An Intellyx Brain Candy Update We last covered Istio service mesh champion Solo.io in March 2024. More recently, the company has launched the open-source Agent Gateway, a lightweight proxy that supports agent-to-agent (A2A) and model context protocol (MCP) interactions among AI agents and between agents and LLMs. Instead of extending Istio to support AI agents, […]| Intellyx – The Digital Transformation Experts – Analysts
Last year we announced that Istio would transform from an indefinitely-appointed Technical Oversight Committee to a regularly elected body, with members serving two-year terms. Each year, three of the six seats are elected. To bootstrap the process, we announced the 2025 election would cover the seats held by the three longest-serving members. One of those three seats became vacant, prompting a by-election. Long-time maintainer Costin Manolache won that election. We thank Costin for his conti...| Istio Blog
The world of AI inference on Kubernetes presents unique challenges that traditional traffic-routing architectures weren’t designed to handle. While Istio has long excelled at managing microservice traffic with sophisticated load balancing, security, and observability features, the demands of Large Language Model (LLM) workloads require specialized functionality. That’s why we’re excited to announce Istio’s support for the Gateway API Inference Extension, bringing intelligent, model-aw...| Istio Blog
Over the next 12 months, we will focus on improving parity between sidecar mode and ambient mode, providing a supported path for sidecar users to migrate to the ambient data plane when they are ready. We will also revamp our contributor experience, simplifying the process for proposing and implementing new features, and giving recognition to our most valuable contributors. We plan to grow our ecosystem by adding or updating Istio’s integration to various popular cloud native projects and bu...| Istio Blog
The open source and cloud native community gathered from the 1st to 4th of April in London for the first KubeCon of 2025. The four-day conference, organized by the Cloud Native Computing Foundation, was “big” for Istio, as our presence was seen almost everywhere - from the keynotes to the project pavilion. We kick-started the activities in London with Istio Day - a KubeCon + CloudNativeCon co-located event on April 1st. The event was well-received, showcasing lessons learned from running ...| Istio Blog
Istio’s ambient mode splits the service mesh into two distinct layers: Layer 7 processing (the “waypoint proxy”), which remains powered by the traditional Envoy proxy; and a secure overlay (the “zero-trust tunnel” or “ztunnel”), which is a new codebase, written from the ground up in Rust. It is our intention that the ztunnel project be safe to install by default in every Kubernetes cluster, and to that end, it needs to be secure and performant. We comprehensively demonstrated zt...| Istio Blog
The Sail Operator is a community project launched by Red Hat to build a modern operator for Istio. First announced in August 2024, we are pleased to announce Sail Operator is now GA with a clear mission: to simplify and streamline Istio management in your cluster. Simplified deployment & management The Sail Operator is engineered to cut down the complexity of installing and running Istio. It automates manual tasks, ensuring a consistent, reliable, and uncomplicated experience from initial ins...| Istio Blog
An amazing lineup of Istio activities awaits you in London at KubeCon + CloudNativeCon Europe 2025! Join for the Istio Project Meeting hosted at the Maintainer Summit. Come to the Istio Day co-located event. Attend the Istio Maintainers’ Track session: Istio: The Past, Present and Future of the Project and Community Drop by the Istio Contribfest session: A Beginner’s Guide to Contributing to Istio - Hands-on Development and Contribution Workshop Add the following KubeCon sessions to your ...| Istio Blog
Encryption in transit is a baseline requirement for almost all Kubernetes environments today, and forms the foundation of a zero-trust security posture. However, the challenge with security is that it doesn’t come without a cost: it often involves a trade-off between complexity, user experience, and performance. While most Cloud Native users will know of Istio as a service mesh, providing advanced HTTP functionality, it can also serve the role of providing a foundational network security la...| Istio Blog
The Istio Steering Committee oversees the administrative aspects of the project, including governance, branding, marketing, and working with the CNCF. Every year, we estimate the proportion of the hundreds of companies that have contributed to Istio in the past year, and uses that metric to proportionally allocate the nine Contribution Seats on our Steering Committee. After that, four Community Seats are voted for by our project members, with candidates being from companies that did not recei...| Istio Blog
