Benefits
Learn about the benefits of Gloo Mesh Gateway and how you can use it in your single or multicluster setup.
Gloo Mesh Gateway is a feature-rich, Kubernetes-native ingress controller and next-generation API gateway. With Gloo Mesh Gateway, you have access to its exceptional function-level routing, discovery capabilities, numerous features, tight integration with leading open-source projects, and support for legacy apps, microservices, and serverless. Gloo Mesh Gateway is uniquely designed to support hybrid applications in which multiple technologies, architectures, protocols, and clouds can coexist.
Built on the Istio’s ingress gateway model, Gloo Mesh Gateway uses an Envoy proxy as the ingress gateway to manage and control traffic that enters your Kubernetes cluster. You use custom resources, such as Gloo virtual gateways, route tables, and policies to implement security measures that meet your business and app requirements, and that simplify configuring ingress traffic rules. Because these resources offer declarative, API-driven configuration, you can easily integrate Gloo Mesh Gateway into your existing GitOps and CI/CD workflows.
Use Gloo Mesh Gateway for production-ready support
Hardening and managing open source distributions is time-consuming and costly. Your engineering resources can be better invested in developing higher-value services that enhance your core business offerings. In the following table, review the benefits of using an enterprise license instead of open source. Then, continue reading for the benefits of using Gloo Mesh Gateway in single and multiple clusters.
Feature | Gloo Gateway | Istio ingress |
---|---|---|
Cross-origin resource sharing (CORS) | ✅ | ✅ |
TLS termination | ✅ | ✅ |
Header manipulation | ✅ | ✅ |
Retries, redirects, timeouts, fault injection, and outlier detection | ✅ | ✅ |
Mirroring | ✅ | ✅ |
Request and response transformations | ✅ | ❌ |
Federation | ✅ | ❌ |
Advanced rate limiting | ✅ | ❌ |
Advanced security including WAF and DLP | ✅ | ❌ |
Advanced external authentication for OIDC, OPA, API keys, and LDAP | ✅ | ❌ |
Advanced traffic routing and shaping, such as direct responses and route delegation | ✅ | ❌ |
Advanced locality-based and multicluster routing | ✅ | ❌ |
API developer portal | ✅ | ❌ |
Key benefits
Review the key benefits that you get with Gloo Mesh Gateway.
Load balancing and routing
With Gloo Mesh Gateway, you get a Layer 7 load-balancing solution that is built on open source projects. Envoy is a graduated CNCF project, and Istio recently joined the CNCF. Solo is a leader within both of these communities and can help you get the most value out of your investment in open source technology. With this open source foundation, you can configure a portable, vendor-neutral solution across cloud providers.
Gloo Mesh Gateway is uniquely designed to support hybrid applications, in which multiple technologies, architectures, protocols, and clouds can coexist. For example, by using virtual gateway and route table resources, you can set up intelligent routing within a single cluster or across clusters. In addition, you can use external services to route to endpoints that are hosted outside of your Kubernetes cluster, such as an on-prem database.
Traffic control
Gloo Mesh Gateway works with a suite of traffic policies for advanced traffic management that is essential for your distributed, cloud-native apps. Highlights of these policies include the following benefits:
- Upgrading services through canary deployments that can shift traffic to different versions based on a customizable percentage.
- Mirroring, or copying, requests to a “shadow” environment so that you can test upgrades before rolling out to production.
- Adding resiliency to your apps with timeouts, retries, and circuit breaking.
- Injecting faults to simulate abnormal conditions and perform stress tests of your apps.
- Manipulate request and response headers to inject or remove information specific to your apps, network, infrastructure, or environment.
- Transforming requests in a number of different ways, from simple HTTP redirects or prefix rewrites, to more advanced header and body manipulations for identity-based routing.
The policy “filters” that you can use with Gloo Mesh Gateway are highly extensible, and set you up for cutting edge adoption of technologies such as eBPF.
Security
Gloo Mesh Gateway can terminate TLS sessions before they reach your apps. You can configure the virtual gateway to use your own TLS certificates for each domain that it listens on. Such configuration means that you can use different certificates for different apps, to meet security standards.
You can also integrate identity providers with external authentication and authorization policies. Then, Gloo Mesh Gateway can make routing decisions based on the identity of the requester.
Threat prevention
You can apply several different policies to prevent threats before they reach the workloads in your cluster, such as auth, web application firewall (WAF), and rate limiting.
Observability
Gloo Mesh Gateway provides a variety of observability features to help you analyze your setup and the traffic that flows through your API Gateways. Metrics are automatically generated by the API Gateway and sent to the built-in Prometheus server. You can open the Prometheus UI and use PromQL queries to analyze the traffic that was processed by your API Gateway. Some of the metrics are also summarized and displayed in the Gloo UI. You can further use the Gloo UI to review the Kubernetes and Gloo Mesh Gateway resources that you set up, such as virtual gateways, route tables, or traffic policies.
You can use this data to detect failures, troubleshoot bottlenecks, and to find ways to improve the performance and reliability of the services in your cluster.
Central management
You can centrally manage and configure your gateway proxies across Kubernetes namespaces and clusters by using the Gloo management and data plane architecture, and custom resources such as Gloo workspaces and virtual gateways. That way, you can reduce the management overhead for your resources and decrease the risk of configuration drift.