Review how Gloo Mesh Core components work together to extend observability and insights into your Istio environment.
When you install Gloo Mesh Core in your cluster environment, you get Gloo, other projects integrated with Gloo, and Gloo-supported Istio components as described in the following diagram and tables.
By default, Gloo Mesh Core includes the following components that Solo develops.
|Gloo agent||The agents send snapshots of the Gloo resources from each workload cluster to the management server.|
|Gloo management server||The management server maintains the desired state of your Gloo environment based on the configurations that you create and the information that is stored in Redis and Prometheus.|
|Gloo insights||The insights engine maps Solo-provided recommendations to the analyses gathered by the Gloo analyzer. The insights engine reads information from Redis and writes insights to Prometheus.|
|Gloo UI (dashboard)||With the UI, you can review the health and configuration of your environment, including registered clusters, Istio, certificates, app services, and more. You can even set up external authentication that is synchronized with Kubernetes role-based access control to manage how your users access the UI.|
|Gloo analyzer||The Gloo analyzer runs analyzers from Istio and Solo to gather data on the status of Istio, proxies, certificates, images, and other components. This information is collected by the OTel collector, sent to the OTel gateway, and stored in Prometheus and Redis on the management cluster.|
Gloo Mesh Core incorporates several other open source projects to extend its capabilties. Although Solo does not develop these projects, the projects are supported as part of regular Gloo usage. Depending on the project, you may or may not be able to use your own instance instead, but support and setup vary.
|OTel pipeline||You can set up the Gloo OpenTelemetry (OTel) pipeline (gateway and workload collectors) to collect metrics for your ingress and egress gateways and Istio service mesh.|
|Prometheus||The default Prometheus deployment scrapes metrics from the Gloo telemetry gateway, including custom |
|Redis||Redis is used for several Gloo components. You can optionally bring your own Redis instance.|
Gloo Mesh Core can optionally manage several open source Istio components. When you use Solo Istio images, these Istio components are part of your Solo support. If you want to customize these installations, you might lose some of the managed benefits.
|Istiod||Istiod is the control plane for the Istio service mesh on each workload cluster. For multicluster environments, Gloo federates trust by using a unified root trust policy across clusters.|
|Operator||When you use the Solo Istio Lifecycle Manager, an Istio operator is created to manage the other installed Istio components.|
|Ingress and egress gateways||Based on Envoy, the Istio ingress gateway is deployed to manage traffic into and out of the service mesh. Depending on your security requirements, you might set up an ingress gateway per environment, per cluster, or in other ways.|
|Workload proxy||Based on Envoy, Istio workload proxies manage network communication between the workload and other microservices. You can choose between sidecar or ambient (sidecarless) mode setups. In sidecar mode, each workload has its own Istio sidecar proxy for more fine-grained control. In ambient mode, you set up ztunnel and waypoint proxies that decouple the proxy from the application for greater operational efficiency. You can deploy more waypoint proxies for more fine-grained traffic control. Note that ambient mode is not supported with Solo Istio Lifecycle Manager.|
Now that you know more about the Gloo core components, integrated projects, and managed Istio components that help manage your environment, review how these components communicate with each other in the following diagram.