The Istio service mesh

Istio addresses the challenges developers and operators face with a distributed or microservices architecture. Whether you're building from scratch, migrating existing applications to cloud native, or securing your existing estate, Istio can help.

Service mesh

By using application proxies, Istio lets you program application-aware traffic management, incredible observability, and robust security capabilities into your network.

What is Istio?

A service mesh is an infrastructure layer that gives applications capabilities like zero-trust security, observability, and advanced traffic management, without code changes. Istio is the most popular, powerful, and trusted service mesh. Founded by Google, IBM and Lyft in 2016, Istio is a graduated project in the Cloud Native Computing Foundation alongside projects like Kubernetes and Prometheus.

Istio ensures that cloud native and distributed systems are resilient, helping modern enterprises maintain their workloads across diverse platforms while staying connected and protected. It enables security and governance controls including mTLS encryption, policy management and access control, powers network features like canary deployments, A/B testing, load balancing, failure recovery, and adds observability of traffic across your estate.

Istio is not confined to the boundaries of a single cluster, network or runtime — services running on Kubernetes or VMs, multi-cloud, hybrid, or on-premises, can be included within a single mesh.

Extensible by design and supported by a broad ecosystem of contributors and partners, Istio offers packaged integrations and distributions for various use cases. You can install Istio independently or opt for managed support from commercial vendors providing Istio-based solutions.


Secure by default

Istio provides a market-leading zero-trust solution based on workload identity, mutual TLS, and strong policy controls. Istio delivers the value of BeyondProd in open source, while avoiding vendor lock-in or SPOFs.

Learn about security

Increase observability

Istio generates telemetry within the service mesh, enabling observability on service behavior. It integrates with APM systems including Grafana and Prometheus to deliver insightful metrics for operators to troubleshoot, maintain, and optimize applications.

Learn about observability

Manage traffic

Istio simplifies traffic routing and service-level configuration, allowing easy control over flow between services and setup of tasks like A/B testing, canary deployments, and staged rollouts with percentage-based traffic splits.

Learn about traffic management

Why Istio?

Multiple deployment modes

Istio offers two data plane modes for users to choose. Deploy with the new ambient mode for a simplified app operational lifecycle or with traditional sidecars for complex configurations.

Learn about data plane modes

Powered by Envoy

Built on the industry standard gateway proxy for cloud native applications, Istio is highly performative and extensible by design. Add custom traffic functionality with WebAssembly, or integrate third-party policy systems.

Learn about Istio and Envoy

A true community project

Istio has been designed for modern workloads and engineered by a vast community of innovators across the cloud native landscape.

Learn about Istio’s contributors

Stable binary releases

Confidently deploy Istio across production workloads. All releases are fully accessible at no cost.

Learn about how Istio is packaged

Was this information useful?
Do you have any suggestions for improvement?

Thanks for your feedback!