Is a Pod the Right Deployment Unit for an AI Agent?

In previous posts, I’ve covered the reasons why an AI agent needs an identity. I recommend reading that first. In this post I want to nail down “what is agent identity” because I’ve seen a lot of different interpretations from smart people such as “use OAuth” to “it’s just workload identity”, and new protocols cropping up, etc. But what “is” an agent identity in concrete terms?

Learn why James Quigley's team adopted Istio Ambient for mTLS, security, and operational simplicity, and how the journey unfolded.

Learn how to run AI agents on Kubernetes with Agent Substrate and kagent. This step-by-step guide covers architecture, installation, configuration, and deploying agent workloads using the Substrate runtime.

This release brings agentgateway into the ambient mesh as a waypoint, ingress, and egress proxy, adds egress controls directly in ztunnel, ships a revamped Solo UI with a new advanced Service Graph, and introduces workload identity that goes beyond the service account.

A very common pattern for MCP servers in the enterprise is to wrap existing APIs. We’ve invested 20+ years in building useful, reusable, valuable APIs, should we really be reinventing everything just because a fancy new protocol showed up? Is that even practical? The answer is no. We need to be practical and recognize some fundamental challenges mapping APIs to MCP tools. With agentgateway, we have three ways to expose OpenAPI operations via MCP: direct exposure, custom exposure with optional API chaining, or an AI model-controlled “code mode”.

Service mesh became boring...but it's more foundational than ever before.

Learn how to cut MCP token usage by 91% using agentgateway’s progressive disclosure. Reduce cost, control context bloat, and optimize agent workflows.

New to agentic AI? This guide walks you through running agentgateway locally, connecting to MCP servers, and understanding core concepts like rate limiting and observability.

The latest Solo Enterprise for Istio release delivers General Availability of AWS ECS integration and powerful new global service aliasing capabilities.

Ingress NGINX is being retired. This guide walks through migrating Ingress configs to Kubernetes Gateway API using ingress2gateway and kgateway.

Most AI gateways patch legacy proxies. Kgateway starts from first principles, rethinking the gateway for the agentic era with a data plane built specifically for modern AI traffic.

If your gateway can’t tell the difference between a tool call and a model invocation, it can’t enforce meaningful security. Agentic systems demand a new class of context-aware, AI-native gateways.

Learn how kgateway, a CNCF-hosted project built on Envoy, offers a trusted path forward for Ingress NGINX.

Learn how to close the major security gaps in Model Context Protocol (MCP) with a proper AI Gateway. This guide walks you through deploying MCP Servers on Kubernetes, adding authentication, locking down tools, and strengthening your organization’s overall MCP security posture.

Latest Gloo Mesh release now provides support and enterprise-grade service mesh capabilities for Amazon ECS workloads.

Latest Gloo Mesh release expands support to Amazon ECS and brings multi-tenant flexibility to enterprises.

Learn how Istio's Ambient Mesh simplifies cloud-native connectivity and dramatically reduces the cost and complexity of connecting, securing, and observing services across on-prem, cloud, or hybrid environments — without sidecars.

From pilots to production with context-aware AI networking

We're excited to introduce Gloo Gateway 2.0, built on the CNCF kgateway project and Kubernetes Gateway API. This release unifies open-source innovation with enterprise-grade extensions, ambient mesh integration, and AI-ready data planes to deliver secure, scalable, and future-proof API gateway capabilities for cloud-native and agentic workloads.

This article discusses different ways to install Istio ambient mesh, and contrasts the Helm approach with the Gloo Operator, a new method for installing ambient mesh in Gloo Mesh.

Explore Istio installation options with Gloo Mesh. Compare Helm for control and flexibility vs. Gloo Operator for simplicity and automation to find the best fit for your environment.

Discover how Istio’s ambient mesh strengthens microservices security beyond sidecars with improved isolation, reduced attack surfaces, and simpler operations.

Learn how to migrate from Istio sidecars to ambient mesh with zero downtime. Step-by-step strategies, best practices, and tools to ensure a safe transition.

Compare Istio’s new ambient multicluster support with Gloo Mesh’s multicluster peering. Learn the similarities, key differences, and scalability trade-offs.

Discover how Solo.io's enterprise version of kagent extends Kubernetes to turn cloud-native infrastructure into agent-native infrastructure.

Explore how kgateway and Istio Ambient Mesh work together to deliver secure ingress, intelligent routing and clear observability.

Gloo Mesh 2.10 adds flat network support, traffic shifting, and policy enforcement for secure, scalable multi-cluster service mesh.

In this blog, we highlight some of MCP's foundational challenges, alternative proposals in the community, and sharing our opinion on what this should look like in enterprise environments. We know the MCP community is hard at work on revising the specification and we feel future updates will align better with our recommendations here.

Istio Ambient Mesh’s ztunnel delivers secure-by-default microservices communication and real-time traffic visibility - without sidecars. Learn how it boosts performance, simplifies management, and reduces costs while enhancing security and observability.

Learn how the Omni vision unifies traffic, security, and observability control across cloud-native systems with Gloo Mesh and Gloo Gateway.

Running massive Kubernetes clusters might seem simpler, but it’s a trap. Learn why scaling a single cluster creates hidden performance, security, and reliability issues, and how Gloo Mesh with Ambient Mesh makes multi-cluster networking finally viable.

Strengthen your cloud-native security posture with Istio and ambient mesh. Learn how ambient enhances zero-trust architecture, simplifies mTLS, reduces attack surface, and decouples security from app logic, all with less operational overhead.

Considering migrating from Istio sidecars to ambient mesh? Learn about the key challenges, risks, and benefits of ambient, including improved performance, lower costs, and operational simplicity, plus tips to plan a safe, successful transition.

Today, we’re excited to share the next major milestone: Agent Gateway is now a full-featured, AI-native gateway that combines deep MCP and A2A protocol awareness, robust traffic policy controls, inference gateway support, Kubernetes Gateway API support, and unified access to major LLMs, all purpose-built with Rust for real-world agentic systems.

Discover how Ambient Mesh architecture can reduce service mesh infrastructure costs by up to 92% compared to traditional sidecar deployments, with real-world savings

Learn how Ambient Mesh revolutionizes service mesh architecture by eliminating sidecars and introducing a split proxy approach for better performance and operational simplicity.

While the A2A specification provides the critical first steps toward discovery with Agent Cards, the infrastructure for truly dynamic, scalable agent ecosystems requires additional components that the spec intentionally leaves “up to you.” In this blog, we dig into those missing pieces.

Digging into the details of the MCP Authorization Spec

Deep dive into MCP Authorization, step by step with examples and in-depth detail

Digging into AI identity and how the current SPIFFE models may need to be revised to support AI Agents

Digging into the llm-d project and how it does distributed inference.

Motive modernized its infrastructure using Solo Enterprise for kgateway to boost reliability, developer agility, and fleet innovation.

Discover how Confluent achieved 100% mTLS coverage, FedRAMP-ready FIPS encryption, and real-time observability across 100+ services using Solo Enterprise for Istio.

Powered by Solo Enterprise for kgateway, Solo.io helped Ingenico modernize its global payments infrastructure—boosting scalability, resilience, and developer autonomy. Explore their journey to building a fault-tolerant, future-ready platform.

OfferUp leveraged Kubernetes and Solo Enterprise for kgateway to modernize its marketplace, enabling developer self-service, faster deployments, and seamless scaling beyond peer-to-peer transactions.

ParkMobile’s Platform Engineering team utilized Kubernetes and Solo Enterprise for kgateway to drive innovation, scalability, and seamless mobility solutions while fostering a culture of collaboration and technological excellence.

Solo.io helped Vonage modernize its cloud infrastructure, enhancing scalability, reliability, and developer autonomy with Solo Enterprise for kgateway. Explore their journey to a building an efficient and agile platform.

Powered by Solo Enterprise for Istio and Solo Enterprise for kgateway, Solo.io helped Domino’s UK transition from a monolithic system to a microservices-based architecture. Learn about our 18-month journey to transform the way they operate.

Secure, govern, and operationalize AI agent connectivity at scale with Solo Enterprise for agentgateway

Compare sidecar-based Istio with sidecarless Ambient Mesh. Learn how Gloo Mesh simplifies service mesh operations, reduces overhead, and enables scalable, secure, multi-cluster environments — with support for both migration paths.

Compare features across Gloo Mesh Enterprise, Gloo Mesh Open Source, and Basic Open Source Istio.

Solo.io provides enterprise support for Istio environments to help you avoid pitfalls and resolve issues quickly.

Navigating the complexity of modern applications requires a key ally – observability. Observability empowers teams to streamline application debugging, and within the architecture of a service mesh, provides valuable insights that increase reliability and performance.

Challenges and approaches to multi-cluster deployment patterns

Using a service mesh as a layer to unify communications between applications, services, and workloads empowers teams to modernize their systems, deliver faster results, and improve performance for modern enterprises.

Download our Buyer’s Guide to API Gateways and learn about the modern requirements of API gateways in our guide’s comparison of five leading API gateway providers.

