Gloo Platform products
Learn about Gloo Platform management components, licensed products, and modules.
With Gloo Platform, you get a suite of tools to consistently and securely manage your L3-L7 network application traffic. Gloo consists of an installable set of platform management tools that you install in a Kubernetes-based cluster via the Gloo CLI (meshctl
) or Helm. Then, you unlock various network management capabilities with product or module licenses, as shown in the following figure.
Shared platform management
When you install Gloo in your cluster, you get several components to provide custom resources, observability, and management capabilities for the product licenses that you have. These components run in your cluster even if you do not add a product license, in which case the components do not report back any data until you start using a product.
You can also choose to install several optional components to extend functionality, such as rate limiting and external authentication servers. Finally, you can use Gloo Platform to manage open source components for your gateway and service mesh, such as Istiod.
For more information about these components, see Platform architecture.
Licensed products
Product licenses unlock certain capabilities in Gloo Platform. For example, with a Gloo Mesh Enterprise license, you can apply Gloo custom resource definitions (CRDs) that allow you to consistently manage your application networking resources across a multicluster service mesh.
Product licenses unlock certain capabilities in your Gloo environment. Gloo products are built on hardened Solo images of related open source projects.
Product | OSS projects | Description |
---|---|---|
Gloo Mesh Core | Istio | Gloo Mesh Core deploys alongside your Istio environment in single or multicluster environments, and can discover existing Istio installations across clusters and infrastructure providers. A Gloo Mesh Core license also unlocks hardened FIPS-compliant Istio images with n-4 version support, as well as Istio lifecycle management, in which Gloo Mesh Core deploys and manages the lifecycle of Istio installations across clusters. Gloo Mesh Core comes with an insights engine that automatically analyzes your Istio setup for health, security, and resiliency issues. Then, Gloo shares these issues along with recommendations to harden your Istio and setup in a custom dashboard. The insights give you a checklist to address issues that might otherwise be hard to detect across your environment. |
Gloo Mesh Enterprise | Istio | Gloo Mesh Enterprise manages Istio-based service meshes across clusters and infrastructure providers, and secures communication between workloads via mTLS. A Gloo Mesh Enterprise license unlocks hardened, FIPS-compliant Istio images with n-4 version support. You get a simplified management experience for multitenancy, service isolation, federation, and east-west traffic management. Gloo Mesh Enterprise even automatically discovers your Istio resources and translates them into the appropriate Gloo custom resources (CRs) so that intelligent, multicluster failover works out of the box. You also get Gloo CRs to manage internal mesh routing, including virtual gateways, route tables, and policies such as external auth and rate limiting. Keep in mind that for advanced ingress routing features, you need a Gloo Mesh Gateway license alongside Gloo Mesh Enterprise. For example, without a Gloo Mesh Gateway license, you cannot use cloud resources or AWS Lambda; advanced listener configuration such as TLS for ingress routes; add-ons such as external auth, rate limiting, or the developer portal for non-mesh ingress use cases; or policies that apply to ingress routes such as Web Application Firewall (WAF). |
Gloo Mesh Gateway | Envoy, Istio | Gloo Mesh Gateway is an API gateway based on Envoy and Istio open source technologies. A Gloo Mesh Gateway license unlocks Gloo CRs such as virtual gateways, route tables, and policies so that you can control network traffic into (ingress) and out from (egress) your clusters. You get traffic manipulation features, such as Envoy filters for resilience and transformation. You can also secure ingress traffic with security filters such as web application firewall (WAF), external auth, and rate limiting. You can enhance your API gateway, such as with support for routing to AWS Lambdas or adding a developer portal. Keep in mind that for internal service mesh traffic management, you need a Gloo Mesh Enterprise license alongside Gloo Mesh Gateway. For example, without a mesh license, you cannot use workload selectors on route tables; route tables without a virtual gateway; or access, access log, or failover. |