• Single cluster
    • Multicluster
    • Overview
    • Architecture
    • Relay architecture
      • Service mesh options
      • About ambient mesh
        • Overview
        • Supported Solo distributions of Istio
      • Install a managed ambient mesh with the Gloo Operator
      • Manually install an ambient mesh with Helm
      • Migrate from a sidecar mesh (alpha)
      • Create a multicluster mesh with the Gloo Operator
      • Create a multicluster mesh with Helm
    • Add apps to the ambient mesh
    • Expose apps with an ingress gateway
    • Control in-mesh traffic with east-west gateways and waypoints
    • Control traffic with an egress gateway
    • Secure workload identites with SPIRE
    • Explore Layer 7 observability for ztunnels
      • Upgrade managed ambient meshes with the Gloo Operator
      • Upgrade ambient meshes with Helm
      • Service mesh options
        • Overview
        • Supported Solo distributions of Istio
      • Install a managed sidecar mesh with the Gloo Operator
      • Migrate to Gloo-managed service meshes
      • Manually install a sidecar mesh with Helm
      • Create a multicluster mesh with the Gloo Operator
      • Create a multicluster mesh with Helm
    • Install Istio with EKS add-on
    • Install Istio with AKS Extension
    • Add apps to the service mesh
    • Expose apps with an ingress gateway
    • Control traffic with an egress gateway
      • Upgrade managed ambient meshes with the Gloo Operator
      • Upgrade sidecar meshes with Helm
      • Upgrade with the Istio lifecycle manager (legacy)
      • Install the meshctl CLI
      • Licensing
      • System requirements
      • Installation options
    • Install with Helm
      • Best practices for production
          • Setup options
          • Certificate rotation overview
          • Insecure setup
            • Self-signed server certificate
            • BYO server certificate
            • Self-signed server certificate with managed client certificates
            • BYO server certificate with managed client certificate
              • OpenSSL
              • AWS
              • Vault
          • Istio CA overview
          • Bring your own Istio CAs with AWS
      • FIPS images
        • About Redis
        • Built-in Redis
        • Local Redis
        • External Redis
      • Control user access to your resources
    • Upgrade
    • Uninstall
  • interactive_space Insights
    • About the telemetry pipeline
      • Overview
        • Overview
        • Explore the UI
          • Overview
          • External auth with Google
          • External auth with Dex
          • External auth with Okta
          • OIDC settings in Helm
          • RBAC for resources in the UI
        • Configure the UI for HTTPS
        • Connect the Gloo UI to OpenShift Prometheus
        • Overview
        • Run sample PromQL queries
        • Metrics
        • Alerts
        • Customization options
      • Jaeger
      • Istio access logs
      • Add Istio request traces
      • Add Istio insights
      • Collect compute instance metadata
      • Forward metrics to Datadog
      • Forward metrics to OpenShift
      • Enable logs
      • Gloo Mesh versions
      • Open Source attribution
      • Feature gates
      • Release notes
      • Solo distribution of Istio changelog
      • Gloo Operator changelog
      • Dashboard
      • GatewayLifecycleManager
      • InsightsConfig
      • IstioHelm
      • IstioLifecycleManager
      • Gloo Operator APIs
      • Helm chart overview
      • Gloo Platform
      • Gloo Platform CRDs
      • Gloo Operator
      • meshctl
      • meshctl check
      • meshctl check server
      • meshctl cluster
      • meshctl cluster deregister
      • meshctl cluster list
      • meshctl cluster register
      • meshctl dashboard
      • meshctl debug
      • meshctl debug report
      • meshctl experimental
      • meshctl experimental interop-check
      • meshctl install
      • meshctl license
      • meshctl license check
      • meshctl logs
      • meshctl proxy
      • meshctl uninstall
      • meshctl version
      • CVE lifecycle handling
      • Security and CVE scan results
    • Gloo component permissions
    • General debugging
    • Management server
    • Agent
      • Debug Istio
      • Istio and gateway lifecycle manager
      • Knative
    • UI graph
    • Observability pipeline
    • Redis
    • About Solo Support
    • Submit a request
    • Add support information
  • open_in_new Istio documentation
    • main
    • 2.9 (latest)
    • 2.8
    • 2.7
    • 2.6
    • GitHub
    • Twitter / X
  • to navigate
  • to select
  • to close
    • Home
    • Istio ambient mesh
    On this page

    These docs use the Kubernetes Gateway API to manage your service mesh. To manage your sidecar service mesh with Gloo Mesh Enterprise APIs instead, see the Gloo Mesh Enterprise docs.

    Istio ambient mesh

    Explore an Istio service mesh without sidecars by running an ambient mesh with Gloo Mesh.

    article

    About

    Review conceptual information about ambient mesh and the Solo distributions of Istio that you can …

    article

    Install

    Get started with an ambient mesh setup.

    article

    Link meshes for a multicluster setup

    Get started with a multicluster ambient mesh that spans all of your clusters.

    article

    Add apps to the ambient mesh

    Add services in existing namepaces to your ambient mesh, or deploy the Bookinfo sample app without …

    article

    Expose apps with an ingress gateway

    Send requests to apps from outside your ambient mesh setup by deploying an ingress gateway.

    article

    Control in-mesh traffic with east-west gateways and waypoints

    Manage routing and apply policies within your ambient mesh.

    article

    Control traffic with an egress gateway

    Route all traffic through an egress gateway and enforce policies before traffic leaves your ambient …

    article

    Secure workload identites with SPIRE

    Use SPIRE node agents to attest and grant identities to ambient mesh workloads, which can be used …

    article

    Explore Layer 7 observability for ztunnels

    Use the Solo distribution of Istio to collect Layer 7 telemetry data for ztunnels.

    article

    Upgrade

    Use the Gloo Operator to manage the lifecycle of your service meshes, or upgrade manually with Helm.

    Solo.io copyright 2025