The Istio Steering Committee oversees the administrative aspects of the project, including governance, branding, marketing, and working with the CNCF. Every year, the leaders in the Istio project estimate the proportion of the hundreds of companies that have contributed to Istio in the past year, and uses that metric to proportionally allocate nine Contribution Seats on our Steering Committee. Then, four Community Seats are voted for by our project members, with candidates being from companie...| Istio Blog
Istio supports integration with many different projects. The Istio blog recently featured a post on L7 policy functionality with OpenPolicyAgent. Kyverno is a similar project, and today we will dive how Istio and the Kyverno Authz Server can be used together to enforce Layer 7 policies in your platform. We will show you how to get started with a simple example. You will come to see how this combination is a solid option to deliver policy quickly and transparently to application team everywher...| Istio Blog
Earlier this year, we added Izzy Dolphin, the Indo-Pacific Bottlenose to the CNCF “Phippy and Friends” family. Ever since then, Istio lovers worldwide have been eagerly awaiting the first children’s book featuring our cute dolphin. And here it is! The Istio project is excited to unveil Izzy’s adventure sailing with the Phippy family at KubeCon North America 2024 this week, as together we celebrate the 10 year anniversary of Kubernetes. Copies are available at the the CNCF Store, or on...| Istio Blog
An amazing lineup of Istio activities awaits you in Salt Lake City, Utah at KubeCon + CloudNativeCon North America 2024! Come to the Istio Day co-located event. Attend the Istio Maintainers’ Track session: Life of a Packet: Ambient Edition Drop by the Istio Contribfest session: Sidecarless Service Mesh: Let’s Work Together on Istio V2 Add the following KubeCon sessions to your schedule, all of which have an Istio flavor: Why Choose Istio in 2025 | Project Lightning Talk Lightning Talk: Ef...| Istio Blog
A common question from prospective Istio users is “how does Istio compare to Cilium?” While Cilium originally only provided L3/L4 functionality, including network policy, recent releases have added service mesh functionality using Envoy, as well as WireGuard encryption. Like Istio, Cilium is a CNCF Graduated project, and has been around in the community for many years. Despite offering a similar feature set on the surface, the two projects have substantially different architectures, most ...| Istio Blog
Like many Open Source foundations and projects, the Istio project has two governance groups: a Steering Committee, that oversees the administrative and marketing aspects of the project, and a Technical Oversight Committee (TOC), responsible for cross-cutting product and design decisions. The Steering Committee represents the companies and contributors that support the Istio project, while the TOC is the top of an individual contributor ladder made up of our members, maintainers and working gr...| Istio Blog
Shared computing platforms offer resources and shared functionality to tenant teams so that they don’t need to build everything from scratch themselves. While it can sometimes be hard to balance all the requests from tenants, it’s important that platform teams ask the question: what’s the highest value feature we can offer our tenants? Often work is given directly to application teams to implement, but there are some features that are best implemented once, and offered as a service to a...| Istio Blog
With the recent announcement of the In-Cluster IstioOperator deprecation in Istio 1.23 and its subsequent deletion for Istio 1.24, we want to build awareness of a new operator that the team at Red Hat have been developing to manage Istio as part of the istio-ecosystem organization. The Sail Operator manages the lifecycle of Istio control planes, making it easier and more efficient for cluster administrators to deploy, configure and upgrade Istio in large scale production environments. Instead...| Istio Blog
On this day in 2017, Google and IBM announced the launch of the Istio service mesh. Istio is an open technology that enables developers to seamlessly connect, manage, and secure networks of different services — regardless of platform, source, or vendor. We can hardly believe that Istio turns seven today! To celebrate the project’s 7th birthday, we wanted to highlight Istio’s momentum and its exciting future. Rapid adoption among users Istio, the most widely adopted service mesh project ...| Istio Blog
