Feature gates
Review the required Gloo Platform versions for gated features that you can optionally enable in the gloo-platform and gloo-platform-crds Helm charts.
In the featureGates setting, you specify a key-value pair, in which the key is the feature name, and the value is a boolean to enable or disable the feature. For example, to use Istio in ambient mode with Gloo Mesh Enterprise, you set --set featureGates.AmbientMode=true in your helm install command, or set featureGates.AmbientMode to true in your Helm values file. Note that the featureGates section replaces the deprecated experimental section in the Gloo Platform Helm chart.
For more information about the Helm chart, see the Helm value reference. For more information about features that are in alpha or beta support, see Gloo feature maturity.
For some features, you must enable the feature gate in both the gloo-platform chart and the gloo-platform-crds Helm chart, because the feature requires a specific CRD that is not installed by default. Review the feature description in the following table to check whether the feature gate must be enabled in gloo-platform-crds too.
| Feature | Default value | Maturity | Since | Until | Description |
|---|---|---|---|---|---|
AmbientMode |
false |
Alpha | 2.5.0 | Allow Gloo Mesh to create Istio Ambient Mesh resources. | |
EnableJWTPolicyEastWestRoute |
false |
GA | 2.5.4 | Enables JWTPolicies to apply to selected east-west routes when configuring applyToRoutes API. | |
ExternalWorkloads |
false |
GA | 2.5.0 | In Gloo Mesh Enterprise, integrate external workloads, such as VMs and bare-metal instances, in your service mesh. Important: Enable this setting in the gloo-platform-crds Helm chart too. |
|
GatewayDefaultDenyAllHTTPRequests |
false |
GA | 2.5.0 | Set to ‘true’ for enhanced security in Gloo Gateway. By default, all existing routes bypass this mechanism. To onboard routes to this new feature, users must apply an additional step by labeling their HTTP routes with the reserved ‘gateway.gloo.solo.io/require_auth’: ‘true’ label. Once labeled, routes become subject to the dynamic default deny behavior, reinforcing security. Apply external auth or JWT policies to enable traffic for specific routes. This Gloo Gateway-specific feature ensures ongoing security, even in the event of errors like policy deletion or Envoy filter issues. | |
InsightsConfiguration |
false |
Alpha | 2.5.0 | Configure insights for Gloo Mesh Core. | |
ReconcilerRelationshipWrites |
true |
Alpha | 2.5.0 | Allow the Gloo reconciler, which applies translated Gloo resources in your workload clusters, to track relationships between input and output resources. Disabling this feature can improve system performance. | |
SafeMode |
false |
Alpha | 2.5.0 | SafeMode will not allow translation without all cluster resources being present in the redis cache, this can prevent incomplete translations from being applied to the cluster(s). |