Skip to content
Connect, secure, control, and observe services.
Go Shell Makefile HTML Python Smarty Other
Branch: master
Clone or download
ChenLingPeng and istio-testing derive the sidecar scope from root namespace when no non-workloadSele…
…ctor sidecar config in namespace (#16430)

Signed-off-by: forrestchen <>
Latest commit 3c79be7 Aug 23, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Update to latest version of (#15103) Jun 24, 2019
bin Upgrade helm to the recommended minimum version: 2.10 (#16104) Aug 20, 2019
docker Regenerate generated code. (#15917) Jul 31, 2019
galley Replace hardcoded cert paths with designated constants (#16002) Aug 19, 2019
install fix(gateway template): patch gateway to include same env var as sidec… Aug 22, 2019
istioctl Create istioctl config_dump helper to avoid use of explicit index (#1… Aug 22, 2019
mixer Add instruction about stackdriver adapter config (#16388) Aug 19, 2019
pilot derive the sidecar scope from root namespace when no non-workloadSele… Aug 24, 2019
pkg Fix TestParseJwksURI that relies on golang version (#16518) Aug 23, 2019
prow Add legacy varient to kind config patch (#16176) Aug 13, 2019
release Fix rewriting of istio-cni Helm charts in release scripts (#16492) Aug 23, 2019
samples Upgrade to Werkzeug 0.15 to handle unknown user ids (#15998) Aug 15, 2019
scripts Grab latest,, and (#1… Aug 2, 2019
security correct some minor nitpicks (#16192) Aug 21, 2019
sidecar-injector Move kube/inject out of Pilot (#16284) Aug 16, 2019
tests VirtualInbound: dont modify filter chains in place (#16451) Aug 22, 2019
tools Move kube/inject out of Pilot (#16284) Aug 16, 2019
vendor Remove the outdated monitoring package in pilot, replacing it with th… Aug 19, 2019
.codecov.yml Include js/css files into static folder (#12983) Apr 15, 2019
.commonfiles.sha Grab latest,, and (#1… Aug 2, 2019
.gitattributes add missing .pb.go to list of generated files (#12419) Mar 13, 2019
.gitignore Additional build of distroless images (#13579) Jun 9, 2019
.golangci.yml Add a pull request template. (#15080) Jun 23, 2019 Update common files. (#14914) Jun 17, 2019
CODEOWNERS fine tune networking code owners (#16162) Aug 20, 2019 Add a local file that points to the main one on istio… Nov 27, 2017
LICENSE Import common files into this repo. (#14473) Jun 1, 2019
Makefile Move kube/inject out of Pilot (#16284) Aug 16, 2019 Update common files. (#14914) Jun 17, 2019 Remove unused badges from README (#16157) Aug 9, 2019 Import common files into this repo. (#14473) Jun 1, 2019
codecov.skip Fix testing flags showing up in release binaries (#15797) Jul 25, 2019
codecov.threshold change the app handling path register. (#14432) Jun 14, 2019
go.mod Remove the outdated monitoring package in pilot, replacing it with th… Aug 19, 2019
go.sum Remove the outdated monitoring package in pilot, replacing it with th… Aug 19, 2019
istio.deps Update cni SHA to the HEAD of istio/cni:master (#16494) Aug 23, 2019

Go Report Card GoDoc GolangCI


An open platform to connect, manage, and secure microservices.

  • For in-depth information about how to use Istio, visit
  • To ask questions and get assistance from our community, visit
  • To learn how to participate in our overall community, visit our community page

In this README:

In addition, here are some other documents you may wish to read:

You'll find many other useful documents on our Wiki.


Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes.

Istio is composed of these components:

  • Envoy - Sidecar proxies per microservice to handle ingress/egress traffic between services in the cluster and from a service to external services. The proxies form a secure microservice mesh providing a rich set of functions like discovery, rich layer-7 routing, circuit breakers, policy enforcement and telemetry recording/reporting functions.

    Note: The service mesh is not an overlay network. It simplifies and enhances how microservices in an application talk to each other over the network provided by the underlying platform.

  • Mixer - Central component that is leveraged by the proxies and microservices to enforce policies such as authorization, rate limits, quotas, authentication, request tracing and telemetry collection.

  • Pilot - A component responsible for configuring the proxies at runtime.

  • Citadel - A centralized component responsible for certificate issuance and rotation.

  • Citadel Agent - A per-node component responsible for certificate issuance and rotation.

  • Galley- Central component for validating, ingesting, aggregating, transforming and distributing config within Istio.

Istio currently supports Kubernetes and Consul-based environments. We plan support for additional platforms such as Cloud Foundry, and Mesos in the near future.


The Istio project is divided across a few GitHub repositories.

  • istio/istio. This is the main repository that you are currently looking at. It hosts Istio's core components and also the sample programs and the various documents that govern the Istio open source project. It includes:

    • security. This directory contains security related code, including Citadel (acting as Certificate Authority), citadel agent, etc.
    • pilot. This directory contains platform-specific code to populate the abstract service model, dynamically reconfigure the proxies when the application topology changes, as well as translate routing rules into proxy specific configuration.
    • istioctl. This directory contains code for the istioctl command line utility.
    • mixer. This directory contains code to enforce various policies for traffic passing through the proxies, and collect telemetry data from proxies and services. There are plugins for interfacing with various cloud platforms, policy management services, and monitoring services.
  • istio/api. This repository defines component-level APIs and common configuration formats for the Istio platform.

  • istio/proxy. The Istio proxy contains extensions to the Envoy proxy (in the form of Envoy filters), that allow the proxy to delegate policy enforcement decisions to Mixer.

Issue management

We use GitHub combined with ZenHub to track all of our bugs and feature requests. Each issue we track has a variety of metadata:

  • Epic. An epic represents a feature area for Istio as a whole. Epics are fairly broad in scope and are basically product-level things. Each issue is ultimately part of an epic.

  • Milestone. Each issue is assigned a milestone. This is 0.1, 0.2, ..., or 'Nebulous Future'. The milestone indicates when we think the issue should get addressed.

  • Priority/Pipeline. Each issue has a priority which is represented by the Pipeline field within GitHub. Priority can be one of P0, P1, P2, or >P2. The priority indicates how important it is to address the issue within the milestone. P0 says that the milestone cannot be considered achieved if the issue isn't resolved.

We don't annotate issues with Releases; Milestones are used instead. We don't use GitHub projects at all, that support is disabled for our organization.

You can’t perform that action at this time.