Istio Reviews

My main use case for Istio is for monitoring, from the security aspect of all the application stores to Jagers, at some point working with Kubernetes in some other aspect of the cloud security, including AWS, Microsoft, Azure, Google Cloud, to name a few.

Istio helps with monitoring security across those cloud providers, and it is combined with not just monitoring but is vital for every aspect of your applications, contributing to all the connectivity and the mesh we call it, and is vital for everything that you want to monitor for all of them.

I have additional aspects to add about my main use case with Istio, including workflow, policy, risk, analytics, identity, and governance.

The best features Istio offers in my experience stand out because my job requires me to look for and use this type of tool, and this fits what I'm looking for, not just because it's free, not just because of the monitoring side, but simply because a lot of what pertains to my project is useful for Istio.

One of the good things about the features is that due to the nature of the tool, it is really good for enterprise projects, and it can be helpful for every company.

Istio has positively impacted my organization by helping our architecture design and development, and we use this as a mesh, applying it for every single application and using those components, which is helping our company and our clients to do many different aspects for all the use of Istio.

The positive changes include improvements in efficiency, and while I think the free aspect is good, it's crucial to be aware that sometimes cost will give you a good way for your needs, meaning it pays off for everything that you need for your project or whatever necessary features or solutions you are looking for.

I have been using Istio for at least eight to nine years.

Istio helps significantly because my experience before was totally different than with this tool, as I have already handled and had experience with other tools, regardless of what monitoring we're talking about, from SIEM to Splunk and different tools out there in the market. Istio is totally different because it works with Kubernetes and integrates well with many other cloud-based types we're discussing in the market.

Istio has been stable in my experience. Although we had a little bit of a problem while learning initially, there was much to learn, but after that, we managed to get everything working properly.

The scalability of Istio is all right.

I have no problem with customer support because the guide itself is really good.

Positive

I previously used different solutions before Istio, including attempts with Splunk and various different security providers.

I have seen a return on investment from using Istio. At first, I didn't see significant savings, but in the end, I realized that I didn't need as many tools since Istio already contains many aspects and features, which saved me a lot of time and probably money. The most important part is that using different tools and integrations usually doesn't save much energy, and I'm not just talking about money here, but generally.

My experience with pricing, setup cost, and licensing includes being the one who first and foremost does the trial, integration, and architecture design along with the training, and in costing, I take responsibility for that.

Before choosing Istio, I did evaluate some other options, but I can't recall all of them. I learned that whatever Istio gave me is something I stuck with and kept working on.

My advice for others looking into using Istio is to see for themselves. They can try and see for themselves because I don't want to just provide a review. It's my experience, and my job is to find the best tools we can use, which may not always be perfect, but this one can be vital for you all, and you have to try and see for yourself.

On a scale of 1-10, I rate Istio a 9.

When our developers are building the microservices, instead of imposing additional burdens or additional thinking on them, especially as part of network features such as traffic management, security, or observability, we deploy something from the infrastructure side, so developers need only focus on the business logic. 

We handle cases that include security, traceability, and traffic management. Features like traffic splitting, fault injection, and retry are possible with Istio.

Istio provides tremendous value, particularly in offering TLS and authentication over microservice-to-microservice communication. This improves security and traceability. It's significant for performance and operational consistency.

The security feature with mutual TLS authentication, which is identity-based, and the traffic management using cloud load balancers are very valuable. Istio's advanced traffic routing for Canary or Bluegreen deployments using the virtual service component is highly beneficial.

At the moment, there are no immediate improvements needed. Reducing the latency between the control plane and the data plane would be beneficial.

We've been using Istio for the past five to seven years.

Stability is critical in production environments. The architecture, configuration, and resource management can impact stability. Proper allocation of resources and configuring CPU and memory are essential to ensure stability.

Scalability involves deploying the proxy into the ports, which is critical. Control plane scalability and data plane scalability are the two important considerations. Handling large-scale environments with proxies can strain resources, but horizontal scaling can improve fault tolerance.

I've connected with them a couple of times, and it was very supportive.

Positive

We started with Istio directly. We evaluated Linkerd, which is an alternative but didn't support complex routing rules or multicluster deployments well. Another option was Traefik Mesh, but it did not excel in advanced traffic management and observability compared to Istio.

I didn't face any challenges, particularly because I'm familiar with Helm. However, for a new person, there might be challenges due to the multiple components in Istio. The Istio operator simplifies the installation on Kubernetes clusters.

