Achieve Compliance, Zero Trust with Istio Ambient Mesh

READ THE WHITE PAPER

Why choose Solo.io for GitOps

Document, expose, compose, and share APIs for use in your continuous integration/continuous delivery (CI/CD) pipelines. All of our products at Solo.io use a declarative configuration and controller approach and lend themselves very nicely to GitOps. For our Gloo Mesh product, we’ve built a set of controllers that greatly simplify configuring and managing Istio service meshes at scale across multiple clusters. In Gloo Mesh, we opt to federate multiple clusters by exposing services in remote clusters explicitly.

Solo has built controllers and high-level APIs exactly for this reason: to abstract away a lot of the detail of the lower-level Istio resources and focus on the intention of the traffic and security postures. The Gloo Mesh TrafficPolicy resource specifies routing and resilience rules between services while the AccessPolicy resource specifies security rules. Another resource, the VirtualDestination, defines globally routable services.

These higher-level resources are what should be stored into Git and applied to the Gloo Mesh management controllers. The Gloo Mesh management controllers run in a separate “meta” cluster that’s responsible for taking these higher-level resources and translating them to the correct lower-level Istio resources and orchestrating the configuration with the nuance, dependency, and context awareness to each cluster.

Build and share with an API developer portal

Fully integrated with Gloo Mesh Enterprise and Gloo Edge Enterprise, Gloo Portal abstracts the complexity and enables developers to publish, document, share, discover, and use APIs with rich controls, detailed configuration information, and comprehensive security.

Canary upgrades

You can upgrade your Gloo Edge deployments with a canary model. In the canary model, you have two different deployments in your data plane and can check that the deployment at the latest version handles traffic as you expect before upgrading to run at the latest version. Read more about canary updates.

Federate configuration as code

Manage application networking with common policies implemented consistently everywhere. Developers and operators can use declarative CRDs, as part of a DevOps or GitOps process, to route traffic, implement security policy, and configure observability.

A/B and blue/green deployments

Use GitOps to seamlessly apply application changes to development and production Kubernetes clusters and empower your developers to rapidly roll-out new services. Improve their developer experience and increase team velocity have chosen Flagger, Flux, and Argo to accelerate application delivery with reduced risk.

➜ glooctl check
Checking deployments
Checking pods
Checking upstreams
Checking upstream groups
Checking auth configs
Checking secrets
Checking virtual servicesFound
virtual service with warnings: gloo-system app
Reason: warning:
Route Warning:
InvalidDestinationWarning. Reason:
*v1.Upstream {echo-typo gloo-system} 
Route Warning: 
InvalidDestinationWarning. Reason:
*v1.Upstream {echo-typo gloo-system}
not found
Route Warning: 
InvalidDestinationWarning. Reason:
*v1.Upstream {echo-typo gloo-system}
not found
Problems detected!

Last known good configuration

Upgrading your control plane configuration shouldn’t be scary, but when you are directing mission-critical traffic through your Envoy API gateways it’s good to be cautious. Solo has implemented the xDS replicas as an option in your Helm chart to safeguard your configuration changes and give you the ability to roll-back to the last known good configuration if necessary. Read more in the docs about using xDS-relay.

apiVersion: gateway.solo.io/v1
kind: RouteTable
metadata: 
name: foxtrot-routes
namespace: foxtrot
spec: 
- matchers: 
- headers: 
- name: stage
value: canary
prefix: /foxtrot
routeAction: 
single: 
upstream: 
name: foxtrot
namespace: gloo-system
subset: 
values: 
version: v2
- matchers: 
- prefix: /foxtrot
routeAction: 
multi: 
destinations: 
- destination: 
upstream: 
name: foxtrot
namespace: gloo-system
subset: 
values: 
version: v1
weight: 80
- destination: 
upstream: 
name: foxtrot
namespace: gloo-system
subset: 
values: 
version: v2
weight: 20

GitOps is a team sport

While not strictly a product feature, one important consideration is the availability of enterprise advise and production support. Community support for open source software itself doesn’t meet the requirements for production deployments, so you need a vendor on standby to help you out. Inevitably there will be issues with production deployments and when a problem is discovered, it is reassuring to know that someone can quickly steer you in the right direction

Team-illustraiton

Additional GitOps Resources

GitOps with Argo CD and Gloo Mesh (Part 1)
Read More
Blog
The 3 best ways to learn Flux and Flagger for GitOps with your Envoy Proxy API gateways
Read More
Blog
From Zero to Gloo Edge in 15 Minutes: ArgoCD GitOps Edition
Read More
Blog
Gloo Edge API Gateway Multi-cluster Provisioning with GitOps
Read More
Blog
Hoot – Understanding GitOps with special guest, Stefan Prodan
Read More
Blog
Weaveworks GitOps-Core and Gloo Edge
Watch Now
Videos