Istio provides networking, security and telemetry APIs that are crucial for ensuring the robust security, seamless connectivity, and effective observability of services within the service mesh. These APIs are used on thousands of clusters across the world, securing and enhancing critical infrastructure. Most of the features powered by these APIs have been considered stable for some time, but the API version has remained at v1beta1. As a reflection of the stability, adoption, and value of thes...| Istio Blog
We are thrilled to announce that Service Mesh support in the Gateway API is now officially “Stable”! With this release (part of Gateway API v1.1 and Istio v1.22), users can make use of the next-generation traffic management APIs for both ingress (“north-south”) and service mesh use cases (“east-west”). What is the Gateway API? The Gateway API is a collection of APIs that are part of Kubernetes, focusing on traffic routing and management. The APIs are inspired by, and serve many of...| Istio Blog
Having sailed into, and proudly graduated within the Cloud Native Computing Foundation in 2023, it is now time for Istio to join the CNCF Phippy family’s mission to demystify and simplify cloud native computing. The Istio Steering Committee is excited to unveil Izzy Dolphin, the Istio Indo-Pacific Bottlenose, who today dives into the family of “Phippy and Friends”. Istio stands on the shoulders of several other CNCF projects, including Kubernetes, Envoy, Prometheus, and Helm. Izzy is pr...| Istio Blog
The Istio Steering Committee oversees the administrative aspects of the project, including governance, branding, marketing, and working with the CNCF. Every year, the leaders in the Istio project estimate the proportion of the hundreds of companies that have contributed to Istio in the past year, and uses that metric to proportionally allocate nine Contribution Seats on our Steering Committee. Then, four Community Seats are voted for by our project members, with candidates being from companie...| Istio Blog
The Istio project announced ambient mesh - its new sidecar-less dataplane mode in 2022, and released an alpha implementation in early 2023. Our alpha was focused on proving out the value of the ambient data plane mode under limited configurations and environments. However, the conditions were quite limited. Ambient mode relies on transparently redirecting traffic between workload pods and ztunnel, and the initial mechanism we used to do that conflicted with several categories of 3rd-party Con...| Istio Blog
There will be lots of Istio-related activity at KubeCon + CloudNativeCon Europe in Paris! We’ll keep this page updated with more details as they are published. Come to the Istio Day co-located event. The following KubeCon sessions will be based on Istio, add them to your schedule: Keynote: Platform Building Blocks: How to Build ML Infrastructure with CNCF Projects What Not Do When You’re Updating Istio in a Critical Environment? Comparing Sidecar-Less Service Mesh from Cilium and Istio Ne...| Istio Blog
The open source and cloud native community gathered from the 6th to the 9th of November in Chicago for the final KubeCon of 2023. The four-day conference, organized by the Cloud Native Computing Foundation, was “twice the fun” for Istio, as we grew from a half-day event in Europe in April to a full day co-located event. To add to the excitement, Istio Day North America marked our first event as a CNCF graduated project. With Istio Day NA over, that’s a wrap for our major community event...| Istio Blog
One of the biggest reasons users adopt service mesh is to enable secure communication among applications using mutual TLS (mTLS) based on cryptographically verifiable identities. In this blog, we’ll discuss the requirements of secure communication among applications, how mTLS enables and meets all those requirements, along with simple steps to get you started with enabling mTLS among your applications using Istio. What do you need to secure the communications among your applications? Modern...| Istio Blog
It’s great to be able to safely get together in person again. After two years of only running virtual events, we have filled the calendar for 2023. Istio Day Europe was held in April, and Istio Day North America is coming this November. IstioCon is committed to the industry-leading service mesh that provides a platform to explore insights gained from real-world Istio deployments, engage in interactive hands-on activities, and connect with maintainers across the entire Istio ecosystem. Along...| Istio Blog
The Istio Steering Committee is pleased to announce the four winners of the 2023 election for Community Seats. The winners are: Craig Box, ARMO Iris Ding, Intel Lin Sun, Solo.io Faseela K, Ericsson Software Technology The winners will serve on the Steering Committee for one year, starting on September 1, 2023. They will be responsible for helping to guide the development and governance of Istio, the world’s most popular service mesh. The election was held in August 2023, and was open to any...| Istio Blog
