No items found.

Making Microservices Easier: Celebrating Istio Ambient Mesh's First Birthday

September 7, 2023
Lin Sun

One year ago today, Ambient mesh, a brainchild of collaboration between software giants, emerged as a solution to one of the most pressing concerns in microservices architecture – simplifying the management of the intricate network of interactions between services. As we celebrate its first birthday, it’s a fitting time to explore the significance of this technology, its impact on the world of software development, and the path it’s paving for the future.

As a top contributor to the Istio codebase and prominent participant on the Istio Technical Oversight Committee (3 of 6 seats), Solo has invested significantly in the development, direction and the success of the Istio project, as well as with the development of Ambient mesh over the past year. The contribution of Ambient mesh was the culmination of nearly a year of engineering effort that began within Solo.io, and merged together with Google engineering as we discovered that we were both working towards similar goals for Istio. The Solo team played a significant role in all aspects of the project, with a specific focus on areas of architectural flexibility, security, and performance testing. Now that the code is available to the Istio community, we’re excited to see how this new architectural option for the Istio data plane evolves.

A Year of Transformation

Ambient mesh was launched on September 7th, 2022, introducing a new Istio data plane mode without sidecars that’s designed for simplified operations, broader application compatibility, and reduced infrastructure cost. Ambient splits Istio’s functionality into two distinct layers: the zero trust secure overlay layer, and optional Layer 7 processing layer. Compared with sidecars, this innovative layered approach allows users to easily adopt Istio incrementally, from no mesh, to the secure overlay, to full L7 processing as needed. This gives service mesh users two outstanding options from the same dedicated community: Istio with a sidecar model approach, or sidecarless Ambient mesh.

Ambient mesh offers a streamlined way to get up and running with Istio. Over the past year, a number of enhancements and features in Ambient mesh have been added to the list of what’s possible with Istio. Check out the Istio 1.19.0 release notes to see a few of the new Ambient mesh features the Istio community has focused on developing. In this post, we’ll also highlight some of the ways that Ambient mesh brings benefits to service mesh users.

Simplicity and Ease of Use

One of the primary goals of Ambient mesh is to simplify the adoption and management of service meshes: it streamlines the configuration and deployment processes, making it more approachable and much easier to use for developers and operators alike. Adding your applications to Ambient mesh is as simple as labeling a namespace, and there is no need to restart your application when there is a CVE from Envoy or Istio.

Performance Optimization and Cost Savings

Ambient mesh was designed to reduce the service mesh infrastructure resources typically associated with sidecars. This minimizes resource requirements for users in their Kubernetes clusters, saving you money. Ambient mesh leverages a new architecture that separates the responsibilities of zero-trust networking and Layer 7 policy handling. This is done with two new components in Istio: ztunnels and waypoint proxies, which work in tandem to replace sidecars found in the standard Istio service mesh implementation, delivering significant reduction in overhead.

Broader Application Support

Thanks to its layered infrastructural approach, Ambient mesh works seamlessly with all types of workloads; pods, jobs, databases, VMs and more, making applications onboard transparently, hence the name “ambient”.

Enhanced Security

Ambient mesh comes out of the box with innovative security that easily adapts to modern application requirements, delivering a modern approach to zero-trust security that achieves important compliance requirements. Building on the core functionality available in Istio, Ambient uses the purpose-built ztunnel per node for mTLS and cryptographic secure identities which drastically reduces the attack surface.

All the Benefits of the Istio Community

As part of the Istio project, we take great pride in the remarkable journey of Istio and Ambient mesh. For the past year, the community has observed tremendous growth in terms of number of contributing companies and contributors. Recall that Istio had 500+ contributors from 300+ companies when Istio turned three years old? Istio now has 1,200+ contributors from 340+ companies for the past year. It’s very exciting to be part of this community, and to develop technologies such as Ambient mesh with its contributors, maintainers, and leaders.

The Wider Implications

Ambient mesh’s success extends beyond its own features, setting the stage for broader implications in the cloud native world:

  • Industry-Wide Inspiration: The success of projects like Ambient mesh inspire the industry to rethink how microservices are managed, encouraging other developers and organizations to strive for innovative solutions that simplify complex architectures.
  • Fostering Collaboration: Ambient mesh’s open-source nature fosters collaboration and knowledge-sharing among developers, leading to the creation of a supportive community that drives the evolution of the technology.
  • A Glimpse into the Future: Ambient mesh’s capabilities provide a glimpse into the future of software development, where intelligent automation and seamless orchestration enable developers to focus on innovation rather than grappling with intricate technicalities.

Smooth Sailing Ahead

For a mature project like Istio, it’s remarkable to see the pace of innovation it continues to drive. Ambient mesh’s new sidecar-less architecture that takes a no-compromise approach to zero-trust yet delivers huge resource cost savings and a delightful operational experience. Seeing Istio graduate in the CNCF ecosystem in July of 2023 further validates that Istio and the Istio community are truly driving the future of service mesh technology.

In addition to contributing innovations like Ambient mesh, Solo has brought commercial products (Gloo Gateway and Gloo Mesh) with additional enterprise hardening and support to the market to further introduce Istio and all of its benefits to the world.

As Ambient mesh marks its first year, the journey ahead holds great promise. Continued collaboration, integration with cloud native technologies, and a focus on further enhancing performance, security, and ease of use will be pivotal. With the growing adoption of microservices architecture, both Istio as well as Ambient mesh’s influence is set to expand, shaping the way applications are developed, deployed, and maintained in the years to come. Ambient mesh’s first birthday is not only a celebration of a groundbreaking technology but also a testament to the innovative spirit that drives the evolution of software development. As we look back on its achievements, we eagerly anticipate the contributions it will make to the ever-changing world of microservices.

To learn more about getting started with Ambient mesh, check out these resources:

Cloud connectivity done right