istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Cherrypick #14996 (Attempt 4) (#15333) 

* Test homepage changes for preview.

* update logos

* three buttons

* changes to scroller

* sass: align buttons at bottom of panels

* fixup banner title and subtitle styling

* oops

* scope white headline color to banner

* scope header margin overrides to banner section

* fixup page header margins, restore subtitle class to What is Istio section

* semibold banner title

* set landing page paragraph size, remove subtitle classes

* update logos and CSS for such

* you REALLY LIKE BLANK LINES but ONLY AT THE ENDS, linter

* Add page hierarchy

* CNI content

* WIP

* cut cut cut

* preview /about/service-mesh page

* WIP

* preview latest updates

* tweaks

* correct link

* lint fix

* Proper formatting, lint be damned

* new iconography

* next round

* oops

* edits

* text update

* Lint fixes

* stage dataplane mode page

* remove getting started page

* proper doc links

* percent twenty-three

* change table layout

* tabs vs spaces (SIGH)

* Trailing space              s

* Apply suggestions from code review

Co-authored-by: Peter Jausovec <peterj@users.noreply.github.com>

* Changes per code review and forgetting latency numbers

* return Getting Started file

---------

Co-authored-by: Mike Morris <1149913+mikemorris@users.noreply.github.com>
Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
Co-authored-by: Peter Jausovec <peterj@users.noreply.github.com>
This commit is contained in:
Craig Box 2024-06-26 18:47:58 +12:00 committed by GitHub
parent d50c75661f
commit d8b89f4c16
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
29 changed files with 642 additions and 209 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.spelling
View File

@ -175,6 +175,7 @@ Bazel
BCubed
Berben
Berkus
BeyondProd
Bian
BigQuery
Birkland
@ -491,6 +492,7 @@ FedRAMP
filename
filenames
fine-grained
FIPS
Firebase
FitStation
Fluentd
@ -717,6 +719,7 @@ Kustomization
Kustomize
kustomize
kyzy
L2-L4
L3-4
L4-L6
L4-only
@ -1080,6 +1083,7 @@ Speedscale
SPIFFE
SPIFFE-compliant
Splunk
SPOFs
src
SREs
Srihari
@ -1277,6 +1281,7 @@ wikipedia.org
wildcard
wildcarded
wildcards
Wireguard
workgroup
workload
workstream

1
assets/inline_images/community-project.svg Normal file
View File

@ -0,0 +1 @@
<svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24"><path d="M6.986 4.043 C 6.264 4.143,5.598 4.484,5.041 5.040 C 4.307 5.772,3.960 6.656,4.012 7.659 C 4.078 8.949,4.798 10.055,5.948 10.634 C 6.324 10.823,6.862 10.970,7.087 10.945 C 7.637 10.884,8.044 10.395,7.988 9.860 C 7.941 9.398,7.662 9.095,7.161 8.960 C 6.708 8.838,6.325 8.515,6.129 8.089 C 6.041 7.897,6.023 7.802,6.022 7.499 C 6.020 7.171,6.032 7.114,6.150 6.875 C 6.306 6.557,6.592 6.277,6.911 6.128 C 7.107 6.036,7.192 6.021,7.504 6.022 C 7.895 6.023,7.838 6.003,8.573 6.391 C 8.958 6.595,9.426 6.500,9.735 6.158 C 10.124 5.725,10.077 5.130,9.621 4.729 C 9.376 4.514,8.773 4.217,8.380 4.118 C 8.003 4.024,7.371 3.989,6.986 4.043 M15.980 4.044 C 15.414 4.125,14.651 4.461,14.327 4.772 C 13.922 5.160,13.896 5.746,14.265 6.158 C 14.582 6.509,15.046 6.596,15.448 6.379 C 16.113 6.021,16.107 6.023,16.496 6.022 C 16.808 6.021,16.893 6.036,17.089 6.128 C 17.557 6.346,17.923 6.827,17.982 7.303 C 18.014 7.562,17.948 7.948,17.833 8.175 C 17.646 8.540,17.257 8.848,16.839 8.960 C 16.338 9.095,16.059 9.398,16.012 9.860 C 15.956 10.395,16.363 10.884,16.913 10.945 C 17.138 10.970,17.676 10.823,18.052 10.634 C 18.945 10.185,19.578 9.421,19.862 8.452 C 20.127 7.547,19.993 6.547,19.491 5.680 C 19.262 5.286,18.657 4.704,18.236 4.472 C 17.512 4.075,16.762 3.932,15.980 4.044 M11.405 6.058 C 10.796 6.174,10.256 6.422,9.781 6.805 C 8.626 7.736,8.196 9.372,8.742 10.764 C 9.266 12.102,10.575 13.000,12.000 13.000 C 13.425 13.000,14.734 12.102,15.258 10.764 C 15.569 9.972,15.569 9.028,15.258 8.236 C 15.035 7.665,14.647 7.142,14.165 6.759 C 13.842 6.502,13.187 6.186,12.800 6.099 C 12.388 6.007,11.768 5.989,11.405 6.058 M12.344 8.053 C 13.388 8.272,13.837 9.579,13.161 10.433 C 12.987 10.655,12.699 10.859,12.462 10.930 C 12.253 10.992,11.747 10.992,11.538 10.930 C 11.301 10.859,11.013 10.655,10.839 10.433 C 10.290 9.740,10.460 8.715,11.202 8.239 C 11.407 8.107,11.732 8.009,11.980 8.004 C 12.046 8.003,12.210 8.025,12.344 8.053 M5.358 12.061 C 3.731 12.315,2.417 13.584,2.083 15.227 C 1.885 16.198,2.038 16.846,2.596 17.404 C 3.048 17.856,3.441 18.000,4.218 18.000 C 4.641 17.999,4.724 17.988,4.900 17.905 C 5.281 17.724,5.488 17.405,5.488 17.000 C 5.488 16.732,5.401 16.507,5.228 16.326 C 5.006 16.095,4.826 16.027,4.390 16.008 L 4.000 15.991 4.002 15.865 C 4.010 15.459,4.266 14.908,4.598 14.583 C 5.069 14.122,5.461 14.001,6.488 13.998 C 7.234 13.996,7.375 13.969,7.619 13.783 C 7.696 13.725,7.808 13.592,7.869 13.489 C 7.964 13.328,7.980 13.256,7.980 13.000 C 7.980 12.746,7.963 12.672,7.872 12.516 C 7.740 12.293,7.533 12.128,7.290 12.055 C 7.053 11.984,5.830 11.987,5.358 12.061 M16.695 12.057 C 16.466 12.129,16.256 12.299,16.128 12.516 C 16.037 12.672,16.020 12.746,16.020 13.000 C 16.020 13.256,16.036 13.328,16.131 13.489 C 16.192 13.592,16.304 13.725,16.381 13.783 C 16.625 13.969,16.766 13.996,17.512 13.998 C 18.324 14.000,18.640 14.057,18.986 14.265 C 19.561 14.610,19.900 15.122,19.981 15.771 L 20.008 15.990 19.614 16.008 C 19.173 16.027,18.994 16.095,18.772 16.326 C 18.599 16.507,18.512 16.732,18.512 17.000 C 18.512 17.405,18.719 17.724,19.100 17.905 C 19.276 17.988,19.359 17.999,19.782 18.000 C 20.559 18.000,20.952 17.856,21.404 17.404 C 21.957 16.851,22.114 16.193,21.921 15.243 C 21.721 14.264,21.197 13.415,20.438 12.843 C 19.866 12.412,19.276 12.160,18.605 12.058 C 18.118 11.985,16.928 11.984,16.695 12.057 M9.943 14.043 C 8.349 14.285,7.065 15.420,6.642 16.964 C 6.530 17.371,6.475 17.984,6.524 18.285 C 6.657 19.110,7.222 19.736,8.018 19.939 C 8.377 20.031,15.623 20.031,15.982 19.939 C 16.608 19.779,17.143 19.312,17.358 18.737 C 17.661 17.927,17.441 16.719,16.819 15.780 C 16.294 14.987,15.450 14.390,14.480 14.127 L 14.100 14.024 12.140 14.016 C 11.062 14.011,10.074 14.023,9.943 14.043 M13.885 16.040 C 14.373 16.131,14.923 16.509,15.200 16.946 C 15.351 17.184,15.480 17.589,15.480 17.824 L 15.480 18.000 12.000 18.000 L 8.520 18.000 8.520 17.824 C 8.520 17.589,8.649 17.184,8.800 16.946 C 9.068 16.524,9.624 16.132,10.080 16.044 C 10.335 15.994,13.621 15.991,13.885 16.040"></path></svg>
Side by Side

