• Single cluster
    • Multicluster
    • Overview
    • Architecture
    • Relay architecture
      • About ambient mesh
      • Service mesh options
        • Overview
        • Supported Solo distributions of Istio
        • Gloo Operator
        • Helm
        • Migrate from a sidecar mesh
        • Gloo Operator ENTERPRISE
        • Helm ENTERPRISE
    • Enroll apps
      • Overview
      • Ingress
      • East-west and waypoints
      • Egress
    • Resiliency
      • Overview
      • Secure workload identites with SPIRE ENTERPRISE
      • Overview
      • Layer 7 observability for ztunnels ENTERPRISE
      • Gloo Operator
      • Helm
      • Service mesh options
        • Overview
        • Supported Solo distributions of Istio
        • Gloo Operator
        • Migrate to the Gloo Operator
        • Helm
        • EKS add-on
        • AKS extension
        • Gloo Operator ENTERPRISE
        • Helm ENTERPRISE
    • Enroll apps
      • Overview
      • Ingress
      • Egress
    • Resiliency
    • Security
    • Observability
      • Gloo Operator
      • Helm
      • Istio lifecycle manager (deprecated)
        • Install the meshctl CLI
        • Licensing
        • System requirements
        • Installation options
      • Single cluster management
      • Multicluster management
    • Explore the UI
    • Review insights
      • About the telemetry pipeline
      • Collect compute instance metadata
      • Collect Istio access logs
      • Collect Istio request traces with Jaeger
      • Enable logging
        • Overview
        • Run sample PromQL queries
        • Metrics
        • Alerts
        • Customization options
        • Forward metrics to Datadog
        • Forward metrics to OpenShift
      • Best practices for production
          • Setup options
          • Certificate rotation overview
          • Insecure setup
            • Self-signed server certificate
            • BYO server certificate
            • Self-signed server certificate with managed client certificates
            • BYO server certificate with managed client certificate
              • OpenSSL
              • AWS
              • Vault
          • Istio CA overview
          • Bring your own Istio CAs with AWS
      • FIPS images
        • Overview
          • Overview
          • External auth with Google
          • External auth with Dex
          • External auth with Okta
          • OIDC settings in Helm
          • RBAC for resources in the UI
        • Configure the UI for HTTPS
        • Connect the Gloo UI to OpenShift Prometheus
        • About Redis
        • Built-in Redis
        • Local Redis
        • External Redis
      • Control user access to your resources
    • Upgrade
    • Uninstall
      • Gloo Mesh versions
      • Open Source attribution
      • Feature gates
      • Release notes
      • Solo distribution of Istio changelog
      • Gloo Operator changelog
      • Dashboard
      • GatewayLifecycleManager
      • InsightsConfig
      • IstioHelm
      • IstioLifecycleManager
      • Gloo Operator APIs
      • Helm chart overview
      • Gloo Platform
      • Gloo Platform CRDs
      • Gloo Operator
      • meshctl
      • meshctl check
      • meshctl check server
      • meshctl cluster
      • meshctl cluster deregister
      • meshctl cluster list
      • meshctl cluster register
      • meshctl dashboard
      • meshctl debug
      • meshctl debug report
      • meshctl experimental
      • meshctl experimental interop-check
      • meshctl install
      • meshctl license
      • meshctl license check
      • meshctl logs
      • meshctl proxy
      • meshctl uninstall
      • meshctl version
      • CVE lifecycle handling
      • Security and CVE scan results
    • Gloo component permissions
    • General debugging
    • Management server
    • Agent
      • Debug Istio
      • Gloo Operator and ServiceMeshController
      • Knative
    • UI graph
    • Observability pipeline
    • Redis
    • About Solo Support
    • Submit a request
    • Add support information
  • open_in_new Istio documentation
    • main
    • 2.9 (latest)
    • 2.8
    • 2.7
    • 2.6
    • GitHub
    • Twitter / X
  • to navigate
  • to select
  • to close
    • Home
    • Istio ambient mesh
    On this page

    These docs use the Kubernetes Gateway API to manage your service mesh. To manage your sidecar service mesh with Gloo Mesh Enterprise APIs instead, see the Gloo Mesh Enterprise docs.

    Istio ambient mesh

    Explore an Istio service mesh without sidecars by running an ambient mesh with Gloo Mesh.

    article

    About

    Review conceptual information about ambient mesh and the Solo distributions of Istio that you can …

    article

    Install

    Get started with an ambient mesh setup.

    article

    Enroll apps

    Add services in existing namepaces to your ambient mesh, or deploy the Bookinfo sample app without …

    article

    Traffic management

    Review options for configuring request routing and traffic management for apps in your ambient mesh.

    article

    Resiliency

    Review options for making your individual apps and overall ambient mesh more resilient.

    article

    Security

    Review security features that are built into ambient mesh, such as mTLS, and configure further …

    article

    Observability

    Review built-in and optional observability tools to monitor the health of your ambient mesh.

    article

    Upgrade

    Use the Gloo Operator to manage the lifecycle of your service meshes, or upgrade manually with Helm.

    Solo.io copyright 2025