Need advice about which tool to choose?Ask the StackShare community!
AWS App Mesh vs Istio: What are the differences?
AWS App Mesh: Easily monitor and control microservices running on AWS. AWS App Mesh is a service mesh based on the Envoy proxy that makes it easy to monitor and control containerized microservices. App Mesh standardizes how your microservices communicate, giving you end-to-end visibility and helping to ensure high-availability for your applications. App Mesh gives you consistent visibility and network traffic controls for every microservice in an application. You can use App Mesh with Amazon ECS (using the Amazon EC2 launch type), Amazon EKS, and Kubernetes on AWS; Istio: Open platform to connect, manage, and secure microservices, by Google, IBM, and Lyft. Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes, Mesos, etc.
AWS App Mesh and Istio can be categorized as "Microservices" tools.
Istio is an open source tool with 18.5K GitHub stars and 3.1K GitHub forks. Here's a link to Istio's open source repository on GitHub.
One of our applications is currently migrating to AWS, and we need to make a decision between using AWS API Gateway with AWS App Mesh, or Kong API Gateway with Kuma.
Some people advise us to benefit from AWS managed services, while others raise the vendor lock issue. So, I need your advice on that, and if there is any other important factor rather than vendor locking that I must take into consideration.
The benefit of using Kuma + Kong Gateway are:
- Feature-set: Kong + Kuma provide an end-to-end solution for both APIM and Service Mesh with a feature-set, and a performance, that is not matched by AWS services. In addition to this you can extend Kong Gateway with 70+ plugins out of the box and choose between 500+ plugins from the community to cover every use-case. In comparison, the feature-set of AWS API Gateway is quite limited and basic.
- Performance: Especially in the case of Kong Gateway, performance has always been a top priority for the project (more performance deliver more reliable applications). In some benchmarks the latency added by AWS API Gateway can be 200x more than what you would achieve with Kong Gateway natively which has been hand-crafted for maximum throughput.
- Cost: While cloud vendors like AWS make it very easy to get up and running with their services at a lower initial cost, that cost ramps up very quickly (exponentially) as the number of requests are increasing. With Kong GW you don't have this problem, since you can run tens of thousands of concurrent requests on a small EC2 instance (or Kubernetes Ingress, via the native K8s ingress controller for Kong Gateway).
- Portability: You can replicate your infrastructure on any other cloud, or on your development machines with ease. Want to run your gateway + mesh on your local Kubernetes cluster? You can do that. Want to run your infrastructure on another cloud provider? You can do that. Strategically you have full ownership of your infrastructure and its future. When it comes to Kuma, you can also run a Mesh on VM-based workloads in addition to Kubernetes (Kuma is universal).
- And much more.
Disclaimer: I am the CTO of Kong.
AWS App Mesh is useful when your micro services are deployed across Ec2 , EKS or ECS. Assume you are in process of migrating microservices from ec2 instances to ecs, its easy to switch using Virtual router configuration. As App Mesh is managed service and easy to bring up ,its worth giving it a try for your use case before choosing Kuma or any other tool.
Istio based on powerful Envoy whereas Kong based on Nginx. Istio is K8S native as well it's actively developed when k8s was successfully accepted with production-ready apps whereas Kong slowly migrated to start leveraging K8s. Istio has an inbuilt turn-keyIstio based on powerful Envoy whereas Kong based on Nginx. Istio is K8S native as well it's actively developed when k8s was successfully accepted with production-ready apps whereas Kong slowly migrated to start leveraging K8s. Istio has an inbuilt turn key solution with Rancher whereas Kong completely lacks here. Traffic distribution in Istio can be done via canary, a/b, shadowing, HTTP headers, ACL, whitelist whereas in Kong it's limited to canary, ACL, blue-green, proxy caching. Istio has amazing community support which is visible via Github stars or releases when comparing both.
Pros of AWS App Mesh
Pros of Istio
- Zero code for logging and monitoring11
- Service Mesh8
- Great flexibility7
- Ingress controller4
- Resiliency3
- Easy integration with Kubernetes and Docker3
- Full Security3
- Powerful authorization mechanisms3
Sign up to add or upvote prosMake informed product decisions
Cons of AWS App Mesh
Cons of Istio
- Performance10