Developer Portal for Istio Christian Posta (@christianposta) - Field CTO

2 | Copyright © 2020 Solo.io solves API connectivity and communication challenges across heterogeneous environments leveraging Envoy and Service Mesh technologies

3 | Copyright © 2020 December 11, 2018 2018 TOP WOMEN ENTREPRENEURS IN CLOUD INNOVATION Seventh Annual Award Honors Women Founders for Outstanding Accomplishments in Cloud and Emerging Technologies, Sponsored by Facebook, Intel, and Google. Award Winning Innovation Enterprise and Open Source Credibility Key Industry Collaborations

4 | Copyright © 2020 What our customers say ParkMobile partnered with Solo.io because we were looking for the most innovative and flexible solutions on the market to power our growing platform - Matt Ball, CTO Park Mobile With Gloo Enterprise, Vonage has access to a single, cloud native gateway that serves APIs spanning from legacy servers to modern serverless and Kubernetes-based services - Sagi Dudai, CTO Vonage We selected Gloo Enterprise from Solo.io to serve as the API Gateway for our new microservices based on the capabilities it provides us for advanced traffic routing and authentication in our cloud migration strategy. - Michael Souza, Engineer Carfax Gloo Gateway is really “Enterprise Envoy” - VP API technology, Nondisclosed Financial Co

5 | Copyright © 2020 Solo.io solves API connectivity & communication challenges

Why Envoy Proxy? • Where innovation happens around L7 • Neutral Foundation (CNCF) • Large, diverse, vibrant community • Built ground up for dynamic services environment • Dynamic configuration, driven by API • Highly extensible • L7 filters (HTTP/1, HTTP/2, gRPC, redis, mysql, Kafka, etc) • Deep signals telemetry out of the box • Versatile deployment options

7 | Copyright © 2020 SERVICE MESH JOURNEY INNOVATION MODERNIZE TO MICROSERVICES SERVICE MESH MANAGEMENT ANY MESH - ANYWHERE ADAPTIVE SERVICE MESH

SERVICE A SERVICE B SERVICE C SERVICE D SERVICE E NORTH-SOUTH TRAFFIC Solo.io solves API connectivity & communication challenges with decentralized, Envoy-based infrastructure

SERVICE A SERVICE B SERVICE C SERVICE D SERVICE E SERVICE F SERVICE G SERVICE H NORTH-SOUTH TRAFFIC Solo.io solves API connectivity & communication challenges with decentralized, Envoy-based infrastructure

Solo.io solves API connectivity & communication challenges with decentralized, Envoy-based infrastructure SERVICE A SERVICE C SERVICE B SERVICE D SERVICE E SERVICE F SERVICE G SERVICE H EAST - WEST TRAFFIC NORTH-SOUTH TRAFFIC

Solo.io solves API connectivity & communication challenges with decentralized, Envoy-based infrastructure SERVICE A SERVICE C SERVICE B SERVICE D SERVICE E SERVICE F SERVICE G SERVICE H NORTH-SOUTH TRAFFIC

Solo.io solves API connectivity & communication challenges with decentralized, Envoy-based infrastructure SERVICE A SERVICE C SERVICE B SERVICE D SERVICE E SERVICE F SERVICE G SERVICE H NORTH-SOUTH TRAFFIC API Developer Portal

13 | Copyright © 2020 13 | Copyright © 2020 Securing the edge

14 | Copyright © 2020 Role of an edge proxy / API Gateway • Enforce trust levels between boundaries • Authentication / Authorization / Encryption of traffic for end users, machines • Apply traffic policy and quota restrictions • Observe, log, transform, limit requests • Fit in with decentralized processes

15 | Copyright © 2020 Role of API Gateway: abstract implementation details

16 | Copyright © 2020 Edge proxy + service mesh • Encrypt / authentication / authorization for last-mile routing to backend services • Observe traffic from origin/edge to target endpoints including graph of services • Enable more sophisticated Zero-trust policies (trust tiers, integrating with policy engines,

17 | Copyright © 2020 17 | Copyright © 2020 Gloo API Gateway

18 | Copyright © 2020 Gloo Features

19 | Copyright © 2020 Why Gloo? Security Highly Extensible Multi-platform Web Assembly Integration Decentralized API ● Basic auth ● OIDC ● JWT ● API Keys ● Custom Auth ● TLS ● mTLS ● SNI ● Let’s Encrypt ● CORS ● OPA ● RBAC ● Delegation ● WAF ● Data Loss Prevention ● Rate Limit ● Circuit Breaker

20 | Copyright © 2020 Gloo architecture EXTERNAL AUTH RATE LIMITING GLOO FILTERS ROUTER UPSTREAM EXTERNAL AUTH SERVER RATE LIMITING SERVER CACHING DATA LOSS PREVENTION LAMBDA NATS.IO TRANSFORMATION WEB APPLICATION FIREWALL (WAF)

21 | Copyright © 2020 Developer Portal • Declarative Configuration - CRD based, No external database infrastructure • Customizable branding and web pages • Secure API publishing with API Keys • Improve developer onboarding and intuitive user experience

22 | Copyright © 2020 Gloo Gateway Complements Service Mesh • Extend with powerful edge capabilities (as seen previously) • Integrate with mTLS (SDS) • Integrate with telemetry collection • Integrate with distributed tracing • Provide full North-South & East-West networking abstraction

23 | Copyright © 2020 23 | Copyright © 2020 Ingress Proxy for Service Mesh

24 | Copyright © 2020 Simple ingress proxy • Single point passthrough • Accept already trusted traffic • Provide application specific routing • Participate in a service mesh • Expose “lightweight” APIs (as-is)

25 | Copyright © 2020 25 | Copyright © 2020 APIs within the mesh

26 | Copyright © 2020 Developer Portal for Istio

27 | Copyright © 2020 API Documentation

28 | Copyright © 2020 Simple ingress proxy + Developer Portal • Add light auth / rate limit capabilities • Catalog, document, expose APIs • Aggregate APIs into a single API • Self-service portal with customization • Intended to expose APIs “as-is” within your organization when you don’t need an Edge/API Gateway

29 | Copyright © 2020 How it works

30 | Copyright © 2020 How it works

31 | Copyright © 2020 31 | Copyright © 2020 Demo

32 | Copyright © 2020 LEARN MORE solo.io/gloo BLOG solo.io/blog GITHUB github.com/solo-io/gloo SOLO COMMUNITY slack.solo.io