From 1833175f8390ff8151c718f09473ce6f6e5aeaab Mon Sep 17 00:00:00 2001
From: Zach Callahan <zach@zmc.dev>
Date: Mon, 10 Mar 2025 11:24:15 -0500
Subject: [PATCH] docs(blog): added blog post explaining operatorless istio
 changes

Apply 3 suggestion(s) to 1 file(s)

Co-authored-by: Christopher O'Connell <coconnell@bridgephase.com>
---
 blog/.pages                                 |   1 +
 blog/bb-3-0-operatorless-istio-migration.md | 124 ++++++++++++++++++++
 2 files changed, 125 insertions(+)
 create mode 100644 blog/bb-3-0-operatorless-istio-migration.md

diff --git a/blog/.pages b/blog/.pages
index dc8c057167..e85172b373 100644
--- a/blog/.pages
+++ b/blog/.pages
@@ -1,4 +1,5 @@
 nav:
+  - Big Bang 3.0 - Operatorless Istio Migration: bb-3-0-operatorless-istio-migration.md
   - Big Bang 2.42 Release and Team Updates: 2-42-Release.md
   - Big Bang 2.41 Release and Team Updates: 2-41-Release.md
   - Introducing Headlamp a UI for your k8s Cluster management: UI-for-your-K8s-Cluster.md
diff --git a/blog/bb-3-0-operatorless-istio-migration.md b/blog/bb-3-0-operatorless-istio-migration.md
new file mode 100644
index 0000000000..bdfe91d353
--- /dev/null
+++ b/blog/bb-3-0-operatorless-istio-migration.md
@@ -0,0 +1,124 @@
+# Big Bang 3.0 - Operatorless Istio Migration
+
+It has been nearly two years since the Big Bang 2.0 release, and the project has
+grown significantly in that time. The Big Bang engineering team is proud of the
+product that we have built alongside our growing community. Your support and
+feedback have been essential in shaping the platform your missions rely on.
+
+In line with our mission-first principles, we want to share updates on the
+direction of Big Bang and what it means for you as Big Bang operators.
+
+## Istio Operator Deprecation
+
+In August 2024, the Istio project
+[announced](https://istio.io/latest/blog/2024/in-cluster-operator-deprecation-announcement/)
+the deprecation of the Istio Operator in Istio 1.24. The Istio Operator was
+created to address many of the problems with Helm 2. Helm 3 resolved many of
+those issues. Additionally, the Istio project's data showed that less than 10%
+of installations used the operator, with most relying on istioctl for initial
+deployment and upgrades. Big Bang uses a declarative approach to application
+deployments. With 3.0, we've included a declarative approach for installing
+Istio into Kubernetes clusters without the operator or istioctl.
+
+Istio 1.23 has a
+[generous EOL timeline](https://istio.io/latest/docs/releases/supported-releases/#support-status-of-istio-releases),
+giving Big Bang engineers ample time to work through the migration. We've merged
+initial packages to enable operatorless Istio.
+
+These packages are currently in an **alpha** state and subject to change. Big
+Bang consumers are **advised to avoid running these packages in production
+environments**. However, if users want to test the new packages with their
+custom configurations, they are available in Big Bangâ€™s most recent release
+under `istioCore`, `istioGatewayPublic`, and `istioGatewayPassthrough` at the
+time of writing.
+
+Because this new deployment paradigm is fundamentally incompatible with previous
+Istio deployments in Big Bang, this transition is marked as a **breaking
+change**. The Istio upstream project has set **May 2025** as the EOL point for
+Istio 1.23 (including the Operator), so Big Bang is aiming for a **3.0
+transition on or before that date**.
+
+## Migration Considerations
+
+The Big Bang team is dedicated to making this transition as smooth as possible.
+We are actively working on migration documentation and automation where
+applicable.
+
+Here are some key architectural changes you should be aware of:
+
+### **Mesh Operations**
+
+âœ… **No impact on existing mesh configurations**
+
+- Your existing Istio CRs will continue to work **as-is** post-migration.
+- `PeerAuthentication`, `ServiceEntry`, and `AuthorizationPolicy` remain
+  unchanged.
+- `istiod` continues to manage mesh operationsâ€”**the operator removal does not
+  affect this**.
+
+### **Gateways**
+
+ðŸš¨ **Significant changes to Gateway deployments**
+
+- Previously, `Gateway` configurations were embedded in `IstioOperator` CRs and
+  managed by the operator.
+- **In 3.0, Gateways must be installed via their own standalone Helm charts.**
+- We are exposing the Istio gateway chart's API directly to Big Bang consumers
+  rather than continuing with an abstraction layer.
+
+âœ… **Simplified Deployment with Iterable Helm Releases**
+
+- We are developing an iterable `istioGateway` package to ease deployment.
+- Users can still deploy custom `Gateway` resources manually, but our new
+  package will reduce friction.
+- More details on this feature will be shared in the coming weeks.
+
+ðŸ” **Exploring Kubernetes-native Gateway API**
+
+- We are researching the
+  [K8s-native Gateway API](https://gateway-api.sigs.k8s.io/) as a potential
+  primary ingress/egress configuration resource.
+- This transition would increase flexibility and potentially support alternative
+  service mesh implementations in the future.
+
+### **Ambient Mode**
+
+We want to be clear that our transition to operatorless Istio is **not** a
+transition to Istioâ€™s ambient mode.
+
+We think ambient Istio is promising and are researching how best to support it.
+However, this migration **only focuses on removing the Istio Operator**. If and
+when we have a clear path for ambient mode, weâ€™ll share updates.
+
+## Migration Timeline
+
+**Planned milestones for Big Bang 3.0:**
+
+- **March 2025** â€“ Operatorless Istio reaches beta status for broader testing.
+- **April 2025** â€“ Final testing phase for community feedback.
+- **May 2025** â€“ Big Bang 3.0 release, aligning with Istio 1.23 EOL.
+
+We are not currently tracking any other major changes for the 3.0 release. We
+may introduce some QoL improvements, but nothing is roadmapped yet. If any
+additional changes are planned, we will announce them here and in our release
+notesâ€”so stay tuned!
+
+## What You Need to Do
+
+âœ… **Test the new operatorless Istio packages in non-production environments.**
+
+âœ… **Review your Gateway configurations and prepare for standalone Helm-based
+deployment.**
+
+âœ… **Keep an eye out for migration documentation and automation tools.**
+
+âœ… **Engage with the community to provide feedback or raise concerns.**
+
+## Community Thanks
+
+As always, we want to thank our community for their continued support. We build
+Big Bang for you, and our mission is to simplify and enable yours. If you have
+any feedback or concerns, please share them in
+[our community Slack](https://bigbanguniver-ft39451.slack.com/archives/C051A2BPS0K),
+on Mattermost, or by
+[making an issue](https://repo1.dso.mil/big-bang/bigbang/-/issues/new) in repo1.
-- 
GitLab