Service mesh with Istio and Kiali
Everything you need to coordinate microservices in a service mesh with the powerful monitoring and management tools like Istio and Kiali.
Everything you need to coordinate microservices in a service mesh with the powerful monitoring and management tools like Istio and Kiali.
In this session, we will introduce you to cloud native architecture by demonstrating numerous principles and techniques for building and deploying Java microservices via Spring Boot, Wildfly Swarm and Vert.x, while leveraging Istio on Kubernetes with OpenShift.
Learn how to implement the Kubernetes Gateway API 1.0 feature on Red Hat...
Explore OpenShift Service Mesh's multi-cluster features and learn how to...
Find out what's new for developers in Red Hat OpenShift 4.15. Access Tekton...
Learn how to get the most from OpenShift Service Mesh tracking and monitoring.
A service mesh provides traffic monitoring, access control, discovery, security, resiliency, and other useful things to a group of services. Istio does all that, but it doesn't require any changes to the code of any of those services. To make the magic happen, Istio deploys a proxy (called a sidecar) next to each service. All of the traffic meant for a service goes to the proxy, which uses policies to decide how, when, or if that traffic should go on to the service. Istio also enables sophisticated DevOps techniques such as canary deployments, circuit breakers, fault injection, and more.
Istio service mesh is a sidecar container implementation of the features and functions needed when creating and managing microservices. Monitoring, tracing, circuit breakers, routing, load balancing, fault injection, retries, timeouts, mirroring, access control, rate limiting, and more, are all a part of this. While all those features and functions are now available by using a myriad of libraries in your code, what sets Istio apart is that you get these benefits with no changes to your source code.
By using the sidecar model, Istio runs in a Linux container in your Kubernetes pods (much like a sidecar rides along side a motorcycle) and injects and extracts functionality and information based on your configuration. Again (for emphasis), this is your configuration that lives outside of your code. This immediately lessens code complexity and heft.
It also (and this is important), moves operational aspects away from code development and into the domain of operations. Why should a developer be burdened with circuit breakers and fault injections and should they respond to them? Yes, but for handling and/or creating them? Take that out of your code and let your code focus on the underlying business domain. Make the code smaller and less complex.
Istio's functionality running outside of your source code introduces the concept of Service Mesh. That's a coordinated group of one or more binaries that make up a mesh of networking functions. If you haven't already, you're going hear about Service Mesh a lot in the coming months.
Here's the 30,000-foot view of how a sidecar container works with Kubernetes and Minishift. Once you've started your Minishift instance, you create a project for Istio (let's call it "istio-system"), and you install and start all of the Istio-related components. From there, as you create projects and pods, you add configuration information to your deployments, and your pods will use Istio. The following diagram is a simple overview:
Once you're at this point, you can start to change Istio settings to invoke fault injection or support a Canary Deployment or anything else Istio supports -- all while never touching your application source code. For example, let's say you want to direct all web traffic from users from your largest customer (Foo Corporation) to a new version of your website.
You may decide to do this by simply creating an Istio Route Rule that searches for @foocorporation.com in their user id and directs them appropriately. To the rest of the world, this is transparent. Meanwhile, you can test your new software. This doesn't require a developer in order for it to happen.
No. Istio is pretty fast. It's written in Go and adds a very tiny overhead to your system. Plus, what you may lose in online performance should be paid for by increased developer efficiency and speed. That's the theory at least. Don't overlook the fact that developers are expensive. As for the software, Istio is open source, so you can grab it and start using it now.
Want to see for yourself? The Red Hat Developer Experience Team has developed an in-depth, hands-on tutorial that you can use to learn more about Istio. It supports Linux, macOS, and Windows, with code in either Java or Node.js.
Learn about the fundamentals of Istio Service Mesh in these new online deep dives.
This article will guide you through the process of rapid prototyping using...
Discover how to integrate NVIDIA NIM with Red Hat OpenShift AI to create...
Learn about the LeastWaste and Priority expanders in the OpenShift 4.16...
Serverless logic in Red Hat OpenShift enables developers to use workflows for...