Integrations
Gloo Gateway has integrations with several other applications and services to either enhance the functionality of those services or add functionality to Gloo Gateway. Gloo Gateway currently offers the following integrations:
- Kubernetes Ingress - Use Gloo Gateway as the ingress controller on your Kubernetes cluster
- AWS Elastic Load Balancers - Augment the AWS Elastic Load Balancer with Gloo Gateway
- Service Mesh - Provide edge ingress for a service mesh deployment like Istio, Linkerd, or AWS App Mesh
- Let’s Encrypt - Provision and manage certificates for Gloo Gateway using Let’s Encrypt and cert-manager
Kubernetes Ingress
Kubernetes ingress controllers provide simple traffic routing in a Kubernetes cluster. The ingress resource can provide an externally reachable URL, load balancing services, or terminate TLS traffic. Gloo Gateway can be installed in ingress mode to provide ingress controller services to a Kubernetes cluster. The ingress specification provides relatively basic features and functionality. For more robust control over traffic on your Kubernetes cluster, we recommend deploying Gloo Gateway in gateway mode.
AWS Elastic Load Balancers
AWS provides three (3) types of load balancers: Classic Load Balancer (ELB or CLB), Network Load Balancer (NLB), and an Application Load Balancer (ALB). Gloo Gateway works well with any of these AWS load balancers, though our recommendation is to prefer the AWS Network Load Balancer as that has the least capabilities overlap and the best value when paired with Gloo Gateway. Gloo Gateway provides all of the L7 HTTP/S and gRPC routing, security, and web application firewall capabilities (and much more) that either Classic Load Balancer or Application Load Balancer provides. And since Gloo Gateway leverages Envoy, Gloo Gateway benefits from the growing Envoy community, including AWS contributions, and Envoy’s extensible filter architecture to provide for customized extensions when needed.
There are many benefits to pairing Gloo Gateway with one of AWS Elastic Load Balancers (ELB). The ELB has a better understanding of the AWS infrastructure, and so it can provide cross availability zone failover and integration with AWS services like AWS Certificate Manager, AWS CLI & CloudFormation, and Route 53 (DNS). Gloo Gateway provides developer access to traffic routing without needing to grant developers access to AWS resources. An NLB can handle the front-end traffic ingress, and then additional routing decisions can be made by Gloo Gateway. Service routing logic can be stored with application code and run through a CI/CD pipeline for validation.
Our AWS Elastic Load Balancer guide will walk you through combining an AWS Network Load Balancer with Gloo Gateway and AWS Elastic Kubernetes Service.
Service Mesh
Service mesh technologies solve problems with service-to-service communications across cloud networks. Problems such as service identity, consistent L7 network telemetry gathering, service resilience, traffic routing between services, as well as policy enforcement (like quotas, rate limiting, etc) can be solved with a service mesh.
For a service mesh to operate correctly, it needs a way to get traffic into the mesh. The problems with getting traffic from the edge into the cluster are a bit different from service-to-service problems. Things like edge caching, first-hop security and traffic management, OAuth and end-user authentication/authorization, per-user rate limiting, web-application firewalling, etc are all things an ingress gateway can and should help with. Gloo Gateway solves these problems and complements any service mesh including Istio, Linkerd, Consul Connect, and AWS App Mesh.
Checkout our service mesh guides section for more information about deploying Gloo Gateway with any of these service mesh technologies.
Let’s Encrypt
Supporting HTTP traffic over TLS is almost a given for web services. The procurement and installation of certificates to support TLS can be a hassle. Let’s Encrypt and cert-manager offer a simple and automated approach to certificate management. Cert-manager is a native Kubernetes certificate management controller that can assist with issuing certificates from sources like Let’s Encrypt and HashiCorp Vault. Let’s Encrypt is a free, automated, open certificate authority providing digital certificates to enable TLS for a website.
Gloo Gateway integrates with cert-manager and Let’s Encrypt to automate the procurement of TLS certificates for services offered through the Gateway Proxy. Our guide walks you through the process of integrating Gloo Gateway with Let’s Encrypt and cert-manager, using Amazon Route 53 to provide the DNS services for certificate validation.
Next Steps
Now that you have an understanding of the integrations supported by Gloo Gateway, we have a few suggested paths:
- Traffic Management - learn more about Gloo Gateway and traffic management
- Setup - Deploy your own instance of Gloo Gateway
- Integration guides - Set up one of the integrations described above