Skip to content

OSSM-9322 Istio ambient mode getting started docs #95032

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: service-mesh-docs-main
Choose a base branch
from
Open

OSSM-9322 Istio ambient mode getting started docs #95032

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5686fe2
OSSM-9322
shreyasiddhartha Jun 20, 2025
d371b3e
Update 1
shreyasiddhartha Jun 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions modules/ossm-about-istio-ambient-mode.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
// Module included in the following assemblies:

//

:_mod-docs-content-type: Concept
[id="about-istio-ambient-mode_{context}"]
= About Istio ambient mode

{istio} ambient mode introduces a sidecar-less architecture for {SMProductName}, designed to simplify operations and reduce resource usage. Instead of injecting a sidecar proxy into each application pod, ambient mode uses a shared node-level proxy for Layer 4 (L4) functionality and an optional, dedicated proxy for Layer 7 (L7) features.

To understand the {istio} ambient mode architecture, see the following resources:

ZTunnel proxy:: A per-node proxy that manages secure, transparent Transmission Control Protocol (TCP) connections for all workloads on the node. It operates at Layer 4, offloading mutual Transport Layer Security (mTLS) and L4 policy enforcement from application pods.

Waypoint proxy:: An optional proxy that runs per service account or namespace to provide advanced L7 features such as traffic management, policy enforcement, and observability. L7 features can be applied selectively, avoiding the overhead of sidecars for every service.

Istio CNI plugin:: Redirects traffic to the ztunnel proxy on each node, enabling transparent interception without requiring modifications to application pods.









10 changes: 10 additions & 0 deletions snippets/technology-preview-istio-ambient-mode.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
// snippet included in the following modules:
//
// * service-mesh-docs-main/modules/
// * service-mesh-docs-main/modules/

[IMPORTANT]
====
{istio} ambient mode is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
====