Need advice about which tool to choose?Ask the StackShare community!

Cilium

16
38
+ 1
0
Istio

624
1.1K
+ 1
42
Add tool

Cilium vs Istio: What are the differences?

Cilium: API-aware networking and security for containers. Open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes; Istio: Open platform to connect, manage, and secure microservices, by Google, IBM, and Lyft. Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes, Mesos, etc.

Cilium can be classified as a tool in the "Security" category, while Istio is grouped under "Microservices Tools".

Istio is an open source tool with 18.5K GitHub stars and 3.1K GitHub forks. Here's a link to Istio's open source repository on GitHub.

Decisions about Cilium and Istio
Prateek Mittal
Fullstack Engineer| Ruby | React JS | gRPC at Ex Bookmyshow | Furlenco | Shopmatic · | 4 upvotes · 138.7K views

Istio based on powerful Envoy whereas Kong based on Nginx. Istio is K8S native as well it's actively developed when k8s was successfully accepted with production-ready apps whereas Kong slowly migrated to start leveraging K8s. Istio has an inbuilt turn-keyIstio based on powerful Envoy whereas Kong based on Nginx. Istio is K8S native as well it's actively developed when k8s was successfully accepted with production-ready apps whereas Kong slowly migrated to start leveraging K8s. Istio has an inbuilt turn key solution with Rancher whereas Kong completely lacks here. Traffic distribution in Istio can be done via canary, a/b, shadowing, HTTP headers, ACL, whitelist whereas in Kong it's limited to canary, ACL, blue-green, proxy caching. Istio has amazing community support which is visible via Github stars or releases when comparing both.

See more
Get Advice from developers at your company using Private StackShare. Sign up for Private StackShare.
Learn More
Pros of Cilium
Pros of Istio
    Be the first to leave a pro
    • 11
      Zero code for logging and monitoring
    • 8
      Service Mesh
    • 7
      Great flexibility
    • 4
      Ingress controller
    • 3
      Resiliency
    • 3
      Easy integration with Kubernetes and Docker
    • 3
      Full Security
    • 3
      Powerful authorization mechanisms

    Sign up to add or upvote prosMake informed product decisions

    Cons of Cilium
    Cons of Istio
      Be the first to leave a con
      • 10
        Performance

      Sign up to add or upvote consMake informed product decisions

      What is Cilium?

      Open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes.

      What is Istio?

      Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes, Mesos, etc.

      Need advice about which tool to choose?Ask the StackShare community!

      Jobs that mention Cilium and Istio as a desired skillset
      What companies use Cilium?
      What companies use Istio?
      See which teams inside your own company are using Cilium or Istio.
      Sign up for Private StackShareLearn More

      Sign up to get full access to all the companiesMake informed product decisions

      What tools integrate with Cilium?
      What tools integrate with Istio?

      Sign up to get full access to all the tool integrationsMake informed product decisions

      What are some alternatives to Cilium and Istio?
      Weave
      Weave can traverse firewalls and operate in partially connected networks. Traffic can be encrypted, allowing hosts to be connected across an untrusted network. With weave you can easily construct applications consisting of multiple containers, running anywhere.
      Envoy
      Originally built at Lyft, Envoy is a high performance C++ distributed proxy designed for single services and applications, as well as a communication bus and “universal data plane” designed for large microservice “service mesh” architectures.
      linkerd
      linkerd is an out-of-process network stack for microservices. It functions as a transparent RPC proxy, handling everything needed to make inter-service RPC safe and sane--including load-balancing, service discovery, instrumentation, and routing.
      OpenSSL
      It is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.
      Let's Encrypt
      It is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).
      See all alternatives