Istio Applies to Join CNCF: Why Now?
The Istio Steering Committee’s decision to offer the service mesh project as an incubating project with the Cloud Native Computing Foundation (CNCF) raises the question: why has it taken so long?
The move follows concerns by IBM — one of the original creators with Google and car-sharing provider Lyft — and other community members over the project’s governance, specifically Google’s advocacy of the creation of the Open Usage Commons (OUC) for the project in 2020. However, the context has changed today, an Istio steering committee member noted on GitHub.
The Istio steering committee implied this week that the timing is right. The move is intended to help “deepen” Istio’s integration with Kubernetes through the Gateway API and gRPC with proxyless mesh, “not to mention Envoy, which has grown up beside Istio,” according to an Istio statement released on GitHub by Istio steering committee member Craig Box, who leads the Cloud Native advocacy team at Google Cloud. “We think it’s time to unite the premier Cloud Native stack under a single umbrella,” the statement reads.
However, Istio’s application to join CNCF followed criticism in 2020 over Google’s creation of the Open Usage Commons (OUC) license for Istio and Google’s ownership of the associated trademarks. IBM deemed the OUC licensing scheme “disappointing because it doesn’t live up to the community’s expectation for open governance,” then IBM’s Jason McGee, general manager and CTO of IBM Cloud Platform, wrote in a blog post in 2020.
“An open governance process is the underpinning of many successful projects. Without this vendor-neutral approach to project governance, there will be friction within the community of Kubernetes-related projects. At the project’s inception, there was an agreement that the project would be contributed to the CNCF when it was mature,” McGee wrote. “IBM continues to believe that the best way to manage key open source projects such as Istio is with true open governance, under the auspices of a reputable organization with a level playing field for all contributors, transparency for users, and vendor-neutral management of the license and trademarks. Google should reconsider their original commitment and bring Istio to the CNCF.”
Relinquishment of the trademarks by Google was required in order for the Istio project to achieve its long-term objectives, Todd Moore, vice president, open technology, IBM, told The New Stack in an emailed response.
“Long ago, IBM realized the power of communities that are openly governed and projects that are secured in neutral homes are the ones to gain momentum and spawn markets. While the Istio project governance made great strides, the project was not destined to reach the broad adoption that would be secured by a long-term neutral home,” Moore said. “Single-vendor control over the trademark and licensing is a deterrent to broad adoption as end users and industry players are aware of the pitfalls.”
Meanwhile, the parties at Google who were reluctant to surrender trademarks “are no longer there,” Moore noted. “This freed sensible heads to prevail. At the start, it was a toss up on who would register the trademark and IBM took Google at good faith that our agreement to take the project to the CNCF would be honored,” Moore said. “This turned out to not be the case, but that has been put right.”
A Google spokesperson countered in an emailed response: “We’ve been waiting for the right time of Istio’s lifecycle to donate, and now is simply the right time in terms of its maturation. Google approached the OUC and asked them to donate the trademark to the Linux Foundation. The OUC agreed to do so, so as part of the contribution, the trademark will be transferred.”
Yesterday, Istio’s steering committee said the OUC license will remain in effect. However, the trademarks will move to The Linux Foundation but continue to be managed under OUC’s trademark guidelines.
According to industry sources, certain Google parties were reluctant to surrender the ownership of Istio’s trademarks. This is because, Torsten Volk, an analyst for Enterprise Management Associates (EMA), told The New Stack, Google “has invested a lot of staff hours into Istio and regards service mesh as a critical entry point into the enterprise market.”
“Controlling the ‘strings’ that hold together distributed applications would be a great position for any vendor to be in, but Google was certainly aware of what happened to Docker when they overplayed their hand, paving the way for Kubernetes,” Volk said. “Point being, Google needed to take this step in order for VMware, Cisco, IBM, Red Hat and friends to stay committed to Istio, instead of eventually starting to shop around.”
While Istio is retaining the OUC license, the act of moving the associated trademarks to The Linux Foundation, and especially, the decision to apply to become a CNCF project, seems to have appeased IBM — at least somewhat.
IBM wrote in a post yesterday: “IBM fully believes in open governance and the power of community. Therefore, we enthusiastically applaud today’s submission of Istio to the Cloud Native Computing Foundation (CNCF).”
However, IBM was not more specific. The about-face, according to Volk, can be accounted for by “lots of friction around this topic in the past and Google still hanging on to the OUC license model instead of simply adopting a traditional open source license without trademark protection.”
“This is a tricky topic for all parties involved, as Istio integration requires each vendor to make significant investments and nobody wants to explain to their board why their company was contributing to Google’s shareholder value,” Volk said.
More Support and Governance
Meanwhile, Google has made over half of all contributions to Istio and two-thirds of the commits, according to CNCF DevStats, Chen Goldberg, vice president of engineering for Google, noted in a blog post. Google also became Envoy’s largest contributor after adopting Envoy for Istio.
“Istio is the last major component of organizations’ Kubernetes ecosystem to sit outside of the CNCF, and its APIs are well-aligned to Kubernetes. On the heels of our recent donation of Knative to the CNCF, acceptance of Istio will complete our cloud-native stack under the auspices of the foundation, and bring Istio closer to the Kubernetes project,” Goldberg wrote. “Joining the CNCF also makes it easier for contributors and customers to demonstrate support and governance in line with the standards of other critical cloud-native projects, and we are excited to help support the growth and adoption of the project as a result.”
Istio’s joining CNCF is only good news for Solo.io, the leading provider of tools for Istio. The CNCF’s support will, of course, only make Istio more robust, which should translate into performance benefits for users of Solo.io’s Gloo Mesh and other Istio-based products.
“We bet on Istio five years ago … But we did believe that Istio is the best service mesh even when it wasn’t in the CNCF. But before people were a little bit confused about why Istio was not in the CNCF and were even a little bit worried,” Idit Levine, founder and CEO of Solo.io, told The New Stack.” Now I think that Istio joining the CNCF will make Istio exactly like Kubernetes, as the de facto service mesh.”
Service mesh is defined in the book “Istio in Action,” by Christian E. Posta, vice president, global field CTO for Solo.io, and Rinor Maloku, field engineer for Solo.io, as a relatively recent term “used to describe a decentralized application-networking infrastructure that allows applications to be secure, resilient, observable and controllable,” Posta and Maloku write.” Service mesh, in this way, describes an architecture consisting of a data plane that uses application-layer proxies to manage networking traffic on behalf of an application and a control plane to manage proxies. This architecture “lets us build important application-networking capabilities outside of the application without relying on a particular programming language or framework,” Posta and Maloku write.
“Istio is an open source implementation of a service mesh. It was created initially by folks at Lyft, Google, and IBM, but now it has a vibrant, open, diverse community that includes individuals from Lyft, Red Hat, VMware, Solo.io, Aspen Mesh, Salesforce and many others,” Posta and Maloku write. “Istio allows us to build reliable, secure, cloud-native systems and solve difficult problems like security, policy management and observability in most cases with no application code changes.”