If you have heard anything about service meshes, it is that they work using the sidecar pattern: a proxy server is deployed alongside your application code. The sidecar pattern is just that: a pattern. Up until this point, there has been no formal support for sidecar containers in Kubernetes at all. This has caused a number of problems: what if you have a job that terminates by design, but a sidecar container that doesn’t? This exact use case is the most popular ever on the Kubernetes issue...| Istio Blog
What is connection load balancing? Load balancing is a core networking solution used to distribute traffic across multiple servers in a server farm. Load balancers improve application availability and responsiveness and prevent server overload. Each load balancer sits between client devices and backend servers, receiving and then distributing incoming requests to any available server capable of fulfilling them. For a common web server, it usually has multiple workers (processors or threads). ...| Istio Blog
We are delighted to announce that Istio is now a graduated Cloud Native Computing Foundation (CNCF) project. We would like to thank our TOC sponsors Emily Fox and Nikhita Raghunath, and everyone who has collaborated over the past six years on Istio’s design, development, and deployment. As before, project work continues uninterrupted. We were excited to bring ambient mesh to Alpha in Istio 1.18 and are continuing to drive it to production readiness. Sidecar deployments remain the recommende...| Istio Blog
We all had a blast at Istio Day Europe in April. The event was incredibly well received, but organizers and attendees alike felt that a half-day was not enough to showcase all that Istio has to offer. Due to the overwhelming response, we are glad to share with all of you that Istio Day North America is going to be a full-day event, co-located with KubeCon North America in Chicago. Submit a talk We now encourage Istio users, developers, partners, and advocates to submit a session proposal thro...| Istio Blog
The open source and cloud native community gathered from 18th to 21st April in Amsterdam for the first KubeCon of 2023. The four-day conference, organized by the Cloud Native Computing Foundation, was special for Istio, as we evolved from a participant at ServiceMeshCon to hosting our first official project co-located event. Istio Day Europe 2023, WelcomeIstio Day kicked off with an opening keynote from the Program Committee chairs, Mitch Connors and Faseela K. The event was packed with great...| Istio Blog
With dozens of tools for securing your network available, it is easy to find tutorials and demonstrations illustrating how these individual tools make your network more secure by adding identity, policy, and observability to your traffic. What is often less clear is how these tools interoperate to provide comprehensive security for your network in production. How many tools do you need? When is your network secure enough? This post will explore the tools and practices leveraged by Splunk to s...| Istio Blog
In Istio’s new ambient mode, the istio-cni component running on each Kubernetes worker node is responsible for redirecting application traffic to the zero-trust tunnel (ztunnel) on that node. By default it relies on iptables and Generic Network Virtualization Encapsulation (Geneve) overlay tunnels to achieve this redirection. We have now added support for an eBPF-based method of traffic redirection. Why eBPF Although performance considerations are essential in the implementation of Istio am...| Istio Blog
Istio ambient service mesh was launched in Sept 2022 in an experimental branch, introducing a new data plane mode for Istio without sidecars. Through collaboration with the Istio community, across Google, Solo.io, Microsoft, Intel, Aviatrix, Huawei, IBM and others, we are excited to announce that Istio ambient mesh has graduated from the experimental branch and merged to Istio’s main branch! This is a significant milestone for ambient mesh, paving the way for releasing ambient in Istio 1.18...| Istio Blog
The Istio Steering Committee consists of 9 Contribution Seats, proportionally allocated based on corporate contributions to the project, and 4 elected Community Seats. Last year, we elected four members to the community seats. It’s now time to announce the companies who fuel our growth by selecting the Contribution Seat members. As per the Steering charter, every February we look at which companies have made the most contributions to Istio based on an annually agreed metric. According to ou...| Istio Blog
