Istio is working on [a new operating mode called ambient mesh](https://istio.io/latest/blog/2022/introducing-ambient-mesh/). As this moves from experimental to the recommended method of operating a service mesh, we will need to revise our documentation to discuss the new model, explain the tradeoffs, and tell users how to choose. - Expected Outcome: Revisions to Istio's documentation to reflect the availability of ambient mesh. These will be maintained in a parallel branch of istio.io that can be pulled from when Ambient is in Beta or GA.

I've drafted an 8 Step Roadmap to Follow before I completely achieve the expected results. This is just a draft, I'm yet in the process of preparing a detailed 3-month proposal that outlines my roadmap, goals, and committed time slots. I believe this will provide my mentor with a clear picture of my intentions and facilitate a more holistic understanding of my planned contributions.

I am thinking of this issue in a way such that it provides a detailed outline and notes for revising Istio's documentation to include information about the Ambient mesh, particularly focusing on the Ztunnel proxy and basic Layer-4 networking functions (according to my understanding of the issue).

---

HOMEWORK

Here is the content skeleton according to my research and opinion :

I believe The content is specifically asking for the Architecture and Use Cases, but I'd still like to touch an essence of the codebase in my research. Check here

1. Introduction and Installation:

   • Introduce the concept of Ambient mesh and Ztunnel proxy.

   • Explain that Ztunnel is a purpose-built proxy for Istio ambient mesh.

   • Describe that it focuses on features like mTLS, authentication, L4 authorization, and telemetry without handling HTTP traffic.

   • Highlight that full Istio functionality is implemented by waypoint proxies.

   • Explain how to install Ztunnel proxies using different methods (istioctl, Helm charts, istioOperator).

   • Specify Istio version compatibility and supported deployment scenarios.

2. Verification of Installation:

   • Provide steps to confirm correct installation and configuration.

   • I'll make a check of Istio profile, Operator configuration, and other relevant parameters.

   • I'll check the status of Ztunnel pods to ensure proper deployment.

3. Configuration Options:

   • Explain configuration options for Ambient mode, including cni and metadata configuration.

   • Describe traffic redirection options using istio-cni and supported modes (ipTables, eBpf).

4. Functional Overview:

   • I plat to include an architecture summary of the Ztunnel proxy function.

5. Mutual-TLS (mTLS):

   • Explain how mTLS works in the context of Ambient mesh.

   • Highlight differences from sidecar-based mTLS.

   • Discuss PeerAuthentication policies and monitoring mTLS signaling/state.

6. Layer-4 (L4) Authorization Policy:

   • I felt this topic should have its separate guide.

7. Monitoring and Telemetry:

   • I felt this topic should have its separate guide.

8. Co-existence with Sidecar Proxies:

   • Discuss how Ambient mesh and sidecar proxies can coexist in the guide

   • Clarify when to choose one over the other in the guide.

9. Additional Guides:

   • "How to Operate Ambient Mesh," "Attaching Policies to Waypoints,".

   • Consider addressing when to continue using sidecars, and how to enforce L7 policy using Waypoint proxies.

Steps in the Roadmap that I have already completed:

1. Preparation and Research:

   • Researched and understand the concept of Ambient mesh, Ztunnel proxy, and related Istio components.

   • Familiarized myself with Istio's existing documentation and architecture.

2. Initial Documentation Drafting:

   • Organized the Initial Skeleton into sections and subsections: FIND IT HERE

   • I've started drafting the documentation outline based on the provided content.

3. Contact Individuals:

   • Communicated with @Faseela K and @John Howard to discuss the scope and goals of the documentation project.

4. Demo and Environment Setup:

   • I've set up a local environment to run the Ambient mesh demo.

   • I followed Istio's documentation to deploy the demo and gain hands-on experience.

5. Using Istio:

   • Installed Istio with different profiles and explored its features.

   • Creating a simple application with sidecar proxies to understand Istio's basic functionality better (WIP)

6. Content Review and Refinement in the Draft:

   • Reviewed and refined the drafted content for clarity and coherence.

   • Ensure each section provides accurate and concise information.

7. Proposal Preparation:

   • Create a detailed proposal that outlines the goals, objectives, and timeline of the documentation project.

   • Include a clear plan for before and after the start of the internship.

8. Technical Skill Enhancement:

   • Brushing up on relevant technical skills, such as Kubernetes, docker, Go, Service Mesh, networking concepts, and proxy technologies.

9. Familiarize with Istio Tools:

   • Explored istio's tools and utilities, such as istioctl for managing Istio installations and configurations.

10. Review Existing Documentation:

    • Studied Istio's current documentation to understand the existing material related to service mesh and proxies.

11. Time Management and Planning:

    • Developing a preliminary timeline for the internship, considering research, writing, review, and other stages.

12. Environment Troubleshooting:

    • Learning how to troubleshoot common issues that may arise during Istio and Ambient mesh setup right now.