Network Encryption

Network security and encryption is incredibly important, especially for public facing services or services that carry sensitive data. Gloo Edge can assist with the following use cases:

• Perform TLS termination for downstream clients, unencrypting traffic arriving from downstream clients
• Loading client certificates to perform mutual TLS with an upstream server which is already serving TLS
• Configure mutual TLS with the Envoy proxy served by the xDS service on the Gloo Edge pod

The following guides provide more detail on how to configure each feature:

• Setting up Server TLS: Set up Server-side TLS for Gloo Edge

• Setting up Upstream TLS: Set up Gloo Edge to route to TLS-encrypted services

• Setting up Upstream TLS with Service Annotations: Set up Gloo Edge to route to TLS-encrypted services using Kubernetes Service object annotations

• Gloo Edge mTLS mode: Ensure that communications between Gloo Edge and Envoy is secure with mTLS