LoginSign Up
← Back to all sparks
Istio logo

Istio

DEVOPS
Velocity0.5

Service mesh

istio.io

Istio's Ambient mesh hits multi-network beta and the project is unwinding from Google-hosted artifacts.

service-meshambient-meshmulti-clusterregistry-migrationgovernance
Current state
Recent activity is split across three threads: technical posts (wildcard egress design, namespace multi-tenancy security guidance, and ambient multi-network multicluster reaching beta), governance work (2026 Steering Committee election results, KubeCon EU planning), and infrastructure (announcement that Istio images will leave gcr.io/istio-release by January 2027 due to changes in funding). Release-cadence-wise, the substantive product release in this slate is ambient multi-network multicluster moving to beta in 1.29.
Where it's heading
Istio is methodically maturing the Ambient data plane, with multi-network multicluster — historically an Istio strength on the sidecar side — now reaching beta on Ambient with telemetry gaps closed. In parallel, the project is consolidating its operational footprint: container registries and Helm charts are migrating off Google Cloud, suggesting a more independent project posture under the CNCF. Security work is steady (the multi-tenancy MITM advisory).
Prediction
Expect Ambient multi-network multicluster to reach GA within two minor releases as adoption feedback closes the remaining gaps. The container registry move will spark a stretch of customer-facing docs and migration tooling through 2026 — and likely a similar move for Helm charts and other artifacts within a quarter. Steering committee composition shift toward Solo.io and other major contributors signals continued vendor influence on roadmap priorities.

Recent moves

  1. 2mo ago

    Wildcard egress routing design (forward-looking)

    Design discussion of wildcard egress routing for REGISTRY_ONLY meshes — addresses the operational pain of registering each subdomain individually for services like Wikipedia. Reads as a precursor to a feature in upcoming releases rather than a shipped change.

    View source ↗
  2. 3mo ago

    2026 Steering Committee election results

    Results of the 2026 Steering Committee election: Community Seats and Contribution Seats allocated, with Solo.io and other top contributors leading. Project governance update; doesn't change Istio's product surface.

    View source ↗
  3. 3mo ago

    Istio container registry migrating off Google Cloud (GA: Jan 2027)

    Istio is migrating its container registry: gcr.io/istio-release will be sunset on January 1, 2027, with Helm charts to follow. Tied to changes in Istio's funding model — a substantial operational change for any cluster pinning the GCR mirror, and a signal that Istio is reducing its dependency on Google-hosted infrastructure.

    View source ↗
  4. 3mo ago

    Security Considerations on Istio's CRDs with Namespace-based Multi-Tenancy

    Security advisory describing a man-in-the-middle scenario where namespace-tenant-deployable VirtualService resources can intercept traffic in multi-tenant clusters. Affects 1.29.0 and earlier whenever the mesh-gateway option is in use; documents mitigations rather than shipping a code fix.

    View source ↗
  5. 4mo ago

    KubeCon EU 2026 Istio activities (event)

    Promotion of Istio activities at KubeCon + CloudNativeCon Europe 2026 in Amsterdam. Conference logistics, not a release.

    View source ↗
  6. 4mo ago

    Ambient multi-network multicluster support is now Beta

    ⚡ SPARK

    Ambient multi-network multicluster reaches Beta in 1.29 with telemetry gaps closed across distributed clusters and networks. It's the directional move in this slate — the Ambient data plane has historically lagged sidecar-mode in multi-cluster maturity, and beta is the gating step toward parity.

    View source ↗