Gloo Edge 1.0: Production-Ready API Gateway
Table of Contents
Introduction
On November 14, 2019, Solo.io announced Gloo Edge 1.0, marking the first production-ready release of the Envoy-based API gateway. Originally open-sourced in March 2018, Gloo Edge 1.0 delivers enterprise-grade features for routing, security, and observability.
If your cluster has outgrown “Ingress rules + annotations”, gateways like Gloo typically show up when you need consistent routing policy, strong auth, and real troubleshooting signals across dozens (or hundreds) of services.
Production-Ready Features
- Enterprise stability: Predictable behavior under load and clearer day-2 workflows (upgrades, rollback, drift management).
- Advanced routing: Header/path/query matching for canaries, tenant routing, and API versioning.
- Function discovery: Route to serverless functions, microservices, and legacy applications without hand-wiring every upstream.
- Multi-protocol support: HTTP, gRPC, and WebSocket traffic in one gateway model.
Envoy Integration
- Envoy Proxy foundation leverages Envoy’s high-performance data plane for request handling.
- xDS API integration provides dynamic configuration updates without restarts.
- Filter chain support enables custom request/response processing with Envoy filters.
- Performance optimizations deliver low latency and high throughput for API traffic.
Kubernetes Integration
- Native Kubernetes support provides seamless integration with Kubernetes services and ingresses.
- CRD-based configuration enables managing routes and virtual services as Kubernetes resources.
- Service discovery automatically discovers Kubernetes services and endpoints.
- RBAC integration provides fine-grained access control for gateway configuration.
Practical tip: treat gateway config like application code — code review, staged rollout, and a fast rollback path. “Small YAML tweaks” at the edge can become production outages.
Security Features
- TLS termination provides secure HTTPS connections with automatic certificate management.
- Authentication support includes OAuth2, JWT, and API key authentication.
- Authorization policies enable fine-grained access control based on user identity and roles.
- Rate limiting protects backends from traffic spikes and abuse.
Two common edge cases to plan for:
- Retry + rate limit interactions: retries can amplify load and unexpectedly trip limits unless budgets are coordinated.
- Multi-tenant clusters: you’ll want clear ownership boundaries for routes so one team can’t accidentally break another’s APIs.
Observability & Monitoring
- Metrics integration exposes detailed gateway metrics for Prometheus and Grafana.
- Distributed tracing support enables correlation of requests across services with OpenTracing.
- Access logs provide detailed request/response logging for debugging and audit.
- Health checks monitor backend service health and route traffic accordingly.
Getting Started
helm repo add gloo https://storage.googleapis.com/solo-public-helm
helm install gloo gloo/gloo --namespace gloo-system --create-namespace
Create a VirtualService:
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
name: my-app
namespace: gloo-system
spec:
virtualHost:
domains:
- my-app.example.com
routes:
- matchers:
- prefix: /
routeAction:
single:
upstream:
name: my-service
namespace: gloo-system
Summary
| Aspect | Details |
|---|---|
| Release Date | November 14, 2019 |
| Headline Features | Production-ready status, advanced routing, Envoy integration, enterprise security |
| Why it Matters | Delivers the first production-ready Envoy-based API gateway with enterprise-grade features for Kubernetes |
Gloo Edge 1.0 is the kind of release that matters once your “edge” becomes a shared platform surface: it moves routing, security, and visibility into a more explicit gateway model that scales better than per-service Ingress tweaks.