I can handle it on my own. However, multiple teams should coordinate to handle integrated system deployments.

Using Istio in a banking environment provides excellent value by ensuring secure microservice communication and minimizing performance issues through traceability and other observability features.

Istio itself is open-source, but using it involves infrastructure costs due to CPU and memory allocation. Integration with observability tools like Prometheus, Grafana, and Elasticsearch incurs additional costs.

We evaluated Linkerd and Traefik Mesh. We chose Istio for its superior capabilities in complex environments and observability.

New users should first understand Istio's architecture, and have proper Kubernetes knowledge. They should utilize all of Istio's features effectively and plan resource allocation carefully, especially for large-scale microservice deployments.

I'd rate the solution eight out of ten.

I primarily use Istio to communicate securely between different services. In Kubernetes, if I am not using Istio, applications would directly communicate with application pod containers. I wanted to ensure secure communication, so I deployed Istio as a sidecar container. When traffic arrives, it first goes to the sidecar container before reaching the application, ensuring security.

What I find particularly valuable about Istio is that it is free of cost. Compared to other technologies, Istio provides excellent documentation and support, allowing for easy troubleshooting. They also have a community tab. Additionally, the features that Istio provides, notably for free, are robust in terms of reliability and support.

I do not see much room for improvement in Istio for my project as it currently fits my needs perfectly. It would be beneficial if Istio offered paid support options, similar to AWS's enterprise support, to quickly resolve issues that might affect production.

I have used the solution for about two and a half years.

I rate the stability of Istio as an eight or nine out of ten. I encountered a 500 error long ago, but I managed to fix it. Day-to-day development issues are more common but are related to application development rather than Istio itself.

I use AWS EKS with a cluster autoscaler, enabling automatic scaling based on load. I also set restrictions at the pod node level to manage the scaling up and down efficiently. Therefore, I do not have concerns regarding scalability.

Istio's support is satisfactory with community-based assistance. Responses are often received within 24 hours, which is fair given the free nature of the service. A paid support option could be beneficial.

Neutral

I previously considered another tool, however, I cannot recall the name. After comparing, I decided Istio was better suited for my needs.

The initial setup is easy. I use the Istio operator to deploy and integrate everything. While not everyone can deploy it without some knowledge, following the documentation, my team can manage it easily.

I utilize Argo CD for deployment, which updates from GitHub automatically. This makes the deployment process efficient, requiring minimal manual intervention.

Initially, I evaluated another tool, whose name I don't remember. I opted for Istio after evaluating its features and cost-effectiveness.

I recommend Istio to others. Pricing is an important consideration, and Istio offers robust features at no cost. It's important to ensure that the tool can handle production-level requirements. I would suggest Istio as it effectively provides the necessary features. 

I rate the overall solution as an eight out of ten.

I use Istio to manage traffic flow within my microservices architecture, particularly for the data and control plane components. It includes telemetry capabilities that I mentioned before. Istio provides important features like Service Discovery for service-to-service communication, which helps services interact. 

We can implement load balancing to distribute traffic across multiple service instances. Istio also offers traffic routing capabilities and circuit-breaking functionality. For security, it handles authentication using mutual TLS (mTLS) between services. It can authorize services using JWT tokens. Istio also allows defining policies for rate limiting to control traffic within services.

I use network collection to see error rates and resource utilization. Prometheus is a popular monitoring system I use for queries. I also use distributed tracing. For logging, I centralize and capture logs from all services.

I've used Splunk for log analysis and querying. With Splunk, I can create command-line queries to search and index large amounts of data in enterprise environments. This allows me to monitor user behavior, like detecting unusual data transfers (e.g., downloads or uploads over 20-25 MB) that could indicate potential security issues.

I can create automated queries to capture and analyze user activities across different locations and systems. This helps identify any concerning or "underground" behavior that could harm the company. The observability features let me automate the monitoring of the entire system and get insights into service and user activities.

Integration is generally possible with different systems, but understanding the specific components is needed. For example, integrating Splunk with AWS may require agents, plugins, or APIs. You have to research and understand these requirements.

I had a project using Okta for identity and access management with a SaaS application. We faced challenges connecting it to the browser using SAML protocol. We didn't initially realize we needed PKI. This shows how you need to understand all the "ingredients" or components required for integration.

