Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
solo.io / Product Demos / 22 Jul 2021
solo.io / Product Demos / 22 Jul 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Gloo Edge demo

Description

A quick demo of core Gloo Edge features. Gloo Edge builds on open source Envoy Proxy to make Kubernetes-native API gateways more secure, more reliable, and easier to manage. Gloo Edge receives requests from clients, and manages ingress by applying your routing rules and filters on traffic. It enforces zero-trust security and can handle high availability, load balancing, and failover. Gloo Edge also discovers upstream resources, defines your policies, and gives you visibility for troubleshooting and audits. WebAssembly lets you do advanced customization of your filters.

A

Api gateways are an important component in every single modern architecture. In this video we're going to talk about blue edge and next generation api gateway-based non-void, it provides features like routing security, data transformation and delegation.

A

We're going to start by seeing how we can do the routing in glitch. An important feature in api gateways is the routing using google edge. We can route to multiple type of app streams like printed services or lambda functions or vms.

A

In this demo, we're going to see how to route to a community service to configure glue edge. We use custom resource definitions, crds that can be persisted in git, for example, and deploy to currencies cluster using a githubs approach. The two most important are app streams and virtual services.

A

App streams are a representation of a destination. It can be a static, app stream to a vm. For example, it can be a community service console lambdas and more once the service gets created in conveniences, blue edge will detect it and creates an upstream for it, and we can use this app stream for our routing.

A

In this example, I have an application already installed. The booking for application, let's look at one app stream, an app stream has a type it can be cumulative cancel static or more, in this case. It's a currency service that points to the review service on a certain port.

A

Now, let's configure the gateway to route traffic to that apps 3.. For that we use a virtual service. A virtual service has a domain, then patchers that can be path or headers or multiple and then a destination.

A

In your virtual service, you can define top level policies like waf, oppa rate, limiting and all that or match also defined policies at the route level.

A

Here we see that the get way is not surrounding anything we're going to apply the virtual service and configure glue to serve traffic and routing to the upstream that we defined- and we see here that now the gateway route, all the traffic to the product page of the book info application.

A

In certain scenarios, we need to route multiple app streams like when we introduce a new version of an application. In this example, here we'll see how to route to a new version of the book into application.

A

We see now that we route to two different app streams, one serving the red stars and one the black stars, but glue supports multiple types of routing. It can route to subsets.

A

It can also route based on claims from headers in nydc flow, for example, in the next section you're going to see security and explore ydc security is a key component of api gateways using glue etch. We can secure traffic and force oabc policies, wealth, oppa and more one common scenario can be that an admin wants to allow certain ips using wife.

A

Then rate limit based on this ips then authenticate the call using oidc and finally authorize the call using oppa in this video we're going to see how to enforce ydc using glitch, provide multiple security policies out of the box like ydc api key oppa and wealth. Blueh can also be extended using go plugins to write your own authentication authorization mechanism, blue age, also support wasm, where you can write your own filters that provide an extra layer of security.

A

Now, let's see how we integrate blue edge with your idp. For that we'll need to write an off config and attach it to our virtual service.

A

The auth config looks like this, where you have all the information needed to connect you to idp and after creating your auth config, you just attach it to your virtual service, and this is here now. Let's apply these changes.

A

After applying this, we can go back to our catway and test it out.

A

We see that now we need to authenticate before hitting the back end.

A

This is how we integrate to idc with glue edge. This workflow can be extended, for example, extracting the claims from the jot and route or rate limit based on it.

A

In the next section we'll see, transformations blue has a powerful transformation api where you can add header, remove headers extract headers from adjacent body, for example, transform a json body, adding fields, transforming xml, for example, and more the transformation feature can be extended, using wasm 2.

A

to demo the transformations, we're going to use a rate limiting policy and then transform the error code to something more user friendly. First, let's just create a rate limiting policy on our virtual service.

A

Now, if I go back to the page and refresh couple times.

A

We can receive an error for 29, meaning that the api calculate limited. Now, let's make this page more user-friendly, we're going to modify our virtual service to add a transformation.

A

Every code 429 on the response will be transformed with this html.

A

Then we're going to apply to virtual service.

A

And see how this could be changed, let's trigger a rate limit, and we see that now we received this html page. That is actually a transformation got applied in the next section.

A

We're going to talk about delegation irrigation is an important feature when working in a large company often we need a team managing a virtual service at the top level domain, applying corporate policy and delegating a part of the system or the api to different teams, for example, example.com will be the main domain and we'll have like waf rules or rate limiting policy at the organization level, then example slash api, one will go to team one and they can add retries or other custom policies that are needed for their apis.

A

Let's see how we do that in blue edge.

A

For that we'll need to look at the virtual service where we added the route table. A route table is a separate crd that can be the delegation that a team can manage. Let's say this is for team one.

A

Now this route table can be attached to the main virtual service in the routing, and you can enforce error back on the main virtual service, so the users can modify it, but they can modify their rail table and that's how we manage multiple teams modifying their apis attached to one virtual service.

A

In this video we explore how to do routing data transformation, security and delegation using the edge, but rush can do more. We invite you to check solo title for more info and thank.

A

You you.