Hacker News new | ask | show | jobs
by ceposta07 2259 days ago
Contour is not an API Gateway.

Disclaimer: I work for Solo.io

An API Gateway can do sophisticated edge security challenges (OIDC, Authz based on OPA, web app firewalling/WAF, etc) as well as things like message transformation, swagger/grpc detection, exposing APIs for self-service signup through a portal, etc. Gloo does all these things.

I've written in depth about this as well, specifically in terms of things like contour, Istio ingress gateway, consul's service mesh gateway, etc, etc

https://blog.christianposta.com/microservices/do-i-need-an-a...

Gloo resources: https://docs.solo.io/gloo/latest/guides/dev_portal/ https://docs.solo.io/gloo/latest/guides/security/waf/ https://docs.solo.io/gloo/latest/guides/security/auth/oauth/... https://docs.solo.io/gloo/latest/guides/security/opa/ https://docs.solo.io/gloo/latest/installation/advanced_confi... https://docs.solo.io/gloo/latest/guides/traffic_management/r...
1 comments
foreign-inc 2259 days ago
Thanks for the detailed response. In that regard, it is like Kong. What is the difference between Kong vs Gloo? Kong is based on nginx which is rock solid.
link
ceposta07 2259 days ago
Kong is mostly built on OpenResty/Lua

I'd say the main reason to use Gloo is it's much simpler, it's based on Envoy which is where most of the innovation around L7 proxies is happening these days (ie, see WebAssembly), and was built from the ground up with a cloud-native and kube-native architecture.

More can be found here:

https://docs.solo.io/gloo/latest/introduction/others/

And I can go into much more detail on slack. I'm `ceposta` on the solo/istio/cncf/envoy/kubernetes slack

link