Gloo Mesh 2.6: Istio’s Ambient mode now ready for production
Gloo Mesh has become the trusted service mesh solution for global organizations looking to secure, connect and centralize the management of their cloud services across distributed applications at scale. From empowering financial institutions to securely process large amounts of data across their data centers, to ensuring fast food providers maintain point-of-sale systems during peak business hours, Gloo Mesh has emerged as the go-to enterprise service mesh due to its consistent reliability, usability, and performance.
Today we’re excited to release Gloo Mesh 2.6. In this latest release, we’ve focused on enhancing the operational efficiency, performance, and usability of the platform with the following features:
- Production support for Istio Ambient mode in Gloo Mesh Core
- Performance optimizations for scale-out deployments of Gloo Mesh Enterprise
- Proactive resource validation to support operational guardrails for developer self-service
- Multi-cluster, multi-region routing controls for global distribution with seamless failover
Production-ready Ambient now available in Gloo Mesh Core
With the 2.6 release, Gloo Mesh Core introduces production-ready Istio Ambient mode – a data plane mode that doesn’t use sidecars! With Ambient mode, sidecar functionality has been replaced by specific L4 and L7 components that optimize data plane infrastructure:
- Ztunnel: a lightweight, node-based Rust proxy supporting L4 features such as mTLS and Identity
- Waypoint: an independently deployable and scalable Envoy proxy providing L7 routing and policy controls
Ambient provides significant cost savings for up to 90% reduction of infrastructure costs while dramatically improving operational overhead for platform and application teams. Whether you are adding new workloads to a mesh, or migrating from Istio sidecars, Gloo Mesh Core provides valuable features to help with Ambient adoption.
Lifecycle Management – Gloo Mesh Core simplifies installation and upgrades of Ambient with two custom resources: IstioLifecycleManager and GatewayLifecycleManager. Gloo translates these resources into Istio control planes (ztunnel), gateways, and related resources for you. You can integrate these resources into your CI/CD pipeline. This approach lets you automate your existing Istio deployments consistently across clusters.
Enhanced Telemetry and UI – Gloo Mesh Core’s distribution of Ambient provides the ability to scan traffic going through ztunnel and extract key L7 attributes related to metrics, logs and traces, without having to run any waypoints or sidecars! Get faster and easier access to metrics and analytics through the Gloo Mesh Core UI, arming teams with accurate real-time data across their services without complex configuration or extra components.
Insight Engine – Gloo Mesh Core provides self-service operational insights for platform teams to align with best practices in service mesh management that Solo.io has built over years of helping customers deliver production-grade platforms at scale. As part of this release, the Gloo insights engine has been updated to include insights for Ambient health, operations, and best practices. Gloo Mesh Users can now adopt Istio with Ambient mode while confidently addressing common pitfalls and misconfigurations surfaced through the insights engine.
Enabling global scale and operational agility with Gloo Mesh Enterprise
Gloo Mesh Enterprise provides advanced service mesh management capabilities on top of standard Istio capabilities for large environments. Examples include multi-tenancy to support multiple development teams, multi-cluster operations to support distributed multi-cloud environments and deep integration with non-Kubernetes workloads such as Virtual Machines.
At Solo, we’ve been at the forefront of deploying Istio at scale with Gloo Mesh – partnering with global enterprises to transform their cloud infrastructure and application architecture to support security, observability, and control across a hybrid and multi-cloud landscape. Anticipating the next iteration of scale, we have made substantial investments in optimizing performance and reliability in Gloo Mesh Enterprise in 2.6.
Performance Improvements
In a multi-cluster environment, the Gloo Mesh management plane acts as the brain of multiple, independent mesh workload clusters. It is responsible for ingesting Gloo configurations, translating them into Kubernetes/Istio/Envoy configurations, and distributing them to each of the workload clusters.
For most of our customers, Gloo Mesh can perform these translations in just a few seconds. As our customer demands grow with an exponentially increasing number of Gloo resources being configured, we wanted to ensure that our customers could reliably experience similar performance speeds for translations even when their resources grow to the tens of thousands.
In Gloo Mesh Enterprise 2.6, we’ve addressed this challenge and optimized the system resulting in a consistent reduction in translation times by 95%. Gloo Mesh Enterprise customers can now confidently ensure their multi-cluster environment runs at peak efficiency, even at scale.
Proactive Resource Validation
In Gloo Mesh Enterprise 2.6, we’ve introduced additional resource validation features to safeguard your environment to prevent invalid Gloo configurations from being applied to your clusters. This helps Gloo Mesh Enterprise users catch invalid configurations early, minimizing the impact of potential disruptions.
Gloo Custom Resources are checked against defined configuration constraints and validation rules, and any attempt to apply invalid configuration to your cluster is rejected. These include simple Schema constraints for single fields as well as complex Common Expression Language (CEL) rules that can apply to multiple fields within a CRD, such as requiring a specific value for one field if a different field is also set. There is also a new experimental meshctl command to validate the configuration of one or more Gloo custom resources against a live management plane before you apply them. The output will show valuable information such as the expected translated configuration for every cluster and any error or warning messages.
Multi-cluster Routing Enhancements
In this latest release, we also bring significant enhancements to the VirtualDestination and FailoverPolicy APIs, giving Gloo Mesh Enterprise users greater flexibility in traffic management across clusters. VirtualDestinations enable you to define unique internal hostnames for applications distributed across multiple clusters, facilitating global routing, high availability, and seamless failover for any workload.
In Gloo Mesh Enterprise 2.6, the new FailoverPolicy priorityLabels feature gives you precise control over traffic failover by allowing you to prioritize destinations using one or more labels. Additionally, the VirtualDestinationWorkspacePolicyOverride flag empowers teams to customize policies for a shared VirtualDestination within their workspace. This means that while the core VirtualDestination configuration can be shared across teams, each team can apply its own policies, ensuring tailored control and consistency in traffic management across their service mesh.
Get started now. Try Gloo Mesh 2.6 today!
Ready to get started? The Gloo Mesh Core and Enterprise 2.6 releases are available now and ready for you to use. For more information about Gloo Mesh including examples, in-depth feature details, and upgrade information, check out the Gloo Mesh documentation.