Based on my experience, the solution could be improved. They could simplify the learning process so that users can understand how its features work together, especially with components like Kibana. Learning about the different components is necessary. For instance, you need to understand the traffic flow, potential bottlenecks, and the architecture within Istio.

Scalability largely depends on the system's design. Identifying and addressing design and service setup bottlenecks is crucial for effective scaling. Istio supports various scaling mechanisms, including load balancers, auto-scaling, caching, and asynchronous processes.

However, challenges can arise, such as performance issues or validation problems, that require attention.

I provide support to their technical team. I make and provide various types of evaluations. I offer whatever support I can bring to them. I also share my experiences, which they find very important. Everything is documented, and I give references if they need them. I provide all these materials.

I manage any issues, tracking, or jobs that must be handled. I offer professional support for the organization, clients, providers, and partners and ensure a good response and support for all of them. I also share the previous cycle releases and publications with the group.

Positive

The initial setup can be easy if you understand the tools involved, particularly Kubernetes. The process involves using command-line interfaces, and familiarity with these commands is crucial. The setup can be straightforward if you know how to use the command line effectively and have a clear reference or guide.

However, it can be more challenging if you're not familiar with the command line or the specifics of Kubernetes and Istio.

Having detailed notes or references and learning from experienced colleagues or developers can greatly help. Even with a skilled team, dealing with changes or upgrades in versions might require adjustments.

I worked on a project involving over 500,000 users worldwide. I had to create policies and roles for these users. My boss warned me to be careful based on a previous employee's mistake: They accidentally gave a user access they shouldn't have had.

To avoid issues, I tested the policies thoroughly. I tested them with my boss and managers in different regions, such as the United States, Europe, and Asia. I looked at each user's email address and location to group them by country. I sorted users from the Philippines, China, Thailand, India, Germany, Australia, and the UK. For the US, I separated users into east and west regions.

I made sure each policy matched the specific country, user type, and position. This careful sorting was crucial to prevent problems. Thankfully, I didn't encounter any issues. I kept checking to ensure everything was correct because the roles and policies were very important.

Some people use Istio for this kind of work. When I finished, my boss didn't point out any mistakes and said I did a good job.

I recommend Istio. It's a tool that puts many people months ahead. In interviews, I've explained Istio to people who weren't familiar with it, and they liked the idea.

I once had clients in Asia, specifically China, who asked about identity access management. At that time, I proposed SharePoint because it was really good, as IBM wasn't there yet. I preferred SharePoint because it has a unified governance platform. This includes ubiquity, risk factors, analytics, policy, roles, and governance processes.

Understanding compliance for different verticals, such as healthcare, Hyperion, CSM, and others, is important. You need to know about SOX, SOC 2, and SOX 404 for enterprises. Understanding cloud auditing, IPMs integration, and different ISO standards like 27001 to 27035 is crucial. You must also know about FISMA, PCI for banking systems, and NIST standards.

These are widely used because of compliance and governance requirements in specific areas we're engaged with, like Secure Health Care and HIPAA. I rate the overall product a nine out of ten. 

I mostly work with Kubernetes in Google Cloud, and I use Istio to get better control over the network layer in my Kubernetes cluster. Kubernetes manages the containers, making sure they stay up and running and doing what they're supposed to do, while Istio manages the communication between them.

Istio's service-to-service communication features are good. For example, if you're trying to set up a zero-trust environment where all your service-to-service interactions are authenticated and possibly encrypted, that's something that Istio can help with. It can also add a lot of extra telemetry information, so you can see what kind of latencies you're getting and ensure that communications are encrypted the way they're supposed to be. That's all stuff Istio can do.

I like the telemetry it gives you. I like the easy traffic management capabilities it offers. If you want to do a canary test, for example, it makes it really easy to do that where normal Kubernetes does not. Kubernetes has always been primarily a container orchestration technology. 

So, it's really good at making sure the containers are running and running where they're supposed to be, but it's never been super concerned with the communication between containers and between containers and the outside world. So, giving me better control over security and telemetry - the observability coming out - those are all key features, I think.

The security features, like mutual TLS, helped with security posture. In a normal Kubernetes cluster, the communication between the pods in the cluster is clear text except where it jumps between nodes. So, the industry is moving towards larger, more multi-tenant sorts of environments. And if you're at some organization like Deloitte and you're trying to build larger multipurpose clusters where you might have different levels of security on your workloads in the same cluster, being able to get things like mutual TLS, being able to get better network restrictions on which pods can talk to which pods, that's all key as you move towards larger clusters.

