Gloo Platform products
With Gloo Platform, you get a suite of tools to consistently and securely manage your L3-L7 network application traffic. Gloo consists of an installable set of platform management tools that you install in a Kubernetes-based cluster via the Gloo CLI (
meshctl) or Helm. Then, you unlock various network management capabilities with product or module licenses, as shown in the following figure.
Shared platform management
When you install Gloo in your cluster, you get several components to provide custom resources, observability, and management capabilities for the product licenses that you have. These components run in your cluster even if you do not add a product license, in which case the components do not report back any data until you start using a product.
You can also choose to install several optional components to extend functionality, such as rate limiting and external authentication servers. Finally, you can use Gloo Platform to manage open source components for your gateway and service mesh, such as Istiod.
For more information about these components, see Platform architecture.
Product licenses unlock certain capabilties in Gloo Platform. For example, with a Gloo Mesh license, your Gloo Platform agent installs Mesh custom resource definitions (CRDs) in each registered cluster. With these CRDs, you can consistently manage your application networking resources across clusters.
|Product||Related open source projects||Description|
|Gateway||Envoy, Istio||Gloo Gateway is an API gateway based on Envoy and Istio open source technologies. A gateway license unlocks custom resources such as virtual gateways, route tables, and policies so that you can control network traffic into (ingress) and out from (egress) your clusters. You get traffic manipulation features, such as Envoy filters for resilience and transformation. You can also secure ingress traffic with security filters such as web application firewall (WAF), external auth, and rate limiting.|
|Mesh||Istio||Gloo Mesh manages Istio-based service meshes across clusters and infrastructure providers, and secures communication between workloads via mTLS. A mesh license unlocks hardened, FIPS-compliant Istio images with
|Network||eBPF, Cilium||Gloo Network is a Cilium-based container network interface (CNI) plug-in that leverages the Linux kernel technology eBPF to provide connectivity, security, and observability for containerized workloads. You can use Gloo policies to consistently apply L3 and L4 access control across all the services in your multicluster environment. If you use Network with Mesh or Gateway, you can even reuse the same access policies to add L7 access control.|
Modules further extend select products with licensed capabilities. The license that you use when installing or upgrading Gloo Platform can include both a product and module, instead of separate licenses. For example, you might have a Gloo Gateway with GraphQL license to use the Gateway product along with the GraphQL module.
|Module||Products the module can extend||Description|
|GraphQL||Gateway, Mesh||GraphQL is a server-side query language and runtime you can use to expose your APIs as an alternative to REST APIs. GraphQL allows you to request only the data you want and handle any subsequent requests on the server side, saving numerous expensive origin-to-client requests by instead handling requests in your internal network. By building GraphQL capabilties into the Gloo ingress or east-west gateways, Gloo extends GraphQL with route-level networking logic. For example, the gateway might rate limit, authorize, and authenticate requests.|
|Portal||Gateway||With Gloo Portal, you can bundle and secure access to your APIs through a customizable developer portal. The portal supports the OpenAPI specification (OAS), also known as Swagger. Because the APIs must be available externally, Portal works only with Gateway.|