Gloo Mesh Gateway builds on the Gloo Platform architecture to unlock multicluster routing capabilities and a variety of traffic policies to secure, control, and monitor requests that enter your cluster.

The following image shows a sample Gloo Mesh Gateway setup where the gateway proxy serves as the main entrypoint for external clients. You can configure Gloo Mesh Gateway to route incoming requests to services in your Kubernetes cluster or endpoints that are hosted outside of your cluster, such as a virtual machine, a function in AWS Lambda, a database service, etc.

Gloo Mesh Gateway builds on and extends the features that are provided by the Istio ingress gateway, such as failover, outlier detection, retries, and timeouts. In addition, Gloo Mesh Gateway uses the main Gloo components to provide extra security, observability, and intelligent traffic management controls. For example, to protect the apps in your cluster, you can set up external authentication and authorization with your preferred identity provider, rate limit incoming requests, or use filters, such as the Web Application Filter (WAF) and Web Assembly (WASM) to customize the behavior of your gateway proxy.

Figure: Overview of the Gloo Mesh Gateway architecture