Istio mode

Gloo Mesh Core supports Istio service meshes that run either in ambient or sidecar mode. Review the following table to help you choose your Istio mode.

Istio modeMaturityLifecycle optionsSolo distributions of Istio?Feature highlights
AmbientBetaGloo-managed, manualYesSimplify your service mesh with a sidecarless approach. You get quicker onboarding, easier app lifecycle ops, and simpler network traffic with Layer 4 along with Layer 7. For more information, see About ambient mesh.
Sidecar (default)ProductionGloo-managed, manual, takeover existing installationsYesDeploy your service mesh with the standard sidecar approach. Although this approach is more resource-intensive, you get more observability data because all network traffic stays on Layer 7. To get started, see Deploy Gloo-managed service meshes or Take over existing Istio installations.

Istio image

Gloo Mesh Core supports Istio service meshes that run either community Istio images or Solo distributions of Istio. The Solo distribution of Istio is a hardened Istio enterprise image, which maintains n-4 support for CVEs and other security fixes. The image support timeline is longer than the community Istio support timeline, which provides n-1 support with an additional 6 weeks of extended time to upgrade the n-2 version to n-1. For more about the added benefits of Solo distributions of Istio and to review the available image distributions, see Solo distributions of Istio.

Lifecycle management

Gloo Mesh Core supports full service mesh lifecycle management with the Istio Lifecycle Manager. By using Gloo-managed service meshes, you no longer need to manually install and manage the istiod control plane. Instead, you provide the Istio configuration in a Gloo custom resource (CR), and Gloo translates this configuration into managed istiod control plane and gateways in each workload cluster for you. For more information, see Lifecycle management..