Network Encryption
Network security and encryption is incredibly important, especially for public facing services or services that carry sensitive data. Gloo Gateway can assist with the following use cases:
- Perform TLS termination for downstream clients, unencrypting traffic arriving from downstream clients
- Loading client certificates to perform mutual TLS with an upstream server which is already serving TLS
- Configure mutual TLS with the Envoy proxy served by the xDS service on the Gloo Gateway pod
The following guides provide more detail on how to configure each feature:
-
Setting up Server TLS: Set up Server-side TLS for Gloo Gateway
-
Setting up Upstream TLS: Set up Gloo Gateway to route to TLS-encrypted services
-
Setting up Upstream TLS with Service Annotations: Set up Gloo Gateway to route to TLS-encrypted services using Kubernetes Service object annotations
-
Gloo Gateway mTLS mode: Ensure that communications between Gloo Gateway and Envoy is secure with mTLS