Cilium

11
30
+ 1
0
Istio

485
850
+ 1
39
Add tool

Cilium vs Istio: What are the differences?

Cilium: API-aware networking and security for containers. Open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes; Istio: Open platform to connect, manage, and secure microservices, by Google, IBM, and Lyft. Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes, Mesos, etc.

Cilium can be classified as a tool in the "Security" category, while Istio is grouped under "Microservices Tools".

Istio is an open source tool with 18.5K GitHub stars and 3.1K GitHub forks. Here's a link to Istio's open source repository on GitHub.

Advice on Cilium and Istio
Needs advice
on
Istio
Envoy
and
AWS App Mesh

Envoy proxy is widely adopted in many companies for service mesh proxy, but it utilizes BoringSSL by default. Red Hat OpenShift fork envoy branch with their own OpenSSL support, I wonder any other companies are also using envoy-openssl branch for compatibility? How about AWS App Mesh?

Any input would be much appreciated!

See more
Decisions about Cilium and Istio
Prateek Mittal
Fullstack Engineer| Ruby | React JS | gRPC at Ex Bookmyshow | Furlenco | Shopmatic · | 4 upvotes · 42.3K views
Chose
to add
Istio
and to remove
Traefik
Kong

Istio based on powerful Envoy whereas Kong based on Nginx. Istio is K8S native as well it's actively developed when k8s was successfully accepted with production-ready apps whereas Kong slowly migrated to start leveraging K8s. Istio has an inbuilt turn-keyIstio based on powerful Envoy whereas Kong based on Nginx. Istio is K8S native as well it's actively developed when k8s was successfully accepted with production-ready apps whereas Kong slowly migrated to start leveraging K8s. Istio has an inbuilt turn key solution with Rancher whereas Kong completely lacks here. Traffic distribution in Istio can be done via canary, a/b, shadowing, HTTP headers, ACL, whitelist whereas in Kong it's limited to canary, ACL, blue-green, proxy caching. Istio has amazing community support which is visible via Github stars or releases when comparing both.

See more
Pros of Cilium
Pros of Istio
    No pros available

    Sign up to add or upvote prosMake informed product decisions

    Cons of Cilium
    Cons of Istio
      No cons available

      Sign up to add or upvote consMake informed product decisions

      What is Cilium?

      Open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes.

      What is Istio?

      Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes, Mesos, etc.
      What companies use Cilium?
      What companies use Istio?

      Sign up to get full access to all the companiesMake informed product decisions

      What tools integrate with Cilium?
      What tools integrate with Istio?

      Sign up to get full access to all the tool integrationsMake informed product decisions

      What are some alternatives to Cilium and Istio?
      Weave
      Weave can traverse firewalls and operate in partially connected networks. Traffic can be encrypted, allowing hosts to be connected across an untrusted network. With weave you can easily construct applications consisting of multiple containers, running anywhere.
      Envoy
      Originally built at Lyft, Envoy is a high performance C++ distributed proxy designed for single services and applications, as well as a communication bus and “universal data plane” designed for large microservice “service mesh” architectures.
      linkerd
      linkerd is an out-of-process network stack for microservices. It functions as a transparent RPC proxy, handling everything needed to make inter-service RPC safe and sane--including load-balancing, service discovery, instrumentation, and routing.
      OpenSSL
      It is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.
      Let's Encrypt
      It is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).
      See all alternatives
      Interest over time
      News about Cilium
      More news