Technology Friday: Istio Makes Microservices Ready for Primetime
I started the week writing about Istio so I figured it should be the topic of today’s technology Friday.
As explained in my previous article, Istio is a platform that enables the operational readiness of microservices solutions. The reason I’ve been so excited about Istio is because I believe it fill one of the biggest gaps in the microservices’ value proposition. If you have faced the task of implementing a decent-size microservices architecture, then you are likely to have experienced the pain of operating and managing those type of solutions at big scale.
Istio enables foundational capabilities of microservices architectures in areas such as traffic management, routing, service discovery, fault interaction, security and several others. Istio’s architecture can be segmented in two fundamental areas: data plane and control plane. The data plane is responsible for managing flow-related capabilities in a service mesh including features such as routing and load balancing. The control plan is responsible for modeling and activating those capabilities via policies. Istio operates at the network level of a microservices architecture using a sidecar proxy model associated with a Kubernetes pod. Istio’s sidecar architecture is based of the popular Envoy proxy framework originally created by Lyft.
Istio-Manager is the main interface for directly interacting with the platform. That component is responsible for managing the lifecycle of Envoy proxies in a service mesh. The Istio-Manager also enables the authoring of policies in areas such as security or traffic management using a proprietary DSL. Service discovery is another key feature enabled by the Istio-Manager via a service registry that i dynamically updated as Envoy proxies come on and off the service mesh.
Istio is technically infrastructure agnostic but its first release has been optimized for Kubernetes infrastructures. Istio includes a component called the Mixer which abstracts the interaction with an underlying runtime such as Kubernetes, Mesos, Cloudfoundry an others. Istio’s Mixer i based on a plug-in based architecture that support several platform adapters.
Security is another key capability of the Istio platform. The Istio-Auth component is responsible for features such as service-to-service authentication, TLS encryption, service identity management and others. One of my favorite features of Istio is it fault-injection capabilities based on circuit breaker techniques. Istio’s model allow developers to build microservices solutions that factor failure as a first-class citizen.
In terms of infrastructure support, Istio excels on Kubernetes-based environments such as Google Cloud. Support for IBM Bluemix should be expected soon and other cloud platforms should follow.
Istio is a very unique offering in a not very crowded space.Platforms such as Azure Service Fabric or Spring Cloud offer similar capabilities in areas such as security, discovery or traffic management. The Lagom framework also has some overlap with Istio although the former is more focused on developer capabilities. Finally, some individual projects of the Netflix OSS stack such as Atlas or Hystrix can also be seen as alternatives to Istio.