Istio, Ambient Service Mesh, and Beyond



Photo by Uriel SC on Unsplash

On this episode of the Open at Intel podcast, community leader Lin Sun talks about her work around the cloud-native community. She gives us a window into recent updates on the Istio project, including an exciting new initiative called ambient service mesh that will allow Istio users to deploy service mesh applications without a sidecar. She also shares advice for open source newcomers and offers a refreshingly optimistic take on AI.  

Listen to the full episode here. This conversation has been edited and condensed for brevity and clarity. 

Katherine Druckman: Can you tell us about your work in the open source community? 

Lin Sun: I’ve been involved in the open source community for the past 10 years. I started as a committer for Apache Geronimo. Then I was a maintainer for Apache Aries. Most recently I became a maintainer and also joined the leadership team for the Istio project. While working on Istio, I changed companies, but it’s so cool I still got to work on the same open source project. 

Istio Work

Katherine Druckman: For those who don’t know, can you tell us about Istio? 

Lin Sun: Istio fits in the cloud-native service mesh landscape. Service mesh essentially provides a programmable framework for your microservices so you don’t have to package libraries in your application code to be able to connect, secure, and observe your microservices. Istio is the most popular implementation of service mesh out there, and it’s adopted by thousands of organizations. It recently became a CNCF graduation project. 

I wear different hats in the Istio community. I’ve been a test release lead and a product security community member. Now I’m a member of the steering committee and the Technical Oversight Committee. I do a lot of work making sure everybody is aware of Istio’s benefits and how easy it could be for simple scenarios. I also help contributors; as they contribute code, sometimes they hit a roadblock, and I work with other technical leaders to unblock them. I also contribute code, but less lately because I’ve been more focused on education and making sure users understand Istio and where it’s headed. 

The Rewards of Open Source

Katherine Druckman: I’m always curious about what makes open source people tick. How did you first get started contributing to community projects? 

Lin Sun: For me, it was kind of part of my job. When I was at IBM, it acquired a small company that does web server Java EE implementations, and that company was based purely on an open source project, Apache Geronimo. I started working on the open source team after the acquisition. It’s really cool when open source is part of your full-time job because for a lot of people, working in the open source community is a side job. I was very lucky. I was one of the full-time open source developers and my job was to help IBM gain status and do good work as needed by the community. 

Katherine Druckman: What advice would you have for people who have not yet contributed to a community project?  

Lin Sun: Don’t be shy. We find that a lot of people can get frustrated when they submit a pull request (PR) and they get some pushback. Try to understand why the maintainers may be pushing back. At the end of the day, maintainers are not looking at one single PR—they’re looking at the maintainability of the project and who else is asking for certain bugs or features. Bug fixes are normally easier for maintainers to accept, but for features, I would recommend that you try to find other people in the community who have similar requirements and can advocate for you. A lot of times when there’s only one user asking for a particular feature, it’s much harder for maintainers to accept it. It would be way easier if multiple people were asking for the same thing.  

I find open source contribution can be super rewarding because a lot of the time, if you’re working on an enterprise product, almost nobody cares about what you’re working on. Only your company or customers really care about it. You can be perceived as a salesperson when you talk about your enterprise product. But working in open source allows you to make friends, meet people at conferences, and reach the same goal. It’s just super, super cool. It’s something I’ve never experienced when I was working on enterprise projects. 


A New Chapter for Istio

Katherine Druckman: I’d love to hear more about your work on Istio. Do you have any updates for Istio users who may not be as plugged in? 

Lin Sun: The biggest thing we’re doing is this new thing called ambient service mesh. I actually wrote a book about it last year. Basically, we listened to a lot of users who want service mesh but don’t want to pay for either the cost or the complexity of the sidecar. They don’t want to run the sidecar with their application and keep restarting their application because every time there’s a CVE with the sidecar, they would have to restart their application, which requires very careful planning with the downtime. This is exactly why we introduced Istio ambient mesh, a new data plane mode that allows you to run your application in Istio without a sidecar. I’m very excited about it. I believe this will help Istio attract way more users in the next one or two years when ambient is production ready. If you’re running with a sidecar today though, rest assured that sidecar will stay with Istio for a very long time, so there’s no pressure to move to this sidecar-less mode. Ambient is really designed to capture the users who walk away from Istio because of the complexity of the sidecar. 

The Potential of AI

Katherine Druckman: Outside of your day-to-day, what are you excited about in the open source world right now?  

Lin Sun: What I think is coming next is AI. It helps me to do my job sometimes. If I run into particular concepts around security I don’t fully understand, sometimes I go to ChatGPT. It doesn’t always give me the right answer, but it does have a pretty solid understanding a lot of times. Even if the answer doesn’t hit the point, it’s nice in a way that it gives me a different opinion. Instead of asking somebody, I have AI doing work for me without having to pay, and you get the response right back. If I ping an expert, they may not necessarily respond to me, and if they do, maybe it’s a few days or hours later. I believe over time, when more people ask questions and when the feedback loop is in place, AI will be more interesting. I’m asking AI simple stuff right now, but down the road maybe we’ll do less at the keyboard. How many developers hurt their fingers and necks working on the keyboard every day? Maybe we can be more conversational and tell AI, “Hey, deploy Istio in my Kubernetes cluster,” or, “Enroll my application into the service mesh.”  

At the end of the day, you need to manage what AI gives you. You have to decide if the answer is good or if you should make changes to it. I hope human intelligence is still important along with AI. I’m trying to think of AI as a tool to help us do our jobs, but you still need to make the final decision about the quality of the output. 

To hear more of this conversation and others, subscribe to the Open at Intel podcast: 


About the Author

Katherine Druckman, Open Source Evangelist, Intel 

Katherine Druckman, an Intel open source evangelist, hosts the podcasts Open at Intel, Reality 2.0, and FLOSS Weekly. A security and privacy advocate, software engineer, and former digital director of Linux Journal, she’s a longtime champion of open source and open standards. 

Lin Sun, Director of Open Source, 

Lin Sun is the director of open source at and an ex-CNCF ambassador. She has worked on Istio service mesh since 2017 and serves on the Istio Technical Oversight Committee. Previously, she was a senior technical staff member and master inventor at IBM for 15+ years. She is the author of the book Istio Ambient Explained and has more than 200 patents to her name.