As more applications are being developed as a set of microservices, containers and platforms such as Kubernetes make many things much easier, but still leave untouched many operational issues such as traffic management and visibility, service authentication, security and policy. Istio, is a new service mesh that attempts to address many of these. We will discuss the architecture of Istio and the benefits it may offer to new microservice-based systems in a multicloud world.
12. Payments
Order
Mgmt
Web
Server
Content
Server
Services should be simple but get complicated fast
Auth
Logs and
Metrics
API
Mgmt
Security
Policy
Load
Balancing
Connection
Mgmt
Order
Mgmt
Request
Routing
Failover
Policy
Content
Server
Auth
Logs and
Metrics
API
Mgmt
Security
Policy
Load
Balancing
Connection
Mgmt
Request
Routing
Failover
Policy
Auth
Logs and
Metrics
API
Mgmt
Security
Policy
Load
Balancing
Connection
Mgmt
Payments
Request
Routing
Failover
Policy
Web
Server
Auth
Logs and
Metrics
API
Mgmt
Security
Policy
Load
Balancing
Connection
Mgmt
Request
Routing
Failover
Policy
14. Istio Architecture
PilotPilot Mixer Istio-Auth
Pod
Pod
Pod
Envoy
svcA
Pod
Pod
Pod
Envoy
svcB
HTTP/1.1, HTTP/2,
gRPC, TCP with or
without TLS
Config data to
Envoys
TLS certs to
EnvoyPolicy checks,
telemetry
HTTP/1.1, HTTP/2,
gRPC, TCP with or
without TLS
Control PlaneAPI
Data Plane
18. Stretching Istio Across Public, Private Clouds and Edge
PilotPilot Mixer Istio-Auth
Envo
y
svc
Public Cloud
Control PlaneAPI
Envo
y
svc
Envo
y
svc
Envo
y
svc
Public Cloud Private Cloud Edge
19. Using a service mesh is radically different
• Abstracts away details of service-to-service communications
• Consistent policy, load balancing, encryption, authentication, traffic steering
across services
• Easy way to connect, manage and secure microservices without changes in
the service code
• Easier IT-Ops with better observability, monitoring of traffic between
microservices
• Kubernetes orchestrates containers, Istio orchestrates communication
between services.
20. Biggest Impact: Changing the way we think about
application/service development
Bring application development becomes
assembly of ready-made, highly-scalable,
proven services running anywhere from the
edge to the cloud.