In September 2022, Google and Solo.io have contributed Istio Ambient Mesh to the community.With this new mode, it's now optional to use sidecars.Users can get the benefits of Istio (observability, security, L7 policies, ...) without the operational complexity and overhead of sidecars.
This new mode has introduced 2 new components:
- a node level proxy called ztunnel which provides mTLS and L4 capabilities.
- a service account level proxy called waypoint which provides L7 capabilities.
In this talk, I'm going to describe how Istio Ambient Mesh works and use multiple demos to show several capabilities (mixing sidecars with ambient mode, getting global observability without modifying any application, onboarding new applications in the mesh seamlessly, ...).
