Developing a Mental Model of Istio: From Kubernetes to Sidecars to Ambient

The talk discusses the mental model of Istio, focusing on the differences between Istio's API in sidecar and ambient modes.

• The talk explores the mental leap from understanding basic Kubernetes abstractions to understanding how Istio enhances or extends these abstractions with its own.
• The sidecar model influences one's mental model in subtle ways that become more overt over time.
• Istio Ambient Mesh moves away from the sidecar model and offers flexibility of when and where to place proxies, at the cost of having to make such decisions.
• There are differences in how the API is used in sidecar versus ambient mode, and understanding what's happening under the hood is crucial to developing a mental model of Istio.
• Knowing what's under the hood can explain a lot of the weird behaviors that can be observed in Istio.

The speaker uses the example of learning the go programming language and understanding how interfaces work and how slices work under the hood to explain the importance of knowing what's happening under the hood in Istio.

This talk will explore the mental leap from understanding basic Kubernetes abstractions, to understanding how Istio enhances or extends these abstractions with its own. When working with Istio, its sidecar model influences one’s mental model in subtle ways that become more overt over time. It takes two to tango, and Istio’s API are implemented across two interacting sidecars. You get a sense of what happens in “client side” sidecars (like routing decisions), or “server side” sidecars (like authorization policies), and all of a sudden the world starts to make sense. Istio Ambient mesh moves away from the sidecar model, and offers flexibility of when and where to place proxies, at the cost of having to make such decisions. While Istio Ambient Mesh supports the same Istio API primitives, when and where policies are implemented under the hood is completely different. The sidecar tango has evolved into the waypoint waltz, and suddenly your existing mental model gets turned upside down. There’s always an “aha” moment (or maybe even a mind-blowing experience) when a new mental model starts to make sense and everything is good again. We’d like to share our experience getting there with Istio Ambient Mesh, and put you on the path to achieving something similar!