Before knowing about Istio service mesh , we’ll talk about service mesh. Service mesh is a term where we mange multiple services. Services are nothing but API’s or you can say applications.
What is Istio?
Using Istio you can add different layers on your services. If we talk about Layers then these layers can be layer of security, connection or monitoring.
Using Istio you can manage load balancing (Basically you can manage your traffic for equal distribution on each server). you add authentication while service – to – service communication Also you can do monitoring with minimal code changes.
Need of Istio
Either you are developing new microservices or migrating existing services on cloud , Istio will help you to manage in different aspects like security , logging , encryption and most importantly server to service call. Istio is open source means you no need to pay for it.
Features of Istio –
1- Istio provides Inter service communication within a cluster with TLS encryption.
2- Also it provides the very secured Identitiy- based authorization and authentication.
3- Istio provides automatic load balancing if your traffic is from HTTP, gRPC, WebSocket and TCP traffic.
4- You can get very strong grip control over the behaviour of traffic with routing rules , failovers, retries and fault junction.
5- Also you get very fine pluggable policy layer and API configuration which supports access controls ,quotos ad rate limits.
6- Not only above you will get very good traffic details like logs , traces and metric within cluster , also including cluster ingress and egress.
Internal working of Istio
Istio consist of basically 2 parts
1- Data Plane
2- Control Plane
Data plane – it is basically responsible for the communication of services. Data plane is also known as user plane , Forwarding plane, carrier plane or bearer plane. If service mesh is not present then it’s very hard for network to understand the traffic is coming, and it do not understand the ype of the traffic and who it is and can’t make decision.
Service mesh uses a proxy to intercept all your network traffic. Based on the configration you set service mesh allow a varirty of application -aware features.
With your each service you need to deploy an Envoy proxy, it runs on alongside services running on Virtual machines.
Control Plane – Based on the configuration you provide , control place acts according to you configuration. It Dynamically sets the proxy servers, and updated them as per the rules on change of environment.
Images–
Let’s Understand Concepts of Istio
Security – Istios provides a enough security solutions for all the your need for an microservices. You can get Stronf identity, policy , tranparent TLS encryption and cuthencation , authorization and audit toools to secure
your microservices and data. The security model of Istio is based on Security by default, the goal of Istio is to provide in depth security so that even though if you miss any security config it will add also it protects across distributed network.
Insights – Istio provides very clear and detailed view of your complex system. With help of the telemetry you can get detailed metrics, traces and complete access of logs. As your services increases it get complicated in terms of viewing , understanding and performance of each service. With help of telemetry you can get very clear and detailed information of each service.
Traffic Management -Istio makes your configuration of service-level properties like retries, time outs, breakers and make very easy to setup A/B testing, canary deployments and staged rollouts with percentage based traffic splits.
The traffic rules provided by istios are very simple and easy to use. Also it lets you to easliy control the traffic flow and intercommunication between services.
Please let’s know if you want to know more about Istio like how to setup , install or manage?