How your organization can ensure safer cloud architecture by applying a zero trust network security model

With automated API management, organizations save time and resources and streamline the development process.

The rise of microservices architecture has brought about a significant shift in how software is developed and deployed, and as such, has presented new technical and organizational challenges.

How a service mesh can help your organization simplify the adoption of a distributed architecture

See how top vendors with Istio-based service mesh offerings compare

Integrating LLM models in your applications? See our infographic to learn the top four reasons why you need an AI Gateway!

Kong Gateway offers a very capable competitor to Gloo Gateway by Solo.io, but there are growing questions about the efficacy and stability of the Nginx open-source community behind the technology.

Apigee suits Google Cloud, but its traditional approach clashes with modern practices. In contrast, Gloo Gateway by Solo.io aligns with cloud-native strategies.

Unlock the full potential of your microservices architecture with the strategic integration of API gateways. While microservices provide flexibility and scalability, they also introduce complexities that can impede seamless communication between services. Discover the crucial role of API gateways in overcoming these challenges and optimizing your microservices ecosystem.

Learn to migrate your ingress-nginx Ingress configurations to agentgateway with the ingress2gateway tool.

Learn to migrate your ingress-nginx Ingress configurations to kgateway with the ingress2gateway tool.

Free Lab: Learn how to curate, publish, and deploy MCP servers and AI skills using agentregistry for unified management of AI-native artifacts.

Free Lab: Learn to build a declarative AI agent in kagent with a Kubernetes deployment skill, enabling automated app deployments and MCP tool integration.

Free Lab: Learn to proxy OpenAI requests through an agentgateway-backed AI gateway with kgateway, managing LLM traffic, credentials, and advanced features.

Free Lab: Learn to build, run, and deploy AI agents with kagent, integrate MCP servers, and manage tools in Kubernetes for AI-native workloads.

Free Lab: Learn to build, proxy, and secure an MCP server with agentgateway and OAuth2, protecting AI-native workloads while enabling safe tool access in Kubernetes.

Free Lab: Use AI agents with kgateway and kagent to automate Kubernetes tasks, provision gateways, route traffic, and manage workloads in a cloud-native environment.

Free Lab: Learn how to use Solo Enterprise for kagent to create, run, and monitor AI agents in Kubernetes with full observability and control.

Solo Free Lab: Learn how to use kgateway and agentgateway to deploy, proxy, and secure MCP servers in Kubernetes with AI-native control and traffic routing.

Solo Free Lab: Learn to use the new kmcp tool to easily deploy MCP servers to Kubernetes.

Explore the kagent project to build custom agents and tools

Solo.io Free Lab: Learn about the relay of telemetry from a workload cluster to the management cluster in Gloo Mesh.

Solo.io Free Lab: Learn how to deploy Istio Ambient Mesh with Gloo Mesh to capture Layer 7 telemetry directly from zTunnel - no waypoints required.

Solo.io Free Lab: Learn how to use Gloo Gateway for your waypoints in Gloo Mesh, instead of Istio's default waypoint proxy.

Solo.io Free Lab: Learn how to enable multicluster peering in Gloo Mesh to run services across clusters as a single mesh, making workloads visible and accessible between clusters with global failover and redundancy.

Solo.io Free Lab: Learn how to preserve and migrate EnvoyFilter configurations when transitioning from sidecar to ambient mode in Istio using Solo.io’s extended build, with step-by-step guidance and validation.

Secure your Istio Ambient Mesh with SPIRE. This hands-on lab shows how to integrate SPIRE with Gloo Mesh to issue SPIFFE identities and certificates for ztunnel and mesh workloads.

Learn how Ambient Mesh uses ztunnel to secure traffic without sidecars. This free lab walks you through joining workloads, observing traffic, verifying mTLS, and applying Layer 4 policies.

Solo Academy | Learn the fundamentals of service mesh in this free video-led course and get insights into using a service mesh to enhance your observability, security and reliability of your applications

Solo Academy | Learn the basics of Istio with our free 101 course. Understand what Istio is, how it works, and its features for traffic management, security, and observability in microservices and Kubernetes.

Solo Academy | Master Envoy Proxy basics with our free 101 level course. Learn about the architecture, advanced load balancing, observability, and role in microservices, Kubernetes, and service meshes

Solo Academy | Learn API Gateway fundamentals in Kubernetes with this free beginner level video-led course. Discover how API Gateways control traffic, secure connectivity, and complement microservices architecture

Solo Academy | A fundamental level workshop for developers and operators to learn Istio service mesh. Install Istio, secure services, control traffic, and earn a Solo.io certification through hands-on labs.

