Istio a game changer for managing microservices

Many monolithic systems become too big to easily work with, so companies decided to refactor them into microservices. As an application grows in size, it can be hard to understand them. Developers had to face the new problem - how to manage this services? The solution is a service mesh, which is a dedicated network to control microservices environment.

What is Istio?

Istio is a complexity open source service mesh, created by Google and IBM. Developers can use it to manage service interactions across a container and VM. Layers of Istio are uploaded to the application without disturbing your business logic. There are 3 main advantages this service mesh provides:
- Traffic management - controls API calls between services and flow of traffic using rules configuration and traffic routing
- Security - secures communication channel, and manages authentication, authorization and encryption of service communication at scale
- Policies and Telemetry - enforce authorization policies and collect telemetry for the services in a mesh

Architecture

Logically Istio service mesh is split into:
- The data plane - consists of a set of intelligent proxies (Envoy) deployed as sidecars.
- The control plane - manages and configures the proxies.

Envoy (Proxy)

Envoy is a high-performance proxy developed in C++. Deployed as a sidecar to the service in the same pod. This allows Istio monitor route, control traffic, enforce policy decisions. You can read more about Envoy here.

Pilot

Control plane to configure and push service communication policies. Pilot is responsible for: service discovery for Envoy, traffic management for intelligent routing and resiliency.

Mixer

Policy enforcement with a flexible plugin model for providers for a policy. Mixer is also responsible for collecting telemetry data from the Envoy proxy and other services.

Citadel

Service-to-service and end-user authentication, using mutual TLS with built-in identity and credential management. Citadel also can upgrade your unencrypted traffic in the service mesh.

Conclusion

Managing large microservice application without service mesh is tedious work. Istio provides so many facilities which makes deploying and managing application more comfortable. You need some effort to configure everything at the beginning but later, there will be many benefits. If you want to try Istio visit official website, where you can find documentation and examples.

Based on: https://istio.io/docs/concepts/what-is-istio/