After

Width:  |  Height:  |  Size: 4.0 KiB

3
assets/inline_images/deployment-modes.svg Normal file
View File

@ -0,0 +1,3 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
<path d="M5.7 3.056c-.088.029-.637.29-1.22.582-.777.39-1.099.572-1.205.683A1.085 1.085 0 0 0 3 5c0 .406.293.811.678.939.296.099.529.066.944-.133.19-.091.353-.166.362-.166.009 0 .016.756.016 1.68V9h-.554c-.798 0-1.079.11-1.318.516-.091.156-.108.23-.108.484 0 .256.016.328.111.489.125.213.318.375.539.454.219.078 4.441.078 4.66 0 .221-.079.414-.241.539-.454.095-.161.111-.233.111-.489 0-.254-.017-.328-.108-.484C8.633 9.11 8.352 9 7.554 9H7V6.427c0-2.904.008-2.821-.299-3.128A.971.971 0 0 0 5.7 3.056m5.995 2.001a1.04 1.04 0 0 0-.567.459c-.091.156-.108.23-.108.484 0 .256.016.328.111.489.125.213.318.375.539.454.222.079 8.438.079 8.66 0 .221-.079.414-.241.539-.454.095-.161.111-.233.111-.489 0-.254-.017-.328-.108-.484a1.02 1.02 0 0 0-.582-.461c-.261-.079-8.344-.076-8.595.002m0 6a1.04 1.04 0 0 0-.567.459c-.091.156-.108.23-.108.484 0 .256.016.328.111.489.125.213.318.375.539.454.222.079 8.438.079 8.66 0 .221-.079.414-.241.539-.454.095-.161.111-.233.111-.489 0-.254-.017-.328-.108-.484a1.02 1.02 0 0 0-.582-.461c-.261-.079-8.344-.076-8.595.002m-6.343 2.022c-1.075.227-1.969 1.082-2.259 2.162a2.86 2.86 0 0 0-.071.662c-.002.38.005.414.119.6.397.645 1.316.653 1.709.015.084-.136.121-.265.15-.514.042-.376.158-.617.374-.782.864-.659 1.993.289 1.495 1.255-.08.156-.321.352-1.85 1.505-1.928 1.454-1.963 1.487-2.006 1.907a.984.984 0 0 0 .285.811c.309.309.213.3 3.219.298 2.12-.001 2.694-.012 2.813-.055.221-.079.414-.241.539-.454.095-.161.111-.233.111-.489 0-.254-.017-.328-.108-.484a1.209 1.209 0 0 0-.254-.295c-.262-.2-.414-.221-1.571-.221H6.986l.457-.342c.544-.406.865-.711 1.064-1.012a3.027 3.027 0 0 0 .411-2.325c-.387-1.616-1.932-2.587-3.566-2.242m6.343 3.978a1.04 1.04 0 0 0-.567.459c-.091.156-.108.23-.108.484 0 .256.016.328.111.489.125.213.318.375.539.454.222.079 8.438.079 8.66 0 .221-.079.414-.241.539-.454.095-.161.111-.233.111-.489 0-.254-.017-.328-.108-.484a1.02 1.02 0 0 0-.582-.461c-.261-.079-8.344-.076-8.595.002"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.9 KiB

1
assets/inline_images/envoy.svg Normal file
View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" role="img" viewBox="-3.94 49.31 438.88 331.63"><style>svg {enable-background:new 0 0 432 432}</style><path d="M109.9 209.9l.5 25.4 26.8 16.6-.6-25.4zm65.2 105.6l-.6-24.9-23.4-14.6c-.4-.2-.7-.6-.9-.7l.6 25 24.3 15.2zm-83.5 33.4l-61.1-37.8-1.5-63.5 29.9-12.9-.6-25.4-47.8 20.6c-3.7 1.7-6 5-5.8 9l1.9 76.2c0 3.9 2.4 7.8 6.4 10.1l73.4 45.4c3.4 2.1 7.5 2.6 11 1.7.4-.2.7-.2 1.1-.4l45-19.4-24.5-15.2-27.4 11.6zm197.7-140.5c-.2-4.5-2.8-9.2-7.3-11.8l-89.1-55.1-2.8 1.1.6 26.7 70.5 43.7 1.7 71.4 26.9 16.6 1.5-.6-2-92z"/><path d="M182.6 334L100 282.6l-2.1-86 37.8-16.3-.7-29.7-58.7 25.2c-4.3 1.9-6.9 5.8-6.7 10.5L72 287.2c0 4.7 2.8 9.2 7.3 11.8l97 60.2c3.9 2.4 8.8 3.2 12.9 1.9.4-.2.7-.4 1.1-.4l57.4-24.7-28.4-17.6-36.7 15.6z"/><path d="M415.4 137.8L291 60.8c-4.7-2.8-10.1-3.6-14.8-2.1-.4.2-.9.4-1.3.6l-121.3 52.3c-4.9 2.1-7.8 6.5-7.7 12l3 129.3c.2 5.2 3.4 10.5 8.4 13.5l124.3 77c4.5 2.8 10.1 3.6 14.8 2.1.4-.2.9-.4 1.3-.6L419 292.5c4.9-2.1 7.8-6.7 7.7-12l-3-129.3c0-5.2-3.2-10.3-8.3-13.4zM289.1 314.4l-108-66.9-2.8-112.5 105.4-45.4 108 66.9 2.6 112.3-105.2 45.6z"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

1
assets/inline_images/stable-releases.svg Normal file
View File

@ -0,0 +1 @@
<svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" viewBox="0 0 24 24"><path d="M9.431 2.062 C 8.924 2.185,8.920 2.189,6.571 4.532 C 4.828 6.271,4.338 6.783,4.243 6.961 C 3.986 7.443,4.000 7.031,4.000 13.960 C 4.000 20.831,3.988 20.462,4.225 20.930 C 4.361 21.199,4.801 21.639,5.070 21.775 C 5.538 22.012,5.172 22.000,12.000 22.000 C 18.828 22.000,18.462 22.012,18.930 21.775 C 19.196 21.640,19.638 21.200,19.771 20.937 C 20.015 20.457,20.000 21.028,19.999 12.014 C 19.999 3.065,20.010 3.534,19.781 3.083 C 19.646 2.816,19.297 2.449,19.017 2.281 C 18.538 1.993,18.756 2.004,13.960 2.006 C 10.431 2.006,9.619 2.017,9.431 2.062 M18.000 12.000 L 18.000 20.000 12.000 20.000 L 6.000 20.000 6.000 14.500 L 6.000 9.000 7.632 9.000 C 9.399 9.000,9.507 8.990,9.930 8.775 C 10.196 8.640,10.638 8.200,10.771 7.937 C 10.988 7.510,11.000 7.386,11.000 5.624 L 11.000 4.000 14.500 4.000 L 18.000 4.000 18.000 12.000 M9.000 5.960 L 9.000 7.000 7.950 7.000 L 6.901 7.000 7.940 5.960 C 8.512 5.388,8.984 4.920,8.990 4.920 C 8.995 4.920,9.000 5.388,9.000 5.960 M9.660 11.067 C 9.480 11.122,9.349 11.239,8.347 12.234 C 7.734 12.842,7.185 13.421,7.127 13.520 C 7.037 13.672,7.020 13.747,7.020 14.000 C 7.020 14.254,7.036 14.328,7.127 14.480 C 7.260 14.703,9.367 16.803,9.560 16.905 C 9.659 16.957,9.787 16.979,10.000 16.979 C 10.258 16.980,10.327 16.964,10.492 16.867 C 10.714 16.737,10.901 16.498,10.965 16.264 C 11.019 16.061,10.989 15.733,10.899 15.555 C 10.861 15.481,10.514 15.101,10.127 14.710 L 9.423 14.000 10.127 13.290 C 10.514 12.900,10.864 12.517,10.904 12.440 C 10.957 12.340,10.979 12.213,10.979 12.000 C 10.980 11.745,10.964 11.672,10.872 11.516 C 10.740 11.293,10.533 11.128,10.290 11.055 C 10.061 10.986,9.914 10.989,9.660 11.067 M13.695 11.057 C 13.466 11.129,13.256 11.299,13.128 11.516 C 13.036 11.672,13.020 11.745,13.021 12.000 C 13.021 12.213,13.043 12.340,13.096 12.440 C 13.136 12.517,13.486 12.900,13.873 13.290 L 14.577 14.000 13.873 14.710 C 13.486 15.101,13.139 15.481,13.101 15.555 C 12.872 16.008,13.056 16.601,13.508 16.867 C 13.673 16.964,13.742 16.980,14.000 16.979 C 14.213 16.979,14.341 16.957,14.440 16.905 C 14.633 16.803,16.740 14.703,16.873 14.480 C 16.964 14.328,16.980 14.254,16.980 14.000 C 16.980 13.747,16.963 13.672,16.873 13.520 C 16.815 13.421,16.266 12.842,15.653 12.234 C 14.610 11.198,14.526 11.125,14.323 11.064 C 14.066 10.988,13.920 10.987,13.695 11.057"></path></svg>
Side by Side

