Day Two Cloud 173: Istio Ambient Mesh Minimizes Sidecar Proxies

The Everything Feed - All Packet Pushers Pods - A podcast by Packet Pushers

Categories:

Today on Day Two Cloud we examine Istio Ambient Mesh, a new option for building service meshes in a microservices environment. Istio Ambient Mesh essentially brings the concept of a load balancer to a group of containers. Rather than run a sidecar proxy for each pod or container, you can run Ambient Mesh per node. Our guest and guide to this open source project is Christian Posta, Global Field CTO at Solo.io. We discuss: * Differences between Istio and Istio Ambient Mesh * Drawbacks of the sidecar proxy model * The architecture of Istio Ambient Mesh * Security and network processing * Concerns such as noisy neighbors and latency * Hybrid deployments with and without sidecars * More Sponsor: Kolide Kolide is an endpoint security solution that helps your end users solve security problems themselves. They get smarter about security and you get more compliant computing. Find out more at kolide.com/daytwocloud. Show Links: Introducing Istio Ambient Mesh – solo.io Introducing Ambient Mesh – istio.io Get Started with Istio Ambient Mesh – istio.io Ambient Mesh Security Deep Dive – istio.io Blog.christianposta.com – Christian’s blog @christianposta – Christian on Twitter Transcript: [00:00:00] Ethan: Sponsor Kolide is an end point security solution that helps your end users solve their security problems themselves. They get smarter about security and you get more compliant computing. Find out [email protected]. Slash daytwo. Cloud. That’s Kolide.com. Slash day two. Cloud. [00:00:25] Ned: Welcome to day two. Cloud. Today we are delving back into the world of service mesh and this time we are exploring istio and their ambient mesh. What does that mean? Well, good thing we have somebody very awesome to help us guide us through the process. It’s Christian. Posta the global field CTO from Solo IO. Ethan, what jumped out at you about the conversation? [00:00:50] Ethan: That although we get our heads all wrapped around terminology and what is a sidecar? And how do proxies work in the Kubernetes world? At the end of the day, folks, that have been around the industry for a while and know how load balancers work. If you start with that as kind of your architectural grounding, you can map that knowledge onto this world. And even more so with ambient because we’re kind of killing the sidecar. Ned. [00:01:12] Ned: Yeah, it might be that it’s death is nigh and that’s what we’re leaning into in this episode. So enjoy our episode with Christian Posta. Christian, welcome to the show. We’re excited to have you here to chat about istio ambient mesh, which I have to admit, first props, that’s a pretty good name. I don’t know how much input you had in it, but I know naming is hard, man, and you nailed it on the ambient mesh. Can you give us the 10,000 foot view of what istio ambient mesh is all about? [00:01:45] Christian: Yeah, absolutely. And first of all, thank you for having me. Happy to talk about this.

Visit the podcast's native language site