Gloo 1.0: Kubernetes-native next-gen API gateway supports hybrid apps
Gloo is an Envoy-powered API Gateway for use with Kubernetes that can connect, secure, and control traffic from a variety of application services. Gloo’s architecture is very flexible; it can support hybrid applications with multiple technologies, clouds, architectures, and protocols. Recently, Gloo hit its 1.0 milestone and is ready to be used in production.
Gloo reached its important 1.0 milestone and is now production-ready.
What is Gloo? From its website, “Gloo is a cloud-native API Gateway and Ingress Controller built on Envoy Proxy to connect, secure and control traffic across all your application servers”. It includes Kubernetes-native architecture for cloud-native applications, but can also support non-Kubernetes environments and hybrid environments.
Depending on your needs, both an enterprise and open source version are available.
Let’s browse what the 1.0 version brings to the table, as well as a quick overview of what Gloo achieves and its use cases.
Notable features and functions
Thanks to its flexible architecture, Gloo can play several different roles, fulfilling different use cases.
You can install the Gloo Gateway on Kubernetes using Kubernetes Custom Resources. It can run locally with Docker Compose, using yaml files, HashiCorp Consul, or a HashiCorp Nomad Cluster. When used with Kubernetes, it simplifies operations.
Why should devs use it? From the documentation:
Gloo makes it easy to solve your challenges of managing ingress traffic into your application architectures (not just Kubernetes) regardless of where they run. Backend services can be discovered when running or registered in Kubernetes, AWS Lambda, VMs, Terraform, EC2, Consul, et. al.
Some of its deployment architectures include usage across multiple clusters, a sharded API Gateway, or as an Ingress for multi-tentant clusters.
It also incorporates several other open source projects for a wider functionality. It integrates with projects including GraphQL, NATS, and OpenTracing. Future updates may add other projects to its flexible architecture.
New to Gloo
Recent features and additions made include:
- A built-in Web Application Firewall (WAF) helps inspect and investigate potentially malicious traffic. This will prevent it from reaching the production environment. To do so, Gloo uses a custom Envoy filter.
- Authentication and authorization of requests are configured and enforced in Gloo before it grants access to application services. In the open source version, it is available as a “do-it-yourself” deployment through the Envoy filter.
- Support for TCP proxying and HTTP is now available. It acts as a central, secure access point for databases, caches, and message queues.
- Gloo has begun experimenting with WebAssembly support.
- The Enterprise model includes several auth models, including API Keys, JWT, LDAP, OAuth, OIDC, and Open Policy Agent.
- Gloo’s dashboard helps with observability. At a glance, the web dashboard shows important information about health status and alerts. The open source version includes a read-only console. However, the enterprise version gives access to an interactive console.
Gloo was open sourced by the Solo.io company in March 2018. The enterprise version followed, arriving in December 2018. In October, Gartner named Solo.io a “2019 Gartner Cool Vendor“.
In response to the award, Solo.io founder and CEO Idit Levine said: “We feel this validates our vision of enabling modernization to and operation of microservices, serverless and service mesh technologies and are laser focused on continuing to innovate in these areas.”