Istio is in the middle of a big evolution. We're about to go to a proxyless version of Istio. So Istio is about to drastically change the way it works. They've been talking about it for the last year or two, but they're just about to roll out their big shift, and they're going to move away from the Envoy proxy, which has been the cornerstone of Istio since its inception. So it'll be interesting to see how that works and the pros and cons that come with that.

There's a certain amount of overhead that comes with Istio. So, if you're in really, really high-volume workloads, you might be concerned with the overhead that this middle layer adds. Because, Istio is essentially operating as a middle layer, and every communication goes from the origin to Istio to the destination, and maybe Istio on that end and then to the real destination. So you have a certain amount of overhead that Istio adds. 

I've seen applications where they had such strict time constraints, they couldn't use Istio because it was too much overhead. Now, again, the normal amount of overhead we're talking about here is fractions of a second. So it's not like it's a tremendous amount of overhead. But if you're doing it enough, that can add up.

I think the biggest challenges with Istio are probably just learning how to use it properly. There's a lot of adjustments, a lot of knobs to tune. So you have to know how to configure it properly. And then, you also have to understand that it's giving you a lot of good benefits. But in addition to some configuration overhead, there's also going to be some performance overhead that Istio adds in, just not a lot.

And it'll be interesting to see with the shift towards a proxyless version of Istio. I've seen a lot of changes recently in the way Kubernetes communicates internally. So as Kubernetes shifts towards a new data plane communication and as Istio shifts to keep up with that, it'll be interesting to see if Istio gets more performant or is it more important or less important as Kubernetes continues to evolve?

I have been using it for a little bit more than five years.

Personally, I don't know that I've run into any major issues with Istio. I've heard about Istio having challenges. Our number one problem with Istio tends to be misconfiguration. For example, somebody misconfigures something. 

I do a lot of training, and I help people set this stuff up. And so it's not unusual, especially when they're first setting things up, that they don't quite have things set up correctly. And maybe it'll interrupt a running workload because they didn't quite configure Istio properly. But, most of that is kinda normal growing pains into a new technology. But once Istio is set up, it's pretty bulletproof.

Overall, I would rate the stability a nine out of ten because it's awfully hard for me on a ten-point scale to go all the way to ten. There's always room for improvement. 

It's a pretty good tool. It does a pretty good job.

It scales pretty well. I do a lot of work in Google Cloud. In Google Cloud, they have a managed Istio control plane. So, the way Google addresses some of the scalability issues in Istio is by moving the Istio control plane out of the Kubernetes cluster and into Google Cloud, and that helps with the scale issues. Istio is a workload just like anything else. If you're going with the traditional Istio setup where your Istio control plane is inside the Kubernetes cluster, then, as your cluster gets bigger and bigger, it's taking on more and more work. 

So, I don't know about limitations, but it's not really something that we have to be aware of. We can't just look at the overhead of our workloads; we have to look at the overhead of running Istio as well. So, Istio scales pretty well. But, again most of my stuff - Google's done some things to help me scale it, and that makes it a little bit more painless for me.

Overall, I would rate the scalability an eight out of ten. 

One nice thing about it being well-used is that it is well-documented online. So when I run into big problems, usually I wasn't the first. I had an issue a couple of times setting up something that was super, super new, and I couldn't quite get it set up right. But I never contacted support. 

I usually just thought, "Okay. Well, maybe this new thing is not quite ready for prime time yet. Let me hold off a little while, and we'll try it a little bit later."

The initial setup is pretty straightforward. It's also very well documented. Istio is open source, and since it's very popular - it's the most popular service mesh - it's very widely used. So there's a lot of good documentation out there. And, I don't think that initial setup is necessarily difficult. 

There's a lot of options on how exactly you put it together. 

• Are you using a single cluster? 
• Are you using multiple clusters? 
• How is your network set up before you get to Istio? 

So there's a good deal of options on how you set it up. But, it's not difficult to set up.

I don't know about prior experience or if it's easy to use. It's a matter of learning how to do the configurations. It's not that it's super difficult; it's more tedious than difficult to set up. You have to learn how to do the configurations, and it's very flexible, but with flexibility comes a certain amount of configuration and management overhead. 

