Istio moved to CNCF Graduation stage

by AlexB138on 7/12/2023, 4:57 PMwith 117 comments

by goalonetwoon 7/12/2023, 8:56 PM

We are using istio at scale.

I have a love-hate relationship with it. It is very complex and builds on 5 other layer of abstraction (K8s, Envoy, Iptables,...). Grasping what is going on requires you to understand all of those layers first. Istio essentially adds one layer of proxy for all your ingress/egress requests and from an engineering/performance/cost perspective that is not amazing.

Once it is working and deployed though it provides a solid set of functionalities as part of the infrastructure directly. AuthN/Z, mTLS, security, metrics and logs are all deployed by default without the end-user having to do anything.

Eventually I expect Istio will evolve to a model that makes more sense with Ambient/eBPF (For cost/performance reasons)

The community behind Istio is especially helpful and one of the main reasons why we went with this project.

by crbon 7/12/2023, 9:15 PM

Hi everyone, I'm the person who drove the CNCF process for Istio (and made the linked commit). I'm happy to answer any questions.

by hsaliakon 7/12/2023, 5:49 PM

And yet -- grpc is still "incubating". Do these statuses really mean much?

by awestrokeon 7/12/2023, 8:02 PM

If I needed a service mesh, I'd probably use Linkerd. What would I be missing out on?

by meepmorpon 7/12/2023, 5:16 PM

In case anyone wants to read the rendered markdown:

https://github.com/cncf/toc/blob/main/proposals/graduation/i...

by AlexB138on 7/12/2023, 5:41 PM

Here's the official CNCF announcement: https://www.cncf.io/announcements/2023/07/12/cloud-native-co...

by alanwreathon 7/12/2023, 6:11 PM

I may have missed the announcement where Istio’s ownership was being transfered to a vendor-neutral foundation like the CNCF, or is the Open Usage Commons What can be used in place?

by aidenn0on 7/12/2023, 5:13 PM

Enough searching around told me what CNCF is, but I still don't know what it means to "graduate"

by sdesolon 7/12/2023, 6:02 PM

Here is some community information for istio https://devboard.gitsense.com/istio/istio

Not kubernetes level https://devboard.gitsense.com/kubernetes/kubernetes but still very good.

Full Disclosure: This is my tool, but I figure the insights would be interesting/useful.

by akhayamon 7/12/2023, 5:18 PM

Finally… took a while.

Now CNCF needs to figure out how to get Istio to work nicely with the networking k8s addons

by AlexB138on 7/12/2023, 4:59 PM

Here's the PR: https://github.com/cncf/toc/pull/1000

by throwawa3432on 7/13/2023, 12:31 AM

I think it should be titled Envoy+Istio in the same spirit of GNU+Linux.

Jokes aside, Envoy really deserves some spotlight.

by vbezhenaron 7/13/2023, 3:04 AM

What's an alternative to istio? I want to have http metrics between our services inside kubernetes. I don't really want all the fancy shmancy mtls, dpi and stuff, they don't bring value to me.

by tflintonon 7/13/2023, 2:30 AM

Istio is amazing once you grok how it works and get it running. It has a lot of gotchas (objects in istio-system become global?) and there’s a lot of ways to abuse or misuse it.