Our great sponsors
-
toc
⚖️ The CNCF Technical Oversight Committee (TOC) is the technical governing body of the CNCF Foundation.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
gRPC had a graduation application open for 3 years. It was rejected very recently: https://github.com/cncf/toc/pull/300.
Reading between the lines, it sounds like the main problem is Google's tight control over the project. Apple contributes to the Swift implementation and MSFT drives the native .NET implementation, but there's little non-Google input in decision-making for Go, Java, C++ core, or any of the implementations that wrap core.
More subjectively, I'm impressed by the CNCF's willingness to stick to their stated graduation criteria. gRPC is widely used (even among other CNCF projects), and comes from the company that organized the CNCF - there must have been a lot of pressure to rubber-stamp the application.
If something doesn't play nice try the Istio slack or file an issue on the main repo: https://github.com/istio/istio
There's a proto service implementation from NATs folks that I think does what you want - https://github.com/nats-rpc/nrpc
have you tried Contour yet?
https://projectcontour.io
The lack of server ALPN support on macOS is probably the extra friction you're referring to. Fortunately, support will be added in .NET 8 with https://github.com/dotnet/runtime/pull/79434.
https://linkerd.io/ is a much lighter-weight alternative but you do still get some of the fancy things like mtls without needing any manual configuration. Install it, label your namespaces, and let it do it's thing!
https://github.com/traefik/mesh
Last commit at Nov 28, 2022.
In kubernetes world it means that this project is dead, I guess?
Envoy is the proxy that does the heavy lifting. Istio is just a glorified configuration system. Even if you choose to use Istio you're still using Envoy.
You're spot-on about using iptables rules. There is an example here with a yaml configuration and some iptables commands: https://github.com/envoyproxy/envoy/blob/main/configs/origin...
You might be able to re-use some of that. It should be pretty easy to get metrics for outbound/inbound http requests, but I don't remember the exact yaml incantation.
Related posts
- A Comprehensive Guide to API Gateways, Kubernetes Gateways, and Service Meshes
- libvirt-k8s-provisioner - Ansible and terraform to build a cluster from scratch in less than 10 minutes ok KVM - Updated for 1.26
- How to Deploy and Scale Strapi on a Kubernetes Cluster 2/2
- Top CNCF Projects to look out for in 2023
- API release strategies with API Gateway