Istio is a project that platform engineers trust to enforce security policy in their production Kubernetes environments. We pay a lot of care to security in our code, and maintain a robust vulnerability program. To validate our work, we periodically invite external review of the project, and we are pleased to publish the results of our second security audit. The auditors’ assessment was that “Istio is a well-maintained project that has a strong and sustainable approach to security”. No ...| Istio Blog
Istio is sailing up the canals this April! We are delighted to announce Istio Day Europe 2023, a “Day 0” event co-located with KubeCon + CloudNativeCon Europe 2023. Istio Day is the perfect opportunity to meet the Istio maintainers and contributors in person, and hear from users why Istio is constantly ranked the #1 service mesh in production. Submit a talk We now encourage Istio users, developers, partners, and advocates to submit a session proposal through the CNCF event portal, which i...| Istio Blog
The Istio Steering Committee consists of 9 proportionally-allocated Contribution Seats, and 4 elected Community Seats. Our third annual election for our Community Seats has concluded, and we are pleased to announce the choice of our members: Craig Box (ARMO) Iris Ding (Intel) Faseela K (Ericsson Software Technology) Christian Posta (Solo.io) We would like to extend our heartfelt thanks to Zack Butcher, Lin Sun and Zhonghu Xu, whose terms have now ended. With Contribution Seat holders from Goo...| Istio Blog
We are pleased to share that Istio is now an official incubating CNCF project. In April, Istio applied to become a CNCF project. Today, the TOC announced they have voted to accept our application. This journey began with Istio’s inception in 2016. We are grateful for all who have collaborated over the last six years on Istio’s design, development, and deployment. We especially appreciate the efforts of TOC sponsor Dave Zolotusky, TAG Network, and the engineering teams at Airbnb, Intuit, S...| Istio Blog
Cryptographic operations are among the most compute-intensive and critical operations when it comes to secured connections. Istio uses Envoy as the “gateways/sidecar” to handle secure connections and intercept the traffic. Depending upon use cases, when an ingress gateway must handle a large number of incoming TLS and secured service-to-service connections through sidecar proxies, the load on Envoy increases. The potential performance depends on many factors, such as size of the cpuset on...| Istio Blog
The Istio project is pleased to announce its intention to join the Cloud Native Computing Foundation (CNCF). With the support of the Istio Steering Committee, Google has submitted an application proposal for Istio to join the CNCF, the home of its companion projects Kubernetes and Envoy. It is almost 5 years since Google, IBM and Lyft launched Istio 0.1 in May 2017. That first version set the standard for what a service mesh should be: traffic management, policy enforcement, and observability...| Istio Blog
IstioCon is the annual user-centered event for Istio, the industry’s most popular service mesh. This event will take place April 25-29, it will be 100% virtual, and registrations are now open free of charge. If you are among the first 400 people to register to the conference, you are eligible to receive a conference t-shirt! In 2021, more than 4,000 people from across 84 countries joined the event online, to hear from 27 end-user companies how they are using Istio in production. Participant...| Istio Blog
IstioCon 2022, set for April 25-29, will be the second annual conference for Istio, the industry’s most popular service mesh. This year’s conference will again be 100% virtual, connecting community members across the globe with Istio’s ecosystem. Visit the conference website for all the information related to the event. IstioCon provides an opportunity to showcase the lessons learned from running Istio in production, hands-on experiences from the Istio community, and will feature mainta...| Istio Blog
Aeraki [Air-rah-ki] is the Greek word for ‘breeze’. While Istio connects microservices in a service mesh, Aeraki provides a framework to allow Istio to support more layer-7 protocols other than just HTTP and gRPC. We hope this breeze can help Istio sail a little further. Lack of Protocols Support in Service Mesh We are now facing some challenges with service meshes: Istio and other popular service mesh implementations have very limited support for layer 7 protocols other than HTTP and gRP...| Istio Blog
