Mirror of Istio: Connect, secure, control, and observe services.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Guangming Wang c8ed4e9138 delete deplicated register in init (#18163) 4 hours ago
.github Update to latest version of istio.io/pkg (#15103) 4 months ago
bin Remove proxy_debug image (#17694) 1 week ago
cmd/istiod Initial version of istiod. (#17944) 3 days ago
common Update common files. (#17797) 1 week ago
common-protos Update generated files. (#17576) 2 weeks ago
docker Add dockerfile to istiod (#18125) 1 day ago
galley Disable collections not needed by snapshots in Galley (#18070) 1 day ago
install Wait key cert ready when auto mTLS is enabled and SDS is not enabled. (#18108) 1 day ago
istioctl Use different exit code on istioctl parse error (#18131) 5 hours ago
mixer mixer: Allow configuration of trace flush interval (#18109) 1 day ago
pilot Output empty JSON array to body when proxyID is not found for debug/authz (#18150) 6 hours ago
pkg delete deplicated register in init (#18163) 4 hours ago
prow Add script to upload istioio snippets. (#18126) 23 hours ago
release Kill updateVersion.sh and release/ (#18028) 4 days ago
samples Make it possible to run bookinfo without root and with readOnlyFilesystem (#16326) 4 days ago
scripts A script to generate a list of images used by Istio (#17412) 6 days ago
security Restore secret update in scrtUpdated callback (#17970) 3 days ago
sidecar-injector Support run as non-root for pilot/galley/mixer/sidecar-injection/citadel (#16014) 5 days ago
tests Add k8s dryrun test for galley (#18145) 6 hours ago
tools istio-iptables.sh: Specify default filter table where table is omitted (#18056) 23 hours ago
.codecov.yml Include js/css files into static folder (#12983) 6 months ago
.gitattributes Update common files. (#16989) 1 month ago
.gitignore Get rid of demo-auth (#17043) 1 month ago
BUGS-AND-FEATURE-REQUESTS.md Update common files. (#14914) 4 months ago
CODEOWNERS Add dockerfile to istiod (#18125) 1 day ago
CONTRIBUTING.md Add a local CONTRIBUTING.md file that points to the main one on istio/community. (#1871) 1 year ago
LICENSE Import common files into this repo. (#14473) 4 months ago
Makefile Update common files. (#17797) 1 week ago
Makefile.core.mk Initial version of istiod. (#17944) 3 days ago
Makefile.overrides.mk set default make goal (#17370) 3 weeks ago
README.md Add a lint_modern target to start switchinng over to the build container (#17091) 1 month ago
SUPPORT.md Update common files. (#16989) 1 month ago
codecov.skip Fix testing flags showing up in release binaries (#15797) 2 months ago
codecov.threshold Use random seeds for jitter in node agent and update test coverage threshold (#17630) 2 weeks ago
go.mod Fix a few wait bugs (#18052) 2 days ago
go.sum Add operator subcommand `upgrade` to istioctl (#17990) 4 days ago
istio.deps Update proxy sha to include mixerless telemetry fixes (#17925) 5 days ago


Go Report Card GoDoc codecov.io GolangCI


An open platform to connect, manage, and secure microservices.

  • For in-depth information about how to use Istio, visit istio.io
  • To ask questions and get assistance from our community, visit discuss.istio.io
  • To learn how to participate in our overall community, visit our community page

In this README:

In addition, here are some other documents you may wish to read:

You’ll find many other useful documents on our Wiki.


Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio’s control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes.

Istio is composed of these components:

  • Envoy - Sidecar proxies per microservice to handle ingress/egress traffic between services in the cluster and from a service to external services. The proxies form a secure microservice mesh providing a rich set of functions like discovery, rich layer-7 routing, circuit breakers, policy enforcement and telemetry recording/reporting functions.

Note: The service mesh is not an overlay network. It simplifies and enhances how microservices in an application talk to each other over the network provided by the underlying platform.

  • Mixer - Central component that is leveraged by the proxies and microservices to enforce policies such as authorization, rate limits, quotas, authentication, request tracing and telemetry collection.

  • Pilot - A component responsible for configuring the proxies at runtime.

  • Citadel - A centralized component responsible for certificate issuance and rotation.

  • Citadel Agent - A per-node component responsible for certificate issuance and rotation.

  • Galley- Central component for validating, ingesting, aggregating, transforming and distributing config within Istio.

Istio currently supports Kubernetes and Consul-based environments. We plan support for additional platforms such as Cloud Foundry, and Mesos in the near future.


The Istio project is divided across a few GitHub repositories.

  • istio/istio. This is the main repository that you are currently looking at. It hosts Istio’s core components and also the sample programs and the various documents that govern the Istio open source project. It includes:

    • security. This directory contains security related code, including Citadel (acting as Certificate Authority), citadel agent, etc.

    • pilot. This directory contains platform-specific code to populate the abstract service model, dynamically reconfigure the proxies when the application topology changes, as well as translate routing rules into proxy specific configuration.

    • istioctl. This directory contains code for the istioctl command line utility.

    • mixer. This directory contains code to enforce various policies for traffic passing through the proxies, and collect telemetry data from proxies and services. There are plugins for interfacing with various cloud platforms, policy management services, and monitoring services.

  • istio/api. This repository defines component-level APIs and common configuration formats for the Istio platform.

  • istio/proxy. The Istio proxy contains extensions to the Envoy proxy (in the form of Envoy filters), that allow the proxy to delegate policy enforcement decisions to Mixer.

Issue management

We use GitHub combined with ZenHub to track all of our bugs and feature requests. Each issue we track has a variety of metadata:

  • Epic. An epic represents a feature area for Istio as a whole. Epics are fairly broad in scope and are basically product-level things. Each issue is ultimately part of an epic.

  • Milestone. Each issue is assigned a milestone. This is 0.1, 0.2, …, or ‘Nebulous Future’. The milestone indicates when we think the issue should get addressed.

  • Priority/Pipeline. Each issue has a priority which is represented by the Pipeline field within GitHub. Priority can be one of P0, P1, P2, or >P2. The priority indicates how important it is to address the issue within the milestone. P0 says that the milestone cannot be considered achieved if the issue isn’t resolved.

We don’t annotate issues with Releases; Milestones are used instead. We don’t use GitHub projects at all, that support is disabled for our organization.