Anyone used Gloo and have any experience with it they can share? I've used Ambassador a bunch and they are pretty comparable, but curious what others think.
I'd say a lot of our users are from big enterprises, especially financial services where security is paramount. Gloo has a decoupled control plane so it can be scaled and secured independently from the proxy/data plane. For example, Gloo requires zero privilege capabilities/service accounts, has a read-only file system, and the data plane has no access to the Kubernetes API when run in Kubernetes (not a requirement -- gloo can be run outside k8s as well). Additional security related functionality like WAF, OPA authz, and data loss prevention filters are crucial for our users.
We have a list of our end users and customers listed here along with links to their talks and blogs about their experience with gloo https://www.solo.io/customers/
I would be interested in seeing more of these API Gateways offer monetization / billing capabilities in their dev portal. So far I've only seen Apigee[1] and WSO2[2] offer this. Azure appears to have this "planned" in their product roadmap[3] while AWS uses their marketplace[4].
Looks interesting, would this be a similar to what AWS API Gateway offers but then in a self-hosted manner? I am looking for a simple version of AWS API Gateway so I can hide a bunch of OpenFAAS functions behind a common domain and also have some trigger where when I request URL like /images/[id]_small.png it will automatically resize the [id].png to a small size and return it. Just this reawriting of url to the OpenFAAS function is where I am lost.
RE AWS API Gateway... Gloo is more full featured and self hosted. Even wrt performance, in fact, we've seen anecdotal evidence of Gloo performing better than AWS API Gateway for things like calling Lambdas.
An API Gateway can do sophisticated edge security challenges (OIDC, Authz based on OPA, web app firewalling/WAF, etc) as well as things like message transformation, swagger/grpc detection, exposing APIs for self-service signup through a portal, etc. Gloo does all these things.
I've written in depth about this as well, specifically in terms of things like contour, Istio ingress gateway, consul's service mesh gateway, etc, etc
Thanks for the detailed response. In that regard, it is like Kong. What is the difference between Kong vs Gloo? Kong is based on nginx which is rock solid.
I'd say the main reason to use Gloo is it's much simpler, it's based on Envoy which is where most of the innovation around L7 proxies is happening these days (ie, see WebAssembly), and was built from the ground up with a cloud-native and kube-native architecture.
Can Contour actually do the same? For me, the main benefit of an API gateway is being able to specify an internal service to handle authn/authz. With Envoy that's done via a filter, iirc. Can you set that Envoy specific config with Contour?
