Istio vs Kuma

Overview

Istio

Stacks2.3K

Followers1.5K

Votes54

GitHub Stars37.6K

Forks8.1K

Kuma

Stacks16

Followers95

Votes0

GitHub Stars2.3K

Forks169

Istio vs Kuma: What are the differences?

Introduction

Istio and Kuma are both service mesh platforms that provide network observability, security, and control for microservices architectures. Although they have similar functionalities, there are key differences between the two.

Deployment Approach: Istio is designed as a sidecar proxy model, where a dedicated envoy proxy is deployed alongside each service to manage the network traffic. On the other hand, Kuma provides a more flexible deployment approach by offering a data plane that can be integrated as a sidecar or as a standalone proxy.
Supported Environments: Istio is primarily focused on containerized environments and Kubernetes orchestration. It provides pre-built integrations with popular container platforms and works smoothly in the Kubernetes ecosystem. In contrast, Kuma is more agnostic and can be deployed in any cloud environment, virtual machines, or bare-metal servers without any specific Kubernetes dependency.
Control Plane Architecture: Istio has a centralized control plane architecture, where it uses the Pilot component to manage and distribute configurations to the sidecar proxies. Kuma, on the other hand, adopts a decentralized control plane architecture by using a multizone replicated control plane. This allows Kuma to be more resilient and scalable in managing multiple data plane instances spread across different clusters or regions.
Traffic Routing: Istio provides a rich set of traffic routing rules, allowing users to configure advanced routing policies like blue/green deployments, canary releases, and more. Kuma, although still under active development, currently focuses on simple traffic routing rules and policies like round-robin load balancing and path-based routing.
Policy Enforcement: Istio incorporates a robust policy framework that enables fine-grained access control, quota management, and request authentication. It supports JWT, OAuth, and other common authentication mechanisms. Kuma also provides security policies for fine-grained access control and traffic permissions, but it currently does not support as many authentication mechanisms as Istio.
Community Support: Istio has gained a large and active community since its initial launch, making it more mature and well-documented. It benefits from its association with the CNCF (Cloud Native Computing Foundation) and has a wide range of contributors and active development. Kuma, being a relatively newer project, has a smaller community compared to Istio but is rapidly growing and attracting attention due to its simplicity and flexible deployment options.

In summary, Istio and Kuma are both service mesh platforms, but they differ in their deployment approach, supported environments, control plane architecture, traffic routing capabilities, policy enforcement mechanisms, and community support.

Share your Stack

Help developers discover the tools you use. Get visibility for your team's tech choices and contribute to the community's knowledge.

View Docs

CLI (Node.js)

Manual

Advice on Istio, Kuma

Prateek

Mar 14, 2020

Decided

Istio based on powerful Envoy whereas Kong based on Nginx. Istio is K8S native as well it's actively developed when k8s was successfully accepted with production-ready apps whereas Kong slowly migrated to start leveraging K8s. Istio has an inbuilt turn-keyIstio based on powerful Envoy whereas Kong based on Nginx. Istio is K8S native as well it's actively developed when k8s was successfully accepted with production-ready apps whereas Kong slowly migrated to start leveraging K8s. Istio has an inbuilt turn key solution with Rancher whereas Kong completely lacks here. Traffic distribution in Istio can be done via canary, a/b, shadowing, HTTP headers, ACL, whitelist whereas in Kong it's limited to canary, ACL, blue-green, proxy caching. Istio has amazing community support which is visible via Github stars or releases when comparing both.

322k views322k

Comments

Mohammed

CTO at Famcare

Jan 16, 2020

Needs advice

One of our applications is currently migrating to AWS, and we need to make a decision between using AWS API Gateway with AWS App Mesh, or Kong API Gateway with Kuma.

Some people advise us to benefit from AWS managed services, while others raise the vendor lock issue. So, I need your advice on that, and if there is any other important factor rather than vendor locking that I must take into consideration.

38.8k views38.8k

Comments

lyc218

Feb 21, 2020

Needs advice

Envoy proxy is widely adopted in many companies for service mesh proxy, but it utilizes BoringSSL by default. Red Hat OpenShift fork envoy branch with their own OpenSSL support, I wonder any other companies are also using envoy-openssl branch for compatibility? How about AWS App Mesh?

Any input would be much appreciated!

