Introduction to Istio
What exactly is Istio?
Istio is an OSS for securely managing microservices and is a member of the CNCF like Kubernetes.
As microservices progressed, Service Mesh became larger and more complex due to requests such as allocating only 20% access to A/B testing and canary releases . Istio has been developed to solve this problem of managing complex service meshes cannot keep up. Key features include authentication and monitoring between services, and flexible load balancing at L7. Currently it only supports Kubernetes, but it seems that it will support other platforms in the future. (Some functions such as key management are compatible with bare metal even in the current 0.2 series)
Also, the Istio components are deployed to the pod as a sidecar for the service, so you don’t have to modify the service code. This has the advantage that the operator can flexibly manage the system without burdening the application developer.
A service mesh for observability, security in depth, and management that speeds deployment cycles.
Connect, secure, control, and observe services. Connect, secure, control, and observe services. Source for the istio.io…
Istio’s service mesh can be divided into two parts, the data plane and the control plane , as shown in the figure above . The data plane manages communication between microservices by proxy servers, and the control plane manages policies and proxy settings.
Explanation components that make up Istio
- Envoy : A proxy server that manages all in / outbound traffic for the service mesh and is deployed as a sidecar for pods in Kubernetes. By the way, Envoy isn’t raw, it’s an extension for Istio.
- Mixer : A component that collects data for each service through Envoy and controls access based on that information. It has a plug-in model and can be customized flexibly.
- Pilot : Responsible for service discovery, traffic management, etc. In the case of Kubernetes, service discovery is achieved by detecting changes in the status of Envoy using the Watch API.
- Citadel : Performs user authentication using Kubernetes Service Account and TLS mutual authentication between services. This authentication allows you to manage your service mesh on a policy basis.
In this post, I introduced the outline of Istio’s concept and architecture, Next time we will cover how to setup sample app deployment with Istio
by the author.