After

Width:  |  Height:  |  Size: 2.4 KiB

89
content/en/_index.html
View File

@ -11,7 +11,6 @@ description: A service mesh for observability, security in depth, and management
"logo": "https://istio.io/img/logo.png",
"sameAs": [
"https://twitter.com/IstioMesh",
"https://discuss.istio.io/"
]
}
</script>
@ -30,85 +29,71 @@ description: A service mesh for observability, security in depth, and management
<main class="landing">
<section id="banner">
<h1 id="hero-text">
Simplify observability, traffic management, security, and policy with the leading service mesh.
<h1 id="title">
Service Mesh. Simplified.
</h1>
<p class="subtitle">Easily build cloud native workloads securely and reliably with Istio, with or without sidecars.</p>
</section>
<section id="landing-panels" class="container">
<div class="panels">
{{< content_panel type="dark" title="what_is_istio" text="Discover how a service mesh helps with many common challenges of a distributed architecture." button="learn_more" url="/about/service-mesh" >}}
{{< content_panel type="dark" title="solutions" text="Learn how to build secure, reliable and scalable applications with Istio." button="learn_more" url="/about/solutions" >}}
{{< content_panel type="dark" title="deployment" text="Get what you need to deploy and utilize Istio for your unique needs." button="learn_more" url="/about/deployment" >}}
{{< content_panel type="dark" title="latest_news" text="Istio announces the beta release of ambient mode in the release of 1.22." button="read_more" url="/blog/2024/ambient-reaches-beta/" >}}
{{< content_panel type="dark" title="join_the_community" text="Connect with over 10,000+ of your peers using, testing and innovating with Istio." button="connect_with_us" url="/get-involved" >}}
{{< content_panel type="dark" title="get_started" text="Try Istio today. Quickly evaluate the project in four steps." button="learn_more" url="/docs/setup/getting-started" >}}
</div>
</section>
<section id="service-mesh" class="container">
<h1>The Istio service mesh</h1>
<h1>What is Istio?</h1>
<p class="subtitle">
Istio extends Kubernetes to establish a programmable, application-aware network using the powerful Envoy service proxy. Working with both Kubernetes and traditional workloads, Istio brings standard, universal traffic management, telemetry, and security to complex deployments.
</p>
<div class="service-mesh-graph">
<img src="/img/service-mesh.svg" alt="service-mesh"/>
</div>
<div class="cta-container">
<a href="/about/service-mesh" class="btn">Learn more</a>
</div>
</section>
<section id="concepts" class="container">
<h1>Concepts</h1>
<div class="panels">
{{< content_panel type="transparent" title="traffic_management" text="Deploy capabilities like inter-service routing, failure recovery and load balancing." image="management.svg" >}}
{{< content_panel type="transparent" title="observability" text="Provide an end-to-end view of traffic flow and service performance." image="observability.svg" >}}
{{< content_panel type="transparent" title="security" text="Engage encryption, role-based access, and authentication across services." image="security.svg" >}}
</div>
<div class="cta-container">
<a href="/about/service-mesh#concepts" class="btn">Learn more</a>
</div>
</section>
<section id="solutions" class="container">
<h1>Solutions</h1>
<p class="subtitle">
From start-up to enterprise, cloud native to on-premises, organizations of all shapes, sizes, and missions deploy Istio to solve immediate problems. With Istio in place, they can build out additional capabilities on their service mesh. From compliance to reliability, Istio has the answer. Learn about some of Istios key use cases.
<p>
Istio extends Kubernetes to establish a programmable, application-aware network. Working with both Kubernetes and traditional workloads, Istio brings standard, universal traffic management, telemetry, and security to complex deployments.
<br/><br/>
Select the features you want and Istio deploys proxy infrastructure as needed. Use the zero-trust tunnel for Layer 4 performance and security, or add the powerful Envoy service proxy for Layer 7 features.
</p>
{{< solutions_carousel >}}
<div class="cta-container">
<a class="btn" href="/about/service-mesh">Learn more</a>
</div>
</section>
<section id="case-studies" class="container">
<h1>Case studies</h1>
<h1>Trusted by</h1>
{{< case_studies_carousel >}}
{{< logo_carousel >}}
<div class="cta-container">
<a class="btn" href="/about/case-studies">Go to case studies</a>
<a class="btn" href="/about/case-studies">Read our case studies</a>
</div>
</section>
<section id="features" class="container">
<h1>Features</h1>
<div class="panels">
{{< content_panel type="transparent" title="security" text="Simple implementation of service-to-service security including mTLS authentication, authorization, and encryption." button="learn_more" image="security.svg" url="/docs/concepts/security/" >}}
{{< content_panel type="transparent" title="observability" text="Optimize best practices with deep visibility into applications and identify where to focus to improve performance." button="learn_more" image="observability.svg" url="/docs/concepts/observability/" >}}
{{< content_panel type="transparent" title="traffic_management" text="Manage networking for services consistently, without any additional developer overhead." button="learn_more" image="management.svg" url="/docs/concepts/traffic-management/" >}}
</div>
</section>
<section id="providers" class="container">
<h1>Istio Providers</h1>
<p class="subtitle">
<p>
Istio is supported and implemented by an ecosystem of leading providers and consultants. You can install and manage Istio yourself or use a one-click install feature of your Kubernetes or cloud provider. Another option is to turn to a provider for a fully managed service mesh based on Istio. Choose the way that works for you.
</p>
<div class="companies-grid">
{{< company_logo link="https://cloud.google.com/" logo="./logos/google-cloud.png" alt="Google Cloud" >}}
{{< company_logo link="https://www.ibm.com/cloud" logo="./logos/ibm-cloud.svg" alt="IBM Cloud" >}}
{{< company_logo link="https://www.redhat.com/" logo="./logos/redhat.svg" alt="Red Hat" >}}
{{< company_logo link="https://www.vmware.com/" logo="./logos/vmware.svg" alt="VMware" >}}
{{< company_logo link="https://www.huawei.com/" logo="./logos/huawei.png" alt="Huawei" >}}
{{< company_logo link="https://www.tetrate.io/" logo="./logos/tetrate.svg" alt="Tetrate" >}}
{{< company_logo link="https://www.solo.io/" logo="./logos/solo.png" alt="Solo.io" >}}
{{< company_logo link="https://www.f5.com/products/aspen-service-mesh" logo="./logos/f5.svg" alt="F5" >}}
{{< company_logo link="https://cloud.google.com/service-mesh" logo="./logos/google-cloud.png" alt="Google Cloud" >}}
{{< company_logo link="https://www.ibm.com/products/istio" logo="./logos/ibm-cloud.svg" alt="IBM Cloud" >}}
{{< company_logo link="https://www.redhat.com/en/technologies/cloud-computing/openshift/what-is-openshift-service-mesh" logo="./logos/redhat.svg" alt="Red Hat" >}}
{{< company_logo link="https://learn.microsoft.com/en-us/azure/aks/istio-about" logo="./logos/microsoft-azure.svg" alt="Microsoft Azure" >}}
{{< company_logo link="https://www.solo.io/products/gloo-mesh/" logo="./logos/solo.png" alt="Solo.io" >}}
{{< company_logo link="https://support.huaweicloud.com/asm/index.html/" logo="./logos/huawei.png" alt="Huawei" >}}
{{< company_logo link="https://tetrate.io/tetrate-service-bridge/" logo="./logos/tetrate.svg" alt="Tetrate" >}}
{{< company_logo link="https://tanzu.vmware.com/service-mesh" logo="./logos/vmware.svg" alt="VMware" >}}
</div>
<div class="cta-container">

2
content/en/about/case-studies/bol.com/index.md
View File

@ -7,7 +7,7 @@ author:
image: "/img/authors/roland-kool.png"
companyName: "bol.com"
companyURL: "https://bol.com/"
logo: "/logos/bol-com.png"
logo: "/logos/bol.svg"
skip_toc: true
skip_byline: true
skip_pagenav: true

