Service mesh with Istio and Kiali

Everything you need to coordinate microservices in a service mesh with the powerful monitoring and management tools like Istio and Kiali.

Istio: Canaries and Kubernetes

In this session, we will introduce you to cloud native architecture by demonstrating numerous principles and techniques for building and deploying Java microservices via Spring Boot, Wildfly Swarm and Vert.x, while leveraging Istio on Kubernetes with OpenShift.

Burr Sutter
Chief Developer Evangelist

What is Istio service mesh?

A service mesh provides traffic monitoring, access control, discovery, security, resiliency, and other useful things to a group of services. Istio does all that, but it doesn't require any changes to the code of any of those services. To make the magic happen, Istio deploys a proxy (called a sidecar) next to each service. All of the traffic meant for a service goes to the proxy, which uses policies to decide how, when, or if that traffic should go on to the service. Istio also enables sophisticated DevOps techniques such as canary deployments, circuit breakers, fault injection, and more.

 

How Istio works with containers and Kubernetes

Istio service mesh is a sidecar container implementation of the features and functions needed when creating and managing microservices. Monitoring, tracing, circuit breakers, routing, load balancing, fault injection, retries, timeouts, mirroring, access control, rate limiting, and more, are all a part of this. While all those features and functions are now available by using a myriad of libraries in your code, what sets Istio apart is that you get these benefits with no changes to your source code.

By using the sidecar model, Istio runs in a Linux container in your Kubernetes pods (much like a sidecar rides along side a motorcycle) and injects and extracts functionality and information based on your configuration. Again (for emphasis), this is your configuration that lives outside of your code. This immediately lessens code complexity and heft.

It also (and this is important), moves operational aspects away from code development and into the domain of operations. Why should a developer be burdened with circuit breakers and fault injections and should they respond to them? Yes, but for handling and/or creating them? Take that out of your code and let your code focus on the underlying business domain. Make the code smaller and less complex.

The service mesh

Istio's functionality running outside of your source code introduces the concept of Service Mesh. That's a coordinated group of one or more binaries that make up a mesh of networking functions. If you haven't already, you're going hear about Service Mesh a lot in the coming months.

 

Overview of how Istio works with microservices

Here's the 30,000-foot view of how a sidecar container works with Kubernetes and Minishift. Once you've started your Minishift instance, you create a project for Istio (let's call it "istio-system"), and you install and start all of the Istio-related components. From there, as you create projects and pods, you add configuration information to your deployments, and your pods will use Istio. The following diagram is a simple overview:

How Istio Service Mesh Works Flow Chart

Once you're at this point, you can start to change Istio settings to invoke fault injection or support a Canary Deployment or anything else Istio supports -- all while never touching your application source code. For example, let's say you want to direct all web traffic from users from your largest customer (Foo Corporation) to a new version of your website.

 

You may decide to do this by simply creating an Istio Route Rule that searches for @foocorporation.com in their user id and directs them appropriately. To the rest of the world, this is transparent. Meanwhile, you can test your new software. This doesn't require a developer in order for it to happen.

Is it expensive?

No. Istio is pretty fast. It's written in Go and adds a very tiny overhead to your system. Plus, what you may lose in online performance should be paid for by increased developer efficiency and speed. That's the theory at least. Don't overlook the fact that developers are expensive. As for the software, Istio is open source, so you can grab it and start using it now.

Do it yourself

Want to see for yourself? The Red Hat Developer Experience Team has developed an in-depth, hands-on tutorial that you can use to learn more about Istio. It supports Linux, macOS, and Windows, with code in either Java or Node.js.

Try tutorial

DevNation Deep Dives: Istio service mesh

Learn about the fundamentals of Istio Service Mesh in these new online deep dives. 

More microservice resources

Featured image for Apache ActiveMQ Artemis.
Article
Nov 26, 2024

Try Apache Camel: From concept to deployment on OpenShift

Bruno Meseguer

This article will guide you through the process of rapid prototyping using...

Featured image for Red Hat OpenShift AI.
Article
Nov 12, 2024

Deliver generative AI at scale with NVIDIA NIM on OpenShift AI

Tomer Figenblat

Discover how to integrate NVIDIA NIM with Red Hat OpenShift AI to create...

Coding shared image
Article
Oct 17, 2024

Efficient autoscaling in OpenShift with Priority and LeastWaste expanders

Subin Modeel

Learn about the LeastWaste and Priority expanders in the OpenShift 4.16...

secure coding - simple
Article
Oct 09, 2024

Function and event orchestration with OpenShift serverless logic

Kris Verlaenen +1

Serverless logic in Red Hat OpenShift enables developers to use workflows for...