Secure the Gloo Platform components and Gloo custom resources.
Gloo Platform sets up one management server, one agent per workload cluster, and other management components such as the Gloo UI, external auth, and rate limiting servers. These management components are shared by licensed gateway, mesh, and network products that help you secure and manage L3-L7 traffic across your apps. For more information, see the Gloo Platform overview.
Gloo management server and agent
By default, communication between the Gloo management server and agent is secured via mutual TLS in a relay setup. Gloo uses self-signed certificates, but you can provide your own signed certificates and use a certificate manager for production-level security.
Set up authentication and authorization (AuthN/AuthZ) for the Gloo UI by using OpenID Connect (OIDC) and Kubernetes role-based access control (RBAC). The Gloo API server has its own external auth service built in. This way, you can manage external auth for the Gloo UI separately from the external auth that you set up for your apps.
For more information, see Set up external auth for the Gloo UI.
Gloo product versions
Solo periodically updates Gloo to provide new features as well as security updates. You can check the scan results of Gloo Network container images such as for compliance reports. Make sure to reguarly upgrade your Gloo installation to stay within the supported version policy.
As part of Gloo Platform, Solo also provides hardened,
n-4 support for Cilium, including FIPS-certified images with the latest CVE patches. You can use these images when you install or upgrade the Cilium CNI in your cluster.
Gloo custom resources
To organize team resources, use Gloo workspaces. With Gloo workspaces, you can define the boundary of Kubernetes resources that your team has access to. These resources can be spread across namespaces or clusters. Gloo Network policies are automatically translated and applied within the workspace's boundaries. You can optionally turn on service isolation to prevent services from one workspace to be able to communicate with services in a different workspace. For more information, see Multitenancy with workspaces.
For user access, use Kubernetes RBAC. For more information, see User access.
Gloo Platform metrics and alerts
Use the Gloo Platform operations dashboard to gain insight into the health of Gloo Platform components and get notified about issues in your Gloo Platform environment. For example, receive automatic alerts when the translation or reconciliation time of the Gloo management server is too high, or errors during the translation of Gloo resources occur.
For more information, see Monitor the Gloo control plane.