MCPcopy
hub / github.com/istio/istio

github.com/istio/istio @1.30.2 sqlite

repository ↗ · DeepWiki ↗ · release 1.30.2 ↗
19,157 symbols 107,614 edges 1,991 files 6,542 documented · 34%
README

Istio

CII Best Practices Go Report Card GoDoc

  <img title="Istio" height="100" width="100" alt="Istio logo" src="https://github.com/istio/istio/raw/master/logo/istio-bluelogo-whitebackground-unframed.svg">


Istio is an open source service mesh that layers transparently onto existing distributed applications. Istio’s powerful features provide a uniform and more efficient way to secure, connect, and monitor services. Istio is the path to load balancing, service-to-service authentication, and monitoring – with few or no service code changes.

  • For in-depth information about how to use Istio, visit istio.io
  • To ask questions and get assistance from our community, visit GitHub Discussions
  • To learn how to participate in our overall community, visit our community page

In this README:

In addition, here are some other documents you may wish to read:

You'll find many other useful documents on our Wiki.

Introduction

Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes.

Istio is composed of these components:

  • Envoy - Sidecar proxies per microservice to handle ingress/egress traffic between services in the cluster and from a service to external services. The proxies form a secure microservice mesh providing a rich set of functions like discovery, rich layer-7 routing, circuit breakers, policy enforcement and telemetry recording/reporting functions.

Note: The service mesh is not an overlay network. It simplifies and enhances how microservices in an application talk to each other over the network provided by the underlying platform.

  • Ztunnel - A lightweight data plane proxy written in Rust, used in Ambient mesh mode to provide secure connectivity and observability for workloads without sidecar proxies.

  • Istiod - The Istio control plane. It provides service discovery, configuration and certificate management.

Repositories

The Istio project is divided across a few GitHub repositories:

  • istio/api. This repository defines component-level APIs and common configuration formats for the Istio platform.

  • istio/community. This repository contains information on the Istio community, including the various documents that govern the Istio open source project.

  • istio/istio. This is the main code repository. It hosts Istio's core components, install artifacts, and sample programs. It includes:

    • istioctl. This directory contains code for the istioctl command line utility.

    • pilot. This directory contains platform-specific code to populate the abstract service model, dynamically reconfigure the proxies when the application topology changes, as well as translate routing rules into proxy specific configuration.

    • security. This directory contains security related code.

  • istio/proxy. The Istio proxy contains extensions to the Envoy proxy (in the form of Envoy filters) that support authentication, authorization, and telemetry collection.

  • istio/ztunnel. The repository contains the Rust implementation of the ztunnel component of Ambient mesh.

  • istio/client-go. This repository defines auto-generated Kubernetes clients for interacting with Istio resources programmatically.

[!NOTE] Only the istio/api and istio/client-go repositories expose stable interfaces intended for direct usage as libraries.

Issue management

We use GitHub to track all of our bugs and feature requests. Each issue we track has a variety of metadata:

  • Epic. An epic represents a feature area for Istio as a whole. Epics are fairly broad in scope and are basically product-level things. Each issue is ultimately part of an epic.

  • Milestone. Each issue is assigned a milestone. This is 0.1, 0.2, ..., or 'Nebulous Future'. The milestone indicates when we think the issue should get addressed.

  • Priority. Each issue has a priority which is represented by the column in the Prioritization project. Priority can be one of P0, P1, P2, or >P2. The priority indicates how important it is to address the issue within the milestone. P0 says that the milestone cannot be considered achieved if the issue isn't resolved.


  <img width="300" alt="Cloud Native Computing Foundation logo" src="https://raw.githubusercontent.com/cncf/artwork/refs/heads/main/other/cncf/horizontal/color-whitetext/cncf-color-whitetext.svg">

Istio is a Cloud Native Computing Foundation project.

Extension points exported contracts — how you extend this code

Authenticator (Interface)
Authenticator determines the caller identity based on request context. [6 implementers]
pkg/security/security.go
Lazy (Interface)
Lazy represents a value whose computation is deferred until the first access [39 implementers]
pkg/lazy/lazy.go
Generator (Interface)
Generator of traffic between echo instances. Every time interval (as defined by Config.Interval), a grpc request is sent [7 …
pkg/test/framework/components/echo/util/traffic/generator.go
Topic (Interface)
Topic is used to describe a single major ControlZ functional area. [7 implementers]
pkg/ctrlz/fw/context.go
WriteStatusAPI (Interface)
WriteAPI exposes a generic API for a client go type for status operations. Not all types have status, so they need to be [12 …
pkg/kube/kubetypes/types.go
Holder (Interface)
Holder of a mesh configuration. [6 implementers]
pkg/config/mesh/watchers.go
ServiceDiscovery (Interface)
ServiceDiscovery enumerates Istio service instances. nolint: lll [6 implementers]
pilot/pkg/model/service.go
TestingM (Interface)
TestingM is the minimal subset of testing.M that we use. [91 implementers]
tests/util/leak/check.go

Core symbols most depended-on inside this repo

Errorf
called by 3146
pkg/test/framework/testcontext.go
Errorf
called by 1896
tests/util/leak/check.go
Fatalf
called by 1659
pkg/test/failer.go
Fatal
called by 1173
pkg/test/failer.go
Equal
called by 1123
pkg/test/util/assert/assert.go
Name
called by 864
pkg/monitoring/monitoring.go
Run
called by 716
tests/util/leak/check.go
Error
called by 714
pkg/test/framework/testcontext.go

Shape

Function 9,277
Method 7,432
Struct 1,803
Interface 270
TypeAlias 229
FuncType 125
Route 12
Class 9

Languages

Go99%
TypeScript1%
Python1%
Java1%

Modules by API surface

operator/pkg/apis/values_types.pb.go667 symbols
pkg/workloadapi/workload.pb.go222 symbols
pilot/pkg/model/service.go174 symbols
pkg/kube/client.go123 symbols
pilot/pkg/model/push_context.go117 symbols
pkg/config/validation/validation.go112 symbols
pkg/workloadapi/security/authorization.pb.go101 symbols
pkg/test/echo/proto/echo.pb.go97 symbols
pkg/zdsapi/zds.pb.go95 symbols
pilot/pkg/serviceregistry/ambient/ambientindex_test.go93 symbols
pilot/pkg/model/context.go92 symbols
pkg/workloadapi/workload_vtproto.pb.go88 symbols

Used by 1 indexed graphs manifest dependencies, hub-wide

Dependencies from manifests, versioned

cel.dev/exprv0.25.1 · 1×
cloud.google.com/go/compute/metadatav0.9.0 · 1×
dario.cat/mergov1.0.2 · 1×
github.com/AdaLogics/go-fuzz-headersv0.0.0-2024080614160 · 1×
github.com/Azure/go-ansitermv0.0.0-2025010203350 · 1×
github.com/BurntSushi/tomlv1.6.0 · 1×
github.com/KimMachineGun/automemlimitv0.7.5 · 1×
github.com/MakeNowJust/heredocv1.0.0 · 1×
github.com/Masterminds/goutilsv1.1.1 · 1×
github.com/Masterminds/semver/v3v3.5.0 · 1×
github.com/Masterminds/sprig/v3v3.3.0 · 1×
github.com/VividCortex/ewmav1.2.0 · 1×

Datastores touched

(mongodb)Database · 1 repos

For agents

$ claude mcp add istio \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact