Sidecar-less functionality has emerged as an alternative approach in service mesh architectures, addressing concerns related to costs and complexity associated with sidecars. While some service mesh solutions only offer sidecar options, Istio provides the flexibility of choosing between sidecars and sidecar-less (the ambient data plane option introduced recently). This talk presents an update to the latest development effort in the Istio community to drive ambient to production ready, what technical hurdles the community has overcome and what key design decisions were made with what reasoning.
As ambient reaches production ready, making the right choice between sidecar-less or sidecar could be challenging. Should you stick with sidecars? When should you consider sidecar-less implementations? Is it possible to have a mixed environment with some applications using sidecars while others do not? How can you seamlessly co-exist and migrate between these data plane options? Additionally, what are the implications in terms of cost, performance, and operational complexity for each option?
What's the focus of your work these days?
I am the Head of Open Source at solo.io, which means I contribute primarily to open source projects. I have worked on the Istio service mesh since the beginning of the project in 2017 and currently serve on the Istio Steering Committee and Technical Oversight Committee to provide not only project management, governance but also technical direction to the project.
One of my primary tasks in Istio is to move Istio ambient to production ready. We launched ambient in late 2022 and announced alpha in early 2023. I’m working hard along with the rest of Istio contributors to move ambient to beta based on what we believe is necessary to start recommending ambient to production with caution. One of the key hurdles before we can move ambient to beta is to ensure ambient works with a rich set of Kubernetes platforms and their preferred CNIs, which we just resolved in the upcoming Istio 1.21 release in Feb.
I also started to get involved with Cilium, one of the areas I’m particularly interested in is to make Cilium agents configurable via xDS API to improve the scalability of the Cilium CNI. I am also a CNCF ambassador and one of the newly elected CNCF TOC members, so I have been learning a lot more about CNCF TOC’s roles and responsibilities.
What's the motivation for your talk at QCon London 2024?
We have a very large set of Istio users out there who are happy with Istio after they got Istio working to solve their challenges, we also have another huge set of users who reviewed Istio a while back but walked away from Istio because of the complexity of sidecars. We launched ambient specifically to attract users who prefer a sidecar-less service mesh approach. I want to educate users on what we are doing in the Istio community to move ambient forward, why ambient is the best architecture for sidecar-less service mesh and the technical hurdles we are working through as we drive ambient to production ready.
How would you describe your main persona and target audience for this session?
The persona includes mid-to-senior-level developers, platform engineers, security operators, or architects looking for service mesh solutions to help connect, secure or observe their applications or who have already been using a service mesh.
Is there anything specific that you'd like people to walk away with after watching your session?
I would love those who attend to walk away with a solid understanding of why Istio ambient is the right architecture for sidecar-less service mesh. Also, for them to know the separation between ztunnel and waypoint and how it enables users to gradually adopt ambient based on their needs. While there are significant operation and cost benefits with sidecar-less, for users who love sidecars, sidecars will continue to be around and can even co-exist with sidecar-less. Ambient alpha is available now and beta could even be available around QCon London time frame (or soon after) in April.
Open Source @solo.io, Istio TOC Member, CNCF TAG Network Cochair & Ambassador
Lin is the Head of Open Source at Solo.io, also serving as a CNCF TAG Network co-chair and ambassador. She has been actively involved with the Istio service mesh since its inception in 2017, holding positions on both the Istio Steering Committee and Technical Oversight Committee. Prior to her current role, she was a Senior Technical Staff Member and Master Inventor at IBM for 15+ years. She is the author of the book "Istio Ambient Explained" and has more than 200 patents to her name.