Istio is graduating as a CNCF project. This landmark occasion represents Istio’s growth and maturity as a critical part of the cloud-native landscape, marking an exciting new chapter for the most widely-deployed service mesh. Kubernetes was the first project to achieve Graduated status in 2018. Today, less than a year since it entered the CNCF as an incubating project, Istio joins that distinguished company—the fastest project to do so in CNCF history.
Tetrate was started by members of the founding Istio team with a goal to promote and expand service mesh adoption and has been a leading Istio contributor since inception. We’re proud and excited to see Istio—and the hard work and dedication of the Istio community—achieve the recognition this milestone represents.
What Does It Mean for Istio to Graduate?
CNCF projects are divided into three categories that serve as a marker for the maturity of the project:
Sandbox. The CNCF “Sandbox” is the entry point for new projects within the CNCF. It provides a platform for early-stage projects to receive support, guidance and visibility from the CNCF community. The Sandbox is designed to be a safe and collaborative environment for these projects to experiment, innovate and mature.
Incubating. Incubating projects have progressed beyond the early stage of development and have demonstrated potential for becoming a mature cloud-native technology. Istio was accepted to CNCF on September 30, 2022 as an Incubating project on the strength of its robust community and accelerating production use by early adopters.
Graduated. Graduated projects have achieved a high level of maturity, adoption and importance within the cloud-native ecosystem. They have met the CNCF graduation criteria and are considered to be stable, production-ready solutions that have demonstrated their effectiveness, reliability and scalability in real-world deployments. Istio is now officially blessed by CNCF as such a solution, having proven its strength of community, pace of development and growth of adoption among “early-majority” enterprises.
What Does Istio Graduation Mean for Users?
For those already using it as a core piece of their infrastructure powering thousands of deployments, CNCF graduation is a validation of their vision of Istio as a critical component of modern application networking. For those looking to modernize their infrastructure, Istio’s graduated status is a strong signal that it’s a proven and powerful choice for scaling critical apps in production.
For users, Istio’s graduation status carries several implications and benefits:
Stability and maturity. Potential users can have confidence in the project’s stability, knowing that it has met the CNCF’s stringent criteria for graduation.
Security. Istio has a long and robust track record of releasing timely security bulletins as well as strategic guidance from the industry’s foremost security thought leadership.
Production readiness. Graduation status carries an assurance to users that Istio has the necessary features, scalability and robustness for use in production settings.
Adoption and ecosystem. Graduated projects have gained significant adoption within the cloud-native ecosystem. They are widely recognized and used by organizations of various sizes and industries. Istio’s users benefit from the experiences of other adopters. The wide adoption of a graduated project also fosters a vibrant ecosystem of tools, extensions and integrations that can further enhance its capabilities.
CNCF backing and governance. Graduated projects also benefit from the support and governance of the CNCF. The CNCF provides resources, guidance and a framework for collaboration and community participation. Users can have confidence in the project’s long-term sustainability and development roadmap, knowing that it is backed by a reputable organization committed to advancing cloud-native technologies.
Community and enterprise support. The collective knowledge, experience and support provided by the community offers the benefits of a broad user base, access to resources such as documentation, forums, and user groups and potential assistance in troubleshooting and addressing issues. The Istio ecosystem also enjoys the availability of enterprise support from a host of vendors (including Tetrate) for organizations who need the assurance of access to support from experts when they need it.
The Impact of Tetrate and Istio
Tetrate has been deeply involved in the development of Istio from the beginning, as well as instrumental in Istio’s adoption in some of its largest, most mission-critical deployments at organizations like the U.S. Department of Defense, Visa, FICO, Informatica, Freddie Mac, Box and more. Tetrate and Istio together have benefited the cloud-native ecosystem in a number of critical ways:
Code contributions. Over the last year, Tetrate engineers actively contributed more code to the Istio and Envoy projects—the core technologies powering open source standards for service mesh—than any other company. These contributions delivered code and improvements to Istio, helping to enhance its features, performance and overall quality and driving Istio’s growth and adoption within the community.
Only pure OSS enterprise offering. Tetrate’s partnership with Istio provides enterprises access to professional support services and support, ensuring the smooth adoption and operation of Istio in production environments. Tetrate Istio Distro is the first and only 100% pure upstream Istio distribution to achieve FIPS compliance and hardened for use in enterprise and FedRAMP environments like the US Air Force.
