Features of Istio Service Mesh
Istio provides numerous features that make software development and delivery faster, easier, and more secure. Istio offers authentication, authorization, load balancing, circuit breaker, time outs, retries, and deployment strategies, service discovery, and observability. Following is a brief description of key capabilities that you can expect Istio + Envoy software to provide:
Istio helps application teams to achieve zero trust security with the ability to define and implement authentication, authorization, and access control policies. All your data communicated among the services, in and outside of the cluster or data center, will be encrypted based on mTLS protocols provided by Istio resources. You can also ensure authentication of apps from internal and external users using JSON Web Tokens (JWT) provided by Istio.
One of the primary needs of an application running in a production environment is to be highly available. This requires one to scale up the number of service instances with increasing load and scale down when needed to save costs. Istio’s service discovery capability keeps track of all the available nodes ready to pick up new tasks. In case of node unavailability, service discovery removes a node from the list of available nodes and stops sending new requests to the node.
Using Envoy proxies, Istio provides flexibility to finely control the traffic among the available services. Istio provides features like load balancing, health checks, and deployment strategies. Istio allows load balancing based on algorithms that include round robin, random selection, weighted algorithms, etc. Istio performs constant health checks of service instances to ensure they are available before routing the traffic request. And based on the deployment type used in the configuration, Istio drives traffic to new nodes in a weighted pattern.
Istio removes the need for coding circuit breakers within an application. Istio helps platform architects to define mechanisms such as timeouts to a service, number of retries to be made and planned automatic failover of high availability (HA) systems, without the application knowing about them.
Istio keeps track of network requests and traces each call across multiple services. Istio provides the telemetry (such as latency, saturation, traffic health, and errors) that helps SREs to understand service behavior and troubleshoot, maintain, and optimize their applications.
Istio provides visibility and fine-grained network controls for traditional and modern workloads, including containers and virtual machines. Istio helps to achieve canary and blue-green deployment by providing the capability to route specific user groups to newly deployed applications.
Benefits of using Istio service mesh
Organizations having large-scale applications based on microservices architecture will benefit the most from Istio. With growing traffic between various microservices, the need for sophisticated routing capabilities and secured flow of data will increase exponentially. Here are the benefits of using Istio service mesh:
Increased developer focus
As Istio service mesh can manage the communication layer, it abstracts out the network infrastructure for the code. Developers can now focus on adding business value with each service they build, rather than worrying about how each service communicates with other services.
Easy-to-implement secured communication
With the abstraction of the network layer, security operators can easily implement service-to-service security including authentication, authorization, and encryption using mTLS based connections.
100% compliant to industry standards
Istio service mesh helps engineering and platform teams to define security and compliance policies and ensure their application and infrastructure are compliant with industry standards like PCI, FedRAMP, and GDPR compliance.
Improved business agility
With Istio service mesh, DevOps teams can easily implement deployment strategies like canary and blue-green deployment by splitting the traffic in run-time. You can get deep visibility on how your applications are consumed by a certain targeted audience so you can focus your efforts to improve performance.
Success Stories of Istio
Learn how FICO migrated their infrastructure from monolithic to microservice architecture while complying with PCI standards using Istio
Read how a DecSecOps team in Department of Defence (DOD) ensured zero-trust security for containerised infrastructure with the help of Istio
Getting Started with Istio Service Mesh
- Understand Istio: Guide to learning and understanding the value of Istio and Envoy
- Learn Istio Fundamentals: Watch 5 hours of video and learn quickly about Istio for free
- Install Tetrate Istio Distro: Get started with trusted, FIPS-compliant, and supported versions of Istio service mesh
- Monitoring Istio: Learn how to get metrics from Istio service mesh using Prometheus