A solution for large-scale Service Mesh based on Istio.
Clone or download
Pull request Compare This branch is 78 commits ahead, 474 commits behind istio:master.
Latest commit 82f521d Sep 11, 2018
Failed to load latest commit information.
.circleci Merge branch 'release-1.0' Jul 31, 2018
.github Ask for cluster state archive in bug report template (#7281) Jul 24, 2018
addons Update servicegraph reporter query label (#7421) Jul 26, 2018
bin Close #4 Aug 21, 2018
docker Build and test improvements (#4092) Mar 10, 2018
galley Implement resource multiplexing support in Galley. (#7458) Jul 31, 2018
install upgrade to 0.2.1 Sep 7, 2018
istioctl Close #23 Sep 4, 2018
mixer Merge branch 'release-1.0' Jul 31, 2018
pilot small fix Sep 7, 2018
pkg fix bug: not query all pod interface Sep 6, 2018
prow Disable current broken integration test (example and security) (#6752) Jun 29, 2018
release refactor airflow code (#7468) Jul 31, 2018
samples add port limit and iptable annotations Sep 7, 2018
security Mock JWT and JWKS data for end-user authentication demo/testing (#7347) Jul 24, 2018
tests Fix and re-enable mirroring e2e test (#7531) Jul 31, 2018
tools Close #23 Sep 5, 2018
vendor Fix #21 Sep 4, 2018
.codecov.yml 提交istio代码 Apr 17, 2018
.gitignore Close #4 Aug 13, 2018
CONTRIBUTING.md 提交istio代码 Apr 17, 2018
Gopkg.lock Fix #21 Sep 4, 2018
Gopkg.toml Fix #21 Sep 4, 2018
LICENSE 提交istio代码 Apr 17, 2018
LICENSES.txt Fix remaining missing licenses (#7382) Jul 25, 2018
Makefile add register-agent in Makefile Sep 3, 2018
OWNERS support xprotocol base on istio branch master Jul 19, 2018
README.md Change encoding from GB2312 to UTF-8 Aug 30, 2018
codecov.requirement Properly merge coverage files (#7430) Jul 30, 2018
codecov.skip Properly merge coverage files (#7430) Jul 30, 2018
downloadIstio.sh Normalize shebangs in shell scripts (#7329) Jul 25, 2018
istio.deps upgrade to 0.2.1 Sep 7, 2018
lintconfig_base.json support xprotocol base on istio branch master Jul 19, 2018



CircleCI Go Report Card codecov.io

SOFAMesh 是基于 Istio 改进和扩展而来的 Service Mesh 大规模落地实践方案。在继承 Istio 强大功能和丰富特性的基础上,为满足大规模部署下的性能要求以及应对落地实践中的实际情况,有如下改进:

  • 采用 Golang 编写的 MOSN 取代 Envoy
  • 合并 Mixer 到数据平面以解决性能瓶颈
  • 增强 Pilot 以实现更灵活的服务发现机制
  • 增加对 SOFA RPC、Dubbo 的支持


You'll find many other useful documents on our Wiki.


Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes, Mesos, etc.

Visit istio.io for in-depth information about using Istio.

Istio is composed of these components:

  • Envoy - Sidecar proxies per microservice to handle ingress/egress traffic between services in the cluster and from a service to external services. The proxies form a secure microservice mesh providing a rich set of functions like discovery, rich layer-7 routing, circuit breakers, policy enforcement and telemetry recording/reporting functions.

    Note: The service mesh is not an overlay network. It simplifies and enhances how microservices in an application talk to each other over the network provided by the underlying platform.

  • Mixer - Central component that is leveraged by the proxies and microservices to enforce policies such as authorization, rate limits, quotas, authentication, request tracing and telemetry collection.

  • Pilot - A component responsible for configuring the proxies at runtime.

  • Citadel - A centralized component responsible for certificate issuance and rotation.

  • Node Agent - A per-node component responsible for certificate issuance and rotation.

Istio currently supports Kubernetes and Consul-based environments. We plan support for additional platforms such as Cloud Foundry, and Mesos in the near future.


The Istio project is divided across a few GitHub repositories.

  • istio/istio. This is the main repository that you are currently looking at. It hosts Istio's core components and also the sample programs and the various documents that govern the Istio open source project. It includes:

    • security. This directory contains security related code, including Citadel (acting as Certificate Authority), node agent, etc.
    • pilot. This directory contains platform-specific code to populate the abstract service model, dynamically reconfigure the proxies when the application topology changes, as well as translate routing rules into proxy specific configuration.
    • istioctl. This directory contains code for the istioctl command line utility.
    • mixer. This directory contains code to enforce various policies for traffic passing through the proxies, and collect telemetry data from proxies and services. There are plugins for interfacing with various cloud platforms, policy management services, and monitoring services.
  • istio/api. This repository defines component-level APIs and common configuration formats for the Istio platform.

  • istio/mixerclient. Client libraries (currently supports C++) for Mixer's API.

  • istio/proxy. The Istio proxy contains extensions to the Envoy proxy (in the form of Envoy filters), that allow the proxy to delegate policy enforcement decisions to Mixer.

Issue management

We use GitHub combined with ZenHub to track all of our bugs and feature requests. Each issue we track has a variety of metadata:

  • Epic. An epic represents a feature area for Istio as a whole. Epics are fairly broad in scope and are basically product-level things. Each issue is ultimately part of an epic.

  • Milestone. Each issue is assigned a milestone. This is 0.1, 0.2, ..., or 'Nebulous Future'. The milestone indicates when we think the issue should get addressed.

  • Priority/Pipeline. Each issue has a priority which is represented by the Pipeline field within GitHub. Priority can be one of P0, P1, P2, or >P2. The priority indicates how important it is to address the issue within the milestone. P0 says that the milestone cannot be considered achieved if the issue isn't resolved.

We don't annotate issues with Releases; Milestones are used instead. We don't use GitHub projects at all, that support is disabled for our organization.