Skip to main content

Gloo Edge

Gloo Edge is an Application Programming Interface (API) gateway and ingress controller (API management / cloud networking) built on Envoy Proxy for routing, securing, and observing north-south traffic into Kubernetes and other environments.

  • Envoy-based Layer 7 API gateway and ingress controller (API gateway / ingress)
  • Traffic management with advanced routing, transformation, and resiliency policies (traffic management)
  • Security enforcement including authentication, authorization, and policy integration (API security)
  • Integrations with Kubernetes, service meshes, and legacy workloads (cloud-native networking)
  • Observability features for monitoring, tracing, and debugging API traffic (observability)

More About Gloo Edge

Gloo Edge is an Envoy Proxy-based API gateway and ingress controller (API management / cloud networking) designed to manage north-south traffic into Kubernetes clusters and other application environments. It addresses control, security, and reliability requirements for exposing services, APIs, and applications across hybrid and multi-cloud infrastructure. The project focuses on Layer 7 traffic management and policy enforcement while integrating with cloud-native platforms and existing workloads.

At its core, Gloo Edge provides Hypertext Transfer Protocol (HTTP) and gRPC routing, request and response transformation, path and header-based routing, and traffic splitting features (traffic management). These capabilities support canary deployments, blue-green releases, and gradual rollout strategies. Because it is built on Envoy, Gloo Edge leverages Envoy’s filters and configuration model to implement retries, circuit breaking, timeouts, and rate limiting (reliability engineering). The gateway can front Kubernetes services, serverless functions, and virtual machines, providing a unified entry point for heterogeneous backends (hybrid connectivity).

Gloo Edge implements security controls such as authentication, authorization, and policy enforcement (API security). It supports integration with identity providers and policy systems to enforce access control at the gateway layer. Transport Layer Security (TLS) termination and mutual TLS for upstream connections are available for transport security (network security). The platform also offers Web Application Firewall (WAF) capabilities in certain editions, enabling inspection and control of inbound traffic. These features allow enterprises to centralize security enforcement for APIs and services exposed to external clients.

For observability, Gloo Edge exposes metrics, logs, and tracing data (observability). It integrates with monitoring and logging backends so operators can analyze traffic patterns, latency, error rates, and policy outcomes. This data supports debugging, performance tuning, and capacity planning. Configuration is typically managed through Kubernetes Custom Resource Definitions and declarative configuration (infrastructure as code), aligning gateway operations with GitOps practices in many environments.

Enterprises deploy Gloo Edge as an ingress controller for Kubernetes clusters, as a standalone API gateway at the edge of a network, or in conjunction with service meshes (service mesh integration). It interoperates with Solo.Inference Orchestrator (IO)’s broader platform for application networking and security, including mesh-based traffic control and policy management. The project fits within the categories of API gateways, Kubernetes ingress controllers, and cloud-native networking for hybrid and multi-cloud architectures. Its use of Envoy and declarative configuration supports extensibility through custom filters, plugins, and integrations exposed by the Solo.IO ecosystem.