Achieve Compliance, Zero Trust with Istio Ambient Mesh


Istio is an official CNCF project – what does it mean for you?

Lin Sun | September 28, 2022

The CNCF Technical Oversight Committee (TOC) has voted to accept Istio as a CNCF incubating project. Istio solves the challenges of managing microservices by allowing you to easily observe, connect and secure your services, without writing code in your services to perform these functions.

As a founding Istio TOC and Steering member, I am extremely excited about moving Istio under CNCF’s governance and I believe this is another game changer for the Istio project in addition to the ambient mesh announcement a few weeks ago.

A long journey into CNCF

About four years ago while I was at IBM, we started the process of having Istio be part of CNCF by submitting a PR request to CNCF with an informal agreement from Google. We got some push back from the community on product maturity and production adoption thus the effort was paused. Since then, customer usage of Istio has grown significantly, with nearly half the F2000 companies using a service mesh to manage, monitor and secure application traffic.

At IstioCon 2022, Eric Brewer from Google announced Google’s intention to donate Istio to CNCF. It generated a lot of excitement in the community. CNCF is home to some of the most successful cloud native projects (Kubernetes, Envoy, Prometheus, etc), and many of us in the community feel it is the right home for Istio.

Istio’s open source strength

Istio was founded by IBM, Google, and Lyft in 2017, and a thriving community has grown around it to include other contributors, such as, Huawei, DaoCloud, Salesforce, Intel, Ericsson, and RedHat, to name the top 10 companies contributors for the past year. With over 6000 contributors from over 1000 companies at the time of this writing, the Istio project benefits from an active, diverse community and skill set.

Istio’s open architecture and ecosystem combine to make the technology effective. An open governance process is the underpinning of many successful projects. With Istio part of CNCF, I expect an even more diverse community with Istio with the improved vendor-neutral governance approach, eliminating some of the friction in the community earlier.

Istio and Solo

At Solo, we’re committed to innovation around both the Istio and Envoy communities. As a long-standing and major contributor to Istio, Solo engineers now sit on the Istio Technical Oversight Committee and Steering Committee and co-lead the Product Security Workgroup. Most recently, Solo engineers proudly co-created Istio ambient mesh which introduces a new sidecar-less data plane to Istio. The diagram below shows Solo’s increasing contribution to Istio over the past 2 years compared to four other companies (RedHat, Salesforce, Intel and Tetrate) in the community, where x-axis is each month for the past 2 years and y-axis is the percentage of the contribution with these 5 companies add up to 100%. started with very little contribution 2 years ago to over a third as the top contributor out of these 5 companies for the current month with 262 contributions.

Note: Graph data doesn’t (yet) include Solo’s large contribution to ambient mesh.

In 2018, when we announced SuperGloo, we had a vision to build a service mesh abstraction for our enterprise users that is easy to onboard, scale, and self-service among multiple teams. SuperGloo later became Gloo Mesh to focus on Istio service mesh after we observed tremendous adoption of Istio. For the past 4 years, we continue to partner with hundreds of customers around the globe to bring innovation to many parts of the stack (e.g. Wasm, GraphQL, eBPF, ambient mesh, etc), execute on the vision, and evolve Gloo Mesh to simplify Istio adoption.

Check this video to learn more about some of the Istio contributors at Solo and their thoughts on Istio as a CNCF incubating project:

Get involved with Istio

Congratulations to everyone who is part of the Istio community on today’s significant milestone! Istio is the most widely adopted service mesh in production, with continuous innovation from the community, from a single control plane called Istiod, to the Wasm extension model, to using eBPF to accelerate the redirection from sidecar to application container, and to the new sidecar-less data plane. Istio will continue to be the most innovative service mesh while we keep the mesh boring for core functionalities.

With Istio as part of CNCF, I expect an even more diverse community and Istio further solidifies its position as the Kubernetes for service mesh. As usual, we continue to rely on an active community of developers, users, and vendors to help improve, secure and scale the tech. Here are a few ways for you to get involved:

See you in the Istio community!