Joint expertise. Tetrate’s engineers, involved in Istio’s founding and development, bring their deep understanding of Istio’s internals, enabling them to offer comprehensive support and guidance to organizations deploying Istio.
Standard-setting security leadership. Tetrate is the only service mesh company authoring security standards and best practices for microservices with NIST, the organization tasked with defining the Zero Trust security requirements mandated by the U.S. federal government. Tetrate founding engineer Zack Butcher collaborates with NIST as co-author of the SP 800-204 series of security standards for microservices and the SP 800-207 series on Zero Trust, providing guidance for how enterprises can use Istio to ensure and simplify compliance.
Community engagement, education and training. Tetrate’s collaboration with Istio fosters community engagement and knowledge sharing, with Tetrate experts participating in events and conferences, as well as creating Tetrate Academy to educate and empower users and developers within the Istio ecosystem. More than 5,000 platform operators and developers have taken Tetrate’s free online Istio and Envoy courses—and hundreds more have become Tetrate Certified Istio Administrators.
Ecosystem expansion. Tetrate’s offerings, such as Tetrate Service Bridge, extend the capabilities of Istio, addressing the evolving needs of organizations seeking secure and efficient service mesh solutions.
Together, the close collaboration between Istio and Tetrate, along with the contributions from Tetrate engineers, have played a pivotal role in Istio’s growth, evolution and successful graduation as a CNCF project, establishing it as a leading service mesh solution in the industry.
A Brief Timeline of the Entwined History of Tetrate and Istio
- 2016: Istio is born. Istio was conceived and developed by a team of engineers at Lyft, Google and IBM as an open-source service mesh platform for managing and securing microservices. Tetrate co-founder Varun Talwar served as a founding Istio product manager. Varun was joined on the initial Istio team by Tetrate founding engineer Zack Butcher while they were both at Google, providing strategic direction and driving the project’s vision and roadmap. Watch what Varun Talwar says about the project’s vision and mission and how it stands the test of time ›
- 2017: Istio 0.1 Released.
- 2018: Tetrate founded and Istio announced ready for production with 1.0 release.
- 2019: Istio announced enterprise ready with 1.1 release; Tetrate expands Istio ecosystem to offer support, consulting and training services for enterprises adopting Istio.
- 2020. Tetrate contributes VM workload and multi-cluster support to Istio.
- 2021. Tetrate leads expansion of the Istio ecosystem with the launch of the first and only certification exam for Istio—Certified Istio Administrator—and the first self-service Istio course, Istio Fundamentals, available for free on Tetrate Academy. This course serves as the basis for the Linux Foundation’s official Introduction to Istio course with more than 5,000 enrollments to date.
- 2021. Tetrate also releases Tetrate Istio Distro, the easiest way to install, manage and upgrade Istio, along with version 1.0 of its groundbreaking application security and connectivity platform, Tetrate Service Bridge.
- 2022. Tetrate Istio Distro becomes the first FIPS-compliant, 100% upstream Istio distribution suitable for FedRAMP environments.
- 2022. Istio joins CNCF as an Incubator project.
- 2023. Tetrate fills out its Istio product offerings with the announcement of Tetrate Service Express to simplify Istio on Amazon EKS, making it faster to deploy Istio in production.
- 2023. Istio is promoted to the Graduation stage by CNCF, signifying its importance within the cloud-native ecosystem.
Get Started with Istio
If you’re new to service mesh and Kubernetes security, we have a bunch of free online courses available at Tetrate Academy that will quickly get you up to speed with Istio and Envoy.
If you’re looking for a fast way to get to production with Istio, check out Tetrate Istio
Distribution (TID), Tetrate’s hardened, fully upstream Istio distribution, with FIPS-verified builds and support available. It’s a great way to get started with Istio knowing you have a trusted distribution to begin with, an expert team supporting you, and also have the option to get to FIPS compliance quickly if you need to.
As you add more apps to the mesh, you’ll need a unified way to manage those deployments and to coordinate the mandates of the different teams involved. That’s where Tetrate Service Bridge comes in. Learn more about how Tetrate Service Bridge makes service mesh more secure, manageable, and resilient here, or contact us for a quick demo.