Istio's new Ambient mode fundamentally changes the service mesh cost equation. By replacing per-pod sidecars with node-level ztunnel proxies and optional Waypoint services, it slashes infrastructure overhead from 66% to just 3-15%. This architecture, now generally available, eliminates the primary barrier that previously stalled service mesh adoption.

AWS's 2024 deprecation of App Mesh validated the old model's economic failure. Traditional sidecars required extra containers for every pod, creating massive operational complexity. Istio's Kubernetes-native shift to a DaemonSet-based design finally makes service mesh viable for mid-size teams, not just large enterprises with deep pockets.

For most services, ztunnel alone provides mTLS encryption and L4 metrics with minimal overhead. Critical paths can add Waypoint proxies selectively for L7 features like circuit breakers and distributed tracing. This graduated approach lets teams secure internal traffic cheaply while adding advanced capabilities only where absolutely necessary.

The shift matters because it transforms service mesh from a luxury into a practical tool. Organizations paying $1,400+ monthly for cloud tracing services should reevaluate. With total stack costs around $170/month for 50 pods, the economics now favor self-hosted observability over expensive managed services.