What is Istio and what are its top alternatives?
Top Alternatives to Istio
linkerd is an out-of-process network stack for microservices. It functions as a transparent RPC proxy, handling everything needed to make inter-service RPC safe and sane--including load-balancing, service discovery, instrumentation, and routing. ...
Originally built at Lyft, Envoy is a high performance C++ distributed proxy designed for single services and applications, as well as a communication bus and “universal data plane” designed for large microservice “service mesh” architectures. ...
Kubernetes is an open source orchestration system for Docker containers. It handles scheduling onto nodes in a compute cluster and actively manages workloads to ensure that their state matches the users declared intentions. ...
Conduit is a lightweight open source service mesh designed for performance, power, and ease of use when running applications on Kubernetes. Conduit is incredibly fast, lightweight, fundamentally secure, and easy to get started with. ...
Kong is a scalable, open source API Layer (also known as an API Gateway, or API Middleware). Kong controls layer 4 and 7 traffic and is extended through Plugins, which provide extra functionality and services beyond the core platform. ...
- AWS App Mesh
AWS App Mesh is a service mesh based on the Envoy proxy that makes it easy to monitor and control containerized microservices. App Mesh standardizes how your microservices communicate, giving you end-to-end visibility and helping to ensure high-availability for your applications. App Mesh gives you consistent visibility and network traffic controls for every microservice in an application. You can use App Mesh with Amazon ECS (using the Amazon EC2 launch type), Amazon EKS, and Kubernetes on AWS. ...
API management, design, analytics, and security are at the heart of modern digital architecture. The Apigee intelligent API platform is a complete solution for moving business to the digital world. ...
Consul is a tool for service discovery and configuration. Consul is distributed, highly available, and extremely scalable. ...
Istio alternatives & related posts
- CNCF Project3
- Fast Integration1
- Pre-check permissions1
- Light Weight1
- Service Mesh1
related linkerd posts
related Envoy posts
At uSwitch we wanted a way to load balance between our multiple Kubernetes clusters in AWS to give us added redundancy. We already had ingresses defined for all our applications so we wanted to build on top of that, instead of creating a new system that would require our various teams to change code/config etc.
Envoy seemed to tick a lot of boxes:
- Loadbalancing capabilities right out of the box: health checks, circuit breaking, retries etc.
- Tracing and prometheus metrics support
- Good community support
This was all good but what really sold us was the api that supported dynamic configuration. This would allow us to dynamically configure envoy to route to ingresses and clusters as they were created or destroyed.
To do this we built a tool called Yggdrasil using their Go sdk. Yggdrasil effectively just creates envoy configuration from Kubernetes ingress objects, so you point Yggdrasil at your kube clusters, it generates config from the ingresses and then envoy can loadbalance between your clusters for you. This is all done dynamically so as soon as new ingress is created the envoy nodes get updated with the new config. Importantly this all worked with what we already had, no need to create new config for every application, we just put this on top of it.
We are looking to configure a load balancer with some admin UI. We are currently struggling to decide between NGINX, Traefik, HAProxy, and Envoy. We will use a load balancer in a containerized environment and the load balancer should flexible and easy to reload without changes in case containers are scaled up.
- Leading docker container management solution161
- Simple and powerful126
- Open source102
- Backed by google75
- The right abstractions56
- Scale services24
- Replication controller19
- Permission managment9
- Supports autoscaling7
- No cloud platform lock-in4
- Open, powerful, stable3
- Quick cloud setup3
- Promotes modern/good infrascture practice3
- Backed by Red Hat2
- Cloud Agnostic2
- Runs on azure2
- Custom and extensibility2
- Captain of Container Ship2
- A self healing environment with rich metadata2
- Easy setup1
- Everything of CaaS1
- Poor workflow for development15
- Steep learning curve13
- Orchestrates only infrastructure7
- High resource requirements for on-prem clusters4
- Additional vendor lock-in (Docker)1
- Additional Technology Overhead1
- More moving parts to secure1
- Too heavy for simple systems1
related Kubernetes posts
How Uber developed the open source, end-to-end distributed tracing Jaeger , now a CNCF project:
Distributed tracing is quickly becoming a must-have component in the tools that organizations use to monitor their complex, microservice-based architectures. At Uber, our open source distributed tracing system Jaeger saw large-scale internal adoption throughout 2016, integrated into hundreds of microservices and now recording thousands of traces every second.
Here is the story of how we got here, from investigating off-the-shelf solutions like Zipkin, to why we switched from pull to push architecture, and how distributed tracing will continue to evolve:
Visual Studio Code worked really well for us as well, it worked well with all our polyglot services and the .Net core integration had great cross-platform developer experience (to be fair, F# was a bit trickier) - actually, each of our team members used a different OS (Ubuntu, macos, windows). Our production deployment ran for a time on Docker Swarm until we've decided to adopt Kubernetes with almost seamless migration process.
After our positive experience of running .Net core workloads in containers and developing Tweek's .Net services on non-windows machines, C# had gained back some of its popularity (originally lost to Node.js), and other teams have been using it for developing microservices, k8s sidecars (like https://github.com/Soluto/airbag), cli tools, serverless functions and other projects...
related Conduit posts
- Easy to maintain36
- Easy to install31
- Great performance20
- Api blueprint5
- Custom Plugins4
- Load balancing1
- Documentation is clear1
related Kong posts
As for the new support of service mesh pattern by Kong, I wonder how does it compare to Istio?
We needed a lightweight and completely customizable #microservices #gateway to be able to generate #JWT and introspect #OAuth2 tokens as well. The #gateway was going to front all #APIs for our single page web app as well as externalized #APIs for our partners.Contenders
We looked at Tyk Cloud and Kong. Kong's plugins are all Lua based and its core is NGINX and OpenResty. Although it's open source, it's not the greatest platform to be able to customize. On top of that enterprise features are paid and expensive. Tyk is Go and the nomenclature used within Tyk like "sessions" was bizarre, and again enterprise features were paid.Decision
We ultimately decided to roll our own using ExpressJS into Express Gateway because the use case for using ExpressJS as an #API #gateway was tried and true, in fact - all the enterprise features that the other two charge for #OAuth2 introspection etc were freely available within ExpressJS middleware.Outcome
We opened source Express Gateway with a core set of plugins and the community started writing their own and could quickly do so by rolling lots of ExpressJS middleware into Express Gateway
related AWS App Mesh posts
- Highly scalable and secure API Management Platform12
- Quick jumpstart6
- Good documentation5
- Fast and adjustable caching3
- Easy to use3
related Apigee posts
- Great service discovery infrastructure58
- Health checking35
- Distributed key-value store27
- Token-based acls10
- Gossip clustering6
- Dns server5
- Not Java2
- Docker integration1
related Consul posts
As we've evolved or added additional infrastructure to our stack, we've biased towards managed services. Most new backing stores are Amazon RDS instances now. We do use self-managed PostgreSQL with TimescaleDB for time-series data—this is made HA with the use of Patroni and Consul.
We also use managed Amazon ElastiCache instances instead of spinning up Amazon EC2 instances to run Redis workloads, as well as shifting to Amazon Kinesis instead of Kafka.
Since the beginning, Cal Henderson has been the CTO of Slack. Earlier this year, he commented on a Quora question summarizing their current stack.Apps
- Desktop: And Electron to ship it as a desktop application.
- Android: a mix of Java and Kotlin.
- iOS: written in a mix of Objective C and Swift.
- The core application and the API written in PHP/Hack that runs on HHVM.
- The data is stored in MySQL using Vitess.
- Caching is done using Memcached and MCRouter.
- The search service takes help from SolrCloud, with various Java services.
- The messaging system uses WebSockets with many services in Java and Go.
- Load balancing is done using HAproxy with Consul for configuration.
- Most services talk to each other over gRPC,
- Some Thrift and JSON-over-HTTP
- Voice and video calling service was built in Elixir.
- Built using open source tools including Presto, Spark, Airflow, Hadoop and Kafka.