Benefits

With Gloo Gateway, you get a Layer 7 load-balancing solution that is built on open source projects. Envoy is a graduated CNCF project, and Istio recently joined the CNCF. Solo is a leader within both of these communities and can help you get the most value out of your investment in open source technology. With this open source foundation, you can configure a portable, vendor-neutral solution across cloud providers.

Gloo Gateway is uniquely designed to support hybrid applications, in which multiple technologies, architectures, protocols, and clouds can coexist. For example, by using virtual gateway and route table resources, you can set up intelligent routing within a single cluster or across clusters. In addition, you can use external services to route to endpoints that are hosted outside of your Kubernetes cluster, such as an on-prem database.

Gloo Gateway works with a suite of traffic policies for advanced traffic management that is essential for your distributed, cloud-native apps. Highlights of these policies include the following benefits:

• Upgrading services through canary deployments that can shift traffic to different versions based on a customizable percentage.
• Mirroring, or copying, requests to a “shadow” environment so that you can test upgrades before rolling out to production.
• Adding resiliency to your apps with timeouts, retries, and circuit breaking.
• Injecting faults to simulate abnormal conditions and perform stress tests of your apps.
• Manipulate request and response headers to inject or remove information specific to your apps, network, infrastructure, or environment.
• Transforming requests in a number of different ways, from simple HTTP redirects or prefix rewrites, to more advanced header and body manipulations for identity-based routing.

The policy “filters” that you can use with Gloo Gateway are highly extensible, and set you up for cutting edge adoption of technologies such as WebAssembly (Wasm), GraphQL, and eBPF.

Gloo Gateway can terminate TLS sessions before they reach your apps. You can configure the virtual gateway to use your own TLS certificates for each domain that it listens on. Such configuration means that you can use different certificates for different apps, to meet security standards.

You can also integrate identity providers with external authentication and authorization policies. Then, Gloo Gateway can make routing decisions based on the identity of the requestor.

You can apply several different policies to prevent threats before they reach the workloads in your cluster, such as auth, web application firewall (WAF), and rate limiting.

Gloo Gateway provides a variety of observability features to help you analyze your setup and the traffic that flows through your API Gateways. Metrics are automatically generated by the API Gateway and sent to the built-in Prometheus server. You can open the Prometheus UI and use PromQL queries to analyze the traffic that was processed by your API Gateway. Some of the metrics are also summarized and displayed in the Gloo UI. You can further use the Gloo UI to review the Kubernetes and Gloo Gateway resources that you set up, such as virtual gateways, route tables, or traffic policies.

You can use this data to detect failures, troubleshoot bottlenecks, and to find ways to improve the performance and reliability of the services in your cluster.

You can centrally manage and configure your gateway proxies across Kubernetes namespaces and clusters by using the Gloo management and data plane architecture, and custom resources such as Gloo workspaces and virtual gateways. That way, you can reduce the management overhead for your resources and decrease the risk of configuration drift.