100
content/en/about/service-mesh/index.md
View File

@ -1,7 +1,7 @@
---
title: The Istio service mesh
description: Service mesh.
subtitle: Istio addresses the challenges developers and operators face with a distributed or microservices architecture. Whether you're building from scratch or migrating existing applications to cloud native, Istio can help.
subtitle: Istio addresses the challenges developers and operators face with a distributed or microservices architecture. Whether you're building from scratch, migrating existing applications to cloud native, or securing your existing estate, Istio can help.
weight: 34
skip_toc: true
skip_byline: true
@ -12,82 +12,80 @@ aliases:
- /docs/concepts/what-is-istio/goals
- /about/intro
- /docs/concepts/what-is-istio/
- /latest/docs/concepts/what-is-istio/
- /latest/docs/concepts/what-is-istio/
doc_type: about
---
[comment]: <> (TODO: Replace Service mesh graphic placeholder)
{{< centered_block >}}
{{< figure src="/img/service-mesh.svg" alt="Service mesh" title="By adding a proxy \"sidecar\" along with every application deployed, Istio lets you program application-aware traffic management, incredible observability, and robust security capabilities into your network." >}}
{{< figure src="/img/service-mesh.svg" alt="Service mesh" title="By using application proxies, Istio lets you program application-aware traffic management, incredible observability, and robust security capabilities into your network." >}}
{{< /centered_block >}}
{{< centered_block >}}
## What is a Service Mesh?
Modern applications are typically architected as distributed collections of microservices, with each collection of microservices performing some discrete business function. A service mesh is a dedicated infrastructure layer that you can add to your applications. It allows you to transparently add capabilities like observability, traffic management, and security, without adding them to your own code. The term "service mesh" describes both the type of software you use to implement this pattern, and the security or network domain that is created when you use that software.
As the deployment of distributed services, such as in a Kubernetes-based system, grows in size and complexity, it can become harder to understand and manage. Its requirements can include discovery, load balancing, failure recovery, metrics, and monitoring. A service mesh also often addresses more complex operational requirements, like A/B testing, canary deployments, rate limiting, access control, encryption, and end-to-end authentication.
Service-to-service communication is what makes a distributed application possible. Routing this communication, both within and across application clusters, becomes increasingly complex as the number of services grow. Istio helps reduce this complexity while easing the strain on development teams.
{{< /centered_block >}}
{{< centered_block >}}
[comment]: <> (The below heading is only here because lint requires the first heading to be a <h2>, and later on we want <h1>s.)
## What is Istio?
Istio is an open source service mesh that layers transparently onto existing distributed applications. Istio's powerful features provide a uniform and more efficient way to secure, connect, and monitor services. Istio is the path to load balancing, service-to-service authentication, and monitoring with few or no service code changes. Its powerful control plane brings vital features, including:
A **service mesh** is an infrastructure layer that gives applications capabilities like zero-trust security, observability, and advanced traffic management, without code changes. **Istio** is the most popular, powerful, and trusted service mesh. Founded by Google, IBM and Lyft in 2016, Istio is a graduated project in the Cloud Native Computing Foundation alongside projects like Kubernetes and Prometheus.
- Secure service-to-service communication in a cluster with TLS encryption, strong identity-based authentication and authorization
- Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic
- Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection
- A pluggable policy layer and configuration API supporting access controls, rate limits and quotas
- Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress
Istio ensures that cloud native and distributed systems are resilient, helping modern enterprises maintain their workloads across diverse platforms while staying connected and protected. It [enables security and governance controls](/docs/concepts/observability/) including mTLS encryption, policy management and access control, [powers network features](/docs/concepts/traffic-management/) like canary deployments, A/B testing, load balancing, failure recovery, and [adds observability](/docs/concepts/observability/) of traffic across your estate.
Istio is designed for extensibility and can handle a diverse range of deployment needs. Istio's control plane runs on Kubernetes, and you can add applications deployed in that cluster to your mesh, extend the mesh to other clusters, or even connect VMs or other endpoints running outside of Kubernetes.
Istio is not confined to the boundaries of a single cluster, network or runtime — services running on Kubernetes or VMs, multi-cloud, hybrid, or on-premises, can be included within a single mesh.
A large ecosystem of contributors, partners, integrations, and distributors extend and leverage Istio for a wide variety of scenarios.
You can install Istio yourself, or a number of vendors have products that integrate Istio and manage it for you.
Extensible by design and supported by a [broad ecosystem](/about/ecosystem) of contributors and partners, Istio offers packaged integrations and distributions for various use cases. You can install Istio independently or opt for managed support from commercial vendors providing Istio-based solutions.
<div class="cta-container">
<a class="btn" href="/docs/overview/">Learn more about Istio</a>
</div>
{{< /centered_block >}}
{{< centered_block >}}
<br/><br/>
## How it Works
# Features
Istio has two components: the data plane and the control plane.
{{< feature_block header="Secure by default" image="security.svg" >}}
Istio provides a market-leading zero-trust solution based on workload identity, mutual TLS, and strong policy controls. Istio delivers the value of [BeyondProd](https://cloud.google.com/security/beyondprod/) in open source, while avoiding vendor lock-in or SPOFs.
The data plane is the communication between services. Without a service mesh, the network doesn't understand the traffic being sent over, and can't make any decisions based on what type of traffic it is, or who it is from or to.
Service mesh uses a proxy to intercept all your network traffic, allowing a broad set of application-aware features based on configuration you set.
An Envoy proxy is deployed along with each service that you start in your cluster, or runs alongside services running on VMs.
The control plane takes your desired configuration, and its view of the services, and dynamically programs the proxy servers, updating them as the rules or the environment changes.
{{< figure src="/img/service-mesh-before.svg" alt="Before utilizing Istio" title="Before utilizing Istio" >}}
{{< figure src="/img/service-mesh.svg" alt="After utilizing Istio" title="After utilizing Istio" >}}
{{< /centered_block >}}
# Concepts
{{< feature_block header="Traffic management" image="management.svg" >}}
Routing traffic, both within a single cluster and across clusters, affects performance and enables better deployment strategy. Istio's traffic routing rules let you easily control the flow of traffic and API calls between services. Istio simplifies configuration of service-level properties like circuit breakers, timeouts, and retries, and makes it easy to set up important tasks like A/B testing, canary deployments, and staged rollouts with percentage-based traffic splits.
<a class="btn" href="/docs/concepts/security/">Learn about security</a>
{{< /feature_block>}}
{{< feature_block header="Observability" image="observability.svg" >}}
As services grow in complexity, it becomes challenging to understand behavior and performance. Istio generates detailed telemetry for all communications within a service mesh. This telemetry provides observability of service behavior, empowering operators to troubleshoot, maintain, and optimize their applications. Even better, you get almost all of this instrumentation without requiring application changes. Through Istio, operators gain a thorough understanding of how monitored services are interacting.
{{< feature_block header="Increase observability" image="observability.svg" >}}
Istio generates telemetry within the service mesh, enabling observability on service behavior. It integrates with APM systems including Grafana and Prometheus to deliver insightful metrics for operators to troubleshoot, maintain, and optimize applications.
Istio's telemetry includes detailed metrics, distributed traces, and full access logs. With Istio, you get thorough and comprehensive service mesh observability.
<a class="btn" href="/docs/concepts/observability/">Learn about observability</a>
{{< /feature_block>}}
{{< feature_block header="Security capabilities" image="security.svg" >}}
Microservices have particular security needs, including protection against man-in-the-middle attacks, flexible access controls, auditing tools, and mutual TLS. Istio includes a comprehensive security solution to give operators the ability to address all of these issues. It provides strong identity, powerful policy, transparent TLS encryption, and authentication, authorization and audit (AAA) tools to protect your services and data.
{{< feature_block header="Manage traffic" image="management.svg" >}}
Istio simplifies traffic routing and service-level configuration, allowing easy control over flow between services and setup of tasks like A/B testing, canary deployments, and staged rollouts with percentage-based traffic splits.
Istio's security model is based on security-by-default, aiming to provide in-depth defense to allow you to deploy security-minded applications even across distrusted networks.
<a class="btn" href="/docs/concepts/traffic-management/">Learn about traffic management</a>
{{< /feature_block>}}
# Solutions
<br/><br/>
{{< solutions_carousel >}}
# Why Istio?
{{< feature_block header="Multiple deployment modes" image="deployment-modes.svg" >}}
Istio offers two data plane modes for users to choose. Deploy with the new ambient mode for a simplified app operational lifecycle or with traditional sidecars for complex configurations.
<a class="btn" href="/docs/overview/dataplane-modes/">Learn about data plane modes</a>
{{< /feature_block>}}
{{< feature_block header="Powered by Envoy" image="envoy.svg" >}}
Built on the industry standard gateway proxy for cloud native applications, Istio is highly performative and extensible by design. Add custom traffic functionality with WebAssembly, or integrate third-party policy systems.
<a class="btn" href="/docs/overview/why-choose-istio/#envoy">Learn about Istio and Envoy</a>
{{< /feature_block>}}
{{< feature_block header="A true community project" image="community-project.svg" >}}
Istio has been designed for modern workloads and engineered by a vast community of innovators across the cloud native landscape.
<a class="btn" href="/docs/overview/why-choose-istio/#community">Learn about Istio's contributors</a>
{{< /feature_block>}}
{{< feature_block header="Stable binary releases" image="stable-releases.svg" >}}
Confidently deploy Istio across production workloads. All releases are fully accessible at no cost.
<a class="btn" href="/docs/overview/why-choose-istio/#packages">Learn about how Istio is packaged</a>
{{< /feature_block>}}

17
content/en/docs/ops/deployment/architecture/cni/index.md Normal file
View File

@ -0,0 +1,17 @@
---
title: CNI plugin
description: Describes how Istio's CNI plugin works.
weight: 10
owner: istio/wg-networking-maintainers
test: n/a
---
Kubernetes has a unique and permissive networking model. In order to configure L2-L4 networking between Pods, [a Kubernetes cluster requires an _interface_ Container Network Interface (CNI) plugin](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/). This plugin runs whenever a new pod is created, and sets up the network environment for that pod.
If you are using a hosted Kubernetes provider, you usually have limited choice in what CNI plugin you get in your cluster: it is an implementation detail of the hosted implementation.
In order to configure mesh traffic redirection, regardless of what CNI you or your provider choose to use for L2-L4 networking, Istio includes a _chained_ CNI plugin, which runs after all configured CNI interface plugins. The API for defining chained and interface plugins, and for sharing data between them, is part of the [CNI specification](https://www.cni.dev/). Istio works with all CNI implementations that follow the CNI standard, in both sidecar and ambient mode.
The Istio CNI plugin is optional in sidecar mode, and required in {{<gloss>}}ambient{{< /gloss >}} mode.
* [Learn how to install Istio with a CNI plugin](/docs/setup/additional-setup/cni/)

6
content/en/docs/overview/_index.md Normal file
View File

@ -0,0 +1,6 @@
---
title: Overview
description: A high-level introduction to Istio and service mesh.
weight: 5
test: table-of-contents
---

