Gloo is the open source API gateway gaining momentum in the microservices world. Built on top of Envoy, it enables enterprise-grade service architecture with pluggable components. With the release of v1.3, Gloo has matured in various ways. Prime of which is a new developer portal, meaning externalization to third-party developers is now possible.
The release is significant, as it marks the first Kubernetes-native, self-service API developer portal for the Envoy Proxy. Using Gloo, internal and external developers alike can now sign up for API keys, read documentation and test API call behaviors.
I recently chatted with Idit Levine, founder of Solo.io and creator of Gloo, to learn more about their vision, as well as to hear what they’re most excited about within the latest version, v1.3.
What Problems Does Gloo Solve?
Many of the API management platforms that arose over the past decade focused on API externalization. They weren’t necessarily built to also fix internal architecture. Now, with the rise of microservices, containers, Kubernetes and service mesh, companies are looking to improve their internal architecture with the same components that make external integrations possible.
According to Levine, older API gateways talk the talk but don’t always walk the walk. Many of these platforms are not built with Kubernetes and microservices themselves, leading to poor extensibility. This is something Levine wanted to avoid by investing heavily in Envoy.
“I saw that Envoy was the future and wanted people to have an API gateway on top of Envoy,” says Levine. “I also saw no API gateway taking advantage of the cloud-native world.”
Envoy to the Rescue
There has also been an issue with vendor lock-in. Many companies are already using an API gateway, but not all gateways adopt service mesh. And, what if these gateways expose a developer portal facade that may be a bit … outdated? Since external developer consumer customers utilize these API contracts through developer portals, switching service providers is very difficult; it can cause an outage and disrupt the developer experience.
Solo.io’s goal was to construct an extendable control plane for the distributed microservices era. According to Levine, these aspirations fit well with Envoy, the open source edge and service proxy, a tailor-made solution that offers more of a customer-defining road map.
v1.3 Updates and Developer Portal
The update to Gloo 1.3 introduces a new developer portal to securely streamline developer onboarding for developers within and outside an organization. Specific features include:
- Custom-Branded: Developers can customize the developer portal with their own favicon, colors and additional static pages.
- Documentation: Developers can discover API endpoints and make test API calls.
- Declarative: Since Gloo uses Kubernetes CRDs (CustomResourceDefinitions), no other database infrastructure is required. Admins can define APIs with a simple UI.
- Groups: Assign permissions and roles for certain identities and groups of users.
- Portals: Searchability for large API suites, enabling developers to discover APIs based on functionality type.
- API Keys: Automated API key generation for authentication.
Using Gloo, limits can be placed on API keys to maintain usage and additional emphasis has been made to design a clean interface with quality developer experience. In terms of configuration, the ability to use Kubernetes as the database is perhaps the most unique proposition to this developer portal.
The developer portal was not the only improvement in Gloo 1.3. The update also included extensibility with WebAssembly, as well as performance, stability and usability enhancements. A full feature release for Gloo Open Source and Gloo Enterprise is found here.
Gloo’s mix of open source, extensibility and externalization arrives at an opportune moment. With the new developer portal offering, Gloo users can now implement the same service mesh infrastructure they use internally to expose their services to partners—a big improvement and interesting foray into the API management and productization space.
Gloo has many additional enhancements planned. Its developer portal road map currently involves giving it to users to test in the market. Looking to the future, Levine foresees greater emphasis on identity and security. Gloo will likely adopt OpenID Connect for identity management, as well as OAuth 2.0, for authorization to enhance security measures.