The Istio service mesh
Istio addresses the challenges developers and operators face with a distributed or microservices architecture. Whether you're building from scratch, migrating existing applications to cloud native, or securing your existing estate, Istio can help.
By using application proxies, Istio lets you program application-aware traffic management, incredible observability, and robust security capabilities into your network.
What is Istio?
A service mesh is an infrastructure layer that gives applications capabilities like zero-trust security, observability, and advanced traffic management, without code changes. Istio is the most popular, powerful, and trusted service mesh. Founded by Google, IBM and Lyft in 2016, Istio is a graduated project in the Cloud Native Computing Foundation alongside projects like Kubernetes and Prometheus.
Istio ensures that cloud native and distributed systems are resilient, helping modern enterprises maintain their workloads across diverse platforms while staying connected and protected. It enables security and governance controls including mTLS encryption, policy management and access control, powers network features like canary deployments, A/B testing, load balancing, failure recovery, and adds observability of traffic across your estate.
Istio is not confined to the boundaries of a single cluster, network or runtime — services running on Kubernetes or VMs, multi-cloud, hybrid, or on-premises, can be included within a single mesh.
Extensible by design and supported by a broad ecosystem of contributors and partners, Istio offers packaged integrations and distributions for various use cases. You can install Istio independently or opt for managed support from commercial vendors providing Istio-based solutions.
Features
Secure by default
Istio provides a market-leading zero-trust solution based on workload identity, mutual TLS, and strong policy controls. Istio delivers the value of BeyondProd in open source, while avoiding vendor lock-in or SPOFs.
Increase observability
Istio generates telemetry within the service mesh, enabling observability on service behavior. It integrates with APM systems including Grafana and Prometheus to deliver insightful metrics for operators to troubleshoot, maintain, and optimize applications.
Manage traffic
Istio simplifies traffic routing and service-level configuration, allowing easy control over flow between services and setup of tasks like A/B testing, canary deployments, and staged rollouts with percentage-based traffic splits.
Why Istio?
Multiple deployment modes
Istio offers two data plane modes for users to choose. Deploy with the new ambient mode for a simplified app operational lifecycle or with traditional sidecars for complex configurations.
Powered by Envoy
Built on the industry standard gateway proxy for cloud native applications, Istio is highly performative and extensible by design. Add custom traffic functionality with WebAssembly, or integrate third-party policy systems.
A true community project
Istio has been designed for modern workloads and engineered by a vast community of innovators across the cloud native landscape.
Stable binary releases
Confidently deploy Istio across production workloads. All releases are fully accessible at no cost.