Service mesh with Istio and Kiali
Everything you need to coordinate microservices in a service mesh with the powerful monitoring and management tools like Istio and Kiali.
Istio: Canaries and Kubernetes
In this session, we will introduce you to cloud native architecture by demonstrating numerous principles and techniques for building and deploying Java microservices via Spring Boot, Wildfly Swarm and Vert.x, while leveraging Istio on Kubernetes with OpenShift.
Featured service mesh resources
Article
Sep 16, 2024
How to use Gateway API with OpenShift Service Mesh 2.6
Learn how to implement the Kubernetes Gateway API 1.0 feature on Red Hat...
Article
Jul 02, 2024
Multi-primary multi-cluster setup in OpenShift Service Mesh
Explore OpenShift Service Mesh's multi-cluster features and learn how to...
Article
Mar 19, 2024
What's new for developers in Red Hat OpenShift 4.15
Find out what's new for developers in Red Hat OpenShift 4.15. Access Tekton...
Article
Dec 21, 2023
How to get more from OpenShift Service Mesh monitoring
Learn how to get the most from OpenShift Service Mesh tracking and monitoring.
What is Istio service mesh?
A service mesh provides traffic monitoring, access control, discovery, security, resiliency, and other useful things to a group of services. Istio does all that, but it doesn't require any changes to the code of any of those services. To make the magic happen, Istio deploys a proxy (called a sidecar) next to each service. All of the traffic meant for a service goes to the proxy, which uses policies to decide how, when, or if that traffic should go on to the service. Istio also enables sophisticated DevOps techniques such as canary deployments, circuit breakers, fault injection, and more.
How Istio works with containers and Kubernetes
Istio service mesh is a sidecar container implementation of the features and functions needed when creating and managing microservices. Monitoring, tracing, circuit breakers, routing, load balancing, fault injection, retries, timeouts, mirroring, access control, rate limiting, and more, are all a part of this. While all those features and functions are now available by using a myriad of libraries in your code, what sets Istio apart is that you get these benefits with no changes to your source code.
By using the sidecar model, Istio runs in a Linux container in your Kubernetes pods (much like a sidecar rides along side a motorcycle) and injects and extracts functionality and information based on your configuration. Again (for emphasis), this is your configuration that lives outside of your code. This immediately lessens code complexity and heft.
It also (and this is important), moves operational aspects away from code development and into the domain of operations. Why should a developer be burdened with circuit breakers and fault injections and should they respond to them? Yes, but for handling and/or creating them? Take that out of your code and let your code focus on the underlying business domain. Make the code smaller and less complex.
The service mesh
Istio's functionality running outside of your source code introduces the concept of Service Mesh. That's a coordinated group of one or more binaries that make up a mesh of networking functions. If you haven't already, you're going hear about Service Mesh a lot in the coming months.
Overview of how Istio works with microservices
Here's the 30,000-foot view of how a sidecar container works with Kubernetes and Minishift. Once you've started your Minishift instance, you create a project for Istio (let's call it "istio-system"), and you install and start all of the Istio-related components. From there, as you create projects and pods, you add configuration information to your deployments, and your pods will use Istio. The following diagram is a simple overview:
Once you're at this point, you can start to change Istio settings to invoke fault injection or support a Canary Deployment or anything else Istio supports -- all while never touching your application source code. For example, let's say you want to direct all web traffic from users from your largest customer (Foo Corporation) to a new version of your website.
You may decide to do this by simply creating an Istio Route Rule that searches for @foocorporation.com in their user id and directs them appropriately. To the rest of the world, this is transparent. Meanwhile, you can test your new software. This doesn't require a developer in order for it to happen.
Is it expensive?
No. Istio is pretty fast. It's written in Go and adds a very tiny overhead to your system. Plus, what you may lose in online performance should be paid for by increased developer efficiency and speed. That's the theory at least. Don't overlook the fact that developers are expensive. As for the software, Istio is open source, so you can grab it and start using it now.
Do it yourself
Want to see for yourself? The Red Hat Developer Experience Team has developed an in-depth, hands-on tutorial that you can use to learn more about Istio. It supports Linux, macOS, and Windows, with code in either Java or Node.js.
DevNation Deep Dives: Istio service mesh
Learn about the fundamentals of Istio Service Mesh in these new online deep dives.
More microservice resources
Article
Nov 12, 2024
Deliver generative AI at scale with NVIDIA NIM on OpenShift AI
Discover how to integrate NVIDIA NIM with Red Hat OpenShift AI to create...
Article
Oct 17, 2024
Efficient autoscaling in OpenShift with Priority and LeastWaste expanders
Learn about the LeastWaste and Priority expanders in the OpenShift 4.16...
Article
Oct 09, 2024
Function and event orchestration with OpenShift serverless logic
Serverless logic in Red Hat OpenShift enables developers to use workflows for...
Article
Sep 19, 2024
Enhancements to the Traces UI in the OpenShift web console: Technology preview...
The brand new Traces UI plug-in has now been released as a technology...
