Service mesh options
Decide on the mode, image, and lifecycle of Istio service mesh to install in Gloo Mesh clusters.
Istio mode
Gloo Mesh supports Istio service meshes that run either in ambient or sidecar mode. Review the following table to help you choose your Istio mode.
| Istio mode | Maturity | Lifecycle options | Solo distributions of Istio? | Feature highlights |
|---|---|---|---|---|
| Ambient | Production | Gloo-managed (alpha), manual | Yes (required) | Simplify your service mesh with a sidecarless approach. You get quicker onboarding, easier app lifecycle ops, and simpler network traffic with Layer 4 along with Layer 7. For more information, see About ambient mesh. |
| Sidecar | Production | Gloo-managed, manual | Yes | Deploy your service mesh with the standard sidecar approach. Although this approach is more resource-intensive, you get more observability data because all network traffic stays on Layer 7. To get started, see Deploy sidecar service meshes. |
Istio image
Gloo Mesh supports Istio service meshes that run either community Istio images or Solo distributions of Istio. The Solo distribution of Istio is a hardened Istio enterprise image, which maintains n-4 support for CVEs and other security fixes. The image support timeline is longer than the community Istio support timeline, which provides n-1 support with an additional 6 weeks of extended time to upgrade the n-2 version to n-1. For more about the added benefits of Solo distributions of Istio and to review the available image distributions, see Solo distributions of Istio.
Lifecycle management
Istio installation
Gloo Mesh supports full service mesh lifecycle management with the Gloo Operator. By using the Gloo Operator to manage your service meshes, you no longer need to manually install and manage the istiod control plane. Instead, you provide minimal Istio configuration to the operator in a ServiceMeshController custom resource, and the operator translates this configuration into a managed istiod control plane in your cluster for you. The operator reduces both the amount of configuration required to deploy Istio, and the overhead required to manage the lifecycle of Istio resources in your cluster.
- To get started, see the Gloo Operator installation guides for ambient or sidecar service meshes.
- If you prefer to manually manage your Istio service meshes instead, see the guides to manually deploy ambient or sidecar service meshes.
Waypoint deployment
If you deploy an ambient mesh and require waypoint proxies to apply Layer 7 policies, you can use versions 1.25 and later of the Solo distribution of Istio to automate the waypoint deployment. Instead of manually creating a waypoint proxy resource, and then labeling a namespace, service, or service entry to use that waypoint, you can simply label the namespace, service, or service entry with istio.io/usewaypoint=auto. Istiod automatically creates the appropriate waypoint and applies it to your target resource.
Note that this automation currently only creates waypoints with the istio-waypoint Gateway class. For more information, see About waypoints.
Note that this automation currently only creates waypoints with the istio-waypoint Gateway class. For more information, see About waypoints.