Go Report Card

Istio logo

An open platform to connect, manage, and secure microservices.

  • For in-depth information about how to use Istio, visit
  • To ask questions and get assistance from our community, visit
  • To learn how to participate in our overall community, visit our community page

In this README:

In addition, here are some other documents you may wish to read:

You’ll find many other useful documents on our Wiki.


Istio is an open platform for providing a uniform way to integrate
, manage traffic flow across microservices, enforce policies
and aggregate telemetry data. Istio’s control plane provides an abstraction
layer over the underlying cluster management platform, such as Kubernetes.

Istio is composed of these components:

  • Envoy – Sidecar proxies per microservice to handle ingress/egress traffic
    between services in the cluster and from a service to external
    services. The proxies form a secure microservice mesh providing a rich
    set of functions like discovery, rich layer-7 routing, circuit breakers,
    policy enforcement and telemetry recording/reporting

    Note: The service mesh is not an overlay network. It
    simplifies and enhances how microservices in an application talk to each
    other over the network provided by the underlying platform.

  • Istiod – The Istio control plane. It provides service discovery, configuration and certificate management. It consists of the following sub-components:

    • Pilot – Responsible for configuring the proxies at runtime.

    • Citadel – Responsible for certificate issuance and rotation.

    • Galley – Responsible for validating, ingesting, aggregating, transforming and distributing config within Istio.

  • Operator – The component provides user friendly options to operate the Istio service mesh.


The Istio project is divided across a few GitHub repositories:

  • istio/api. This repository defines
    component-level APIs and common configuration formats for the Istio platform.

  • istio/community. This repository contains
    information on the Istio community, including the various documents that govern
    the Istio open source project.

  • istio/istio. This is the main code repository. It hosts Istio’s
    core components, install artifacts, and sample programs. It includes:

    • istioctl. This directory contains code for the
      istioctl command line utility.

    • operator. This directory contains code for the
      Istio Operator.

    • pilot. This directory
      contains platform-specific code to populate the
      abstract service model, dynamically reconfigure the proxies
      when the application topology changes, as well as translate
      routing rules into proxy specific configuration.

    • security. This directory contains security related code,
      including Citadel (acting as Certificate Authority), citadel agent, etc.

  • istio/proxy. The Istio proxy contains
    extensions to the Envoy proxy (in the form of
    Envoy filters) that support authentication, authorization, and telemetry collection.

Issue management

We use GitHub to track all of our bugs and feature requests. Each issue we track has a variety of metadata:

  • Epic. An epic represents a feature area for Istio as a whole. Epics are fairly broad in scope and are basically product-level things.
    Each issue is ultimately part of an epic.

  • Milestone. Each issue is assigned a milestone. This is 0.1, 0.2, …, or ‘Nebulous Future’. The milestone indicates when we
    think the issue should get addressed.

  • Priority. Each issue has a priority which is represented by the column in the Prioritization project. Priority can be one of
    P0, P1, P2, or >P2. The priority indicates how important it is to address the issue within the milestone. P0 says that the
    milestone cannot be considered achieved if the issue isn’t resolved.


View Github