Overview

Istio

Stacks960

Followers1.5K

Votes54

GitHub Stars37.6K

Forks8.1K

Ambassador

Stacks75

Followers188

Votes4

Ambassador vs Istio: What are the differences?

Introduction: Both Ambassador and Istio are popular solutions for managing microservices in a distributed system. While they share similarities, they also have distinct differences that set them apart. This markdown code will outline the key differences between Ambassador and Istio in a concise and easy-to-read format.

1. Traffic Ingress and Routing: Ambassador focuses on API gateway functionality, providing robust traffic ingress and routing capabilities. It acts as a lightweight edge router and enables easy load balancing, TLS termination, and routing rules configuration. On the other hand, Istio offers a comprehensive service mesh solution that includes traffic routing and balancing, but also provides additional features such as service discovery, load balancing, and network resilience.

2. Configuration Approach: Ambassador uses a declarative configuration approach, allowing users to define desired state via resource definitions that are stored in Kubernetes. This approach simplifies the management of configurations by making them version-controlled and allowing for easier automation through continuous integration and delivery pipelines. In comparison, Istio employs a more programmatic approach to configuration, using a combination of CRDs (Custom Resource Definitions) and controllers that dynamically adjust the state of the system based on the desired configuration.

3. Control Plane Architecture: Ambassador follows a simpler control plane architecture, using a single container running within the Kubernetes cluster. This consolidated control plane makes it easier to deploy and manage, requiring fewer resources. In contrast, Istio utilizes a more complex control plane architecture, consisting of multiple components such as Pilot, Mixer, and Citadel. This modular architecture enables granular control and customization of various aspects but requires more resources and engineering effort to deploy and maintain.

4. Service Discovery and Load Balancing: Ambassador relies on Kubernetes' built-in service discovery and load balancing mechanisms, leveraging Kubernetes Services for routing traffic to the appropriate backend endpoints. It takes advantage of the native Kubernetes ecosystem for service discovery and avoids introducing additional complexity. Conversely, Istio includes its own service mesh-specific control plane components, enabling advanced service discovery and load balancing features like weighted routing and canary deployments.

5. Observability and Metrics: Both Ambassador and Istio offer observability and metrics capabilities, but with some differences. Ambassador provides basic observability features like access logs and metrics for request counts and response latencies. While it integrates with popular observability tools like Prometheus for more advanced metrics, it may require additional configuration and setup. Istio, on the other hand, offers a more comprehensive observability stack, including distributed tracing with Jaeger, metric collection with Prometheus, and log aggregation with tools like ELK or Stackdriver, making it a more feature-rich solution for monitoring microservices.

6. Extensibility and Plugin Ecosystem: Ambassador provides a simpler and more lightweight plugin system, allowing users to extend its functionality through custom plugins. This flexibility enables users to add custom authentication, authorization, or other middleware functionality easily. Istio, on the other hand, offers a more extensive plugin ecosystem with multiple extension points. It allows for more fine-grained control and customization, suiting advanced use cases that require deep integration with the service mesh infrastructure.

In Summary: In summary, Ambassador focuses on providing a lightweight API gateway solution with robust traffic routing capabilities. It uses a declarative configuration approach and has a simpler control plane architecture. On the other hand, Istio offers a more comprehensive service mesh solution with additional features like service discovery, load balancing, observability, and a rich plugin ecosystem. Its control plane architecture is more complex, but it provides advanced capabilities for managing microservices in a distributed system.

Advice on Istio, Ambassador

Prateek

Mar 14, 2020

Decided

Istio based on powerful Envoy whereas Kong based on Nginx. Istio is K8S native as well it's actively developed when k8s was successfully accepted with production-ready apps whereas Kong slowly migrated to start leveraging K8s. Istio has an inbuilt turn-keyIstio based on powerful Envoy whereas Kong based on Nginx. Istio is K8S native as well it's actively developed when k8s was successfully accepted with production-ready apps whereas Kong slowly migrated to start leveraging K8s. Istio has an inbuilt turn key solution with Rancher whereas Kong completely lacks here. Traffic distribution in Istio can be done via canary, a/b, shadowing, HTTP headers, ACL, whitelist whereas in Kong it's limited to canary, ACL, blue-green, proxy caching. Istio has amazing community support which is visible via Github stars or releases when comparing both.

321k views321k

Comments

lyc218

Feb 21, 2020

Needs advice

Envoy proxy is widely adopted in many companies for service mesh proxy, but it utilizes BoringSSL by default. Red Hat OpenShift fork envoy branch with their own OpenSSL support, I wonder any other companies are also using envoy-openssl branch for compatibility? How about AWS App Mesh?

Any input would be much appreciated!

42.7k views42.7k

Comments

Detailed Comparison

Istio	Ambassador
Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes, Mesos, etc.	Map services to arbitrary URLs in a single, declarative YAML file. Configure routes with CORS support, circuit breakers, timeouts, and more. Replace your Kubernetes ingress controller. Route gRPC, WebSockets, or HTTP.
Statistics
GitHub Stars 37.6K	GitHub Stars -
GitHub Forks 8.1K	GitHub Forks -
Stacks 960	Stacks 75
Followers 1.5K	Followers 188
Votes 54	Votes 4
Pros & Cons
Pros 14 Zero code for logging and monitoring 9 Service Mesh 8 Great flexibility 5 Ingress controller 5 Resiliency Cons 17 Performance	Pros 3 Edge-proxy 1 Kubernetes friendly configuration
Integrations
Kubernetes Docker	Kubernetes Envoy Docker gRPC

What are some alternatives to Istio, Ambassador?

Kong

Kong is a scalable, open source API Layer (also known as an API Gateway, or API Middleware). Kong controls layer 4 and 7 traffic and is extended through Plugins, which provide extra functionality and services beyond the core platform.

Amazon API Gateway

Amazon API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management.

Tyk Cloud

Tyk is a leading Open Source API Gateway and Management Platform, featuring an API gateway, analytics, developer portal and dashboard. We power billions of transactions for thousands of innovative organisations.

Azure Service Fabric

Azure Service Fabric is a distributed systems platform that makes it easy to package, deploy, and manage scalable and reliable microservices. Service Fabric addresses the significant challenges in developing and managing cloud apps.

Moleculer

It is a fault tolerant framework. It has built-in load balancer, circuit breaker, retries, timeout and bulkhead features. It is open source and free of charge project.

Express Gateway

A cloud-native microservices gateway completely configurable and extensible through JavaScript/Node.js built for ALL platforms and languages. Enterprise features are FREE thanks to the power of 3K+ ExpressJS battle hardened modules.

ArangoDB Foxx

It is a JavaScript framework for writing data-centric HTTP microservices that run directly inside of ArangoDB.

Dapr

It is a portable, event-driven runtime that makes it easy for developers to build resilient, stateless and stateful microservices that run on the cloud and edge and embraces the diversity of languages and developer frameworks.

Zuul

It is the front door for all requests from devices and websites to the backend of the Netflix streaming application. As an edge service application, It is built to enable dynamic routing, monitoring, resiliency, and security. Routing is an integral part of a microservice architecture.

linkerd

linkerd is an out-of-process network stack for microservices. It functions as a transparent RPC proxy, handling everything needed to make inter-service RPC safe and sane--including load-balancing, service discovery, instrumentation, and routing.