Gloo is an API Gateway built on Envoy Proxy that highly complements a service mesh like Istio with edge capabilities like transformations, OIDC authentication, OPA authorization, Web Application Firewalling (WAF), and others. A lot of our customers combine the two to replace legacy API Management vendors. I’ve written quite a bit about the overlap and complementary roles of API Gateways and Service Mesh. We’ve explored combining Istio and Gloo in previous blog posts as well.

In the Istio 1.5 release, many architectural considerations have changed with out folks deploy and manage Istio. The way mTLS is implemented in Istio…

As outlined in the Istio 2020 trade winds blog and more recently announced with Istio 1.5, WebAssembly (Wasm) is now an (alpha) option for extending the functionality of the Istio service proxy (Envoy proxy). With Wasm, users can build support for new protocols, custom metrics, loggers, and other filters. Working closely with Google, we in the community ( have focused on the user experience of building, socializing, and deploying Wasm extensions to Istio. We’ve announced WebAssembly Hub and associated tooling to build a “docker-like” experience for working with Wasm.


With the WebAssembly Hub tooling, we can use the wasme

I’ve been pretty invested in helping organizations with their cloud-native journeys for the last five years. Modernizing and improving a team (and eventually an organization’s) velocity to deliver software-based technology is heavily influenced by it’s people, process and eventual technology decisions. A microservices approach may be appropriate when the culmination of an application’s architecture has become a bottleneck (as a result of the various people/process/tech factors) for making changes and “going faster”, but it’s not the only approach.

Microservices is not THE “utopian application architecture”.

I’ve written in the past how I didn’t think many teams would be able to…

Service mesh has largely been discussed from the perspective of architecture, SRE, and operations personas as it presents an interesting way to solve difficult challenges that exist between services and applications. Developers stand to gain from service-mesh functionality as well, and in this series, and accompanying workshop Nic Jackson (@sherrifjackson) and I (@christianposta) aim to make concrete how a service mesh helps developer workflows.

To Begin, What is a Service Mesh

Recently I wrote a piece for DZone and their Migrating to Microservices Report on the challenges of adopting service mesh in an enterprise organization. One of the first things we tackle in that piece is “whether or not you should go down the path of adopting a service mesh” Here’s what I said:

Start with an answer of “no”. If you’re just getting started with microservices and a handful of services, make sure you have the foundational pieces in place first. Microservices and its associated infrastructure are an optimization enabling you to make changes to your application faster. You can…

Getting started with a service mesh starts with a Gateway

I’ve been helping to get the word out on service mesh and Envoy Proxy for over two years now. It’s been amazing to see how the communities have grown and more importantly how organizations have begun using it to solve difficult production and operational problems. With both my time at Red Hat, and now, I’ve been lucky to work closely with organizations on their service-mesh adoption journey.

In this time, I’ve developed this approach to successfully adopt a service-mesh in production:

  1. Become deeply familiar with the data-plane technology of the eventual service mesh
  2. Operationalize the data plane with a…

The industry has converged on Envoy Proxy as a de-facto data plane proxy for L7 networking. You will find Envoy running as the data plane for many different service-mesh implementations as well as ingress and decentralized API Gateway solutions. One of the biggest reasons why Envoy is so well adopted these days is its open interface for a pluggable control plane.

Envoy uses its xDS interface to control just about every aspect of the proxy, dynamically, at run time. This means you can have a pluggable implementation for things like service discovery, routing, and security. …

I meet with a lot of customers trying to solve service-to-service communication challenges in their cloud-native architectures. My particular interest is in service mesh technology ( I’m writing Istio in Action for full disclosure) like LinkerD, Istio, or Consul. At, where I work, we help organizations successfully adopt and manage these systems, but we are noticing an interesting trend with our customers:

Legacy API Management solutions are being used to solve some of the same service-to-service communication challenges that service mesh now better solves.

Legacy API Management has become a bottleneck in their architecture and processes and a decentralized…

Service mesh helps solve application-networking challenges when going toward a cloud-native architecture, specifically one that favors smaller, cooperating services like a microservices architecture. As we meet with cloud native technology end users across the world, we find people are indeed putting service mesh into production and starting to see the benefits of doing so. At the same time, we’re seeing the signs that the industry needs a standard service mesh API.

Here are a few reasons that we believe a service mesh API is necessary:

  • Currently emerging, differing implementation approaches
  • Service mesh is a lower-layer; will build on top and…

I’m currently writing the book, Istio in Action for Manning Publications and the goal of the book is to help people understand and get the most benefit from Istio, which is an open-source service mesh. I am trying to bring together my learnings and experience from the community, as well as those of others who have embarked on their service-mesh adoption journey, to the rest of the service-mesh community.

An interesting observation that seems to be true among those successfully adopting Istio, regardless of organization, is that they tend to focus on solving a specific and focused set of problems…

Christian Posta

Field CTO, — all things serverless, cloud, devops, microservices, integration, messaging. Author Istio in Action.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store