Achieve Compliance, Zero Trust with Istio Ambient Mesh

READ THE WHITE PAPER

Istio Ambient Mesh To Be Available in Gloo Mesh

October 24, 2022

Joint Solo.io-Google Effort on Istio Ambient Mesh Comes to Gloo Mesh 2.2 with Industry-First Support for Sidecars and Sidecarless Architecture

CAMBRIDGE, Mass. — October 24, 2022 — Solo.io, the leading cloud-native application networking company, today announced that it will launch Istio Ambient Mesh in Gloo Mesh version 2.2. The first alpha release of the new sidecar-less ambient mode in Istio was launched in September of 2022, and Solo.io is eager to support it with Gloo Mesh and explore the value it offers.  

At a high level, some of the key features of Istio Ambient Mesh include:

  • No sidecar injection. The lifecycle of application pods is separate from the lifecycle of Istio or Istio proxies.
  • Creation of ‘ztunnel’, a lightweight mechanism for securing and routing traffic (e.g. through a waypoint when necessary) at the Layer 4 level 
  • Creation of waypoint proxies, which implement Layer 7 policies and reporting

As a leader in the service mesh space and with a large customer base with diverse needs and use cases, Solo.io is aware of the challenges adopting service mesh in enterprise organizations.  Right now, the Gloo platform supports proxies at both ends of a spectrum:  “as high as you can go” (Gloo Gateway), and “as low as you can go” (Gloo Mesh with classic Istio sidecars pushed down to all pods).  

“Istio is the future of service mesh, and Ambient Mesh brings a whole new level of flexibility for companies that deploy Istio — along with ease of use, boosted performance, and reduced cost,”  said Idit Levine, CEO and co-founder, Solo.io. “We have customers running 30 billion transactions a day — and the number, scope, and scale of these workloads is always increasing. Istio Ambient Mesh allows companies to adjust for cost, observability, and  performance based on their individual application needs — this is a market first, and a ‘must-have’ for modern enterprises. We are excited to bring these benefits into our own product suite as part of Gloo Mesh.”

Istio Ambient Mesh allows Gloo Mesh to leverage patterns in the middle, using intermediate waypoint proxies of coarser scope than pod-level sidecars to achieve the same results. This is especially helpful for meeting the needs of the “early majority” and “late majority” adopters of service mesh, who might want to ease into the service mesh world incrementally without plunging directly into the world of sidecars.  

For existing mesh users with classic sidecars, ambient mode presents an attractive opportunity to decouple application pod lifecycles from Istio. Cost-conscious users may value increased opportunities to reduce resource consumption and costs. The separation between user workloads, the lightweight ztunnel secure overlay layer, and Layer 7 waypoint proxies implies more flexibility to deploy only what you need, and adopt an enhanced security posture at the same time. 

Adapting to A New Architecture

The alpha release of Istio Ambient Mesh reflected a set of initial choices that were practical to implement first, by a small team. In particular:

  • One ztunnel proxy serves the needs of all pods on a single node
  • One waypoint proxy serves the Level 7 needs of a single ServiceAccount

This is not an uncontroversial set of initial choices for the alpha release, but it is a good starting point for exploring the paradigm and understanding how best to leverage it in a way that provides value to customer needs. By adding Gloo Mesh support for Ambient early on even in its alpha phase, Solo.io is positioned to receive concrete feedback from real-world customers for how best to support Ambient in Gloo Mesh, and how best to contribute to the evolution of Istio Ambient Mesh upstream.

Service Mesh for the Future

Solo.io is excited to make it easy for customers to explore the value provided by whatever service mesh pattern best suits their needs. Classic sidecars and ambient waypoints both have a role to play in this evolving space, and we are truly proud to stand behind Gloo Mesh as a tool to simplify service mesh adoption. The engineering team at Solo.io has worked hard to manage the nuances of evolving Istio architecture underneath Gloo Mesh’s familiar set of APIs, so that users don’t have to. 

Istio Ambient Mesh is still alpha, and the marketplace will see plenty of improvements and iterations before its General Availability (GA) release in an upcoming version of Istio. At Solo.io, we are committed to working with the Istio community to help get Istio Ambient Mesh over the finish line to production-ready GA. 

About Solo.io

Solo.io, the application networking company, delivers API infrastructure from the edge to service mesh, helping enterprises adopt, secure, and operate innovative cloud native technologies. APIs drive microservices and cloud native technologies, forming the foundation for developers, partners, and customers to interact with application services quickly, effectively, and securely. Solo.io brings developer and operations tooling to manage and federate security and traffic control and tie together the integration points to enable and observe the application network. Founded in 2017 in Cambridge, MA, Solo.io is backed by Altimeter Capital, Redpoint Ventures, and True Ventures. For more information, visit https://www.solo.io/ or follow @soloio_inc.

Media Contact

Alex Daigle

adaigle@offleashpr.com