In keeping with our 2021 theme of improving Day 2 Istio operations, the Istio team has been evaluating extending the support window for our releases to give users more time to upgrade. For starters, we are extending the support window of Istio 1.9 by six weeks, to October 5, 2021. We hope that this additional support window will allow the many users who are currently using Istio 1.9 to upgrade, either to Istio 1.10 or directly to Istio 1.11. By overlapping support between 1.9 and 1.11, we int...| Istio Blog
Last year we introduced a new Steering Committee charter, which shares governance responsibilities between Contribution Seats, selected based on contributions to the project, and Community Seats, elected by the project members. We elected four members, with the committee representing seven different companies. It’s now time to kick off our 2021 election for Community Seats. Members have two weeks to submit nominations, and voting will run from 12 to 25 July. You can learn all about the elec...| Istio Blog
Istio’s powerful APIs can be used to solve a variety of service mesh use cases. Many users know about its strong ingress and east-west capabilities but it also offers many features for egress (outgoing) traffic. This is especially useful when your application needs to talk to an external service - such as a database endpoint provided by a cloud provider. There are often multiple endpoints to chose from depending on where your workload is running. For example, Amazon’s DynamoDB provides se...| Istio Blog
As Service Mesh technology moves from cutting edge to stable infrastructure, many users have expressed an interest in upgrading their service mesh less frequently, as qualifying a new minor release can take a lot of time. Upgrading can be especially difficult for users who don’t keep up with new releases, as Istio has not supported upgrades across multiple minor versions. To upgrade from 1.6.x to 1.8.x, users first had to upgrade to 1.7.x and then to 1.8.x. With the release of Istio 1.10, w...| Istio Blog
IstioCon 2021 is a week-long, community-led, virtual conference starting on February 22. This event provides an opportunity to hear the lessons learned from companies like Atlassian, Airbnb, FICO, eBay, T-Mobile and Salesforce running Istio in production, hands-on experiences from the Istio community, and will feature maintainers from across the Istio ecosystem. You can now find the full schedule of events which includes a series of English sessions and Chinese sessions. By attending the conf...| Istio Blog
IstioCon 2021 will be the inaugural conference for Istio, the industry’s most popular service mesh. In its inaugural year, IstioCon will be 100% virtual, connecting community members across the globe with Istio’s ecosystem. This conference will take place at the end of February. All the information related to IstioCon will be published on the conference website. IstioCon provides an opportunity to showcase the lessons learned from running Istio in production, hands-on experiences from the...| Istio Blog
Last month, we announced a revision to our Steering Committee charter, opening up governance roles to more contributors and community members. The Steering Committee now consists of 9 proportionally-allocated Contribution Seats, and 4 elected Community Seats. We have now concluded our inaugural election for the Community Seats, and we’re excited to welcome the following new members to the Committee: Neeraj Poddar (Aspen Mesh) Zack Butcher (Tetrate) Christian Posta (Solo.io) Zhonghu Xu (Huaw...| Istio Blog
A security researcher investigated an archive of commits on GitHub, which developers had likely thought they had deleted, […]| DEVCLASS
In this tutorial, you will learn how to expose the ArgoCD dashboard on the Internet with Istio and the inlets-operator for Kubernetes.| inlets.dev
Istio Ambient mode is a data plane model that eliminates the need for an envoy sidecar proxy on each of your workloads. This reduces resource overhead, timing issues between sidecar lifecycle and your containers, and the need to restart your workloads to upgrade proxy versions. In this article, I will show you how to install ... Minikube: Istio Ambient mode on Minikube| Fabian Lee : Software Engineer
This is a project design I am currently working on to consume SPIFFE( Secure Production Identity Framework For Everyone ) bootstrapped t...| pushpalankajaya.blogspot.com
Learn how to use discovery selectors and how they intersect with Sidecar resources.| Istio
Reducing complexity by simplifying the virtual machine on-boarding experience.| Istio
Upgrading all our sidecar containers to Kubernetes Native Sidecars, including cloudsql-proxy and istio-proxy.| karlstoney.com
The default retry configuration on Istio is not safe, and can retry requests you may not want retrying!| karlstoney.com
