Solo.io Adds GraphQL Support to Service Mesh, API Gateway – Container Journal

Long Live Containerization!
At a ServiceMeshCon/KubeCon + CloudNativeCon event today, Solo.io announced it will add support for the GraphQL query language for application programming interfaces (APIs) to the Gloo Mesh platform and the Gloo Edge API gateway. That support will be added later this year.
The company is providing a GraphQL server, resolvers, a GraphQL schema generator and schema stitching for GraphQL for both its instance of the open source Istio service mesh that is deployed in Kubernetes environments as well as open source Envoy proxy software.
Fresh from raising an additional $135 million in funding, Solo.io CEO Idit Levine says that approach will eliminate the need for organizations that have implemented APIs based on GraphQL to build their own API gateways and orchestration platforms.
GraphQL is an open source data query language for APIs that organizations are adopting as a declarative alternative to REST APIs for fetching data. GraphQL, originally developed by Facebook, enables clients to specify exactly what data it needs from an API and underlying services in a way that makes it possible to federate queries across multiple backend services. GraphQL provides a complete description of the data made available via an API, and is organized in terms of types and fields rather than traditional endpoints. In addition to clarifying what data is available via that API, developers can make use of types to avoid writing parsing code.
IT teams, however, still have to create specific libraries for caching, security, rate-limiting, failover and many other functions that Levine says can now be handled by its Gloo Mesh and Gloo Edge platforms. Solo.io’s GraphQL extensions for Envoy and Istio service mesh enable developers to declaratively define GraphQL schema and server capabilities, including role-based access controls (RBAC), using the YAML programming language. It will automatically generate schema from almost any data source including REST, gRPC, SQL, SOAP and more.
The GraphQL module will also enhance the Envoy Proxy filter chain in Gloo Mesh and Gloo Edge with a resolver that gives Envoy the ability to provide a GraphQL API endpoint. Developers can also write customer resolvers with Web Assembly (Wasm).
Solo.io’s GraphQL support includes GraphQL life cycle and collaboration capabilities that allow developers to store GraphQL schemas as code, observe usage and publish information and manage schema and server changes via Gloo Portal.

REST APIs, in general, are becoming more problematic as organizations embrace microservices-based applications. It often takes minutes to refresh a simple dashboard because of the amount of data that REST APIs are trying to pull from various data sources. As organizations embrace digital business transformation, they are also encountering application latency issues that can be traced back to the amount of data being called from multiple microservices.
It’s not clear how quickly GraphQL might replace REST APIs, but DevOps teams should assume organizations will wind up employing a mix of both for years to come. The challenge is going to be determining when to make the transition, as organizations become more dependent on a mix of APIs to build and deploy microservices-based applications that are now driving most digital business transformation initiatives.
Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.
Mike Vizard has 1215 posts and counting. See all posts by Mike Vizard
document.getElementById( “ak_js” ).setAttribute( “value”, ( new Date() ).getTime() );
The recently released MITRE ATT&CK(r) for Containers outlines attack techniques and tactics that can be used against containers and Kubernetes clusters. The post Stop Container Attacks Using the MITRE ATT&CK(r) for Containers appeared first on DevOps.com. […]
As mainframe teams embrace modern pipeline practices and tools, it’s important to establish the requisite infrastructure and skillsets to maximize their impact. The post Enterprise DevOps Series: CI/CD for Mainframe appeared first on DevOps.com. […]
Building modern applications that provide flexibility and portability can present monitoring challenges if developers don’t adopt an instrumentation-first approach. Would you like to learn how to shift observability practices left and bake observability into the software development life cycle (SDLC)? The post Observability-Driven Design appeared first on DevOps.com. […]
Rapid adoption of cloud-native technologies has changed how organizations defend against security threats from their code to production environments. Additional pressures have accelerated the merging of development and IT operations under one DevOps umbrella to build and release code at a faster rate. However, this newfound developer agility and the widespread use of open source […] The post Ask Me Anything: Best Practices for Securing Modern Apps w/ Snyk and Rapid7 appeared first on DevOps.com. […]
Security has long been used to minimize and manage risk associated with enterprise delivery and its dependencies. The software industry is evolving at an unprecedented pace and is realizing the benefits of incorporating security as an innovative force. The post How to Scale Governance, Compliance and Security through GitHub Actions appeared first on DevOps.com. […]
As companies become data-driven, they need to make their data accessible to developers, DevOps teams and data engineers to facilitate better applications, compress release cycles and improve productivity. However, managing access to databases is, arguably, still stuck in the stone age. It’s difficult, if not impossible, to integrate with tools like Okta, Auth0 and AD.. The post How to Give Everyone Access to Your Data and Still Keep it Safe appeared first on Security Boulevard. […]
Did you know that 8.4% of open source Java library releases contain known vulnerabilities? This increases to 23% when you consider only the most popular and most used projects. Navigating this minefield to keep applications secure can be a challenge. The post The Minefield of Open Source appeared first on Security Boulevard. […]
Rapid adoption of cloud-native technologies has changed how organizations defend against security threats from their code to production environments. Additional pressures have accelerated the merging of development and IT operations under one DevOps umbrella to build and release code at a faster rate. However, this newfound developer agility and the widespread use of open source.. The post Ask Me Anything: Best Practices for Securing Modern Apps w/ Snyk and Rapid7 appeared first on Security Boulevard. […]
Security has long been used to minimize and manage risk associated with enterprise delivery and its dependencies. The software industry is evolving at an unprecedented pace and is realizing the benefits of incorporating security as an innovative force. The post How to Scale Governance, Compliance and Security through GitHub Actions appeared first on Security Boulevard. […]
When we want to resolve AppSec risks, the usual first step is to acquire a tool that will provide needed information. Usually, this involves building several technologies or integrating tools into DevOps pipelines. Unfortunately, while this will help gather information, it also slows down the release cycle, causes pipeline congestion and overloads developers with information. The post Improving Speed and Focus While Resolving AppSec Challenge appeared first on Security Boulevard. […]

source