Announcing Gloo 1.0 — A production-ready Envoy-based API Gateway

Rick Ducott
Nov 14 · 3 min read

We are excited to announce that Gloo, our Envoy Proxy-based API Gateway, has reached version 1.0. Over the last year and a half, we have worked closely with our community members and customers to securely enable their production environments with Gloo — including organizations like Vonage, Tidepool.org, D-Teck Solutions, ParkMobile and more.

This is an incredible milestone on a journey started back in March 2018. We initially open sourced Gloo as a function gateway to connect and route traffic to a wide range of applications including legacy monoliths, microservices and serverless functions. We announced Gloo Enterprise in December 2018, and prioritized critical security and management features our customers needed, while providing high-quality support to our users.

If this is your first time hearing about us, what is Gloo?

Gloo is a next generation API Gateway and Kubernetes Ingress controller built with Envoy Proxy, with a Kubernetes-native architecture that can also support non-Kubernetes environments. Gloo is a control plane that makes it easy to manage the configuration of Envoy, so it can secure and route incoming traffic to your application. Join us for an upcoming webinar to learn more and get a demo.

Gloo’s core principles are to connect, secure and control all application traffic. With that in mind, we wanted to highlight some of the recent features leading up to the 1.0 release:

  • TCP Proxy: Gloo now supports TCP proxying in addition to HTTP, to act as a central point for secure access to workloads like databases, caches and message queues, and to integrate with cloud-provided load balancers.
  • Web Application Firewall: Gloo is the only API Gateway with a built-in WAF capability, to inspect and filter out potentially harmful traffic before it enters your environment. To achieve this, Gloo manages a custom-built Envoy filter that invokes ModSecurity.
  • Authentication and Authorization: Gloo configures and enforces authentication and authorization of requests before granting access to application services. The do-it-yourself deployment is available in Gloo open source through the Envoy filter. Gloo Enterprise includes out of the box implementations of leading enterprise and modern auth models including API Keys, JWT, LDAP, OAuth, OIDC, Open Policy Agent and allows for custom solutions.
  • Delegation: Gloo supports several models for safely distributing ownership of route configuration across your organization. Admins can own a set of routes, and delegate management of specific subpaths to other users. In this way, teams can quickly deploy and reconfigure services without disrupting other teams.
  • Data Loss Prevention: Gloo extends Envoy with custom, powerful transformation capabilities on request and response traffic. Recently, Gloo leveraged these capabilities to start supporting Data Loss Prevention, to prevent sensitive data flowing across your application from leaving the gateway. For Gloo customers, this can be critical to ensure regulatory compliance like PCI and HIPAA.
  • WebAssembly: WebAssembly promises to lower the barrier to entry for development on the web, and for Gloo that means making it easier to build custom Envoy and Gloo extensions in any programming language. Across the community, WebAssembly is still an emerging technology, but Gloo is already starting to support it as an experimental feature.
  • Rate Limiting: Gloo allows you to configure the amount of incoming traffic to your application in order to maintain the service performance, and protect against failures or malicious traffic (such as DOS attacks). Open source Gloo supports configuring the rate limiting Envoy filter, and Enterprise Gloo provides out-of-the-box support for complex rate limiting use cases.
  • Admin Console: The Gloo web dashboard streamlines observability and operations with easy to view health status, performance and alerts when there are issues. Open source users get access to a read-only console to easily share the status of the environment while Gloo Enterprise has an interactive console to directly manage the environment

Gloo is available open source or enterprise. We invite you to give it a try, and we’re looking forward to your feedback. Happy Glooing!

solo.io

Blogs and articles from solo.io

Rick Ducott

Written by

Director of Engineering @ Solo.io

solo.io

solo.io

Blogs and articles from solo.io

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade