43 KiB
Name of the project
Istio
Description
Istio is an open source service mesh that transparently provides a uniform and efficient way to secure, connect, and monitor services in cloud native applications. It provides zero-trust networking, policy enforcement, traffic management, load balancing, and monitoring, without requiring applications to be rewritten.
Features include:
- Secure service-to-service communication based on zero-trust principles, using TLS encryption and strong identity-based authentication and authorization
- Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic
- Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection
- A policy API supporting access controls, rate limits and quotas, that can be connected to external authorization systems
- Automatic generation of metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress
- A data plane platform allowing for extension and customization of proxy behavior
Istio is designed for extensibility, and can handle a diverse range of deployment needs. Istio’s control plane runs on Kubernetes, and is capable of managing workloads running in the same Kubernetes cluster, other Kubernetes clusters, and even workloads running outside Kubernetes on VMs.
Sponsor / Advisor from TOC
Dave Zolotusky, with help from Erin Boyd (TOC) and Lee Calcote (TAG Network)
License
Istio is licensed under the Apache 2.0 license.
Source control repositories
- https://github.com/istio (everything in the org)
- https://github.com/istio-ecosystem (everything in the org)
External dependencies
Istio has external dependencies licensed under the following CNCF-approved licenses:
- Apache 2.0
- BSD License
- ISC License
- MIT License
Five modules are licensed under the Mozilla Public License, and all have been granted exceptions by the CNCF governing board.
Licenses for most Istio dependencies are automatically included at https://github.com/istio/istio/tree/master/licenses. A snapshot of modules and their corresponding licenses can be found below.
Projects in istio-ecosystem will be brought in line with CNCF guidelines before submission.
Issue tracker
https://github.com/istio/istio/issues
Committers
Commits to Istio, no matter how small, are welcome from anyone in the community.
Istio uses "maintainer" as the noun for a member allowed to approve code contributions. See https://github.com/istio/community/blob/master/ROLES.md#maintainer for more information.
- Members are mapped to teams in https://github.com/istio/community/blob/master/org/teams.yaml. A current list of all maintainers is at the top of the file.
- Teams are mapped to project paths in https://github.com/istio/istio/blob/master/CODEOWNERS.
A dashboard of Istio maintainers can be seen at https://eng.istio.io/maintainers.
Infrastructure requirements (CI / CNCF Cluster)
The project uses Prow infrastructure run by Google Cloud. Artifacts are stored in Google Cloud Storage, and containers published to registries including Docker Hub and Google Container Registry.
Google will migrate ownership of this infrastructure to the CNCF and, along with other community members, sponsor it going forward.
Statement on alignment with CNCF mission
Istio aims to provide security, observability and policy for traffic on top of Kubernetes. If the goal of the CNCF is to make cloud native computing ubiquitous, then a goal of Istio could be expressed as making that ubiquity safe and easy to manage.
Istio is a service mesh, and service meshes are called out in the CNCF charter as exemplifying the Cloud Native approach.
Istio stands on the shoulders of several CNCF projects, such as Kubernetes, Envoy, gRPC, Prometheus and SPIFFE. It can be installed with Helm, and integrations exist for projects including Knative, Flagger, Jaeger, Open Policy Agent, and OpenTelemetry.
Communication channels
- Slack: https://slack.istio.io
- Discourse: https://discuss.istio.io
- Shared Drive: https://drive.google.com/corp/drive/folders/0ADmbrU7ueGOUUk9PVA
Website
Release methodology and mechanics
We produce new builds of Istio for each commit. Around once per quarter, we build a minor release and run through several additional tests as well as release qualification. We release patch versions for issues found in minor releases.
Detailed information on Istio's release management can be found in its documentation and its developer wiki.
Security processes
Istio has a responsible and mature vulnerability submission and disclosure program, managed by the Product Security Working Group. The processes are documented at https://istio.io/latest/docs/releases/security-vulnerabilities/.
Vendors meeting certain published criteria receive advance notice of security vulnerabilities through Istio's early disclosure list, which is documented at https://github.com/istio/community/blob/master/EARLY-DISCLOSURE.md.
Roadmap
Our 2022 roadmap highlights the following goals:
- Stabilizing Istio's API surface
- Improving upgrades and troubleshooting
- Enhancing extensibility
- Expanding reach
- Further security hardening
Social media account
- Twitter: https://twitter.com/istiomesh
- YouTube: https://www.youtube.com/c/istio
Community size
Istio has had over 8000 individual contributors on the project’s GitHub repositories.
The project has over 32,000 GitHub stars across its repositories.
Over 70 companies have submitted at least 8 Pull Requests to Istio.
Contribution
Istio's proud parents are Google and IBM, alongside the Lyft team who built the Envoy proxy.
Significant contributions come from:
- US technology companies, including Red Hat, Cisco, VMware, and Intel
- Chinese cloud providers and vendors, including Huawei, Tencent, Alibaba, and DaoCloud
- Companies founded to bring Istio solutions to market, including Tetrate, Aspen Mesh, and Solo.io
- Istio's end users, including Auto Trader UK, Salesforce, SAP, and Yahoo!
End users
According to the CNCF annual survey, Istio is the most widely adopted service mesh. A list of public reference customers can be found on the istio website, including a number of case studies in text or video format.
The first annual IstioCon event, held online in 2021, had over 4,000 attendees. The project also hosts monthly community meetups.
Licenses
At the time of project submission, the following modules were used with the following licenses. For an up-to-date list, please refer to the go.mod file and licenses directory in each repository.