294
content/en/docs/overview/dataplane-modes/index.md Normal file
View File

@ -0,0 +1,294 @@
---
title: Sidecar or ambient?
description: Learn about Istio's two dataplane modes and which you should use.
weight: 30
keywords: [sidecar, ambient]
owner: istio/wg-docs-maintainers-english
test: n/a
---
An Istio service mesh is logically split into a data plane and a control plane.
The {{< gloss >}}data plane{{< /gloss >}} is the set of proxies that mediate and control all network communication between microservices. They also collect and report telemetry on all mesh traffic.
The {{< gloss >}}control plane{{< /gloss >}} manages and configures the proxies in the data plane.
Istio supports two main {{< gloss "data plane mode">}}data plane modes{{< /gloss >}}:
* **sidecar mode**, which deploys an Envoy proxy along with each pod that you start in your cluster, or running alongside services running on VMs.
* **ambient mode**, which uses a per-node Layer 4 proxy, and optionally a per-namespace Envoy proxy for Layer 7 features.
The two modes can interoperate with one another<sup>[α](#supported-features)</sup>, and you can opt certain namespaces or workloads into each mode.
## Sidecar mode
Istio has been built on the sidecar pattern from its first release in 2017. Sidecar mode is well understood and thoroughly battle-tested, but comes with a resource cost and operational overhead.
* Each application you deploy has an Envoy proxy {{< gloss "injection" >}}injected{{< /gloss >}} as a sidecar
* All proxies can process both Layer 4 and Layer 7
## Ambient mode
Launched in 2002, ambient mode was built to address the shortcomings reported by users of sidecar mode. As of Istio 1.22, it is production-ready for single cluster use cases.
* All traffic is proxied through a Layer 4-only node proxy
* Applications can opt in to routing through an Envoy proxy to get Layer 7 features
## Choosing between sidecar and ambient
Users often deploy a mesh to enable a zero-trust security posture as a first-step and then selectively enable L7 capabilities as needed. Ambient mesh allows those users to bypass the cost of L7 processing entirely when its not needed.
<table>
<thead>
<tr>
<td style="border-width: 0px"></td>
<th><strong>Sidecar</strong></th>
<th><strong>Ambient</strong></th>
</tr>
</thead>
<tbody>
<tr>
<th>Traffic management</th>
<td>Full Istio feature set</td>
<td>Full Istio feature set (requires using waypoint)</td>
</tr>
<tr>
<th>Security</th>
<td>Full Istio feature set</td>
<td>Full Istio feature set: encryption and L4 authorization in ambient mode. Requires waypoints for L7 authorization.</td>
</tr>
<tr>
<th>Observability</th>
<td>Full Istio feature set</td>
<td>Full Istio feature set: L4 telemetry in ambient mode; L7 observability when using waypoint</td>
</tr>
<tr>
<th>Extensibility</th>
<td>Full Istio feature set</td>
<td>Full Istio feature set (requires using waypoint) <sup><a href="#supported-features">&alpha;</a></sup></td>
</tr>
<tr>
<th>Adding workloads to the mesh</th>
<td>Label a namespace and restart all pods to have sidecars added</td>
<td>Label a namespace - no pod restart required</td>
</tr>
<tr>
<th>Incremental deployment</th>
<td>Binary: sidecar is injected or it isn't</td>
<td>Gradual: L4 is always on, L7 can be added by configuration</td>
</tr>
<tr>
<th>Lifecycle management</th>
<td>Proxies managed by application developer</td>
<td>Platform administrator</td>
</tr>
<tr>
<th>Utilization of resources</th>
<td>Wasteful; CPU and memory resources must be provisioned for worst case usage of each individual pod</td>
<td>Waypoint proxies can be auto-scaled like any other Kubernetes deployment.<br>A workload with many replicas can use one waypoint, vs. each one having its own sidecar.
</td>
</tr>
<tr>
<th>Average resource cost</th>
<td>Large</td>
<td>Small</td>
</tr>
<tr>
<th>Average latency (p90/p99)</th>
<td>0.63ms-0.88ms</td>
<td>Ambient: 0.16ms-0.20ms<br />Waypoint: 0.40ms-0.50ms</td>
</tr>
<tr>
<th>L7 processing steps</th>
<td>2 (source and destination sidecar)</td>
<td>1 (destination waypoint)</td>
</tr>
<tr>
<th>Configuration at scale</th>
<td>Requires <a href="/docs/ops/configuration/mesh/configuration-scoping/">configuration of the scope of each sidecar</a> to reduce configuration</td>
<td>Works without custom configuration</td>
</tr>
<tr>
<th>Supports "server-first" protocols</th>
<td><a href="/docs/ops/deployment/application-requirements/#server-first-protocols">Requires configuration</a></td>
<td>Yes</td>
</tr>
<tr>
<th>Support for Kubernetes Jobs</th>
<td>Complicated by long life of sidecar</td>
<td>Transparent</td>
</tr>
<tr>
<th>Security model</th>
<td>Strongest: each workload has its own keys</td>
<td>Strong: each node agent has only the keys for workloads on that node</td>
</tr>
<tr>
<th>Compromised application pod<br>gives access to mesh keys</th>
<td>Yes</td>
<td>No</td>
</tr>
<tr>
<th>Support</th>
<td>Stable, including multi-cluster</td>
<td>Beta, single-cluster</td>
</tr>
<tr>
<th>Platforms supported</th>
<td>Kubernetes (any CNI)<br />Virtual machines</td>
<td>Kubernetes (any CNI)</td>
</tr>
</tbody>
</table>
## Layer 4 vs Layer 7 features
The overhead for processing protocols at Layer 7 is substantially higher than processing network packets at Layer 4. For a given service, if your requirements can be met at L4, service mesh can be delivered at substantially lower cost.
### Security
<table>
<thead>
<tr>
<td style="border-width: 0px" width="20%"></td>
<th width="40%">L4</th>
<th width="40%">L7</th>
</tr>
</thead>
<tbody>
<tr>
<th>Encryption</th>
<td>All traffic between pods is encrypted using {{< gloss "mutual tls authentication" >}}mTLS{{< /gloss >}}.</td>
<td>N/A&mdash;service identity in Istio is based on TLS.</td>
</tr>
<tr>
<th>Service-to-service authentication</th>
<td>{{< gloss >}}SPIFFE{{< /gloss >}}, via mTLS certificates. Istio issues a short-lived X.509 certificate that encodes the pod's service account identity.</td>
<td>N/A&mdash;service identity in Istio is based on TLS.</td>
</tr>
<tr>
<th>Service-to-service authorization</th>
<td>Network-based authorization, plus identity-based policy, e.g.:
<ul>
<li>A can accept inbound calls from only "10.2.0.0/16";</li>
<li>A can call B.</li>
</ul>
</td>
<td>Full policy, e.g.:
<ul>
<li>A can GET /foo on B only with valid end-user credentials containing the READ scope.</li>
</ul>
</td>
</tr>
<tr>
<th>End-user authentication</th>
<td>N/A&mdash;we can't apply per-user settings.</td>
<td>Local authentication of JWTs, support for remote authentication via OAuth and OIDC flows.</td>
</tr>
<tr>
<th>End-user authorization</th>
<td>N/A&mdash;see above.</td>
<td>Service-to-service policies can be extended to require <a href="/docs/reference/config/security/conditions/">end-user credentials with specific scopes, issuers, principal, audiences, etc.</a><br />Full user-to-resource access can be implemented using external authorization, allowing per-request policy with decisions from an external service, e.g. OPA.</td>
</tr>
</tbody>
</table>
### Observability
<table>
<thead>
<tr>
<td style="border-width: 0px" width="20%"></td>
<th width="40%">L4</th>
<th width="40%">L7</th>
</tr>
</thead>
<tbody>
<tr>
<th>Logging</th>
<td>Basic network information: network 5-tuple, bytes sent/received, etc. <a href="https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators">See Envoy docs</a>.</td>
<td><a href="https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators">Full request metadata logging</a>, in addition to basic network information.</td>
</tr>
<tr>
<th>Tracing</th>
<td>Not today; possible eventually with HBONE.</td>
<td>Envoy participates in distributed tracing. <a href="/docs/tasks/observability/distributed-tracing/overview/">See Istio overview on tracing</a>.</td>
</tr>
<tr>
<th>Metrics</th>
<td>TCP only (bytes sent/received, number of packets, etc.).</td>
<td>L7 RED metrics: rate of requests, rate of errors, request duration (latency).</td>
</tr>
</tbody>
</table>
### Traffic management
<table>
<thead>
<tr>
<td style="border-width: 0px" width="20%"></td>
<th width="40%">L4</th>
<th width="40%">L7</th>
</tr>
</thead>
<tbody>
<tr>
<th>Load balancing</th>
<td>Connection level only. <a href="/docs/tasks/traffic-management/tcp-traffic-shifting/">See TCP traffic shifting task</a>.</td>
<td>Per request, enabling e.g. canary deployments, gRPC traffic, etc. <a href="/docs/tasks/traffic-management/traffic-shifting/">See HTTP traffic shifting task</a>.</td>
</tr>
<tr>
<th>Circuit breaking</th>
<td><a href="/docs/reference/config/networking/destination-rule/#ConnectionPoolSettings-TCPSettings">TCP only</a>.</td>
<td><a href="/docs/reference/config/networking/destination-rule/#ConnectionPoolSettings-HTTPSettings">HTTP settings</a> in addition to TCP.</td>
</tr>
<tr>
<th>Outlier detection</th>
<td>On connection establishment/failure.</td>
<td>On request success/failure.</td>
</tr>
<tr>
<th>Rate limiting</th>
<td><a href="https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/rate_limit_filter#config-network-filters-rate-limit">Rate limit on L4 connection data only, on connection establishment</a>, with global and local rate limiting options.</td>
<td><a href="https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/rate_limit_filter#config-http-filters-rate-limit">Rate limit on L7 request metadata</a>, per request.</td>
</tr>
<tr>
<th>Timeouts</th>
<td>Connection establishment only (connection keep-alive is configured via circuit breaking settings).</td>
<td>Per request.</td>
</tr>
<tr>
<th>Retries</th>
<td>Retry connection establishment</td>
<td>Retry per request failure.</td>
</tr>
<tr>
<th>Fault injection</th>
<td>N/A&mdash;fault injection cannot be configured on TCP connections.</td>
<td>Full application and connection-level faults (<a href="/docs/tasks/traffic-management/fault-injection/">timeouts, delays, specific response codes</a>).</td>
</tr>
<tr>
<th>Traffic mirroring</th>
<td>N/A&mdash;HTTP only</td>
<td><a href="/docs/tasks/traffic-management/mirroring/">Percentage-based mirroring of requests to multiple backends</a>.</td>
</tr>
</tbody>
</table>
## Supported features
As of Istio 1.22, the following ambient mode features are implemented but are currently in Alpha status:
* Interoperability with sidecars
* Istios classic APIs (VirtualService and DestinationRule)
* Multi-cluster installations
* DNS proxying
* IPv6/Dual stack
* SOCKS5 support (for outbound)
The following features are not yet implemented:
* Controlled egress traffic
* Multi-network support
* VM support

35
content/en/docs/overview/what-is-istio/index.md Normal file
View File

@ -0,0 +1,35 @@
---
title: What is Istio?
description: Find out what Istio can do for you.
weight: 10
keywords: [introduction]
owner: istio/wg-docs-maintainers-english
test: n/a
---
Istio is an open source service mesh that layers transparently onto existing distributed applications. Istios powerful features provide a uniform and more efficient way to secure, connect, and monitor services. Istio is the path to load balancing, service-to-service authentication, and monitoring with few or no service code changes. It gives you:
* Secure service-to-service communication in a cluster with mutual TLS encryption, strong identity-based authentication and authorization
* Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic
* Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection
* A pluggable policy layer and configuration API supporting access controls, rate limits and quotas
* Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress
Istio is designed for extensibility and can handle a diverse range of deployment needs. Istios {{< gloss >}}control plane{{< /gloss >}} runs on Kubernetes, and you can add applications deployed in that cluster to your mesh, [extend the mesh to other clusters](/docs/ops/deployment/deployment-models/), or even [connect VMs or other endpoints](/docs/ops/deployment/vm-architecture/) running outside of Kubernetes.
A large ecosystem of contributors, partners, integrations, and distributors extend and leverage Istio for a wide variety of scenarios. You can install Istio yourself, or a [large number of vendors](/about/ecosystem)) have products that integrate Istio and manage it for you.
## How it works
Istio uses a proxy to intercept all your network traffic, allowing a broad set of application-aware features based on configuration you set.
The control plane takes your desired configuration, and its view of the services, and dynamically programs the proxy servers, updating them as the rules or the environment changes.
The data plane is the communication between services. Without a service mesh, the network doesnt understand the traffic being sent over, and cant make any decisions based on what type of traffic it is, or who it is from or to.
Istio supports two data plane modes:
* **sidecar mode**, which deploys an Envoy proxy along with each pod that you start in your cluster, or running alongside services running on VMs.
* **ambient mode**, which uses a per-node Layer 4 proxy, and optionally a per-namespace Envoy proxy for Layer 7 features.
[Learn how to choose which mode is right for you](/docs/overview/dataplane-modes/).

