istio


istio

Micro-service mesh management framework

It provides a uniform way to connect, manage, and secure microservices. It supports managing traffic flows between microservices, enforcing access policies, and aggregating telemetry data, all without requiring changes to the microservice code.

Benifit
=======

* A/B testing, 
* canary releases, 
* failure recovery, 
* metrics,

Key Capablity

* Traffic Management 
* load balancing, 
* rate limiting, 
* Observability
* monitoring
* Policy Enforcement 
* access control,
* load balancing, 
* Servie identity and security
* service-to-service authentication, 
* discovery of services, 
* end-to-end authentication.
* Platform Support
* Cloud, 
* on-premise, 
* Kubernetes, 
* Mesos
* Integration and Customization : integrate with existing solutions for 
* ACLs, 
* logging, 
* monitoring, 
* quotas, 
* auditing 
* etc.

Istio pre-configured addons
==========================

* Grafana : dashboard to visulize service mesh traffic data
* Prometheus : to query istio metrics 
* ServiceGraph :  generating and visualizing a graph of services within a mesh
* Zipkin : distributed tracing system

Architecture
============

1. Data plane : 
set of intelligent proxy (Envoy)
2. Control plane :
manage and configure proxy 
to route traffic
to enforce policy runtime. 

1. Envoy : sidecar proxy in same pod with features : 
dynamic service discovery, 
load balancing, 
TLS termination, 
HTTP & gRPC proxying, 
circuit breakers, 
health checks, 
staged rollouts with %-based traffic split, 
fault injection, 
rich metrics.

2. Mixer: 
platform independant
flexible plugin model 
with a variety of host environments and infrastructure backend
Tasks: 
enforce access control
enforce usage policies
collect telemetry data from envoy
Mixer configuration for
attribute extractation
policy evaluation

3. Pilot 
Tasks: 
converts high level routing rules that control traffic behavior into Envoy-specific configurations
propagates Envoy-specific configurations to the sidecars at runtime
abstracts platform-specifc service discovery mechanisms
transalate service discovery to Envoy data plane API
Benefits
service discovery
traffic management
intelligent routing
A/B tests, 
canary deployments
resiliency 
timeouts, 
retries, 
circuit breakers, 
etc.
multiple environments 
Kubernetes, 
Consul/Nomad

4. istio-Auth
Authentication using mutua TLS
Built-in identity + credentials management
enforce policy based on service identity

0 comments:

Post a Comment