The Cloud Native Computing Foundation (CNCF) recently announced the graduation of Istio, the open-source service mesh that brings standard, universal traffic management, telemetry, and security to complex deployments.
Highlights of this video interview:
- A service mesh is a higher-level abstraction of existing networking infrastructure. It works with applications to do the things that application developers need to do such as monitor the traffic in and out of the service, enable security and authorization of calls in and out, control traffic to do blue/green deployments.
- The Istio project is continuing to build features and value for the users. It’s been very stable for a long time and a lot of people are using it in production. With a solid user base, a solid contributor base, and good development practices in place, it went through the CNCF graduation process very quickly.
- The CNCF establishes bars around the project maturity process: how you engage with the user community, do you have good security practices, etc. Graduation is a mark of maturity that you can show to the outside world that the open-source project is ready for production, it is very stable, it is high-quality, and it has been around for a while. It’s reasonable to say that companies can actually use them in building their business.
- Microsoft has actually started to contribute to the project and stepped in.
- Like most open-source solutions, there is a maintenance cost. There are software releases every quarter, upgrades, support from either the community or from a commercial vendor who’s delivering a product based on it.
- The same is true for Kubernetes. Anytime you have to upgrade a large or important piece of infrastructure, that’s toil for the platform teams within these organizations.
- There is a lot of market demand for things being delivered as a service, but compatible with open source, because there is this operational cost.
- The biggest problem with any of these projects today is the cost of maintenance for the platform team.
- Solo.io’s primary focus is to 1) ensure that an upgrade or an installation cycle is “boring,” i.e., just run the upgrade tool and don’t have to do or be constantly attending to it, and 2) minimize API change because it reduces the amount of effort and churn and how far throughout the organization that churn has to propagate.
- Solo.io has been actively driving the Istio Ambient Mesh effort for the last 18 months, which changes a big part of the installation and upgrade profile of Istio and is a major improvement in the operational cost.
- As part of Ambient Mesh, there is no need to maintain the sidecar — just install it in the cluster. Once complete, certain features of Istio are already on, as well as mutual transport layer security (mTLS) for all the traffic in that cluster – all in a single installation step.
- People looking to do operational improvements, blue, green, or get telemetry and get better insights into what’s going on in the cluster. By being able to just give mTLS, it delivers a lot of value to a broad class of users. And then extending on that value incrementally to deliver the service mesh features makes it just part of the network. This is why it’s called ambient — it’s there when you need it. And when it’s not needed, you don’t have to think about it.
This summary was written by Camille Gregory.