Sidecar-Less or Sidecars for Your Applications in Istio Service Mesh?

Sidecar-less functionality has emerged as an alternative approach in service mesh architectures, addressing concerns related to costs and complexity associated with sidecars. While some service mesh solutions only offer sidecar options, Istio provides the flexibility of choosing between sidecars and sidecar-less (the ambient data plane option introduced recently). This talk presents an update to the latest development effort in the Istio community to drive ambient to production ready, what technical hurdles the community has overcome and what key design decisions were made with what reasoning.

As ambient reaches production ready, making the right choice between sidecar-less or sidecar could be challenging. Should you stick with sidecars? When should you consider sidecar-less implementations? Is it possible to have a mixed environment with some applications using sidecars while others do not? How can you seamlessly co-exist and migrate between these data plane options? Additionally, what are the implications in terms of cost, performance, and operational complexity for each option?

What's the focus of your work these days?

I am the Head of Open Source at, which means I contribute primarily to open source projects. I have worked on the Istio service mesh since the beginning of the project in 2017 and currently serve on the Istio Steering Committee and Technical Oversight Committee to provide not only project management, governance but also technical direction to the project.

One of my primary tasks in Istio is to move Istio ambient to production ready. We launched ambient in late 2022 and announced alpha in early 2023. I’m working hard along with the rest of Istio contributors to move ambient to beta based on what we believe is necessary to start recommending ambient to production with caution. One of the key hurdles before we can move ambient to beta is to ensure ambient works with a rich set of Kubernetes platforms and their preferred CNIs, which we just resolved in the upcoming  Istio 1.21 release in Feb. 

I also started to get involved with Cilium, one of the areas I’m particularly interested in is to make Cilium agents configurable via xDS API to improve the scalability of the Cilium CNI. I am also a CNCF ambassador and one of the newly elected CNCF TOC members, so I have been learning a lot more about CNCF TOC’s roles and responsibilities.

What's the motivation for your talk at QCon London 2024?

We have a very large set of Istio users out there who are happy with Istio after they got Istio working to solve their challenges, we also have another huge set of users who reviewed Istio a while back but walked away from Istio because of the complexity of sidecars. We launched ambient specifically to attract users who prefer a sidecar-less service mesh approach. I want to educate users on what we are doing in the Istio community to move ambient forward, why ambient is the best architecture for sidecar-less service mesh and the technical hurdles we are working through as we drive ambient to production ready.

How would you describe your main persona and target audience for this session?

The persona includes mid-to-senior-level developers, platform engineers, security operators, or architects looking for service mesh solutions to help connect, secure or observe their applications or who have already been using a service mesh.

Is there anything specific that you'd like people to walk away with after watching your session?

I would love those who attend to walk away with a solid understanding of why Istio ambient is the right architecture for sidecar-less service mesh. Also, for them to know the separation between ztunnel and waypoint and how it enables users to gradually adopt ambient based on their needs. While there are significant operation and cost benefits with sidecar-less, for users who love sidecars, sidecars will continue to be around and can even co-exist with sidecar-less. Ambient alpha is available now and beta could even be available around QCon London time frame (or soon after) in April.


Lin Sun

Open Source, Istio TOC Member, CNCF TAG Network Cochair & Ambassador

Lin is the Head of Open Source at, also serving as a CNCF TOC member and ambassador. She has been actively involved with the Istio service mesh since its inception in 2017, holding positions on both the Istio Steering Committee and Technical Oversight Committee. Prior to her current role, she was a Senior Technical Staff Member and Master Inventor at IBM for 15+ years. She is the author of the book "Istio Ambient Explained" and has more than 200 patents to her name.

Read more
Find Lin Sun at:


Tuesday Apr 9 / 01:35PM BST ( 50 minutes )


Whittle (3rd Fl.)


architecture servicemesh Microservices Platform Engineering istio


From the same track

Session architecture

Modernizing in Healthcare – From On-Prem to the Cloud

Tuesday Apr 9 / 02:45PM BST

Change is hard. Changing an industry as complex as Healthcare is doubly hard. With conflicting interests, complicated synchronization practices, diverse api integration requirements and an aging, overly complex application, our path from on-prem to cloud-native was not simple.

Speaker image - Leander Vanderbijl
Leander Vanderbijl

Senior Engineer @Livi, Previously Principal Engineer @Informa, 13 Years Developing, Managing, and Integrating Diverse Online Systems and Applications

Session GRPC

gRPC Migration Automation at LinkedIn

Tuesday Apr 9 / 11:45AM BST

LinkedIn is in the process of migrating from, an internally developed open source framework for building RESTful APIs to gRPC for better framework capabilities, runtime efficiency, and developer productivity.

Speaker image - Karthik Ramgopal
Karthik Ramgopal

Distinguished Engineer & Tech Lead of the Product Engineering Team @LinkedIn

Speaker image - Min Chen
Min Chen

Principal Staff Software Engineer @LinkedIn, Caltech CS PhD With Over 20-Year Extensive Software Development Experience

Session testing

Production Comes First - An Outside-In Approach to Building Microservices

Tuesday Apr 9 / 05:05PM BST

The software world is moving towards multiple interconnected applications that service our customer needs, but this makes development so much harder. Now we need to think about how were interact we other systems that we don't necessarily own.

Speaker image - Martin Thwaites
Martin Thwaites

Developer & Developer Advocate, Observability Activist

Session Long running

Are You Done Yet? Mastering Long-Running Processes in Modern Architectures

Tuesday Apr 9 / 10:35AM BST

Navigating the challenges of long-running processes is an important skill to survive modern architecture. The complexities arise from the growing distribution of systems and the need to address issues related to remote communication and the unavailability of peers.

Speaker image - Bernd Ruecker
Bernd Ruecker

Co-Founder and Chief Technologist @Camunda


Unconference: Connecting Systems

Tuesday Apr 9 / 03:55PM BST

An unconference is a participant-driven meeting. Attendees come together, bringing their challenges and relying on the experience and know-how of their peers for solutions.