So, having some sort of GitOps to help manage some of your Istio config files is useful. Then it's just a matter of learning how to put Istio together. It's nice that it's open-source. Again, a lot of what I do is inside Google Cloud, and Google has a lot of extra features to try to make Istio a little easier and a little bit more manageable. But it is still at its heart, Istio. So there's a fair amount of configuration you have to work and do, but it does what it's supposed to do.

There's some overhead to getting Istio in place, but it's not super, super technically difficult. I've done a lot of multi-cloud, hybrid cloud applications as well. I've done a lot with Google's distributed Anthos product, for example. And, it uses Istio pretty heavily when you're setting up a service mesh that might span multiple locations, maybe even multiple clouds. 

And, again, it might add some more configuration overhead and complexity, but it's still something that is certainly doable.

Istio is all open source. So, everything I do is mostly through Google. I'm probably closer to Google in partnership than I am with Istio directly.

I recommend this product to other people. I do Kubernetes training. I do Istio training for Google. And, it's regular that we recommend it to organizations who, again, are looking for that extra control.

Kubernetes is really good at orchestrating containers. I have a background in development. So if I want to do a canary test in a standard Kubernetes cluster, that's not very easy to do. 

Istio makes all that much easier - traffic splits, percentage traffic splits, doing some sort of chaos testing to see how it works. And the extra observability information I get also means I can get a better view of what exactly is happening inside my Kubernetes workloads, what's happening with my services, how they are interacting, what kind of latencies I'm seeing. Istio makes all that kind of stuff easier to figure out.

Overall, I would rate the solution a nine out of ten.

I was previously an implementation engineer at Solo.io, which offers an enterprise version of Istio. Essentially, the product uses higher-level CRDs to manage the data plane and control plane of Istio. Solo also provides custom images of Istio, like FIPS-enabled versions. 

Most of the use cases I worked on at Solo involved multi-cluster environments with service mesh, which are traditionally difficult to configure. Solo's product made it easier to manage large multi-cluster environments. For some customers, we were dealing with up to a hundred thousand apps in the mesh, or even more.

A lot of the large-scale use cases included outlier detection and failover of backend services across clusters. Mutual TLS (mTLS) was also a very popular use case. Istio simplifies enabling mTLS connections for front-end to back-end services in a microservice environment. 

Typically, customers used the Istio Ingress Gateway as their primary API gateway. We also had many customers who wrote their own Envoy filters for the data plane, with a common use case being integrating a NextAuth gRPC service for redirects to their OIDC providers for front-end services. This was a very common implementation.

There's a new product being worked on, with contributions from the team at Solo.io, called Ambient Mesh.

This is being built into the open-source project. The purpose of Ambient Mesh was to make it more scalable, possibly getting rid of the sidecars on services to lower latency. Does it make Istio simpler or easier to use? I don’t think so. It might actually increase complexity, but it could work well for specialized use cases. But, you'd need knowledgeable engineers to implement it properly.

So, I think Istio has issues with performance and scalability. I guess that's the best way to put it.

I recently worked with a customer who was running a performance test with Istio. Their test involved creating 500 to 1,000 namespaces with a large number of sample services that were all being rolled out together. What we found was that Pilot, one of Istio's components, was crashing, causing the performance test to fail.

This isn’t a very common use case, spinning up a thousand services all at once, but it was overloading the control plane. We found that increasing the replica count on the control plane sometimes leads to issues with leader election. Pilot doesn't handle leader election very well, but a recent bug fix by the Solo.io team has improved this aspect. So, in terms of scalability, it’s improving. That's the best way to put it.

I have been using this solution for three years now.

It is a stable product, but my use case is a bit unique because I was working with some of the largest Istio service mesh implementations. Because of this, I encountered more potential issues or bugs than the average consumer. 

I was fortunate to work with a lot of the Istio upstream engineers, so I had direct access to get those issues remediated quickly. But, I’ve encountered a fair amount of bugs, particularly in larger environments.

So, I would rate the stability a nine out of ten. It’s a production-level open-source tool, part of the CNCF graduated project. I wouldn’t think twice about using Istio in production. In fact, I’m currently working on a project that will implement Istio.

If we compare Istio’s scaling to a scenario where a thousand services were spun up with or without Istio, I won’t encounter the same problem without Istio.

So, it scales decently well, but there’s room for improvement. I would rate the scalability an eight out of ten.

There are not many end users because I work with the military now, implementing Istio use cases. Istio is very new to the Department of Defense, so I serve as a subject matter expert for these implementations.

