Gloo Mesh Core works with community Istio out of the box. You get instant insights into your Istio environment through a custom dashboard. Observability pipelines let you analyze many data sources that you already have. You can even automate installing and upgrading Istio with the Gloo lifecycle manager.

But Gloo Mesh Core includes more than tooling to complement an existing Istio installation. You can also replace community Istio with Solo’s hardened Istio images. These images unlock enterprise-level support. Later, you might choose to upgrade seamlessly to Gloo Mesh Enterprise for a full-stack service mesh and API gateway solution. This approach lets you scale as you need more advanced routing and security features. For more information about these components, see Architecture.

Enterprise support

Gloo Mesh Core provides enterprise support on top of community Istio. Review the following table for a list of benefits. For more information, see Solo distributions of Istio.

BenefitGloo Mesh CoreCommunity Istio
Upstream feature development
CI/CD-ready automated installation and upgrade
End-to-end Istio support and CVE security patching
Long-term n-4 version support with Solo images
Special image builds for distroless and FIPS compliance
24x7 production support and one-hour Severity 1 SLA
Single pane of glass for operational management of Istio
Insights based on environment checks with corrective actions

Lifecycle management

As a service mesh, Istio solves connectivity challenges that arise with microservice architectures. Many microservices can mean many ingress and egress points. In regulated and secured environments, you might need many ingress and egress gateways. Even further, microservices split not only into many apps, but often in many clusters.

With community Istio, you can individually install Istio into clusters with a tool like istioctl. Then, you set up ingress and egress gateways, with their many configuration options, one by one. This approach quickly becomes unscalable with dozens of clusters. It can also lead to version drift and other configuration differences.

Gloo Mesh Core simplifies such lifecycle management activities with two custom resources: IstioLifecycleManager and GatewayLifecycleManager. Gloo translates these resources into Istio control planes, gateways, and related resources for you. You can integrate these resources into your CI/CD pipeline. This approach lets you automate your existing Istio deployments, even across clusters.

For more information, see Service mesh lifecycle.

Figure: Lifecycle benefits with Gloo Mesh Core
Figure: Lifecycle benefits with Gloo Mesh Core
Figure: Lifecycle benefits with Gloo Mesh Core
Figure: Lifecycle benefits with Gloo Mesh Core

Operational observability

Gloo Mesh Core uses the OpenTelemetry (OTel) project to collect telemetry data from many sources in your clusters. Some of these sources, such as Grafana and Prometheus, are built in to monitor your Gloo environment and the apps in your cluster. You might have other existing sources, too. With OTel, you can set up pipelines for these sources as needed, so that you have all your telemetry data in a single place.

The Gloo UI shows these observability details in a single pane of glass, as shown in the following figure. For more information, see Telemetry.

Figure: Operational dashboard
Figure: Operational dashboard
Figure: Operational dashboard
Figure: Operational dashboard

Insights

Gloo Mesh Core comes with an insights engine that automatically analyzes your Istio setups for health issues. Then, Gloo shares these issues along with recommendations to harden your Istio setups. The insights give you a checklist to address issues that might otherwise be hard to detect across your environment. For example, insights can help you identify:

  • Sidecars that are orphaned from istiod but otherwise reflect a healthy, running status
  • Istio CRDs that are missing
  • Gateways or virtual services that are not scoped, which can lead to unpredictable routing behavior
  • Opportunities to trim the Envoy proxy config to reduce overload
  • Opportunities to tune istiod performance such as to improve push times and decrease throttling
  • Annotations that bypass sidecars or iptable rules
  • Non-ordered containers that cause race conditions with sidecars
  • Better egress controls

In the following figure, an example insight warns that a virtual service is exported to all namespaces, which is not recommended for security reasons. For more information, see Insights.

Figure: Insights example
Figure: Insights example
Figure: Insights example
Figure: Insights example

Seamless migration to full-stack service mesh

Gloo Mesh Core provides a core set of tooling to help you observe and manage your Istio lifecycle. As you continue to scale your environment, you might have increasingly complex app networking problems. You can seamlessly migrate from Core to Gloo Mesh Enterprise. With Enterprise, you get a full-stack L4-L7 app networking solution. Then, you can manage API gateways and service meshes in complex, multicluster environments.

Unlock Gloo’s powerful custom resources for advanced features including the following:

  • Automatic discovery of Istio resources across cluster
  • Envoy-based ingress and egress gateways
  • East-west gateway for cross-cluster communications
  • Gloo workspaces for simple multitenancy
  • Gloo virtual gateways and route tables to manage cross-cluster application routing
  • All Gloo policies to build zero-trust security into your networking
  • Hardened external auth and rate limiting servers
  • Gloo external services to bring in workloads in external VMs to the mesh
  • Developer portal to share and monetize your APIs
  • Ability to route to AWS Lambdas

For more information, see the Gloo Mesh Enterprise docs.