Solo Academy | Hands-on workshop introducing the core concepts of Envoy Proxy. Learn how Envoy works under the hood from its architecture, filter chains, and request flow and beyond the abstractions of service meshes and API gateways.

Solo Academy | Free hands-on workshop for operators looking to deploy Istio in production. Learn advanced routing, observability, security, mTLS, and multi-cluster setup and g free certification.

Explore how to integrate kgateway's ingress gateway with Istio Ambient Mesh in this free hands-on lab. Learn to deploy workloads, configure Gateway and Route resources, and enable automatic mutual TLS between the gateway and backend services.

Learn how to deploy and configure kgateway as a waypoint in Istio Ambient Mesh. This free hands-on lab walks you through managing east-west traffic, applying custom policies, and enhancing service communication with enterprise-grade control.

Learn how to enable the AI extension, configure gateway parameters, and deploy an AI Gateway using kgateway to route requests to large language models (LLMs) from within your Kubernetes cluster.

Create Your First AI Agent with Kagent in Kubernetes

Kagent Lab: Integrate tools from MCP servers with kagent

agentgateway Labs | Semantic Caching with Gloo AI Gateway

kgateway labs | Managing LLM Credentials with kgateway - AI Gateway

Kgateway labs | Managing Prompts for Enhanced LLM Performance

kgateway labs | Content Safety with Prompt Guards

Ambient Mesh Lab | Migrate from Sidecar-based Service Mesh to Ambient Mesh

Mastering Multi-Cluster Scalability with Ambient Mesh

Simplify Mesh Management with Gloo Cloud: Onboarding, Ingress, Egress, and Service Mesh

Solo Lab | Waypoints in Ambient Mesh: For L4 and L7 Security, Traffic and Observability Insights

Exploring the Gateway API Inference Extension with kgateway

Securing Services with Gloo Gateway: TLS Termination and API Keys

Route Delegation in kgateway

Canary releases with Argo Rollouts & kgateway

Understanding kgateway patterns of extensions

GatewayAPI support for service mesh with kgateway

Exploring HTTPRoute resource configurations with kgateway

Configuring gateways across multiple teams with kgateway

Configure HTTPS with the Gateway API and kgateway

Understanding the basics of Kubernetes Gateway API with kgateway

Installing kgateway, an open-source implementation of the Kubernetes Gateway API

Join our free, on-demand lab Employing Circuit Breaking to safeguard services with Istio Ambient mode. Learn to deploy waypoints, configure circuit breaking, and monitor using metrics, logs, and Prometheus.

Join our free, on-demand lab Configuring Fault Injection to enhance resiliency with Istio Ambient mode. Learn to observe system latency, configure delays, timeouts, retries, and augment with outlier detection.

Join our free, on-demand lab Using Outlier Detection to learn how to configure Istio Ambient mode to avoid unhealthy workloads. Discover steps to implement outlier detection, assess workload health, and monitor metrics effectively.

Join our free on-demand lab, Implementing Timeouts, and learn how to protect applications from slow upstream services with Istio. Discover how to prevent indefinite errors, configure and verify timeouts, and decouple resiliency concerns from your apps.

Free K8s Gateway Lab: Deploy, Secure, and Rate Limiting with Solo's Open Source Gateway

Learn how to route traffic using waypoint proxies in ambient mesh.

Learn how to secure services in your Kubernetes cluster using ambient mesh and mTLS.

Learn how to enforce access control and write authorization policies for L4 and L7 traffic.

Learn the basics of ambient and how to set up your first environment.

Learn how to view metrics and traces from L4 and L7 traffic in ambient mesh.

Sign up for the free, hands-on technical labs.

Sign up for the free, hands-on technical labs.

Sign up for the free, hands-on technical labs.

Sign up for the free, hands-on technical labs.

As organizations unlock the potential of generative AI, one thing is clear: a modern, scalable API strategy is essential. In this complimentary Gartner® report learn how software engineering leaders can evolve their API programs to accelerate innovation, reduce risk, and control costs in the AI era.

A service mesh is a dedicated infrastructure layer that helps manage and secure communications between microservices within a distributed application.

A service mesh is a dedicated infrastructure layer that helps manage and secure communications between microservices within a distributed application.

Migrate your project from ingress-nginx and the Ingress API to the Kubernetes Gateway API with kgateway—an open-source Gateway project powered by Envoy.

In our white paper Migrating from Sidecars to Sidecarless to Ambient Mesh, we share how sidecars and Ambient mode can work together, allowing for a gradual migration strategy.

Read our white paper and learn how to select the right AI Gateway to help you navigate the challenges of working with AI workloads.