64
content/en/docs/overview/why-choose-istio/index.md Normal file
View File

@ -0,0 +1,64 @@
---
title: Why choose Istio?
description: Compare Istio to other service mesh solutions.
weight: 20
keywords: [comparison]
owner: istio/wg-docs-maintainers-english
test: n/a
---
Istio pioneered the concept of a sidecar-based service mesh when it launched in 2017. Out of the gate, the project included the features that would come to define a service mesh, including standards-based mutual TLS for zero-trust networking, smart traffic routing, and observability through metrics, logs and tracing.
Since then, the project has driven advances in the mesh space including [multi-cluster & multi-network topologies](/docs/ops/deployment/deployment-models/), [extensibility via WebAssembly](/docs/concepts/wasm/), the [development of the Kubernetes Gateway API](/blog/2022/gateway-api-beta/), and moving the mesh infrastructure away from application developers with [ambient mode](/docs/ambient/overview/).
Here are a few reasons we think you should use Istio as your service mesh.
## Simple and powerful
Kubernetes has hundreds of features and dozens of APIs, but you can get started with it with just one command. We've built Istio to be the same way. Progressive disclosure means you can use a small set of APIs, and only turn the more powerful knobs if you have the need. Other "simple" service meshes spent years catching up to the feature set Istio had on day 1.
It is better to have a feature and not need it, than to need it and not have it!
## The Envoy proxy {#envoy}
From the beginning, Istio has been powered by the {{< gloss >}}Envoy{{< /gloss >}} proxy, a high performance service proxy initially built by Lyft. Istio was the first project to adopt Envoy, and [the Istio team were the first external committers](https://eng.lyft.com/envoy-7-months-later-41986c2fd443). Envoy would go on to become [the load balancer that powers Google Cloud](https://cloud.google.com/load-balancing/docs/https) as well as the proxy for almost every other service mesh platform.
Istio inherits all the power and flexibility of Envoy, including world-class extensibility using WebAssembly that was [developed in Envoy by the Istio team](/blog/2020/wasm-announce/).
## Community
Istio is a true community project. In 2023, there were 10 companies who made over 1,000 contributions each to Istio, with no single company exceeding 25%. ([See the numbers here](https://istio.devstats.cncf.io/d/5/companies-table?var-period_name=Last%20year&var-metric=contributions&orgId=1)).
No other service mesh project has the breadth of support from the industry as Istio.
## Packages
We make stable binary releases available to everyone, with every release, and commit to continue doing so. We publish free and regular security patches for [our latest release and a number of prior releases](/docs/releases/supported-releases/). Many of our vendors will support older versions, but we believe that engaging a vendor should not be a requirement to be safe in a stable open source project.
## Alternatives considered
A good design document includes a section on alternatives that were considered, and ultimately rejected.
### Why not "use eBPF"?
We do - where it's appropriate! Istio can be configured to use {{< gloss >}}eBPF{{< /gloss >}} [to route traffic from pods to proxies](/blog/2022/merbridge/). This shows a small performance increase over using `iptables`.
Why not use it for everything? No-one does, because no-one actually can.
eBPF is a virtual machine that runs inside the Linux kernel. It was designed for functions guaranteed to complete in a limited compute envelope to avoid destabilizing kernel behavior, such as those that perform simple L3 traffic routing or application observability. It was not designed for long running or complex functions like those found in Envoy: that's why operating systems have [user space](https://en.wikipedia.org/wiki/User_space_and_kernel_space)! eBPF maintainers have theorized that it could eventually be extended to support running a program as complex as Envoy, but this is a science project and unlikely to have real world practicality.
Other meshes that claim to "use eBPF" actually use a per-node Envoy proxy, or other user space tools, for much of their functionality.
### Why not use a per-node proxy?
Envoy is not inherently multi-tenant. As a result, we have major security and stability concerns with commingling complex processing rules for L7 traffic from multiple unconstrained tenants in a shared instance. Since Kubernetes, by default can schedule a pod from any namespace onto any node, the node is not an appropriate tenancy boundary. Budgeting and cost attribution are also major issues, as L7 processing costs a lot more than L4.
In ambient mode, we strictly limit our ztunnel proxy to L4 processing - [just like the Linux kernel](https://blog.howardjohn.info/posts/ambient-spof/). This reduces the vulnerability surface area significantly, and allows us to safely operate a shared component. Traffic is then forwarded off to Envoy proxies that operate per-namespace, such that no Envoy proxy is ever multi-tenant.
## I have a CNI. Why do I need Istio?
Today, some CNI plugins are starting to offer service mesh-like functionality as an add-on that sits on top of their own CNI implementation. For example, they may implement their own encryption schemes for traffic between nodes or pods, workload identity, or support some amount of transport-level policy by redirecting traffic to a L7 proxy. These service mesh addons are non-standard, and as such can only work on top of the CNI that ships them. They also offer varying feature sets. For example, solutions built on top of Wireguard cannot be made FIPS-compliant.
For this reason, Istio has implemented its zero-trust tunnel (ztunnel) component, which transparently and efficiently provides this functionality using proven, industry-standard encryption protocols. [Learn more about ztunnel](/docs/ambient/overview).
Istio is designed to be a service mesh that provides a consistent, highly secure, efficient, and standards-compliant service mesh implementation providing a [powerful set of L7 policies](/docs/concepts/security/#authorization), [platform-agnostic workload identity](/docs/concepts/security/#istio-identity), using [industry-proven mTLS protocols](/docs/concepts/security/#mutual-tls-authentication) - in any environment, with any CNI, or even across clusters with different CNIs.

6
content/en/docs/reference/glossary/eBPF.md Normal file
View File

@ -0,0 +1,6 @@
---
title: eBPF
test: n/a
---
eBPF is a technology that can run programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel at runtime without requiring changes to kernel source code or loading kernel modules.

2
content/en/docs/reference/glossary/waypoint.md
View File

@ -4,4 +4,4 @@ test: n/a
---
A waypoint is the Layer 7 proxy component in [ambient mode](/docs/reference/glossary/#ambient).
Waypoints run on a per-namespace on per-service account basis and handle all traffic entering that namespace.
Waypoints typically run on a per-namespace basis and handle all traffic entering that namespace.

2
content/zh/about/case-studies/bol.com/index.md
View File

@ -7,7 +7,7 @@ author:
image: "/img/authors/roland-kool.png"
companyName: "bol.com"
companyURL: "https://bol.com/"
logo: "/logos/bol-com.png"
logo: "/logos/bol.svg"
skip_toc: true
skip_byline: true
skip_pagenav: true

18
data/companies.yml
View File

@ -3,10 +3,10 @@
providers:
- name: "Google Cloud's Anthos Service Mesh"
logo: "/logos/google-cloud.png"
url: "https://cloud.google.com/anthos/service-mesh"
url: "https://cloud.google.com/service-mesh"
- name: "Managed Istio on IBM Cloud Kubernetes Service"
logo: "/logos/ibm-cloud.svg"
url: "https://www.ibm.com/cloud/istio"
url: "https://www.ibm.com/products/istio"
- name: "Red Hat OpenShift Service Mesh"
logo: "/logos/redhat.svg"
url: "https://www.redhat.com/en/technologies/cloud-computing/openshift/what-is-openshift-service-mesh"
@ -22,18 +22,21 @@ providers:
- name: "Gloo Mesh by Solo.io"
logo: "/logos/solo.png"
url: "https://www.solo.io/products/gloo-mesh/"
- name: "Istio Addon for Azure Kubernetes Service"
logo: "/logos/microsoft-azure.svg"
url: "https://learn.microsoft.com/en-us/azure/aks/istio-about"
- name: "Aspen Service Mesh by F5"
logo: "/logos/f5.svg"
url: "https://www.f5.com/products/aspen-service-mesh"
url: "https://www.f5.com/products/aspen-mesh"
- name: "Intel Edge Multi-Cluster Orchestrator"
logo: "/logos/intel.svg"
url: "https://smart-edge-open.github.io/ido-specs/doc/building-blocks/emco/smartedge-open-emco/"
- name: "Ericsson"
logo: "/logos/ericsson.svg"
url: "https://www.ericsson.com/en/core-network/5g-core"
- name: "Outshift by Cisco"
logo: "/logos/outshift.svg"
url: "https://eti.cisco.com"
- name: "Cisco Intersight Kubernetes Service"
logo: "/logos/cisco.svg"
url: "https://www.cisco.com/site/us/en/products/computing/hybrid-cloud-operations/intersight-kubernetes-service/index.html"
- name: "SAP Business Technology Platform, Kyma Runtime"
logo: "/logos/sap.svg"
url: "https://discovery-center.cloud.sap/serviceCatalog/kyma-runtime"
@ -91,9 +94,6 @@ providers:
- name: "Baidu AI Cloud Mesh"
logo: "/logos/baidu-ai-cloud.svg"
url: "https://cloud.baidu.com/product/csm.html"
- name: "Istio Addon for Azure Kubernetes Service"
logo: "/logos/microsoft-azure.svg"
url: "https://learn.microsoft.com/en-us/azure/aks/istio-about"
- name: "IMESH Platform"
logo: "/logos/imesh.svg"
url: "https://imesh.ai/imesh-istio-platform.html"

18
i18n/en.toml
View File

@ -325,6 +325,15 @@ other = "Service mesh"
[what_is_istio]
other = "What is Istio?"
[join_the_community]
other = "Join the community"
[get_started]
other = "Get started"
[latest_news]
other = "Latest news"
[solutions]
other = "Solutions"
@ -334,8 +343,15 @@ other = "Deployment"
[learn_more]
other = "Learn more"
[read_more]
other = "Read more"
[connect_with_us]
other = "Connect with us"
[traffic_management]
other = "Traffic Management"
other = "Reliability"
[observability]
other = "Observability"

11
layouts/home.html
View File

@ -23,15 +23,20 @@
}
</script>
<script src="https://cdn.jsdelivr.net/npm/@splidejs/splide@latest/dist/js/splide.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/@splidejs/splide-extension-auto-scroll@latest/dist/js/splide-extension-auto-scroll.min.js"></script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@splidejs/splide@latest/dist/css/splide.min.css">
<script>
document.addEventListener("DOMContentLoaded", function(event) {
new Splide('.case-studies', {
type: 'loop',
perPage: 1,
perPage: 3,
start: 2,
arrows: false
}).mount();
arrows: false,
autoScroll: {
speed: 1,
},
pagination: false,
}).mount( window.splide.Extensions );
});
</script>

