Interview › Istio & Service Mesh
What is the difference between Istio and an API gateway?
Istio & Service Mesh · Intermediate level
Answer
Istio and an API gateway solve overlapping but different problems. An API gateway primarily manages north-south client-to-service traffic at the edge, while Istio manages east-west service-to-service traffic inside the platform and can also provide ingress and egress gateways.
Technical explanation
API gateways often focus on developer portals, API keys, external auth, request transformation, quotas, and public API lifecycle.
Istio focuses on workload identity, mTLS, service graph telemetry, internal authorization, and traffic control across microservices.
Many mature platforms use both: an API gateway at the public edge and Istio inside the cluster.
Hands-on example
Example architecture:
Internet -> API Gateway/WAF -> Istio Ingress Gateway -> internal services.
The API gateway handles public API products and client auth.
Istio handles mTLS, internal AuthorizationPolicy, canary routing, service telemetry, and egress controls.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Istio & Service Mesh interview questions
- What is Istio, and what are the core capabilities it provides?
- What is the difference between the Istio control plane and data plane?
- What is istiod, and what does it do?
- What is Envoy, and what role does it play in Istio?
- What is the sidecar pattern, and how does Istio inject the proxy?
- How does automatic sidecar injection work (namespace label, webhook)?
- What is the Istio ambient (sidecarless) mode, and how does it differ from sidecar mode?
- What is the difference between ztunnel and a waypoint proxy in ambient mode?