Gloo Gateway offers several custom authentication options that can be integrated with DeepSeek-R1, enhancing security and control over access to the model. Here are some of the key custom authentication features available:
External Authentication (Ext Auth) Service
Gloo Gateway Enterprise includes an external authentication (Ext Auth) service that supports various authentication protocols, including LDAP, OIDC, Basic Auth, and API Keys. This service allows for the integration of custom business logic through a plugin framework, enabling bespoke authentication protocols to be easily loaded and configured[1][9].
Passthrough Authentication
Passthrough authentication allows Gloo Gateway to delegate authentication to an external service. This can be done using either gRPC Passthrough Auth or HTTP Passthrough Auth, both of which conform to Envoy's Authorization Service API. This method provides flexibility by allowing custom logic alongside Gloo Gateway's built-in authentication mechanisms[7].
Custom Auth Server
Users can implement their own custom authentication server and integrate it with Gloo Gateway. However, unlike passthrough authentication, a custom auth server is not integrated with Gloo Gateway's Ext Auth service and cannot leverage its built-in authentication mechanisms[7].
JSON Web Tokens (JWT)
Gloo Gateway supports the use of JSON Web Tokens (JWT) for authentication. JWT verification can be performed directly within Envoy, requiring minimal resources and no external service calls. This method is efficient and fast, making it suitable for high-traffic environments[1].
Open Policy Agent (OPA) for Authorization
Gloo Gateway integrates with Open Policy Agent (OPA) to apply fine-grained authorization policies. Using a dynamic language called Rego, users can define complex authorization rules that can be applied after authentication. This allows for sophisticated access control based on user roles, permissions, and other attributes[1][4].
Custom Plugins
Gloo Gateway's Ext Auth service supports custom plugins written in Go. These plugins can extend the built-in authentication capabilities, allowing users to implement specialized authentication logic tailored to their specific needs[1].
By leveraging these custom authentication options, users can securely manage access to DeepSeek-R1 models, ensuring that only authorized requests are processed while maintaining flexibility and control over the authentication workflow.
Citations:
[1] https://docs.solo.io/gloo-edge/main/guides/security/auth/
[2] https://www.solo.io/blog/navigating-deepseek-r1-security-concerns-and-guardrails
[3] https://kgateway.dev/docs/reference/helm/
[4] https://docs.solo.io/gloo-edge/main/guides/security/auth/multi_authz/
[5] https://www.solo.io/blog/fast-and-furious-gateway-api-at-scale-with-envoy-proxy-and-gloo-gateway
[6] https://kgateway.dev/docs/reference/contribution/add-docs/
[7] https://docs.solo.io/gloo-edge/latest/guides/security/auth/extauth/passthrough_auth/
[8] https://www.bigdatawire.com/this-just-in/solo-io-releases-gloo-ai-gateway-to-optimize-ai-deployment-and-ensure-governance-controls/
[9] https://docs.solo.io/gloo-edge/main/guides/security/auth/extauth/
[10] https://www.solo.io/resources/video/demo-video-navigating-deepseek-r1-security-concerns-and-guardrails
[11] https://www.together.ai/models/deepseek-r1