Istio 1.22 marks the official beta release of Ambient mode, accompanied by a blog titled Say goodbye to your sidecars: Istio’s ambient mode reaches Beta in v1.22, claiming that Layer 4 and Layer 7 features are now production-ready. This milestone was actually announced by the community at KubeCon EU a month earlier. Such exciting promotion seems to suggest that we can completely abandon the Sidecar mode, but is this really the case?
While I am open to new technologies, it may be premature to completely abandon the Sidecar mode. Each mode has its specific application scenarios, advantages, and disadvantages. Below, I will share in detail some of the limitations of the Ambient mode compared to the Sidecar mode, to help everyone better understand the differences between the two.
The L7 traffic management support in Ambient mode is not yet mature and production-ready. In contrast, Sidecar mode is more stable and reliable in this regard.
In Ambient mode, mTLS is enforced at the namespace level, whereas Sidecar mode gives users more flexibility to choose whether to enable mTLS. This flexibility is particularly important for certain application scenarios.
For L7 layer telemetry data, it remains questionable whether Ambient mode can provide precise monitoring and tracing for each pod as effectively as Sidecar mode. Sidecar mode has been widely validated in terms of observability and is more mature.
In terms of deployment, Ambient mode recommends using Helm and only supports the Kubernetes platform, while Sidecar mode also supports VMs and hybrid cloud environments. Additionally, Ambient mode has not yet received official support from major cloud vendors. During upgrades, Ambient mode has a larger blast radius and currently does not support canary releases, recommending blue-green deployments instead. There is still a lack of best practices for migrating from Sidecar mode to Ambient mode or coexisting with both.
Currently, support for Wasm plugins in Ambient mode is still unclear, whereas Sidecar mode already has relatively complete support in this area.
While Dual Stack mode is still experimental in Sidecar mode, it has at least some implementation, whereas it remains unclear whether Ambient mode supports this feature.
Although Istio 1.22 brings the exciting Ambient mode, we need to carefully consider these limitations and differences before completely saying goodbye to Sidecar mode. Each mode has its unique advantages and applicable scenarios, and users should make informed choices based on their own needs. I will continue to test and track Ambient mode, so stay tuned to this blog for more in-depth analysis.
Last updated on Sep 27, 2024