from Hacker News

Istio moved to CNCF Graduation stage

by AlexB138 on 7/12/23, 4:57 PM with 117 comments

• by goalonetwo on 7/12/23, 8:56 PM

  We are using istio at scale.

  I have a love-hate relationship with it. It is very complex and builds on 5 other layer of abstraction (K8s, Envoy, Iptables,...). Grasping what is going on requires you to understand all of those layers first. Istio essentially adds one layer of proxy for all your ingress/egress requests and from an engineering/performance/cost perspective that is not amazing.

  Once it is working and deployed though it provides a solid set of functionalities as part of the infrastructure directly. AuthN/Z, mTLS, security, metrics and logs are all deployed by default without the end-user having to do anything.

  Eventually I expect Istio will evolve to a model that makes more sense with Ambient/eBPF (For cost/performance reasons)

  The community behind Istio is especially helpful and one of the main reasons why we went with this project.

• by crb on 7/12/23, 9:15 PM

  Hi everyone, I'm the person who drove the CNCF process for Istio (and made the linked commit). I'm happy to answer any questions.

• by hsaliak on 7/12/23, 5:49 PM

  And yet -- grpc is still "incubating". Do these statuses really mean much?

• by awestroke on 7/12/23, 8:02 PM

  If I needed a service mesh, I'd probably use Linkerd. What would I be missing out on?

• by meepmorp on 7/12/23, 5:16 PM

  In case anyone wants to read the rendered markdown:

  https://github.com/cncf/toc/blob/main/proposals/graduation/i...

• by AlexB138 on 7/12/23, 5:41 PM

  Here's the official CNCF announcement: https://www.cncf.io/announcements/2023/07/12/cloud-native-co...

• by alanwreath on 7/12/23, 6:11 PM

  I may have missed the announcement where Istio’s ownership was being transfered to a vendor-neutral foundation like the CNCF, or is the Open Usage Commons What can be used in place?

• by aidenn0 on 7/12/23, 5:13 PM

  Enough searching around told me what CNCF is, but I still don't know what it means to "graduate"

• by sdesol on 7/12/23, 6:02 PM

  Here is some community information for istio https://devboard.gitsense.com/istio/istio

  Not kubernetes level https://devboard.gitsense.com/kubernetes/kubernetes but still very good.

  Full Disclosure: This is my tool, but I figure the insights would be interesting/useful.

• by akhayam on 7/12/23, 5:18 PM

  Finally… took a while.

  Now CNCF needs to figure out how to get Istio to work nicely with the networking k8s addons

• by AlexB138 on 7/12/23, 4:59 PM

  Here's the PR: https://github.com/cncf/toc/pull/1000

• by throwawa3432 on 7/13/23, 12:31 AM

  I think it should be titled Envoy+Istio in the same spirit of GNU+Linux.

  Jokes aside, Envoy really deserves some spotlight.

• by vbezhenar on 7/13/23, 3:04 AM

  What's an alternative to istio? I want to have http metrics between our services inside kubernetes. I don't really want all the fancy shmancy mtls, dpi and stuff, they don't bring value to me.

• by tflinton on 7/13/23, 2:30 AM

  Istio is amazing once you grok how it works and get it running. It has a lot of gotchas (objects in istio-system become global?) and there’s a lot of ways to abuse or misuse it.