Istio moved to CNCF Graduation stage

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Kubernetes service-mesh Cncf Microservice HacktoberFest

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • toc

    ⚖️ The CNCF Technical Oversight Committee (TOC) is the technical governing body of the CNCF Foundation.

    • gRPC had a graduation application open for 3 years. It was rejected very recently: https://github.com/cncf/toc/pull/300.

    Reading between the lines, it sounds like the main problem is Google's tight control over the project. Apple contributes to the Swift implementation and MSFT drives the native .NET implementation, but there's little non-Google input in decision-making for Go, Java, C++ core, or any of the implementations that wrap core.

    More subjectively, I'm impressed by the CNCF's willingness to stick to their stated graduation criteria. gRPC is widely used (even among other CNCF projects), and comes from the company that organized the CNCF - there must have been a lot of pressure to rubber-stamp the application.

  • istio

    Connect, secure, control, and observe services.

    • If something doesn't play nice try the Istio slack or file an issue on the main repo: https://github.com/istio/istio

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • nrpc

    nRPC is like gRPC, but over NATS

    • There's a proto service implementation from NATs folks that I think does what you want - https://github.com/nats-rpc/nrpc

  • contour

    Contour is a Kubernetes ingress controller using Envoy proxy.

    • have you tried Contour yet?

    https://projectcontour.io

  • .NET Runtime

    .NET is a cross-platform runtime for cloud, mobile, desktop, and IoT apps.

    • The lack of server ALPN support on macOS is probably the extra friction you're referring to. Fortunately, support will be added in .NET 8 with https://github.com/dotnet/runtime/pull/79434.

  • traefik

    The Cloud Native Application Proxy

  • conduit

    Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x.

    • https://linkerd.io/ is a much lighter-weight alternative but you do still get some of the fancy things like mtls without needing any manual configuration. Install it, label your namespaces, and let it do it's thing!

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • mesh

    Traefik Mesh - Simpler Service Mesh (by traefik)

    • https://github.com/traefik/mesh

    Last commit at Nov 28, 2022.

    In kubernetes world it means that this project is dead, I guess?

  • envoy

    Cloud-native high-performance edge/middle/service proxy

    • Envoy is the proxy that does the heavy lifting. Istio is just a glorified configuration system. Even if you choose to use Istio you're still using Envoy.

    You're spot-on about using iptables rules. There is an example here with a yaml configuration and some iptables commands: https://github.com/envoyproxy/envoy/blob/main/configs/origin...

    You might be able to re-use some of that. It should be pretty easy to get metrics for outbound/inbound http requests, but I don't remember the exact yaml incantation.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts