecture, and benefits.
About Gloo Gateway
Gloo Gateway is a feature-rich, fast, and flexible Kubernetes-native ingress controller and next-generation API gateway that is built on top of Envoy proxy. An API Gateway is a reverse proxy that serves as a security barrier between your clients and the microservices that make up your app. In order to access a microservice, all clients must send a request to the API Gateway. The API Gateway then verifies and routes the request to the microservice.
To let you set up and leverage advanced routing, traffic management, security, resiliency, and integration capabilities, you can choose to run a Gloo Gateway proxy with one of the following APIs: the Kubernetes Gateway API with custom Gloo Gateway extensions or the Gloo Edge API. The Gloo Gateway control plane can process custom resource requests from both APIs and translate these resources into valid Envoy configuration that the Envoy proxies can pick up and apply.
Because of that, Gloo Gateway gives you the flexibility to run both Kubernetes Gateway API and Gloo Edge API Envoy proxies in your environment at the same time so that you can customize your API gateway to the needs of your app and organization. Keep in mind that you can only have one installation of Gloo Gateway with the Kubernetes Gateway API at a time. Installing the product twice causes required Kubernetes resources that are cluster-scoped, such as GatewayClass, to fail. You can still create multiple Gateway resources to configure HTTP and HTTPS listeners on Gloo Gateway.
K8s Gateway API
Gloo Gateway is fully conformant with the Kubernetes Gateway API and extends its functionality with Solo’s custom Gateway APIs, such as RouteOption, VirtualHostOption, Upstreams, RateLimitConfig, or AuthConfig. These resources help to centrally configure routing, security, and resiliency rules for a specific component, such as a host, route, or gateway listener.
The following image shows the extensions that Gloo Gateway provides on top of the Kubernetes Gateway API:
The capabilities that you can leverage in your API Gateway, such as applying the following features to a host or route, depend on the Gloo Gateway edition that you install:
Open source (OSS):Set up an Envoy proxy that is based on the Kubernetes Gateway API and use Kubernetes Gateway API-native features and the following Gloo Gateway extensions to configure basic routing, security, and resiliency capabilities. Note that this list provides a general overview of major features, and is not exhaustive.
Enterprise Edition:In addition to the basic features provided by the OSS edition, many more features are available in the Enterprise Edition. Note that this list provides a general overview of major features, and is not exhaustive.
- AI Gateway
- External authentication and authorization
- External processing
- Data loss prevention
- JSON web token (JWT)
- Global rate limiting
- Portal
- Response caching
- Traffic tapping
- Web Application Filters
In addition, several features that were previously introduced in the Gloo Edge API were improved. Examples include the developer portal that now comes with more flexible APIs and built-in Backstage support, and an improved Istio integration that allows for easier injection of Istio sidecars.
To use these Enterprise-only Gloo Gateway API extensions, you must have a valid Enterprise license key. To get a license, contact an account representative.
Gloo Edge API
To learn more about using Gloo Gateway with the Gloo Edge API, see the Gloo Gateway (Gloo Edge API) documentation.
Default gateway proxy setup
Gloo Gateway automatically spins up, bootstraps, and manages gateway proxy deployments when you create a Kubernetes Gateway resource. To do that, a combination of Gloo Gateway and Kubernetes resources are used, such as GatewayClass, GatewayParameters, Settings, and a gateway proxy template that includes the Envoy configuration that each proxy is bootstrapped with.
To learn more about the default setup and how these resources interact with each other, see the Default gateway proxy setup.