Istio Ambient Mesh will be part of the Istio 1.18 release with Alpha status. The Kiali add-on version will be v1.67, with initial support for Istio Ambient, to help identify the Ambient components of the mesh.
When Istio is installed with Ambient profile, Kiali will show a badge indicator in the control plane card:
Whenever an application is added to the Ambient Mesh — labeling the namespace with the Ambient labels — an Ambient badge indicator will appear in the data plane card for the namespace:
That will automatically secure the communications using mTLS:
When the traffic of a workload is redirected through a ztunnel, the layer 4 component of Ambient that provides mTLS, L4 authorization policies and telemetry, Kiali will show a ztunnel badge indicator in the workload details:
Kiali also identifies when a Waypoint proxy, an Ambient component that operates in the L7 application layer, is deployed. Waypoint proxies are shown as part of the Workloads and Services lists with a “W” badge indicator:
Kiali detects when a Waypoint proxy is applied to a whole namespace or to a specific service account, to check if a workload is managed by a Waypoint proxy, so it can show the Waypoint badge indicator in the workload details:
What if an application doesn’t have a sidecar? The “Missing sidecar” message will be replaced with an “Out of mesh” message if there is no sidecar and the application is not part of the Ambient Mesh.
The Kiali behavior will be the same as before when the Istio profile is not Ambient.
This is just a first approach to show Istio Ambient components in the Mesh. Kiali will continue to evolve, to support Istio Ambient Mesh changes and updates.
Please drop any feedback in the #kiali channel on Istio slack!