For the project I'm working on, this will likely be the first time Istio is deployed within our organization, and we’ll be supporting a couple of hundred users.

I used to work directly with those engineers, so my experience was a bit different. I worked with them to file issues in the open-source upstream repo. 

Additionally, we would submit tickets internally at Solo.io, where Istio contributors were working. Those contributors would then work on the tickets and integrate them back into Istio upstream. So, I've worked both ways.

Those guys are world-class engineers. They are some of the most impressive people I've worked with.

I haven't encountered more knowledgeable support elsewhere.

Positive

The initial setup is pretty straightforward, though it depends on your use case and what you're trying to achieve. Istio is highly configurable.

It has a very easy quick start where you can provide a set of default values that get you up and running quickly. However, if you’re working with larger use cases, you’ll need a more extensive Helm configuration for the control plane. So, it varies. 

For a demo with a sample use case or a smaller environment, it’s very easy. If you're just looking to enable mTLS between services, that's also very simple.

Not anyone can use it; some prior experience is needed. Solo.io built its product around Istio with the intent of making it easier to use, but there's still a steep learning curve.

It's not like other products where you can just buy a license, deploy it in your environment, and be good to go. Istio sits at a foundational level in the deployment stack, meaning much of your infrastructure will be built on top of it.

When I did implementations, these projects would typically take at least a year and consist of three phases: design, a pretty intensive implementation phase where services are onboarded to the mesh, and finally, optimizing the mesh and integrating more features.

If someone is looking for a service mesh, I would recommend Istio over any other options.

I would recommend not implementing all the features at once. Istio can quickly become difficult if you try to use every feature right from the start. You're likely to get frustrated and might even consider giving up, thinking that Istio isn't necessary. 

I suggest starting with the simplest and most basic features that Istio offers, like mTLS, to help implement your zero-trust service environment. From there, you can gradually build out authorization, Envoy filters, and other extensibility features as needed.

Overall, I would rate it an eight out of ten.  There’s a lot of new technology coming out that challenges Istio's usability. For instance, eBPF-based CNIs like Cilium are developing their own mesh solutions, which may or may not use sidecars and work very quickly. 

Istio is facing some competition. Also, due to its complexity, Istio hasn’t taken off as much as it should have. It’s not meant for every use case, but in many, it works very well. So, I’d rate it an eight.

We use Istio for Service Discovery and routing traffic.

Istio has very few community forums. It would be good if the solution had more community forums.

Recently, we have faced an issue. We were using an old version of Istio. Our Kubernetes version in our cluster was about to upgrade, and it was incompatible with the old version of Istio. Our whole production system went down, and we faced a lot of service outages because of that. If you have an old version of Istio installed, it should be compatible with all the Kubernetes versions.

I have been using Istio for more than six years.

I rate Istio a seven out of ten for stability.

I didn't have any issues with the solution's scalability. More than 50,000 or 1,00,000 users are using the solution in our organization.

I rate the solution ten out of ten for scalability.

We are using Consul along with Istio.

The initial setup of the solution was easy because we used the istioctl command and helm chart.

The solution's deployment doesn't take more than one minute.

We mention all the traffic and routing within YAML files. We mention which service it will come from, where it will route the traffic, to which service it should route, and to which port it should route, and we manage it within the cluster. We use Istio in our private cluster. We use the solution's TLS security for Service Discovery and routing traffic.

There were no challenges in integrating Istio with microservices. If we have more than ten microservices running, Istio can help them communicate with each other or route the traffic to other services. Istio has a very good integration with our existing ecosystem. I would recommend the solution to other users. Istio is more secure than other tools like Consul for Service Discovery, routing traffic, and security.

Overall, I rate the solution a nine out of ten.

We had a Kubernetes cluster, and Istio managed all the security aspects we handled on the security layer. We were not writing that specific part in the code. The solution saved us time from writing complex code inside the code. Istio handled things like securing and the traffic management part.

The most valuable features of Istio are the traffic management and the Sidecar they inject, which greatly helps secure the application. Istio saves time in a more secure way. Since it saves time, we can focus on other areas while writing the code. The solution's security feature or mutual TLS authentication helps a lot in controlling the access policies.

Istio needs to be more mature and user-friendly. The solution's initial setup is too complex and time-consuming, and it takes a lot of debugging. The technical support of Istio could be improved.

I have been using Istio for two years.

Once it is set up, Istio is a very stable solution.

I rate the solution ten out of ten for stability.

