What does Istio’s donation to CNCF mean?

On April 25, 2022, the opening day of IstioCon 2022, the Istio community announced that it is applying to donate the project to CNCF , a milestone for the Istio project, Varun Talwar, CEO of enterprise service mesh company Tetrate/Istio project co-founder This is interpreted.

Below is an interpretation of Istio’s donation to CNCF from Varun.

Incorporating Istio into the CNCF makes it easier for the development of Istio and Envoy to move in tandem. It also helps position Istio along with Envoy as part of a CNCF-validated “cloud-native stack.” According to CNCF’s annual survey , Istio is by far the most popular and used service mesh in production. With more than 20 different companies driving the growth of the Istio community, this announcement sets the stage for continued innovation and growth under CNCF stewardship.

2016: The Origins of Istio

I would like to take this opportunity to explain the origins of Istio. Istio comes from Google’s API platform team called One Platform. (Today, ironically, Istio is part of the US government project Platform One , which uses Tetrate products and services). A platform that leverages all of Google’s infrastructure benefits (stubby, monarch, loas, etc.) and adds to the initial service management experience and exposes it all to application teams.

Each team writes their scenarios and methods, and defines their “One Platform API”. Once agreed with the API platform team, the teams don’t have to deal with any cross-cutting issues because Istio handles these services: traffic management, resiliency, observability (using pre-built dashboards for each service with consistent nouns) , authentication, authorization, rate limiting, and more.

The idea for Istio came from this; we basically took the idea of ​​One Platform, put Envoy into it (as a better data plane), and combined it with the LOAS service identity concept, which is known to the world today as Spiffe ). We told 12 companies about the idea and they all liked it. These companies include large internet companies, financial services companies and technology companies, especially SaaS providers.

2017: Forming the Core

Istio was first announced at Gluecon in May 2017. 0.1 showcased the potential of Istio and generated a lot of attention and discussion.

2018-2019: Stabilize core, increase capacity

Over the next two years, we gathered customer needs, internalized usage feedback, and stabilized core functionality. Additionally, we made some key architectural decisions like defining a multi-cluster model and re-architecting the code into a single binary for ease of use.

2020: Unite the Community

As Istio’s adoption and user ecosystem grows, so do concerns about governance and trademark protection. However, as we’ve mentioned here , staying together as a community is key to the project’s success. I can proudly say that Istio does just that. Therefore, joining the CNCF today is another step in growing the community and building end-user trust.

2021: Evolving to Wasm and beyond

There is growing interest in onboarding other infrastructure, such as virtual machines, functions, and bare metal workloads, as well as customization and other capabilities using technologies like Wasm as native APIs so that users don’t have to use Envoy filters anymore. 2021 will see the establishment and rollout of some of these features.

“Varun Talwar, one of the project’s founders, has always considered Istio to be an important part of the cloud-native ecosystem. Today’s announcement validates his vision for the project, and I would like to thank Tetrate for being a strong supporter of Istio and our community .” – Louis Ryan (Istio co-founder, Google engineering lead)

The foundation of zero trust

There has been a lot of discussion on the topic of zero trust, but few clear statements have been made. As Eric Brewer mentioned in his keynote at IstioCon today, Istio is becoming an important part of zero trust. Chief among them is identity-oriented control, not network-oriented control. The core principles in this regard are in the Google white paper BeyondProd: A New Approach to Cloud-Native Security .

However, as an industry, there is more to do here. We need to make sure that we can bring in both application users and data services. If we can extend the concept of identity to users and provide us with flexible and rich policy mechanisms to specify, monitor and track access control, we can achieve an operational zero trust structure – one that unifies users, services and data to a management structure. This was also mentioned in my 2020 keynote talk for the National Institute of Standards and Technology (NIST) around trusting cloud-native applications. That’s why we at Tetrate created the Tetrate Service Bridge – a management plane that makes it operational for large organizations.

The basis of the Tetrate Service Bridge is:

  • Identity of users, services and data. Everyone has an encrypted identity that forms the backbone of all policies.
  • Policy and Access Control. Define Istio policies, but also application and organizational policies, including users and devices, and the ability to manage them at scale.
  • automation. The ability to automate, measure, and continuously monitor policies at runtime.

If we can enable enterprises to deploy and operate secure cloud-native workloads in this way, we can make huge strides as an industry.


At the end of the day, no project or technology will go mainstream without high-quality, creative talent. At Tetrate, we believe we need to educate the community about this technology and contribute to a responsible adoption path. That’s why we offer world-class certifications and free online training courses, making it easy for anyone in the community to take beginner and advanced courses in Istio and Envoy at academy.terate.io.

All of us at Tetrate, especially myself, are looking forward to what’s next, and we will always support the Istio project and community.

This article is reprinted from https://jimmysong.io/blog/istio-has-applied-to-join-the-cncf/
This site is for inclusion only, and the copyright belongs to the original author.

Leave a Comment

Your email address will not be published.