Istio: A Novice Explanation
What is ISTIO
- A microservices manager
- A service mesh based system. Service mesh means a system built with many microservices 🙂
- Manages traffic, policies for authorization, encryption, load balancing, tracing, logging (all repetitive tasks are clubbed in ISTIO)
- It is another layer on a microservice. ISTIO is hosted on the same container/VM of your microservice.
How ISTIO work
- It needs a separate cluster to function.
- It has four components in its architecture
- It uses a proxy server called Envoy to monitor TCP/IP traffic and pass them to another component called Mixer.
- Citadel enforces communication security.
- Galley takes care of user authorization part
- At a high scale of microservices, ISTIO eases managing common tasks
- In my opinion, the USP is that ISTIO allows these tasks without any code modification to services.
ISTIO & Kubernetes
- Istio configurations are merged with Kubernetes service deployment YAML.
- ISTIO adds a new section to the
- There are sections suchs as:
- VirtualService: It exposes a service to public IPs through a load balancer.
- Gateway: A public gateway with ingress config (who can contact a service)
$ kubectl get svc -n istio-system
$ kubectl get pods -n istio-system