No items found.

Istio Day at KubeCon 2024: What We Learned About Istio and Ambient Mesh

April 4, 2024
Wendie Cheung

Istio Day 2024 was held alongside KubeCon Europe this year in Paris and was the center stage for the Istio project and community. Together, the community of users, maintainers, and contributors gathered together to learn, explore, and interact with the latest innovations from the Istio project.

Throughout the week there were two key thematics that the community’s echoed including:

1. Governance and security remain critical elements of good application development.
2. Users are continually looking at how to reduce resourcing and costs for their infrastructure.

Beta Release of Ambient Mode on Istio

We started the week off in Paris on a high with the announcement of the beta release of ambient mode on Istio. The upcoming release of Istio 1.22 and ambient mode addresses the two themes commonly expressed throughout the week around security and resourcing costs. Istio in ambient mode simplifies operations without requiring changes or application restarts. It introduces lightweight shared node proxes and optional layer 7 per-workload proxies, removing the need for traditional sidecars from the data plane. Plus, when compared with sidecar deployments, ambient mode reduces memory overhead and computing usage by over 90%.

It was exciting to hear such positive feedback from the community on the release of ambient mode over the week. We had excellent coverage and engagement with the community from the Solo.io booth, at the Ambient Lounge, and on Istio Day. As core maintainers of the Istio project, we welcome any feedback and encourage you to visit the Istio repo here.

Security Remains a Core Element of Application Development

It was great to see so many Istio featured talks throughout KubeCon and co-located events including Observability Day, Platform Engineering Day, and AppDeveloperCon, demonstrating how engaged the community remains with Istio. Across all events, the two themes continued to be at the forefront, focusing on how great application development starts at a secure network level and exploring how technologies, data, metrics and platform engineering processes can play a part in building a secure and performative application.

Solo’s own Benjamin Leggett and Yuval Kohav presented an in-depth session at Istio Day: Empowering Istio Ambient With Any Kubernetes CNIs. Their talk explored how users can solve some of the primary challenges around CNI using Istio ambient mesh with a new innovative approach that seamlessly operates between Istio-CNI, Ztunnel, and application pods, all within the ambient mesh and with simple operational requirements that don’t require the restart of any application pods during enrollment.

In addition to this demo, we heard that the most anticipated features of the Istio 1.22 release about ambient mode center around security and policy management. This includes the secure overlay layer with mutual TLS, enhanced metrics, Layer 4 authorization policies, and layer 7 waypoint proxies. Many community users shared with us that they rely heavily on layer 7 policies and rules to meet their unique mesh use cases.

Cost and Resource Management Top of Mind

In addition to the added security and governance provided by ambient mode is the simplification of service mesh with its sidecarless deployment mode. Ambient mode simplifies the operational lifecycle of application deployments onto Istio with ztunnel, and by extension reduces the resourcing overhead required to run a service mesh.

Traditional sidecar deployments will remain fully supported in Istio, but this deployment method did create some challenges for some users. The additional configurations and application restarts that were often required for users to adopt Istio was a barrier to entry for some who might have found it difficult to determine the right level of resource provisioning for their workloads. Now with ambient mode, the requirement to configure and work around the restrictions of the sidecar model is removed and enables teams to focus on building applications whilst reducing the cost profile of their mesh and infrastructure.

Overall it was an exciting and productive week in Paris for the Solo.io team. As lead maintainers and contributors to the Istio project, the positive community sentiment we received so far on the beta release of ambient mode is exciting. The use cases the community have already shared and the problems we’ve already been able to solve is just the start, and we’re excited to see the community continue to embrace Istio.

Keep your eyes peeled for announcements at KubeCon North America later this year in November with more updates from the Istio projects.

In the meantime, learn more about Istio ambient mode.

Cloud connectivity done right