Gateway module

Gloo Mesh Gateway, which is an abstraction of Istio's ingress gateway model, uses an Envoy proxy as the ingress gateway into and out of your multicluster service mesh environment.

Gateway use cases

Using the Gloo Mesh API helps you simplify your networking setup because you can write advanced configurations one time and apply the same configuration in multiple places and different contexts. For example, you can write a rate limit or authentication policy once. Then, you can apply this policy both to traffic that enters the cluster via Gloo Mesh Gateway (north-south), as well as to traffic across clusters via the Istio service mesh gateway (east-west).

Gateway includes the following capabilities to help you manage and secure north-south traffic to your service mesh.

License requirements

You must purchase a Gloo Mesh Gateway license. When you install Gloo Mesh, use this gateway license instead of a basic Gloo Mesh Enterprise license.

For a comparison of the features you get with a Gloo Mesh Gateway license versus a standard Gloo Mesh Enterprise license or the open source, basic version of an Istio ingress gateway, see the following table.

Feature Gloo Mesh Gateway license Gloo Mesh Enterprise standard license Istio ingress
Proxy external traffic to mesh workloads
Cross-origin resource sharing (CORS)
TLS termination
mTLS
Header manipulation
Retries, redirects, timeouts, and fault injection
API developer portal
Automatic service and API discovery
Federation
Advanced rate limiting
Advanced security including WAF and DLP
Advanced external authentication for OIDC, OPA, API keys, and LDAP
Request and response SOAP transformation
Advanced traffic routing and shaping, such as direct responses and route delegation

Next Steps

Try out the Gloo Mesh Gateway module guide.