3
layouts/partials/logo_carousel_panel.html Normal file
View File

@ -0,0 +1,3 @@
<div class="logo-carousel">
<img src="{{ .logo }}" alt="{{ .company }} logo" />
</div>

15
layouts/shortcodes/logo_carousel.html Normal file
View File

@ -0,0 +1,15 @@
{{ $caseStudyPages := where .Site.RegularPages "Type" "case-studies" }}
{{ with $caseStudyPages }}
<div class="case-studies splide istio-splide">
<div class="splide__track">
<ul class="splide__list">
{{ range first 15 . }}
<li class="splide__slide">
{{ partial "logo_carousel_panel" (dict "company" .Params.companyName "logo" .Params.logo)}}
</li>
{{ end }}
</ul>
</div>
</div>
{{ end }}

35
src/sass/misc/_landing.scss
View File

@ -11,6 +11,7 @@
#banner {
position: relative;
display: flex;
flex-direction: column;
justify-content: center;
align-items: center;
padding: 10rem 3.375rem 9.125rem;
@ -27,21 +28,21 @@
margin-top: -$headerHeightLg;
}
#hero-text {
font-size: 1.75rem;
line-height: 1.36;
color: #ffffff;
text-align: center;
font-weight: $semiBoldWeight;
max-width: 750px;
z-index: 1;
h1 {
margin-bottom: .5rem;
font-weight: var(--semiBoldWeight);
z-index: 99999;
@media (min-width: $bp-md) {
font-size: 3rem;
line-height: 1.2;
margin-bottom: 1.5rem;
}
}
h1, .subtitle {
color: #ffffff;
z-index: 99999;
}
&-animation {
position: absolute;
top: 0;
@ -83,11 +84,15 @@
}
}
h1 { text-align: center; }
h1 {
margin-bottom: 1.5rem;
h1, .subtitle {
max-width: $container-s;
margin-left: auto;
margin-right: auto;
@media (min-width: $bp-md) {
margin-bottom: 2.5rem;
}
}
p {
font-size: 1.5rem;
}
}

25
src/sass/misc/_logo-gallery.scss
View File

@ -88,3 +88,28 @@
}
}
}
.logo-carousel {
// copied from the panel CSS; the logo on the front page is no longer in a panel
// so we can edit this as we see fit.
margin-top: 2.125rem;
position: relative;
height: 60px;
width: 100%;
transition: filter .175s ease-in;
img {
max-height: 100%;
max-width: 200px;
width: auto;
height: auto;
position: absolute;
top: 0;
bottom: 0;
left: 0;
right: 0;
margin: auto;
}
}

5
src/sass/misc/_panel.scss
View File

@ -18,7 +18,8 @@
}
.panel {
display: inline-block;
display: flex;
flex-direction: column;
width: 100%;
max-width: 320px;
min-height: 320px;
@ -141,8 +142,6 @@
color: $primaryColor;
}
.panel-body { height: auto; }
@media (max-width: $bp-sm) {
margin-left: 0;
margin-right: 0;

2
static/img/service-mesh.svg
View File

File diff suppressed because one or more lines are too long
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 141 KiB

After

Width:  |  Height:  |  Size: 111 KiB

BIN
static/logos/bol-com.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 26 KiB

19
static/logos/bol.svg Normal file
View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 28.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.0" id="katman_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 841.89 595.28" style="enable-background:new 0 0 841.89 595.28;" xml:space="preserve">
<style type="text/css">
.st0{fill:#2A4B9B;}
</style>
<g>
<path class="st0" d="M441.29,362.02c23.3,0,39.34-15.54,39.34-37.74c0-22.2-16.04-37.75-39.34-37.75
c-23.3,0-39.34,15.54-39.34,37.75C401.96,346.48,418,362.02,441.29,362.02z M441.29,223.25c82.43,0,113.94,53.66,113.94,101.02
c0,51.81-36.27,101.02-113.2,101.02c-82.43,0-114.67-53.29-114.67-101.02C327.36,273.95,361.43,223.25,441.29,223.25z"/>
<path class="st0" d="M570.36,169.52h74.52V421.9h-74.52V169.52z"/>
<path class="st0" d="M747.33,379.83c0-25.11-20.35-45.46-45.46-45.46s-45.47,20.36-45.47,45.46c0,25.11,20.36,45.46,45.47,45.46
S747.33,404.94,747.33,379.83z"/>
<path class="st0" d="M169.16,359.28c10.01,1.87,21.14,2.67,28.56,2.67c27.07,0,44.87-14.9,44.87-37.75
c0-22.47-17.43-37.74-42.64-37.74c-9.27,0-20.4,1.28-30.79,4.65V359.28z M94.64,169.52h74.52v61.8
c14.65-5.55,29.78-8.14,45.54-8.14c58.62,0,101.11,42.93,101.11,101.76c0,44.41-30.41,96.95-99.65,96.95H94.64V169.52z"/>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.3 KiB

1
static/logos/cisco.svg Normal file
View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" xmlns:svg="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="svg24" width="216" height="114" fill="#049fd9" version="1.1"><path id="path10" d="m 106.48,76.238 c -0.282,-0.077 -4.621,-1.196 -9.232,-1.196 -8.73,0 -13.986,4.714 -13.986,11.734 0,6.214 4.397,9.313 9.674,10.98 0.585,0.193 1.447,0.463 2.021,0.653 2.349,0.739 4.224,1.837 4.224,3.739 0,2.127 -2.167,3.504 -6.878,3.504 -4.14,0 -8.109,-1.184 -8.945,-1.395 v 8.637 c 0.466,0.099 5.183,1.025 10.222,1.025 7.248,0 15.539,-3.167 15.539,-12.595 0,-4.573 -2.8,-8.783 -8.947,-10.737 L 97.559,89.755 C 96,89.263 93.217,88.466 93.217,86.181 c 0,-1.805 2.062,-3.076 5.859,-3.076 3.276,0 7.263,1.101 7.404,1.145 z m 80.041,18.243 c 0,5.461 -4.183,9.879 -9.796,9.879 -5.619,0 -9.791,-4.418 -9.791,-9.879 0,-5.45 4.172,-9.87 9.791,-9.87 5.613,0 9.796,4.42 9.796,9.87 m -9.796,-19.427 c -11.544,0 -19.823,8.707 -19.823,19.427 0,10.737 8.279,19.438 19.823,19.438 11.543,0 19.834,-8.701 19.834,-19.438 0,-10.72 -8.291,-19.427 -19.834,-19.427 M 70.561,113.251 H 61.089 V 75.719 h 9.472"/><path id="path12" d="m 48.07,76.399 c -0.89,-0.264 -4.18,-1.345 -8.636,-1.345 -11.526,0 -19.987,8.218 -19.987,19.427 0,12.093 9.34,19.438 19.987,19.438 4.23,0 7.459,-1.002 8.636,-1.336 v -10.075 c -0.407,0.226 -3.503,1.992 -7.957,1.992 -6.31,0 -10.38,-4.441 -10.38,-10.019 0,-5.748 4.246,-10.011 10.38,-10.011 4.53,0 7.576,1.805 7.957,2.004"/><use id="use14" transform="translate(98.86)" xlink:href="#path12"/><g id="g22"><path id="path16" d="m 61.061,4.759 c 0,-2.587 -2.113,-4.685 -4.703,-4.685 -2.589,0 -4.702,2.098 -4.702,4.685 v 49.84 c 0,2.602 2.113,4.699 4.702,4.699 2.59,0 4.703,-2.097 4.703,-4.699 z M 35.232,22.451 c 0,-2.586 -2.112,-4.687 -4.702,-4.687 -2.59,0 -4.702,2.101 -4.702,4.687 v 22.785 c 0,2.601 2.112,4.699 4.702,4.699 2.59,0 4.702,-2.098 4.702,-4.699 z M 9.404,35.383 C 9.404,32.796 7.292,30.699 4.702,30.699 2.115,30.699 0,32.796 0,35.383 v 9.853 c 0,2.601 2.115,4.699 4.702,4.699 2.59,0 4.702,-2.098 4.702,-4.699"/><use id="use18" transform="matrix(-1,0,0,1,112.717,0)" xlink:href="#path16"/></g><use id="use20" transform="matrix(-1,0,0,1,216,0)" xlink:href="#g22"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 2.1 KiB

