Feature gates
Review the required Gloo versions for gated features that you can optionally enable in the gloo-platform
and gloo-platform-crds
Helm charts.
In the featureGates
Helm setting, you specify a key-value pair, in which the key is the feature name, and the value is a boolean to enable or disable the feature. For example, to use Istio in ambient mode with Gloo Network, you set --set featureGates.AmbientMode=true
in your helm install
command, or set featureGates.AmbientMode
to true
in your Helm values file. Note that the featureGates
section replaces the deprecated experimental
section in the gloo-platform
Helm chart.
For more information about the Helm chart, see the Helm value reference. For more information about features that are in alpha or beta support, see Gloo feature maturity.
For some features, you must enable the feature gate in both the gloo-platform
chart and the gloo-platform-crds
Helm chart, because the feature requires a specific CRD that is not installed by default. Review the feature description in the following table to check whether the feature gate must be enabled in gloo-platform-crds
too.
Feature | Default value | Maturity | Since | Until | Description | Used by |
---|---|---|---|---|---|---|
AmbientMode | false | Alpha | 2.5.0 | Allow Gloo Mesh to create Istio Ambient Mesh resources. | Gloo management server | |
ExternalWorkloads | false | GA | 2.5.0 | In Gloo Mesh Enterprise, integrate external workloads, such as VMs and bare-metal instances, in your service mesh. Important: Enable this setting in the gloo-platform-crds Helm chart too. | Gloo management server | |
EnableJWTPolicyEastWestRoute | true | GA | 2.5.4 | Enables JWTPolicies to apply to selected east-west routes when configuring applyToRoutes API. | Gloo management server | |
GatewayDefaultDenyAllHTTPRequests | false | Alpha | 2.5.0 | Set to ’true’ for enhanced security in Gloo Gateway. By default, all existing routes bypass this mechanism. To onboard routes to this new feature, users must apply an additional step by labeling their HTTP routes with the reserved ‘gateway.gloo.solo.io/require_auth’: ’true’ label. Once labeled, routes become subject to the dynamic default deny behavior, reinforcing security. Apply external auth or JWT policies to enable traffic for specific routes. This Gloo Gateway-specific feature ensures ongoing security, even in the event of errors like policy deletion or Envoy filter issues. | Gloo management server | |
InsightsConfiguration | false | Alpha | 2.5.0 | Configure insights for Gloo Mesh Core. | Gloo management server | |
ReconcilerRelationshipWrites | true | Alpha | 2.5.0 | Allow the Gloo reconciler, which applies translated Gloo resources in your workload clusters, to track relationships between input and output resources. Disabling this feature can improve system performance. | Gloo management server |