Istio Service Mesh Pattern


  • Ingress traffic (requests coming from external clients)
  • Inter service traffic (requests coming from another microservice)
  • Egress traffic (requests going out to an external service)
  • HTTP 1.1/2
  • Websocket
  • gRPC
  • TCP
  1. Data plane — is responsible for communication across microservices as well as ingress and egress traffic
  2. Control plane — provides control over networking of microservices and their interactions


Istio Service Mesh Pattern
  1. helloworld service — expose via 9095 port
  2. test service — expose via 9095 port
  1. Mixer — Which collects attributes from envoy proxies and enforce policy checks and collect telemetry information. If you need to extend the functionality of the mixer, you can write a mixer adapter which can process this metadata and do additional policy enforcements and analytics
  2. Pilot — It provides functionalities like service discovery, configuration of error handling and routing
  3. Citadel — This provides the service to service security (mTLS) as well as end user authentication (JWT) capabilities
  4. Galley — This is a tool which validated the istio configurations and inject them to proxies and distribute within the service mesh

How it works in runtime

A message going from testservice to helloworld service

A message coming from external client to helloworld service (ingress traffic)

  • http://<loadbalancer-ip|minikube-ip>:80/helloworld

A message going out from a microservice to an external service (egress traffic)

  1. Use an egress gateway and send the request through that In this scenario, request will be intercepted by an envoy proxy runnnig within the egress gateway. It is similar to the way we have configured the ingress gateway with gateway and virtual service.
  2. Call the backend URL directly from the microservice In this, requests will be directly going from microservice via the envoy proxy within the same pod to external URLs.



Learn microservices architecture and practical usage

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Chanaka Fernando

Writes about Microservices, APIs, and Integration. Author of “Designing Microservices Platforms with NATS” and "Solution Architecture Patterns for Enterprise"