Istio Now Ready for Primetime as Service Mesh
Istio–the service mesh layer that standardizes observability, security, and traffic management for Kubernetes-based microservices environments–has graduated from the Cloud Native Computing Foundation (CNCF) and is ready for production usage, the CNCF announced this week.
“What that means really for end users is it’s stable, mature, and they can trust it,” says Varun Talwar, who was the manager of the product team at Google that worked with IBM in concert with Lyft to create Istio and is also the CEO and co-founder Tetrate. “So that’s an important signal for end users to adopt and feel comfortable adopting it.”
Istio graduated from the CNCF as a stable product just 15 months after starting its incubation back in April 2022. That’s faster than normal, and also points to wide adoption of this product, Talwar says.
“That also speaks to the amount of interest in the market that the project has garnered,” he tells Datanami. “For people adopting Kubernetes, it’s the next step in their journey, so it’s not surprising that it happened [that quickly].”
Istio eliminates a large amount of work that developers would otherwise have to do when deploying applications as containerized microservices atop Kubernetes. The complexity involved in creating encrypted connections, ensuring the observability of applications, and directing traffic in containerized microservices environments is not trivial, but Istio takes much of that work away. “It basically makes all the connectivity reliable, secure and observable,” Talwar says.
Observability is an important thing to have for any application, whether it’s a basic Web or mobile app or a big data analytics or AI workload. It becomes more complicated when deploying atop Kubernetes.
According to Talwar, developers can write their own code and implement their own observability libraries, and hope they tell whether a problem is occurring in the network or the application. Or they can rely on Istio to track all network activity.
“So if you’re running microservices and you want to know how are they performing, how much traffic [there is], what’s the error rate, what’s the latency, that becomes super easy,” Talwar says.
Similarly, encrypted connections are becoming standard for deployments of all sorts of applications, but that doesn’t mean it’s easy. Development teams working in Java or Node.js, for example, will use different encryption libraries, and ensuring that everything is working and compatible can be difficult.
“Imagine upgrading from TLS 1.2 to 1.3 so that you can sign off on compliance,” Talwar says. “It’s a nightmare if you now have hundreds of clusters and thousands of microservices. It’s way harder to now go to each team and ask them to update their version. That will take you months and years, compared to something like the Istio platform and products. You can do it centrally in a much, much, much shorter time.”
Service meshes are gaining steam as a way to automate much of the nitty gritty details of deploying complex computing architectures, particularly in containerized, Kubernetes environments. Istio isn’t the only service mesh competing to be the standard. Linkerd graduated the CNCF in 2021.
There are other vendors building on Istio, including Solo.io, which is the second biggest contributor to the Istio project.
“I am immensely proud of the project reaching the Graduated level within the CNCF,” Louis Ryan, CTO of Solo.io and co-founder of Istio, said in a press release. “It is a clear testament to the dedication and collaborative spirit of our vibrant community, as well as the value the project provides to our users. Istio has evolved from an ambitious idea into a mature and stable service mesh solving large real-world problems. Today’s milestone reinforces Istio’s position as the leading service mesh, and we are excited to continue driving innovation to support the needs of our users and contributors.”
Another competing technology is Envoy, the service proxy that was developed at Lyft by the same team that would go on to create Istio with help from Google and IBM. Envoy’s functionality overlaps to some extent with Istio, but today it’s seen mostly as a complementary technology to Istio.
“For the data plane, Envoy is becoming the de-facto standard because all the cloud providers, all the platforms are basically using Envoy,” Talwar says. “It’s been battle-tested at production at scale at many large companies. So that’s becoming the standard. For control plane I think Istio is fast becoming the standard given it’s the rate of adoption, and these kind of milestones [like graduating CNCF] help the cause in further acceleration of the adoption.”
Talwar says his company, Tetrate, is leading the development of both Istio and Envoy for service meshes. “We are pretty excited about those as the future,” Talwar says. “We’ve helped define a lot of the standards in the last two years and shared it with industry. And we’re really excited about what that will bring in terms of advancing the cause for security, and also obviously as a prospect for us.”