The Istio Steering Committee consists of 9 proportionally-allocated Contribution Seats, and 4 elected Community Seats. Our third annual election for our Community Seats has concluded, and we are pleased to announce the choice of our members: Craig Box (ARMO) Iris Ding (Intel) Faseela K (Ericsson Software Technology) Christian Posta (Solo.io) We would like to extend our heartfelt thanks to Zack Butcher, Lin Sun and Zhonghu Xu, whose terms have now ended. With Contribution Seat holders from Goo...| Istio Blog
Connect, secure, control, and observe services.| Istio
Accelerate TLS handshake using CryptoMB Private Key Provider configuration in Istio gateways and sidecars.| Istio
The Istio project is pleased to announce its intention to join the Cloud Native Computing Foundation (CNCF). With the support of the Istio Steering Committee, Google has submitted an application proposal for Istio to join the CNCF, the home of its companion projects Kubernetes and Envoy. It is almost 5 years since Google, IBM and Lyft launched Istio 0.1 in May 2017. That first version set the standard for what a service mesh should be: traffic management, policy enforcement, and observability...| Istio Blog
IstioCon is the annual user-centered event for Istio, the industry’s most popular service mesh. This event will take place April 25-29, it will be 100% virtual, and registrations are now open free of charge. If you are among the first 400 people to register to the conference, you are eligible to receive a conference t-shirt! In 2021, more than 4,000 people from across 84 countries joined the event online, to hear from 27 end-user companies how they are using Istio in production. Participant...| Istio Blog
The secret of Istio’s abilities in traffic management, security, observability and policy is all in the Envoy proxy. Istio uses Envoy as the “sidecar” to intercept service traffic, with the kernel’s netfilter packet filter functionality configured by iptables. There are shortcomings in using iptables to perform this interception. Since netfilter is a highly versatile tool for filtering packets, several routing rules and data filtering processes are applied before reaching the destinat...| Istio Blog
IstioCon 2022, set for April 25-29, will be the second annual conference for Istio, the industry’s most popular service mesh. This year’s conference will again be 100% virtual, connecting community members across the globe with Istio’s ecosystem. Visit the conference website for all the information related to the event. IstioCon provides an opportunity to showcase the lessons learned from running Istio in production, hands-on experiences from the Istio community, and will feature mainta...| Istio Blog
Reducing complexity by simplifying the virtual machine on-boarding experience.| Istio
Aeraki provides a framework to allow Istio to support more layer-7 protocols other than HTTP.| Istio
In keeping with our 2021 theme of improving Day 2 Istio operations, the Istio team has been evaluating extending the support window for our releases to give users more time to upgrade. For starters, we are extending the support window of Istio 1.9 by six weeks, to October 5, 2021. We hope that this additional support window will allow the many users who are currently using Istio 1.9 to upgrade, either to Istio 1.10 or directly to Istio 1.11. By overlapping support between 1.9 and 1.11, we int...| Istio Blog
The Istio service mesh has gained wide production adoption across a wide variety of industries. The success of the project, and its critical usage for enforcing key security policies in infrastructure warranted an open and neutral assessment of the security risks associated with the project. To achieve this goal, the Istio community contracted the NCC Group last year to conduct a third-party security assessment of the project. The goal of the review was “to identify security issues related ...| Istio Blog
Last year we introduced a new Steering Committee charter, which shares governance responsibilities between Contribution Seats, selected based on contributions to the project, and Community Seats, elected by the project members. We elected four members, with the committee representing seven different companies. It’s now time to kick off our 2021 election for Community Seats. Members have two weeks to submit nominations, and voting will run from 12 to 25 July. You can learn all about the elec...| Istio Blog
Learn how to configure locality load balancing and failover for endpoints that are outside of your mesh.| Istio
As Service Mesh technology moves from cutting edge to stable infrastructure, many users have expressed an interest in upgrading their service mesh less frequently, as qualifying a new minor release can take a lot of time. Upgrading can be especially difficult for users who don’t keep up with new releases, as Istio has not supported upgrades across multiple minor versions. To upgrade from 1.6.x to 1.8.x, users first had to upgrade to 1.7.x and then to 1.8.x. With the release of Istio 1.10, w...| Istio Blog
