Gloo Gateway 1.17: Cloud-Native API Gateway Meets Gateway API

July 18, 2024
Duncan Doyle

Today, we are excited to announce the release of Gloo Gateway 1.17. This release is full of great features including:

  • Enterprise Extensions for Kubernetes Gateway API
  • Improved Istio Integration with mTLS
  • New Developer Portal
  • Customer-Driven Enhancements
  • VM deployment support

Note that this release also includes the renaming of Gloo Edge to Gloo Gateway. Rest assured, the name change does not impact any APIs or features that existing Gloo Edge customers are using today. Gloo Gateway is the same product distribution as Gloo Edge and reuses the same APIs, control plane, and data plane components – just under a new name. Read on to learn more about the new features in this release!

Enterprise Extensions for Kubernetes Gateway API

Building on our fully compliant implementation of Kubernetes Gateway API in Gloo OSS, the Gloo Gateway 1.17 release adds support for our market-leading API Gateway features as extensions to the Gateway API. Kubernetes Gateway API represents a significant step forward as an open standard for ingress in the Kubernetes community, but it does not define or implement the full range of features required for cloud-native API Gateways. The good news is that Gateway API defines a standard extensibility model which we use in Gloo Gateway to expose our full range of enterprise features including rate limiting, external authentication/authorization, data loss prevention, transformation, web application firewall, and much more. Just as important as what we are supporting on top of Gateway API is how we are doing it. All of our extensions are defined as Kubernetes-native APIs using CRDs, just like the Gateway API itself.

Our enterprise extensions for Kubernetes Gateway API reuse our existing Gloo Edge APIs, providing existing and new users with access to a mature and feature-rich API that has evolved over hundreds of production customer deployments. Both APIs are supported from a single Gloo Gateway control plane so users are free to choose the API that best fits their use case and needs.

Extending API Management to East-West with Istio Integration

API management requirements are just as relevant for the east-west traffic plane as they are for north-south. Users of legacy API management solutions are often forced into a position where they must hairpin traffic through a centralized API Gateway to get security, observability, and traffic management features for service-to-service traffic. We see this all the time at Solo as we help customers modernize their legacy environments to adopt cloud-native architecture patterns.

The Gloo Gateway 1.17 release includes a major new enhancement to provide for seamless integration of our API Gateway with services running in the service mesh. The new feature is called autoMTLS and it allows for automatic configuration of the gateway with required certificates and identity to securely communicate with any workload in the mesh using mTLS. AutoMTLS eliminates the burden of configuring mTLS manually for upstream services, resulting in a faster and less error-prone method of enabling full zero trust for north-south and east-west traffic.

New Developer Portal

With Gloo Gateway 1.17, we introduce a completely new Developer Portal and API management experience on top of the Kubernetes Gateway API. This new Developer Portal allows users to use the full power of Gloo Gateway and the Kubernetes Gateway API to define, compose, and expose APIs. This includes:

  • The ability to stitch multiple APIs into a single ApiProduct, giving the API owner full, fine-grained control over which operations are exposed to API clients and consumers.
  • APIProduct security using Gloo’s advanced ExtAuth capabilities, providing support for various API security mechanisms, including API-Key and OAuth/OIDC based security.
  • Integration with Open Policy Agent (OPA) for advanced and highly customizable authorization functionality.
  • High performant rate-limiting functionality for both API Product protection as well as API consumption control.
  • A PortalServer REST API, which allows users to integrate the Portal functionality (e.g. API Discovery, OpenAPI Specification fetching, API “try it out” functionality) with any platform that is able to communicate via REST (e.g. user interfaces, Internal Developer Platforms (IDPs), etc.).
  • An out-of-the-box, fully customizable, Developer Portal based on React.
  • Backstage plugins that can integrate the APIProducts exposed through the Gloo Developer Portal with the Backstage Software Catalog.

Stay tuned for more Developer Portal and API Management features to be introduced in our upcoming Gloo Gateway releases, where we will be adding more functionality around APIProduct self-service, teams and users management and OAuth/OIDC  credential management and self-service.

Customer-Driven Innovation

Every release at Solo is delivered in partnership with our customers who act as a key source of innovation as they adopt and expand their use of Gloo Gateway. The 1.17 release included over 60 features and enhancements driven directly by customer feedback and contribution. Examples in this release include improvements to transformation, validation, extensibility via ExtProc, ExtAuth, and access logging. Check out our release notes and changelog for enterprise and OSS releases to see the full details.

VM Sneak Preview

One last thing … Gloo Gateway was born as a cloud-native API Gateway built from the ground up to align to Kubernetes architecture and patterns. This decision continues to pay off as customers adopt Kubernetes as part of their cloud adoption and modernization initiatives. That said, there are still many organizations and environments out there that are not quite ready for Kubernetes yet. Gloo Gateway customers are already able to deploy our Envoy-based data plane outside Kubernetes while the control plane is running in Kubernetes. We’re very excited to announce that we have created an optimized VM distribution for our control plane and data plane components that allows customers to run the entire stack outside Kubernetes. This distribution still leverages Kubernetes Gateway API and declarative configuration, so customers adopting VMs as an interim step to Kubernetes adoption have an easy path to transitioning to Kubernetes when ready. The full details are a monster blog entry all on their own, so be on the lookout for a separate blog on that in the near future!

Try out Gloo Gateway 1.17 today!

Ready to get started? The Gloo Gateway 1.17 release is available now and ready for you to use. For more information about Gloo Gateway including examples, in-depth feature details, and upgrade information, check out the Gloo Gateway documentation.

Cloud connectivity done right