Kong vs. Gloo Edge

Kong uses NGINX/OpenResty with Lua-based plugins. NGINX's event loop is battle-tested for HTTP proxying with low memory overhead and predictable performance. However, Kong requires PostgreSQL or Cassandra for configuration storage and clustering, which adds operational complexity and a potential bottleneck at scale. The Lua plugin ecosystem is mature but narrowing as Kong pushes enterprise features behind paid tiers.

Gloo Edge uses Envoy Proxy, a modern C++ data plane with advanced load balancing (circuit breaking, outlier detection, weighted routing) and xDS API for dynamic configuration. Envoy's architecture is inherently more cloud-native, but it comes with higher memory consumption, slower cold starts, and a smaller plugin ecosystem. Gloo's control plane adds CRD-based configuration and Istio integration on top of raw Envoy.

Apache APISIX takes the NGINX/OpenResty approach but replaces database storage with etcd for distributed configuration — achieving millisecond config propagation without the database bottleneck that limits Kong. The result is 23,000 QPS per core with 0.2ms latency, combining NGINX efficiency with cloud-native agility that matches or exceeds Envoy-based gateways.

Gloo Edge has the deepest Istio integration among the three. It can serve as the Istio ingress gateway directly, inheriting Istio's mTLS auto-rotation, service discovery, and traffic policies. For teams already running Istio, Gloo Edge fits naturally as the north-south gateway. The trade-off is tighter coupling to the Istio/Envoy ecosystem — if you decide to move away from Istio, the migration overhead is significant.

Kong addresses service mesh through Kong Mesh, a separate product built on Kuma (CNCF) and Envoy. Kong Mesh is not integrated into the gateway itself — you run two separate products. This provides flexibility but adds operational overhead and cost. Kong's gateway and mesh products have different configuration models, which means teams need to learn two systems.

Apache APISIX works alongside any service mesh (Istio, Linkerd, Consul Connect) as the ingress gateway. It supports xDS protocol for mesh interoperability, mTLS termination, and service discovery. APISIX does not try to be a service mesh itself — it focuses on being the best API gateway that integrates with your existing mesh, giving you freedom to choose or change mesh implementations without gateway migration.

Gloo Edge (Enterprise) offers the most advanced GraphQL capabilities — native schema stitching, federation, and automatic REST-to-GraphQL transformation. If your architecture relies heavily on GraphQL with multiple backend services, Gloo's built-in GraphQL engine eliminates the need for a separate Apollo Federation layer. However, these features are Enterprise-only, adding $40K-$100K/year to your gateway cost.

Kong provides GraphQL rate limiting and analytics plugins in the Enterprise tier, but does not offer native GraphQL stitching or schema federation. For GraphQL-heavy architectures, Kong requires an external GraphQL layer (like Apollo Router) in front of or behind the gateway, adding architectural complexity and another point of failure.

Apache APISIX includes a built-in GraphQL proxy plugin with schema introspection and rate limiting in the open-source version — no enterprise paywall. While it does not match Gloo's native stitching capabilities, it covers the most common GraphQL gateway use cases (routing, rate limiting, authentication) without additional cost. For advanced federation, APISIX pairs well with Apollo Router as a complementary layer.

Kong's extensibility centers on Lua plugins — over 100 available, with a well-documented plugin development kit (PDK). Go plugins are supported via a plugin server process but are less performant than native Lua. The main limitation is that many advanced plugins (OIDC, OPA, advanced rate limiting tiers) are Enterprise-only, which means you may need to recreate or buy functionality that competes offer openly.

Gloo Edge leverages Envoy's native filter chain and WebAssembly (Wasm) for custom extensions. Wasm provides a language-agnostic, sandboxed execution environment — you can write extensions in Rust, C++, Go, or AssemblyScript. This is technically powerful but has a steeper learning curve than Lua. The Envoy filter ecosystem is smaller than Kong's plugin ecosystem.

Apache APISIX offers the broadest extensibility: Lua (native), Go, Java, Python, and WebAssembly — all supported in the open-source version. The multi-language plugin runner lets teams use their existing language expertise without learning Lua. With 100+ open-source plugins and no enterprise paywall on any of them, APISIX provides the most accessible extensibility model among the three gateways.

Kong Enterprise starts at approximately $50K/year with per-service pricing. Kong Konnect Plus starts at $1,500/month for cloud-managed capabilities. The open-source Kong Gateway is functional but missing OIDC, RBAC, audit logging, and the developer portal — features many organizations consider essential.

Gloo Edge OSS is free and functional for basic Envoy-based ingress. Gloo Gateway Enterprise (with GraphQL, WAF, portal, and advanced features) costs $40K-$100K/year per cluster depending on scale. For multi-cluster deployments, costs multiply quickly. Solo.io's pricing is cluster-based, which penalizes distributed architectures.

API7 Enterprise uses CPU-core based pricing that scales predictably regardless of cluster count. All 100+ plugins, GraphQL proxy, developer portal, and security features are included — no tiered lockout. The open-source Apache APISIX core means you can evaluate at full production scale before purchasing support, and migration away is always possible since the configuration format is open and portable.