API v1 and v2 comparison
The Gloo Mesh Enterprise API is available in two versions, v1 and v2. Each version supports different custom resources that are used to simplify service mesh management in single and multicluster environments.
Key new features of Gloo Mesh API v2
Workspaces for multitenancy
Gloo introduces a new concept for Kubernetes-based multi-tenancy, the Workspace custom resource. A workspace consists of one or more Kubernetes namespaces that are in one or more clusters. Think of a workspace as the boundary of your team's resources. To get started, you can create a workspace for each of your teams. Your teams might start with their apps in a couple Kubernetes namespaces in a single cluster. As your teams scale across namespaces and clusters, their workspaces scale with them.With workspaces, you can more easily manage your single and multicluster environments, including the following key benefits:
- Service isolation and federation across meshes and clusters
- Multitenant configuration and traffic control
- Cross-cluster app deployments without naming restrictions
For information, see Workspaces.
Enhanced installation for managed Istio and more scalable clusters
As in v1, you still install Gloo Mesh v2 in a relay server and agent architecture. This architecture is enhanced to be more highly available and scalable, including the following benefits:
- Ability to create Gloo Mesh custom resources on any cluster, not just the management cluster
- Managed Istio installation option for more easily scaling clusters without configuration changes
- No cross-cluster Kubernetes API server access needed
- Automated sidecar creation for optimized data plane resource consumption
- Scalable dashboard for single pane of glass visibility into your service mesh environment
For information, see Architecture.
Flexible custom resources, such as Policies
The v2 API introduces a new set of custom resources and reorganizes the APIs into admin, networking, and policy groups. Additionally, the API is designed around a set of user personas that can help you think about the responsibilities for the people on your team.
Instead of grouping entire service meshes together into a VirtualMesh as in v1, you use Workspaces. Workspaces are more flexible, because you can group together only the namespaces that you want from each service mesh. You set service isolation and federation on a per-workspace basis. You can even import and export resources across workspaces by configuring their workspace settings.
Similarly, by moving out the networking policies into separate custom resources, as opposed to the inline approach in v1 resources, you get more flexibility. For example, your operator team can configure Gloo Mesh policies. Then, your developers can use the Kubernetes selectors that they are already familiar with to pair up their routes or destinations with these policies.
For more information, see:
VM onboarding to extend the mesh outside clusters
With Gloo Mesh v2, you can add virtual machines (VMs) to your service mesh environment. This way, services in the VM can be accessed and controlled by the same policies and networking resources as in your clusters.
For more information, see Onboarding VMs.
Comparison of v1 and v2
For a point-by-point comparison of the different versions, review the following table.
You cannot use both v1 and v2 in the same Gloo Mesh environment.
| Area | API v1 | API v2 |
|---|---|---|
| API endpoint | *.gloo.solo.io/v1 |
*.gloo.solo.io/v2 |
| Component names | Management server: enterprise-networking, remote cluster agent: enterprise-agent |
Management server: gloo-mesh-mgmt-server, remote cluster agent: gloo-mesh-agent |
| Where to create Gloo Mesh resources | Must be in the management cluster. | Some resources such as Workspaces must be created in the management cluster. Most other Gloo Mesh resources can be created in any registered cluster. |
Supported version † |
Gloo Mesh Enterprise 1.2 and earlier. | Gloo Mesh Enterprise 2.0 and later. |
| Custom resource differences | Fewer Gloo Mesh CRs. Gloo Mesh CRs have more 1-to-many relationships with inputs and outputs such as Istio resources. | New Workspace and other CRs to simplify managing your resources. Gloo Mesh CRs have more 1-to-1 relationships with inputs and outputs such as Istio resources for better reusability across north-south and east-west gateways and improved observability for easier self-service. |
| Controlling access to the CRDs | Custom Gloo Mesh RBAC. | Native Kubernetes RBAC. |
| Isolation and federation | Configured by VirtualMesh on a mesh basis and secured via mTLS. | Configured by WorkspaceSettings on a workspace basis (namespaces and clusters) and secured via mTLS. |
| Policy and routing differences | Routes can have policies defined within the configuration. Separate configurations for east-west vs. north-south traffic policies. | Policies are created separately and applied to destinations, routes, or workloads by Kubernetes selectors. Policies are more reusable and simpler for developers to consume. For example, different development teams in different workspaces can use the same retry or timeout policies. The same policy can apply to both east-west and north-south traffic. |
| Selectors | Resources are often specified individually and in-line in other resources, making it harder to scale. For example, in a VirtualMesh, you specify cluster-1, cluster-2, etc. |
Resources can be specified by name or by Kubernetes selectors, for more flexible scaling. For example, you can have a workspace that automatically adds clusters with the label env: prod. |
| Single to multicluster transition | You create a separate management cluster and register each workload cluster. Istio meshes that run in your registered workload clusters are automatically discovered. Then, you create more Gloo Mesh CRs in the management cluster for the resources you want. | You still create a separate management cluster, register workloads, and get automatic Istio discovery. However, because you use Workspaces and selectors or regex names to organize resources, you can more easily scale the Workspace to all the workload clusters, which automatically creates the Gloo Mesh CRs for you. |
† For the corresponding Istio and Kubernetes versions that the Gloo Mesh version supports, see Supported versions.