Introduction to Istio; It Makes a Mesh Of Things
One of the key metrics or performance indicator of a microservices software architecture and environment is lead time (the amount of time it takes to get from idea to production). Many things have an impact on lead time, such as decision-making time, how quickly the code can be implemented, testing, continuous integration, etc.
[This is part one of my ten-week Introduction to Istio series.]
While many of the parameters can be automated to reduce lead time, there’s one part that cannot be, which is developer time to implement a feature. The combination of code complexity and code heft (i.e. number of lines of code) can put a drag on an implementation. There’s got to be a better way. And there is!
Istio is a sidecar container implementation of the features and functions needed when creating and managing microservices. Monitoring, tracing, circuit breakers, routing, load balancing, fault injection, retries, timeouts, mirroring, access control, rate limiting, and more, are all a part of this. While all those features and functions are now available by using a myriad of libraries in your code, what sets Istio apart is that you get these benefits with no changes to your source code.
By using the sidecar model, Istio runs in a Linux container in your Kubernetes pods (much like a sidecar rides along side a motorcycle) and injects and extracts functionality and information based on your configuration. Again (for emphasis), this is your configuration that lives outside of your code. This immediately lessens code complexity and heft.
It also (and this is important), moves operational aspects away from code development and into the domain of operations. Why should a developer be burdened with circuit breakers and fault injections and should they respond to them? Yes, but for handling and/or creating them? Take that out of your code and let your code focus on the underlying business domain. Make the code smaller and less complex.
The Service Mesh
Istio’s functionality running outside of your source code introduces the concept of Service Mesh. That’s a coordinated group of one or more binaries that make up a mesh of networking functions. If you haven’t already, you’re going hear about Service Mesh a lot in the coming months.
Here’s the 30,000-foot view of how a sidecar container works with Kubernetes and Minishift. Once you’ve started your Minishift instance, you create a project for Istio (let’s call it “istio-system”), and you install and start all of the Istio-related components. From there, as you create projects and pods, you add configuration information to your deployments, and your pods will use Istio. The following diagram is a simple overview:
Once you’re at this point, you can start to change Istio settings to invoke fault injection or support a Canary Deployment or anything else Istio supports — all while never touching your application source code.
For example, let’s say you want to direct all web traffic from users from your largest customer (Foo Corporation) to a new version of your website. You may decide to do this by simply creating an Istio Route Rule that searches for @foocorporation.com in their user id and directs them appropriately. To the rest of the world, this is transparent. Meanwhile, you can test your new software. This doesn’t require a developer in order for it to happen.
Is It Expensive?
No. Istio is pretty fast. It’s written in Go and adds a very tiny overhead to your system. Plus, what you may lose in online performance should be paid for by increased developer efficiency and speed. That’s the theory at least. Don’t overlook the fact that developers are expensive.
As for the software, Istio is open source, so you can grab it and start using it now.
Do It Yourself
Want to see for yourself? The Red Hat Developer Experience Team has developed an in-depth, hands-on tutorial that you can use to learn more about Istio. It supports Linux, macOS, and Windows, with code in either Java or Node.js.
Watch This Space
For the next nine weeks, we’ll be building on this blog post with more and deeper information about Istio, including posts about Circuit Breakers, Route Rules, Tracing & Monitoring, and much more.
All articles in the “Introduction to Istio” series:
- Part 1: Introduction to Istio; It Makes a Mesh of Things
- Part 2: Istio Route Rules: Telling Service Requests Where to Go
- Part 3: Istio Circuit Breaker: How to Handle (Pool) Ejection
- Part 4: Istio Circuit Breaker: When Failure Is an Option
- Part 5: Istio Tracing & Monitoring: Where Are You and How Fast Are You Going?
- Part 6: Istio Chaos Engineering: I Meant to Do That
- Part 7: Istio Dark Launch: Secret Services
- Part 8: Istio Smart Canary Launch: Easing into Production
- Part 9: Istio Egress: Exit Through the Gift Shop
- Part 10: Istio Service Mesh Blog Series Recap
Learn more about Istio and how a Service Mesh can improve microservices on developers.redhat.com.
To learn more, visit our Join the Red Hat Developer Program (it’s free) and get access to related cheat sheets (e.g. containers), books (e.g. microservices), and product downloads that can help you with your microservices and/or container application development.
Join the Red Hat Developer Program (it’s free) and get access to related cheat sheets, books, and product downloads.