• Single cluster
    • Multicluster
    • Overview
    • Architecture
    • Relay architecture
      • About ambient mesh
      • Service mesh options
        • Overview
        • Supported Solo distributions of Istio
        • Gloo Operator
        • Helm
        • Migrate from a sidecar mesh
        • Gloo Operator ENTERPRISE
        • Helm ENTERPRISE
    • Enroll apps
      • Overview
      • Ingress
      • East-west and waypoints
      • Egress
    • Resiliency
      • Overview
      • Secure workload identites with SPIRE ENTERPRISE
    • Observability ENTERPRISE
      • Gloo Operator
      • Helm
      • Service mesh options
        • Overview
        • Supported Solo distributions of Istio
        • Gloo Operator
        • Migrate to the Gloo Operator
        • Helm
        • EKS add-on
        • AKS extension
        • Gloo Operator ENTERPRISE
        • Helm ENTERPRISE
    • Enroll apps
      • Overview
      • Ingress
      • Egress
    • Resiliency
    • Security
    • Observability
      • Gloo Operator
      • Helm
      • Istio lifecycle manager (deprecated)
      • Install the meshctl CLI
      • Licensing
      • System requirements
      • Installation options
    • Install with Helm
      • Best practices for production
          • Setup options
          • Certificate rotation overview
          • Insecure setup
            • Self-signed server certificate
            • BYO server certificate
            • Self-signed server certificate with managed client certificates
            • BYO server certificate with managed client certificate
              • OpenSSL
              • AWS
              • Vault
          • Istio CA overview
          • Bring your own Istio CAs with AWS
      • FIPS images
        • About Redis
        • Built-in Redis
        • Local Redis
        • External Redis
      • Control user access to your resources
    • Upgrade
    • Uninstall
  • interactive_space Insights
    • About the telemetry pipeline
      • Overview
        • Overview
        • Explore the UI
          • Overview
          • External auth with Google
          • External auth with Dex
          • External auth with Okta
          • OIDC settings in Helm
          • RBAC for resources in the UI
        • Configure the UI for HTTPS
        • Connect the Gloo UI to OpenShift Prometheus
        • Overview
        • Run sample PromQL queries
        • Metrics
        • Alerts
        • Customization options
      • Jaeger
      • Istio access logs
      • Add Istio request traces
      • Add Istio insights
      • Collect compute instance metadata
      • Forward metrics to Datadog
      • Forward metrics to OpenShift
      • Enable logs
      • Gloo Mesh versions
      • Open Source attribution
      • Feature gates
      • Release notes
      • Solo distribution of Istio changelog
      • Gloo Operator changelog
      • Dashboard
      • GatewayLifecycleManager
      • InsightsConfig
      • IstioHelm
      • IstioLifecycleManager
      • Gloo Operator APIs
      • Helm chart overview
      • Gloo Platform
      • Gloo Platform CRDs
      • Gloo Operator
      • meshctl
      • meshctl check
      • meshctl check server
      • meshctl cluster
      • meshctl cluster deregister
      • meshctl cluster list
      • meshctl cluster register
      • meshctl dashboard
      • meshctl debug
      • meshctl debug report
      • meshctl experimental
      • meshctl experimental interop-check
      • meshctl install
      • meshctl license
      • meshctl license check
      • meshctl logs
      • meshctl proxy
      • meshctl uninstall
      • meshctl version
      • CVE lifecycle handling
      • Security and CVE scan results
    • Gloo component permissions
    • General debugging
    • Management server
    • Agent
      • Debug Istio
      • Gloo Operator and ServiceMeshController
      • Knative
    • UI graph
    • Observability pipeline
    • Redis
    • About Solo Support
    • Submit a request
    • Add support information
  • open_in_new Istio documentation
    • main
    • 2.9 (latest)
    • 2.8
    • 2.7
    • 2.6
    • GitHub
    • Twitter / X
  • to navigate
  • to select
  • to close
    • Home
    • Istio ambient mesh
    On this page

    These docs use the Kubernetes Gateway API to manage your service mesh. To manage your sidecar service mesh with Gloo Mesh Enterprise APIs instead, see the Gloo Mesh Enterprise docs.

    Istio ambient mesh

    Explore an Istio service mesh without sidecars by running an ambient mesh with Gloo Mesh.

    article

    About

    Review conceptual information about ambient mesh and the Solo distributions of Istio that you can …

    article

    Install

    Get started with an ambient mesh setup.

    article

    Enroll apps

    Add services in existing namepaces to your ambient mesh, or deploy the Bookinfo sample app without …

    article

    Traffic management

    Review options for configuring request routing and traffic management for apps in your ambient mesh.

    article

    Resiliency

    Review options for making your individual apps and overall ambient mesh more resilient.

    article

    Security

    Review security features that are built into ambient mesh, such as mTLS, and configure further …

    article Enterprise

    Observability

    Use the Solo distribution of Istio to collect Layer 7 telemetry data for ztunnels.

    article

    Upgrade

    Use the Gloo Operator to manage the lifecycle of your service meshes, or upgrade manually with Helm.

    Solo.io copyright 2025