I rate the solution ten out of ten for scalability.

The technical support of the solution is not that good, which is why we had issues while setting it up.

Neutral

The solution's initial setup is too complex and time-consuming, and it takes a lot of debugging.

The solution's deployment did not take much time. The timeline given to us for the setup was approximately seven days, but we were able to achieve it in two to three days. We did not use a third party to deploy the solution. We followed the official Istio documentation for installation and deployment.

Since it was an authentic application, we were handling the payments part. It was easy to debug, and Service A communicated to Service B. There were approximately 20 microservices inside the service mesh. Using Istio's observability feature, we could easily find out where the service was breaking, which saved us a lot of time.

I would recommend the solution to other users. If you want to save time on the security application coding, move to Istio. It's a very helpful tool for debugging if you're working with microservices. The solution is also helpful for any service break and traffic management.

Overall, I rate Istio a nine out of ten.

The tool's mutual TLS stands out. It provides secure communication between services within the cluster. Additionally, Istio offers built-in telemetry and tracing with tools like Jaeger, which aids monitoring and troubleshooting. 

If you're a beginner in infrastructure management and networking, learning Istio might pose some challenges. However, if you have some knowledge of networking or service meshes, you should find it manageable. Istio's website offers documentation to guide you through learning. 

I have been working with the product for two years. 

Bugs are a part of the process with any tool. Istio, like any other software, may have bugs, but overall, it's quite stable. The tool's stability depends on how it's deployed. I've found it to be stable, as I've been using it for three years without facing any major issues.

I'm the only one using Istio in our organization. As the infrastructure manager, I handle all aspects of it myself.

We haven't contacted Istio's technical support team yet. We're using the open-source version, not the enterprise one, so we haven't needed to reach out for help.

Our company decided to use Istio because we needed to implement mutual TLS for our APIs, ensuring encrypted connections between them. We explored Istio further and discovered its capabilities, such as its virtual service and gateways. These features allowed us to modify network traffic, enabling functionalities like canary deployment through header-based routing rules. So, mutual TLS and traffic management were the primary reasons for choosing Istio.

Deploying Istio isn't complicated. It has its installation method and supports different profiles. You can install one or more profiles within the cluster without causing chaos. The installation process is straightforward and comes with verification. Overall, it's not a big deal to install Istio.

We use the tool's open-source version, so there are no hidden fees or additional costs associated with it.

Improvement of Istio depends on what we're trying to do with it and its ecosystem. It's highly customizable, allowing for changes as needed. 
Regarding traffic management capabilities, Istio can help handle millions of concurrent connections. However, it won't directly enhance your API's performance. Instead, it improves capabilities like circuit breaking and connection handling, which can enhance performance indirectly. For example, the tool can manage request limits and implement retry mechanisms without developers needing to intervene. While it can streamline development efforts, performance enhancements depend on resource utilization and code quality.

Whether or not you should use the tool depends on your specific requirements. To give you advice, I'd need to understand your needs and how Istio could potentially enhance your infrastructure.

I would rate Istio around a six to seven out of ten. This rating is because I haven't fully utilized its capabilities, so I may not have experienced its full potential. 

Istio will make life easier if you are using Kubernetes. Kubernetes is an orchestration tool for DevOps for infrastructure as a service. In terms of routing the request from different parts, Istio service mesh will make your life easy. There are a lot of internal technical discussions we can do regarding how it helps and what all those important things are.

Overall, it will make your life easier for DevOps people if they are using Kubernetes. If you are deploying it end-to-end with you taking ownership of deploying the ports and Kubernetes, Istio will make it easy for you.

Istio can save you time in terms of network troubleshooting. It gives you a clear indication of how the data is flowing with the commands in the Istio service commands.

If someone doesn't understand Kubernetes, they'll have issues working with Istio.

I have been using Istio for four to five years.

Istio is a stable solution.

Istio is a scalable solution. Six people in our organization's DevOps admin team use Istio.

Istio's initial setup is neither difficult nor easy.

You can deploy Istio free of cost and don't need to pay for it.

Istio is deployed on both Google and AWS clouds in our organization. Istio requires a version upgrade twice a year, which is pretty straightforward.

Our company decided to go with Istio as a service because we didn't want to use out-of-the-box managed service or pay for that. When we deploy, we want to know how the data flows so that our application team can know and do it much better in future releases.

Overall, I rate Istio an eight out of ten.