Networking / Security / Service Mesh / Sponsored

Solo.io: Istio Is Winning the Service Mesh War

31 Mar 2021 12:23pm, by

The open source Istio has emerged as the “dominant” service mesh to manage microservices and Kubernetes environments, solo.io executives say.

Gloo Edge 2.0, to be released in beta in the middle of the year is the “first and the only” Istio-native API gateway with all of Istio’s native functionality, Posta said. The ingress controller will integrate Istio to form a single control plane, for example.


Solo.io’s proclamation also coincides with a number of new improvements for solo.io’s Gloo Mesh and Gloo Edge platforms announced the new capabilities feature, among other things, an even tighter integration between Istio and Gloo Mesh and Gloo Edge.

Posta’s  claim that Istio is the “dominant” service mesh for microservices is largely based on Cloud Native Computing Foundation (CNCF) survey results.

Based on a CNCF cloud native survey for 2020 of over 1,000 responses, Lin Sun, an Istio technical oversight committee member whom solo.io recently hired as director of open source, showed during her keynote Wednesday how over 40% of users who have service mesh in production are Istio users.

More precisely, a CNCF’s survey for 2020 showed how 47% of all organizations with service mesh in production use Istio, followed by Linkerd and Consul, both with respective market shares of 41% (an organization can be using more than one mesh).

Istio “is clearly leading the way,” Sun argued.

Sun said Istio improvements in 2020 include how the control plane components have been simplified so there are multiple components in a single control plane, called “Istiod” (Istio daemon). “This really drastically simplify the operation, installation and configuration of Istio,” she said.

Additionally, the need for mixer components has been removed previously required to run Istio, Sun said. “Many of us had performance concerns, since they had to disable telemetry because of the mixer. So the community introduced ‘mixer-less telemetry.’”

During Wednesday’s keynote, Gigi Jackson, a site reliability engineer at Zymergen, a self-described “biofacturer,” described how her organization uses Gloo Mesh and Istio’s service mesh design pattern to “solve common problems,” associated with managing sidecar proxies, for example. She said Istio allows application networking layers to benefit from “service-to-service communication” across multiple clusters in such a way that is “secure, reliable and observable, so that service owners can focus on business logic.”

During his SoloCon talk “Istio and Gloo Mesh Security Model,” Lawrence Gadban, a field engineer for Istio, discussed the security capabilities Isto and Gloo Mesh offer. He noted how the release of Istio 1.9, for example, introduced a new “custom action” concept. This functionality offers users custom logic control rather than “just either allow or deny” decisions, Gadban said.

“That’s very powerful and will open the door for some more advanced tooling on top of Istio,” Gadban said.

Access and authorization policies can be applied to traffic from source to destination workloads. Gadban noted how Gloo Mesh allows the user to create complex access rules for the cluster topology, in addition to the service namespace topology.

“You can see how this allows you to compose very complex rules that express complex security requirements, because you are operating in a multicluster world,” Gadban said.