October 2022
Intermediate to advanced
42 pages
55m
English
Content preview from Istio Ambient Explained
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 1. Introducing Istio Ambient Mesh
Istio ambient mesh is a new sidecar-less data plane option for Istio service mesh originally developed by Solo.io and Google. The goal for Istio ambient is to improve the operational experience of adopting, deploying, upgrading, and generally managing Istio throughout its life as critical infrastructure. Additional benefits over Istio’s existing sidecar deployments include resource cost savings, performance improvements, and improved security while maintaining Istio’s core feature set of zero-trust security, resilience, observability, traffic routing, and policy enforcement.
Current Challenges
Before we get too deep into what Istio ambient mesh is and how it works, we should understand the motivation for its creation. The current model using sidecars to implement mesh functionality has been battle-tested and used successfully at scale to provide a lot of value. So, why introduce an alternative approach?
We (the creators of Istio) have always intended to make the service mesh transparent and incrementally adoptable, but in practice the sidecar approach has had drawbacks. The first drawback is in Kubernetes: the sidecar container is not a first-class citizen in a pod (i.e., the sidecar has no lifecycle or ordering controls). This creates scenarios where the workload container may become available before the Istio sidecar proxy. If the workload tries to make an outgoing connection, it will fail because the sidecar is not ready, creating ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.