What even is an Istio?
If nothing else you’ve probably heard that Istio is a service mesh. “Service mesh” is a fancy term for tooling that handles common communication challenges between a collection of connected services.
In real world terms, Istio’s features build on the power of Kubernetes adding:
Mutual TLS for identification, authorization, and encrypted communication between services.
Outbound traffic restriction with selective whitelisting.
Dynamic traffic distribution patterns such as concurrent application versions and gradual canary-style roll-outs.
Improved resiliency with circuit breakers, retry handling, fail over, and support for “Chaos Monkey” style fault injection testing.
A ton of additional metrics that illuminate communication patterns and performance.
Istio accomplishes all of this by running an individual proxy sidecar container inside each of your pods. A set of core services run in your cluster and communicate with these proxy sidecars to enable the features described above.
If nothing else you’ve probably heard that Istio is a service mesh. “Service mesh” is a fancy term for tooling that handles common communication challenges between a collection of connected services.
In real world terms, Istio’s features build on the power of Kubernetes adding:
Mutual TLS for identification, authorization, and encrypted communication between services.
Outbound traffic restriction with selective whitelisting.
Dynamic traffic distribution patterns such as concurrent application versions and gradual canary-style roll-outs.
Improved resiliency with circuit breakers, retry handling, fail over, and support for “Chaos Monkey” style fault injection testing.
A ton of additional metrics that illuminate communication patterns and performance.
Istio accomplishes all of this by running an individual proxy sidecar container inside each of your pods. A set of core services run in your cluster and communicate with these proxy sidecars to enable the features described above.
