Istio Service Mesh

Everything you need to coordinate microservices in a service mesh with the powerful monitoring and management tool, Istio.

Istio: Canaries and Kubernetes

In this session, we will introduce you to cloud native architecture by demonstrating numerous principles and techniques for building and deploying Java microservices via Spring Boot, Wildfly Swarm and Vert.x, while leveraging Istio on Kubernetes with OpenShift.

Burr Sutter

Burr Sutter

Chief Developer Evangelist

Introduction to Istio Service Mesh

A service mesh provides traffic monitoring, access control, discovery, security, resiliency, and other useful things to a group of services. Istio does all that, but it doesn't require any changes to the code of any of those services. To make the magic happen, Istio deploys a proxy (called a sidecar) next to each service. All of the traffic meant for a service goes to the proxy, which uses policies to decide how, when, or if that traffic should go on to the service. Istio also enables sophisticated DevOps techniques such as canary deployments, circuit breakers, fault injection, and more. 

How Istio Works with Containers and Kubernetes

Istio service mesh is a sidecar container implementation of the features and functions needed when creating and managing microservices. Monitoring, tracing, circuit breakers, routing, load balancing, fault injection, retries, timeouts, mirroring, access control, rate limiting, and more, are all a part of this. While all those features and functions are now available by using a myriad of libraries in your code, what sets Istio apart is that you get these benefits with no changes to your source code.

By using the sidecar model, Istio runs in a Linux container in your Kubernetes pods (much like a sidecar rides along side a motorcycle) and injects and extracts functionality and information based on your configuration. Again (for emphasis), this is your configuration that lives outside of your code. This immediately lessens code complexity and heft.

It also (and this is important), moves operational aspects away from code development and into the domain of operations. Why should a developer be burdened with circuit breakers and fault injections and should they respond to them? Yes, but for handling and/or creating them? Take that out of your code and let your code focus on the underlying business domain. Make the code smaller and less complex.

 

The Service Mesh

Istio's functionality running outside of your source code introduces the concept of Service Mesh. That's a coordinated group of one or more binaries that make up a mesh of networking functions. If you haven't already, you're going hear about Service Mesh a lot in the coming months.

Overview of How Istio works with Microservices

Here's the 30,000-foot view of how a sidecar container works with Kubernetes and Minishift. Once you've started your Minishift instance, you create a project for Istio (let's call it "istio-system"), and you install and start all of the Istio-related components. From there, as you create projects and pods, you add configuration information to your deployments, and your pods will use Istio. The following diagram is a simple overview:

How Istio Service Mesh Works Flow Chart

Once you're at this point, you can start to change Istio settings to invoke fault injection or support a Canary Deployment or anything else Istio supports -- all while never touching your application source code. For example, let's say you want to direct all web traffic from users from your largest customer (Foo Corporation) to a new version of your website. You may decide to do this by simply creating an Istio Route Rule that searches for @foocorporation.com in their user id and directs them appropriately. To the rest of the world, this is transparent. Meanwhile, you can test your new software. This doesn't require a developer in order for it to happen.

Is It Expensive?

No. Istio is pretty fast. It's written in Go and adds a very tiny overhead to your system. Plus, what you may lose in online performance should be paid for by increased developer efficiency and speed. That's the theory at least. Don't overlook the fact that developers are expensive. As for the software, Istio is open source, so you can grab it and start using it now.

Do It Yourself

Want to see for yourself? The Red Hat Developer Experience Team has developed an in-depth, hands-on tutorial that you can use to learn more about Istio. It supports Linux, macOS, and Windows, with code in either Java or Node.js.

Deep Dive: Istio Service Mesh for Microservices

The book covers the following topics:

  • What is a service mesh?
  • Understanding Istio and the importance of its capabilities in a microservices architecture
  • How to do the following with Istio:
    • Resilience patterns
    • Routing patterns
    • Chaos testing
    • Security
    • Telemetry collection with tracing, metrics, and Grafana

 

Get a copy

Deep Dive: Istio Service Mesh for Microservices

Try Istio Now: Interactive Training

Interactive Learning Portal

OpenShift Interactive Learning Scenarios provide you with a pre-configured OpenShift instance, accessible from your browser without any downloads or configuration. Use it to experiment, learn OpenShift and see how we can help solve real-world problems.

Example workshops include: Istio 60-minute Fast Track, Istio Introduction, Deploy microservices, Monitoring and Tracing, and many more.

Try it

OpenShift Interactive Learning Portal