Managing Microservices With Istio Service Mesh in Kubernetes

Kubernetes Advocate
Mar 15 · 4 min read

Services are at the core of modern software architecture. Deploying a series of standard, little (micro-)services instead of massive monoliths provides developers the flexibleness to figure in several languages, technologies, and unharness cadence across the system; leading to higher productivity and speed, particularly for larger groups.

With the adoption of microservices, however, new issues emerge because of the sheer variety of services that exist in a very larger system. issues that had to be resolved once a stone, like security, load equalization, monitoring, and rate-limiting have to be compelled to be handled for every service.

Istio & Kubernetes

Moving to microservices network challenges

  1. Network Reliability
  2. Fault tolerance and resiliency
  3. Monitoring and Observability

The evolution of microservices frameworks: from NetFlix OSS to Istio

By Rafik Harabi, INNOVSQUARE

Microservices challenges

  1. Challenge 1 = N to N communications.
  2. Challenge 2 = Distributed software interconnection and troubleshooting are hard.
  3. Challenge 3 = Containers should stay thin and platform agnostic.
  4. Challenge4 = Upgrade of polyglot microservices is hard at scale.
By Rafik Harabi, INNOVSQUARE

Service Mesh ( buoyant.io)

A service mesh is a dedicated infrastructure layer for handling service-to-service communication. It’s responsible for the reliable delivery of requests through the complex topology of services that comprise a modern, cloud-native application

Each service will have its own proxy service and all these proxy services along kind the “Service Mesh”. All the requests to and from each service will go through the mesh proxies. Proxies are also known as sidecars.

By Rafik Harabi, INNOVSQUARE

History of Istio

  1. Envoy proxy (Istio data plane) was created by Lyft and open-sourced in 2016.
  2. IBM and Google launch the project in May 2017
  3. The first major version was released in July 2018.
  4. Current version: 1.3

Istio goal

Develop an open technology that gives a consistent medium to connect, secure, manage and monitor a network of microservices despite the platform supply or merchant.

Solution Istio Promises

● concentrate on business logic and spent less time with common considerations.
● No change in the service code.
● Central configuration management.
● Easy to upgrade
● Security

Istio does:

  1. Service discovery
  2. Load Balancing & Intelligent Routing
  3. Resiliency: Circuit Breaker & Retry
  4. Rate Limiting
  5. Authentication and Authorization
  6. Service to Service mTLS
  7. Policy enforcement
  8. Observability
  9. Monitoring metrics
  10. Distributed tracing

Istio does not:

  1. Event-Driven Asynchronous communication
  2. Service Orchestration
By Rafik Harabi, INNOVSQUARE

Service Discovery Challenge

Kubernetes provides service discovery, why do I need an extra one?

Istio supports:

  1. HTTP L7 filter
  2. HTTP L7 routing (based on HTTP headers and cookies)
  3. First-class HTTP/2
  4. gRPC support
  5. Fine-grained traffic splitting

Architecture

By Rafik Harabi, INNOVSQUARE

Istio building blocks 1

  1. Pilot = Responsible for service discovery and for configuring the Envoy sidecar proxies
  2. Citadel = Automated key and certificate management
  3. Mixer = Istio-Policy: policy enforcement Istio-Telemetry: gather telemetry data
  4. Galley= Configuration ingestion for istio components
  5. Ingress Gateway =manages an inbound connection to the service mesh
  6. Egress Gateway = manages outbound connection from the service mesh
  7. Sidecar injector = Inside sidecar for enabled pods/namespaces

Istio building blocks 2

  1. Prometheus =Metrics collection
  2. Grafana = Monitoring dashboard
  3. Jaeger =Distributed tracing
  4. Kiali =Observability dashboard
By Rafik Harabi, INNOVSQUARE

Follow us on LinkedIn, Twitter 🐦 and Facebook 👥 , and Instagram 📷

If this post was helpful, please click the clap 👏 button below a few times to show your support! ⬇

AVM Consulting Blog

AVM Consulting — Clear strategy for your cloud

Sign up for AVM Consulting

By AVM Consulting Blog

We are developing blogging to help community with Cloud/DevOps services Take a look.

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

Kubernetes Advocate

Written by

Founder and CEO of Kubernetes Advocate Tech author, cloud-native architect, entrepreneur, and startup advisor.

AVM Consulting Blog

AVM Consulting — Clear strategy for your cloud

Kubernetes Advocate

Written by

Founder and CEO of Kubernetes Advocate Tech author, cloud-native architect, entrepreneur, and startup advisor.

AVM Consulting Blog

AVM Consulting — Clear strategy for your cloud

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store