42.8k views42.8k

Comments

Detailed Comparison

Istio	Kuma
Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes, Mesos, etc.	It is a universal open source control-plane for Service Mesh and Microservices that can run and be operated natively across both Kubernetes and VM environments, in order to be easily adopted by every team in the organization.
-	Universal Control Plane; Lightweight Data Plane; Automatic; Multi-Tenancy; Network Security; Traffic Segmentation: With flexible ACL rules
Statistics
GitHub Stars 37.6K	GitHub Stars 2.3K
GitHub Forks 8.1K	GitHub Forks 169
Stacks 2.3K	Stacks 16
Followers 1.5K	Followers 95
Votes 54	Votes 0
Pros & Cons
Pros 14 Zero code for logging and monitoring 9 Service Mesh 8 Great flexibility 5 Powerful authorization mechanisms 5 Ingress controller Cons 17 Performance	No community feedback yet
Integrations
Kubernetes Docker	YAML CentOS Kubernetes PostgreSQL Red Hat Enterprise Linux (RHEL) macOS Debian Ubuntu

What are some alternatives to Istio, Kuma?

Azure Service Fabric

Azure Service Fabric is a distributed systems platform that makes it easy to package, deploy, and manage scalable and reliable microservices. Service Fabric addresses the significant challenges in developing and managing cloud apps.

Moleculer

It is a fault tolerant framework. It has built-in load balancer, circuit breaker, retries, timeout and bulkhead features. It is open source and free of charge project.

Express Gateway

A cloud-native microservices gateway completely configurable and extensible through JavaScript/Node.js built for ALL platforms and languages. Enterprise features are FREE thanks to the power of 3K+ ExpressJS battle hardened modules.

ArangoDB Foxx

It is a JavaScript framework for writing data-centric HTTP microservices that run directly inside of ArangoDB.

Dapr

It is a portable, event-driven runtime that makes it easy for developers to build resilient, stateless and stateful microservices that run on the cloud and edge and embraces the diversity of languages and developer frameworks.

Zuul

It is the front door for all requests from devices and websites to the backend of the Netflix streaming application. As an edge service application, It is built to enable dynamic routing, monitoring, resiliency, and security. Routing is an integral part of a microservice architecture.

linkerd

linkerd is an out-of-process network stack for microservices. It functions as a transparent RPC proxy, handling everything needed to make inter-service RPC safe and sane--including load-balancing, service discovery, instrumentation, and routing.

Jersey

It is open source, production quality, framework for developing RESTful Web Services in Java that provides support for JAX-RS APIs and serves as a JAX-RS (JSR 311 & JSR 339) Reference Implementation. It provides it’s own API that extend the JAX-RS toolkit with additional features and utilities to further simplify RESTful service and client development.

Ocelot

It is aimed at people using .NET running a micro services / service oriented architecture that need a unified point of entry into their system. However it will work with anything that speaks HTTP and run on any platform that ASP.NET Core supports. It manipulates the HttpRequest object into a state specified by its configuration until it reaches a request builder middleware where it creates a HttpRequestMessage object which is used to make a request to a downstream service.

Micro

Micro is a framework for cloud native development. Micro addresses the key requirements for building cloud native services. It leverages the microservices architecture pattern and provides a set of services which act as the building blocks

Related Comparisons

Istio vs Kuma: What are the differences?

Introduction

Deployment Approach: Istio is designed as a sidecar proxy model, where a dedicated envoy proxy is deployed alongside each service to manage the network traffic. On the other hand, Kuma provides a more flexible deployment approach by offering a data plane that can be integrated as a sidecar or as a standalone proxy.
Supported Environments: Istio is primarily focused on containerized environments and Kubernetes orchestration. It provides pre-built integrations with popular container platforms and works smoothly in the Kubernetes ecosystem. In contrast, Kuma is more agnostic and can be deployed in any cloud environment, virtual machines, or bare-metal servers without any specific Kubernetes dependency.
Control Plane Architecture: Istio has a centralized control plane architecture, where it uses the Pilot component to manage and distribute configurations to the sidecar proxies. Kuma, on the other hand, adopts a decentralized control plane architecture by using a multizone replicated control plane. This allows Kuma to be more resilient and scalable in managing multiple data plane instances spread across different clusters or regions.
Traffic Routing: Istio provides a rich set of traffic routing rules, allowing users to configure advanced routing policies like blue/green deployments, canary releases, and more. Kuma, although still under active development, currently focuses on simple traffic routing rules and policies like round-robin load balancing and path-based routing.
Policy Enforcement: Istio incorporates a robust policy framework that enables fine-grained access control, quota management, and request authentication. It supports JWT, OAuth, and other common authentication mechanisms. Kuma also provides security policies for fine-grained access control and traffic permissions, but it currently does not support as many authentication mechanisms as Istio.
Community Support: Istio has gained a large and active community since its initial launch, making it more mature and well-documented. It benefits from its association with the CNCF (Cloud Native Computing Foundation) and has a wide range of contributors and active development. Kuma, being a relatively newer project, has a smaller community compared to Istio but is rapidly growing and attracting attention due to its simplicity and flexible deployment options.

Istio vs Kuma

Overview

Istio vs Kuma: What are the differences?