71
static/logos/outshift.svg
View File

@ -1,71 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg id="Outshift" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 552.73 227.44">
<defs>
<style>
.cls-1 {
fill: none;
}
.cls-2 {
clip-path: url(#clippath);
}
.cls-3 {
fill: #0051af;
}
.cls-4 {
fill: #00bceb;
}
.cls-5 {
fill: #ff6d2d;
}
.cls-6 {
fill: #0f294f;
}
.cls-7 {
fill: #74bf4b;
}
.cls-8 {
clip-path: url(#clippath-1);
}
</style>
<clipPath id="clippath">
<rect class="cls-1" x="0" y="0" width="552.73" height="227.44"/>
</clipPath>
<clipPath id="clippath-1">
<rect class="cls-1" x="0" y="0" width="552.73" height="227.44"/>
</clipPath>
</defs>
<g id="Logo_Full_Color" data-name="Logo Full Color">
<g>
<path class="cls-4" d="m208.49,212.74c0-2.08-.52-3.65-1.56-4.69-.83-.85-1.91-1.27-3.25-1.27-1.55,0-2.78.56-3.7,1.69-.87,1.08-1.31,2.51-1.31,4.27,0,2.13.52,3.75,1.56,4.88.87.98,2.02,1.47,3.44,1.47,1.59,0,2.81-.58,3.63-1.75.79-1.08,1.18-2.61,1.18-4.59h0Zm-10.2,8.48h-2.52v-22.95h3.06v8.67c1.3-1.85,3.15-2.77,5.55-2.77s4.23.85,5.55,2.55c1.17,1.53,1.75,3.56,1.75,6.09,0,3-.8,5.29-2.39,6.89-1.34,1.34-3.05,2.01-5.13,2.01-2.36,0-4.15-.89-5.39-2.68l-.48,2.2h0Z"/>
<path class="cls-4" d="m228.38,204.64l-5.77,16.8c-.76,2.23-1.5,3.75-2.2,4.56-.83.96-1.9,1.43-3.22,1.43-.55,0-1.21-.1-1.98-.29v-2.49c.59.15,1.13.22,1.59.22.66,0,1.17-.23,1.53-.69.36-.46.82-1.45,1.37-2.98h-.99l-6.09-16.58h3.32l4.69,14.09,4.69-14.09h3.06Z"/>
<path class="cls-4" d="m265.88,198.26v23.13h5.78v-23.13h-5.78Zm-8.16,6.53c0-1.87-.06-3.56.02-5.23.04-.85-.36-1.19-1.05-1.25-2.02-.17-4.08-.56-6.07-.34-9.69,1.08-13.12,11.2-9.01,18.19,3.2,5.46,9.97,6.83,15.45,5.1.25-.08.6-.38.61-.59.05-1.88.03-3.76.03-5.37-1.95.25-3.72.67-5.5.66-3.12-.01-5.52-2.31-5.81-5.24-.33-3.35,1.4-5.95,4.53-6.83,2.31-.65,4.47-.02,6.8.9h0Zm61.36-6.17c-6.47-2-12.55-.28-15.69,4.39-2.96,4.4-2.68,10.53.67,14.63,3.25,3.98,9.86,5.49,15,3.39.02-.25.05-.52.05-.79,0-1.73,0-3.45,0-5.29-.47.17-.83.4-1.21.44-1.79.2-3.63.7-5.36.45-3.24-.46-4.99-3.31-4.67-6.9.26-2.89,2.78-5.29,5.81-5.24,1.8.03,3.59.49,5.4.75v-5.83h0Zm-39.53,17.79c0,1.17-.04,2.66.04,4.16.02.3.47.8.75.82,2.84.14,5.73.55,8.52.22,4.98-.59,7.89-5.12,6.45-9.53-.8-2.47-2.73-3.74-5.04-4.58-1.02-.37-2.12-.57-3.04-1.11-.62-.36-1.4-1.21-1.34-1.75.06-.57.98-1.3,1.64-1.48,1.06-.28,2.24-.23,3.36-.17,1.01.05,2.01.31,3.05.48v-5.24c-2.52-.1-5.01-.4-7.47-.25-3.83.23-6.29,2.68-6.85,6.38-.46,3.08,1.33,5.76,4.85,7.18,1.09.44,2.24.73,3.32,1.19.91.38,1.87,1.04,1.47,2.11-.26.69-1.18,1.56-1.85,1.6-2.54.16-5.1,0-7.87-.03h0Z"/>
<g class="cls-2">
<path class="cls-4" d="m337.55,215.98c-3.4,0-6.14-2.77-6.07-6.14.07-3.41,2.68-5.95,6.12-5.94,3.53,0,6.15,2.61,6.14,6.06-.02,3.41-2.7,6.02-6.18,6.02h0Zm.08-18.11c-7.1,0-12.33,5.15-12.33,12.11,0,6.82,5.3,11.99,12.3,11.99,7.04,0,12.36-5.22,12.35-12.12,0-6.85-5.29-11.99-12.32-11.99h0Z"/>
<path class="cls-4" d="m0,120.66c.02,4.55,3.78,8.2,8.34,8.18l82.37-.18c4.62-.02,8.28-3.7,8.26-8.26-.02-4.53-3.72-8.21-8.34-8.19l-82.37.18C3.71,112.41-.02,116.12,0,120.66H0Z"/>
</g>
<path class="cls-4" d="m55.92,186.93c2.29,3.93,7.37,5.21,11.31,2.92l34.83-20.32c3.99-2.33,5.32-7.35,3.03-11.28-2.28-3.92-7.32-5.25-11.31-2.92l-34.83,20.32c-3.94,2.3-5.31,7.37-3.03,11.29h0Z"/>
<g class="cls-8">
<path class="cls-4" d="m110.53,210.93c3.95,2.26,8.99.83,11.25-3.13l10.83-15.44c2.29-4.01.93-9.03-3.02-11.29-3.94-2.25-8.97-.88-11.26,3.13l-10.83,15.45c-2.26,3.96-.91,9.04,3.02,11.29h0Z"/>
<path class="cls-7" d="m230.64,1.07c-3.95-2.26-8.99-.83-11.26,3.13l-41.03,71.43c-2.29,4.01-.93,9.03,3.02,11.28,3.94,2.25,8.97.88,11.26-3.13L233.66,12.36c2.26-3.96.91-9.04-3.02-11.29h0Z"/>
</g>
<path class="cls-5" d="m92.23,65.39c-3.49,2.92-3.9,8.14-.98,11.64l10.72,15.53c2.96,3.54,8.14,4.01,11.63,1.09,3.48-2.91,3.95-8.1.98-11.64l-10.72-15.53c-2.93-3.5-8.16-4-11.63-1.09h0Z"/>
<path class="cls-3" d="m146.46,21.06c-4.55.02-8.2,3.78-8.18,8.34l.18,40.33c.02,4.62,3.7,8.28,8.26,8.26,4.53-.02,8.21-3.72,8.19-8.34l-.18-40.33c-.02-4.56-3.73-8.28-8.26-8.26h0Z"/>
<path class="cls-6" d="m195.81,99.71h14.81v42.21c0,8.23,4.03,12.34,12.09,12.34,4.69,0,8.35-1.69,10.98-5.06,2.14-2.88,3.21-6.42,3.21-10.61v-38.87h14.81v64.17h-12.22l-1.6-7.16c-4.61,6.01-11.03,9.01-19.25,9.01-7.57,0-13.37-2.3-17.4-6.91-3.62-4.2-5.43-9.95-5.43-17.28v-41.84h0Z"/>
<path class="cls-6" d="m299.9,153.02v11.23c-3.46.99-6.75,1.48-9.87,1.48-6.34,0-11.15-1.89-14.44-5.68-2.8-3.21-4.2-7.53-4.2-12.96v-36.04h-9.63v-11.35h9.63l.99-15.43h13.82v15.43h13.58v11.35h-13.58v36.53c0,4.28,2.18,6.42,6.54,6.42,1.89,0,4.28-.33,7.16-.99h0Z"/>
<path class="cls-6" d="m321.19,145.61c1.15,6.17,5.8,9.26,13.94,9.26,4.52,0,7.94-.86,10.24-2.59,1.89-1.48,2.84-3.41,2.84-5.8,0-3.04-1.65-5.31-4.94-6.79-1.89-.82-6.05-1.97-12.46-3.45-7.9-1.81-13.53-4.28-16.91-7.4-3.38-3.04-5.06-7.03-5.06-11.97,0-6.25,2.55-11.07,7.65-14.44,4.52-3.04,10.74-4.57,18.63-4.57s14.69,1.93,19.62,5.8c4.28,3.29,6.95,7.73,8.02,13.33h-15.06c-1.23-5.51-5.51-8.27-12.83-8.27s-11.11,2.26-11.11,6.79c0,2.3.94,4.03,2.84,5.18,1.89,1.15,5.72,2.43,11.48,3.83,8.89,2.06,15.05,4.36,18.51,6.91,4.36,3.21,6.54,7.73,6.54,13.57,0,6.66-2.71,11.89-8.15,15.67-4.94,3.37-11.6,5.06-19.99,5.06-8.8,0-15.84-2.1-21.1-6.29-4.44-3.54-7.03-8.14-7.78-13.82h15.06Z"/>
<path class="cls-6" d="m388.51,163.88h-14.81v-88.85h14.81v31.35c4.61-5.68,10.82-8.52,18.63-8.52s13.62,2.39,17.65,7.16c3.62,4.2,5.43,9.92,5.43,17.15v41.71h-14.81v-41.34c0-8.8-4.07-13.21-12.22-13.21-4.53,0-8.15,1.56-10.86,4.69-2.55,2.88-3.82,6.54-3.82,10.98v38.87h0Z"/>
<polygon class="cls-6" points="457.52 163.88 442.71 163.88 442.71 99.71 457.52 99.71 457.52 163.88 457.52 163.88"/>
<path class="cls-6" d="m509.41,74.9v11.6c-4.03-1.07-7.24-1.6-9.62-1.6-4.77,0-7.16,2.26-7.16,6.79v8.02h13.95v11.35h-13.95v52.82h-14.81v-52.82h-9.63v-11.35h9.63v-7.28c0-6.42,1.97-11.35,5.92-14.81,3.46-2.96,7.98-4.44,13.58-4.44,3.62,0,7.65.58,12.09,1.73h0Z"/>
<path class="cls-6" d="m552.73,153.02v11.23c-3.45.99-6.75,1.48-9.87,1.48-6.34,0-11.15-1.89-14.44-5.68-2.8-3.21-4.2-7.53-4.2-12.96v-36.04h-9.63v-11.35h9.63l.99-15.43h13.82v15.43h13.58v11.35h-13.58v36.53c0,4.28,2.18,6.42,6.54,6.42,1.89,0,4.28-.33,7.16-.99h0Z"/>
<path class="cls-6" d="m460.46,78.18c0,5.59-4.54,10.13-10.13,10.13s-10.13-4.54-10.13-10.13,4.53-10.13,10.13-10.13,10.13,4.54,10.13,10.13h0Z"/>
<path class="cls-6" d="m151.94,152.04c-11.1,0-20.1-9-20.1-20.1s9-20.1,20.1-20.1,20.1,9,20.1,20.1-9,20.1-20.1,20.1h0Zm0-54.28c-18.88,0-34.18,15.3-34.18,34.18s15.3,34.18,34.18,34.18,34.18-15.3,34.18-34.18-15.3-34.18-34.18-34.18h0Z"/>
</g>
</g>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 6.6 KiB