Learn how to easily deploy StatefulSets with Istio 1.10.| Istio
As users move their services to run in the Istio service mesh, they are often surprised that the control plane watches and processes all of the Kubernetes resources, from all namespaces in the cluster, by default. This can be an issue for very large clusters with lots of namespaces and deployments, or even for a moderately sized cluster with rapidly churning resources (for example, Spark jobs). Both in the community as well as for our large-scale customers at Solo.io, we need a way to dynamic...| Istio Blog
IstioCon 2021 is a week-long, community-led, virtual conference starting on February 22. This event provides an opportunity to hear the lessons learned from companies like Atlassian, Airbnb, FICO, eBay, T-Mobile and Salesforce running Istio in production, hands-on experiences from the Istio community, and will feature maintainers from across the Istio ecosystem. You can now find the full schedule of events which includes a series of English sessions and Chinese sessions. By attending the conf...| Istio Blog
IstioCon 2021 will be the inaugural conference for Istio, the industry’s most popular service mesh. In its inaugural year, IstioCon will be 100% virtual, connecting community members across the globe with Istio’s ecosystem. This conference will take place at the end of February. All the information related to IstioCon will be published on the conference website. IstioCon provides an opportunity to showcase the lessons learned from running Istio in production, hands-on experiences from the...| Istio Blog
Last month, we announced a revision to our Steering Committee charter, opening up governance roles to more contributors and community members. The Steering Committee now consists of 9 proportionally-allocated Contribution Seats, and 4 elected Community Seats. We have now concluded our inaugural election for the Community Seats, and we’re excited to welcome the following new members to the Committee: Neeraj Poddar (Aspen Mesh) Zack Butcher (Tetrate) Christian Posta (Solo.io) Zhonghu Xu (Huaw...| Istio Blog
Today, the Istio project is pleased to announce a new revision to its steering charter, which opens up governance roles to more contributors and community members. This revision solidifies our commitment to open governance, ensuring that the community around the project will always be able to steer its direction, and that no one company has majority voting control over the project. The Istio Steering Committee oversees the administrative aspects of the project and sets the marketing direction...| Istio Blog
At some point, there will be a system change significant enough that a maintenance window needs to be scheduled with customers. But that doesn’t mean the end-user traffic or client integrations will stop requesting the services. What we need to present to end-users is a maintenance page during this outage to indicate the overall solution ... GCP: Cloud Run/Function to handle requests to GKE cluster during maintenance| fabianlee.org
Upgrading Istio from 1.20 to 1.21. Issues with JWT auth in dynamicMetadata and AuthorizationPolicies.| karlstoney.com
How to transparently compress response traffic between your microservices, consistently, using EnvoyFilters in Istio| karlstoney.com
setting up a proof-of-concept connectivity with a VM in an Istio mesh| gruchalski.com
cert-manager ACME Let's Encrypt with working catch-all HTTPS redirect, the how and the why| gruchalski.com
Scaling Istio Sidecars, and how we consider the relationship of Sidecar resources tightly coupled to the application.| karlstoney.com
How to improve the performance of Jaeger when using Elasticsearch as the storage backend.| karlstoney.com
How to enable GZIP compression of responses using EnvoyFilter| karlstoney.com
How to migrate your Istio deployment to the new Telemetry API| karlstoney.com
Using Istio, Kubernetes and Prometheus to build dynamically scaling infrastructure that can scale unused workloads to zero.| karlstoney.com
Using EnvoyFilter to debug HTTP requests, and locate those missing important tracing headers| karlstoney.com
How we build, test and release Istio across 5 environments using a custom release process + chart.| karlstoney.com
Some good news! 1.8 and 1.9 were a lot less painful than previous releases, so I bundled them into a single blog post. Remember that you shouldn't skip-version upgrade so if you're still on 1.7, go through 1.8 to 1.9. This blog will cover the| karlstoney.com
By design, local Kubernetes clusters are inaccessible from the internet. So how can we fix that if we want to use Ingress?| inlets.dev
Introducing the new destination oriented waypoint proxy for simplicity and scalability.| Istio
Results of a third-party security review by NCC Group.| Istio