Gloo API Gateway Version 1.3 – Dev Portal, WebAssembly, Knative
solo.ioAnyone used Gloo and have any experience with it they can share? I've used Ambassador a bunch and they are pretty comparable, but curious what others think.
Disclaimer: I am an employee of Solo.io
I'd say a lot of our users are from big enterprises, especially financial services where security is paramount. Gloo has a decoupled control plane so it can be scaled and secured independently from the proxy/data plane. For example, Gloo requires zero privilege capabilities/service accounts, has a read-only file system, and the data plane has no access to the Kubernetes API when run in Kubernetes (not a requirement -- gloo can be run outside k8s as well). Additional security related functionality like WAF, OPA authz, and data loss prevention filters are crucial for our users.
see more here: https://docs.solo.io/gloo/latest/introduction/others/
HTH
We have a list of our end users and customers listed here along with links to their talks and blogs about their experience with gloo https://www.solo.io/customers/
I deployed Gloo to production at Tidepool.org in November 2019.
Rock solid tech, responsive team, excellent feature set.
I would be interested in seeing more of these API Gateways offer monetization / billing capabilities in their dev portal. So far I've only seen Apigee[1] and WSO2[2] offer this. Azure appears to have this "planned" in their product roadmap[3] while AWS uses their marketplace[4].
[1] https://cloud.google.com/apigee/api-management/monetize-apis...
[2] https://wso2.com/blogs/thesource/2019/10/wso2-api-cloud-mone...
[3] https://feedback.azure.com/forums/248703-api-management/sugg...
[4] https://aws.amazon.com/blogs/compute/monetize-your-apis-in-a...
Looks interesting, would this be a similar to what AWS API Gateway offers but then in a self-hosted manner? I am looking for a simple version of AWS API Gateway so I can hide a bunch of OpenFAAS functions behind a common domain and also have some trigger where when I request URL like /images/[id]_small.png it will automatically resize the [id].png to a small size and return it. Just this reawriting of url to the OpenFAAS function is where I am lost.
Would I be able to use Gloo for that?
Yes definitely. Similar to what we already do for KNative
https://docs.solo.io/gloo/latest/guides/integrations/knative...
RE AWS API Gateway... Gloo is more full featured and self hosted. Even wrt performance, in fact, we've seen anecdotal evidence of Gloo performing better than AWS API Gateway for things like calling Lambdas.
If you want to learn more and get a live demo -- https://solo.zoom.us/webinar/register/WN_neq5G0eAToSGoDXUNZM...
Why not just use Istio and Knative? Also Project contour can do the same as an api Gateway. What's the difference?
Contour is not an API Gateway.
Disclaimer: I work for Solo.io
An API Gateway can do sophisticated edge security challenges (OIDC, Authz based on OPA, web app firewalling/WAF, etc) as well as things like message transformation, swagger/grpc detection, exposing APIs for self-service signup through a portal, etc. Gloo does all these things.
I've written in depth about this as well, specifically in terms of things like contour, Istio ingress gateway, consul's service mesh gateway, etc, etc
https://blog.christianposta.com/microservices/do-i-need-an-a...
Gloo resources: https://docs.solo.io/gloo/latest/guides/dev_portal/ https://docs.solo.io/gloo/latest/guides/security/waf/ https://docs.solo.io/gloo/latest/guides/security/auth/oauth/... https://docs.solo.io/gloo/latest/guides/security/opa/ https://docs.solo.io/gloo/latest/installation/advanced_confi... https://docs.solo.io/gloo/latest/guides/traffic_management/r...
Thanks for the detailed response. In that regard, it is like Kong. What is the difference between Kong vs Gloo? Kong is based on nginx which is rock solid.
Kong is mostly built on OpenResty/Lua
I'd say the main reason to use Gloo is it's much simpler, it's based on Envoy which is where most of the innovation around L7 proxies is happening these days (ie, see WebAssembly), and was built from the ground up with a cloud-native and kube-native architecture.
More can be found here:
https://docs.solo.io/gloo/latest/introduction/others/
And I can go into much more detail on slack. I'm `ceposta` on the solo/istio/cncf/envoy/kubernetes slack
Istio is fairly resource intensive in my limited use. Contour is a bit simpler to configure and use with overlap.
Gloo has lots of other features, like WAF and Webassembly hooks for request flow.
Can Contour actually do the same? For me, the main benefit of an API gateway is being able to specify an internal service to handle authn/authz. With Envoy that's done via a filter, iirc. Can you set that Envoy specific config with Contour?
you can't. See GH issue: https://github.com/projectcontour/contour/issues/432