We see many application teams deploy a service mesh for each of their applications to act as a logical boundary - each service mesh ensures only the services within the mesh can communicate with each other.
Traditionally, these teams deployed a Delegated Gateway in their mesh to facilitate cross-mesh communication and authentication. Most chose Kong Gateway, but any API Gateway can work.
The challenge with this approach is that each team must operate an API Gateway and configure it to securely connect to their mesh. And, while API Gateways are critical for connectivity at the edge of any environment, their full capabilities are not needed for connectivity between service meshes within an enterprise environment.
Today's release of the Builtin Gateway's cross-mesh capability lets teams expose their meshes to other meshes, while keeping all traffic secured through the data plane using mTLS. And, configure all of their listeners and routes directly using Kuma policies.
Here’s a simple visualization of how Builtin Gateway cross-mesh can be deployed across two team’s service meshes: