brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
744692a04efbff19dfabc44d824c3629f31bf8af
oam/knowledge base/kubernetes/istio.md
Michele Cereda 6f77b9e979 chore: aligned docs to the template file for articles
2023-07-09 21:35:14 +02:00

3.3 KiB
Raw Blame History

Istio

Last information check done on 2020-10-26.

Table of contents

  1. What it is
  2. What is it for
  3. How it works
  4. Installation
  5. Further readings
  6. Sources

What it is

ELI5, Istio is a way to control how different microservices can communicate with one another, with them being parts of an application that share data or just isolated services depending on others.

Istio is really a dedicated network overlay for applications to run on top of, better know as a service mesh. In a service mesh, requests are routed between microservices through proxies in their own infrastructure layer, where a sidecar proxy sits alongside a microservice and routes requests to other proxies.
Without a service mesh, each microservice needs to be coded with logic to govern service-to-service communication, which means developers are less focused on business goals. It also means communication failures are harder to diagnose because the logic that governs interservice communication is hidden within each service.

What is it for

  • automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic
  • fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection
  • access controls, rate limits and quotas
  • metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress
  • secure service-to-service communication in a cluster with strong identity-based authentication and authorization

How it works

Each microservice will have all its traffic routed through a proxy (the istio-proxy) sidecar, which is nothing more than an extended envoy container. Those are the only Istio components that interact with traffic in what is called the Data Plane.

Such sidecars are controlled (managed, configured) by Istio's Control Plane, and provide the control plane with metrics, tracing, logging and other information.

Installation

See the getting started guide for more information.

  1. download and extract the latest release for x86_64

    curl -L 'https://istio.io/downloadIstio' | sh -

    or specify the version and/or architecture if you need

    curl -L 'https://istio.io/downloadIstio' | ISTIO_VERSION='1.6.8' TARGET_ARCH='x86_64' sh -

  2. add istioctl to your PATH if you need it

    cd "istio-${ISTIO_VERSION}"
export PATH="${PWD}/bin:${PATH}"

  3. install istio using a profile to set it up (demo is for testing, but others are available)

    istioctl install --set profile=demo

  4. add the label to instruct Istio to automatically inject Envoy sidecar proxies when you deploy your application later

    kubectl label namespace 'default' 'istio-injection=enable'

Further readings

Sources

All the references in the further readings section, plus the following: