Gloo Mesh architecture

Gloo Mesh builds on the Gloo Platform architecture to unlock service mesh management and east-west traffic control capabilities.

As shown in the following figure, you can think of Gloo Mesh as a management plane for multiple service mesh control planes. These service meshes might run on clusters in different cloud providers and Kubernetes-based platforms such as OpenShift. When a workload cluster is registered with Gloo Mesh, the management plane discovers and creates configurations for mesh-enabled workloads in the cluster, unifies the trust model across clusters, scrapes metrics, and more.

No matter where your apps run, you can control how they communicate with each other. In your Gloo Mesh workspace, you can enforce service isolation and federation across clusters. Then, all traffic within the mesh is secured via mutual TLS. Next, you might want to shape the traffic by using networking resources such as virtual destinations and policies to set up intelligent, multicluster routing and failover. With built in Gloo Platform tools, you can rate limit or enforce external auth for requests within the service mesh. Finally, keep track of everything that happens in your environment by using the Gloo UI, which monitors not only Gloo custom resources, but also the underlying Istio and Kubernetes resources.

Figure: For each service mesh, Gloo Mesh simpifies Istio service discovery, traffic shaping, and secured app traffic policies.