Microsoft launched Azure Kubernetes Application Network at KubeCon EU 2026, a fully managed service mesh built on Istio's ambient mode that deliberately avoids the term 'service mesh.' The goal is to make mTLS and mesh capabilities invisible and automatic, lowering adoption barriers for the 60% of Kubernetes clusters still running without a mesh. Istio's ambient mode eliminates sidecar restart headaches by moving encryption to a per-node Rust proxy, but 85% of ambient installations still lag on CVE patches — motivating a fully managed offering. The product also addresses AI workload demands: LLM traffic has highly variable request costs, requiring smarter routing via a Gateway API inference extension that uses a token estimator. For cutting-edge AI protocols like MCP and A2A, Microsoft is partnering with Agent Gateway, a Linux Foundation project, accepting that these APIs will be alpha-quality. Multi-cluster support with a consistent root of trust is also highlighted as critical for moving GPU workloads across regions.
Table of contents
Making service mesh disappearAI traffic needs a different kind of networkMulti-cluster and GPU scarcitySort: