Introducing the beta of Managed Istio on IBM Cloud Kubernetes Service

The IBM Cloud Kubernetes Service is a certified Kubernetes provider that fully manages the provisioning and lifecycle of highly available clusters running in regions around the world. On top of simplified cluster management, it adds extra capabilities through the integration of IBM Cloud services such as Monitoring with Sysdig, Logging with LogDNA, Watson APIs, Blockchain, data services, and the Internet of Things. Today, we’re excited to announce the managed Istio service mesh add-on to this list of capabilities.

Istio on IBM Cloud Kubernetes Service provides a seamless installation of Istio, automatic updates, and lifecycle management of Istio control plane components and integration with platform logging and monitoring tools. With managed Istio, it is carefully tuned for optimal performance in IBM Cloud Kubernetes Service.

With one click, you can get all Istio core components, additional tracing, monitoring, and visualization, and the BookInfo sample app up and running. Istio on IBM Cloud Kubernetes Service is offered as a managed add-on, so IBM Cloud automatically keeps all your Istio components up to date.

What is a service mesh?

Say you’ve broken down your monolith application into microservices. Or, you’ve built your application using cloud-native principles from the ground up. You’ve containerized your microservices and use Kubernetes to run them. With multiple microservices per application and several dev, test, and prod environments, you quickly have hundreds or thousands of microservices. Put yourself in the shoes of Rohan—a DevOps engineer:

  • Rohan wants to deploy canary versions of new microservices and control traffic sent to them.

  • Rohan needs to enable encryption of data between microservices even inside the cluster

  • Rohan wants better visibility into the microservices running in the cluster.

  • Rohan wants to enforce rate limiting and attribute-based whitelists and blacklists policies.

In the past, Rohan would have to drive these requirements back to the development team to add logic and libraries into their application code. This distracts the developers and microservices from maintaining focus on the business logic.

In 2017, IBM, Google, and Lyft joined forces and founded the Istio open source project to provide a language-agnostic,platform-independentt solution to this problem. Since then, Istio experienced a substantial growth in its contributors and users, including a 1.0 release in July 2018.

What is Istio?

Istio is a service mesh. The features of Istio can be broken down into these four categories:

  • Traffic Management: Control the traffic between your microservices to perform traffic splitting, failure recovery, and canary releases.

  • Security: Provide strong identity-based authentication, authorization, and encryption between microservices.

  • Observability: Collect metrics and logs for better visibility into the applications running in your cluster.

  • Policies: Enforce access controls, rate limits, and quotas to protect your applications.

Istio achieves all of this and more without any modifications to the application itself. Istio extends Kubernetes with new CRD’s and injected Envoy proxy sidecars running next to your containers. It allows you to declare routing rules that are translated and sent to all the sidecar proxies so that they can intercept and route network traffic between your containers. After routing, the sidecars also report telemetry data for aggregation. Istio is also able to handle the certificates necessary to provide strong identity to services and to upgrade to encrypted traffic.

Managed Istio add-on

Istio on IBM Cloud Kubernetes Service provides a one-step installation of Istio into your cluster. It’s offered as a managed add-on, so IBM Cloud automatically keeps all your Istio components up to date. The Istio installation is tuned and pre-configured to work out of the box with IBM Cloud Monitoring and Logging tools.

On top of the base Istio installation, you can add optional Istio components. These extras include the following:

  • Grafana: A web application for viewing traffic data collected from the Prometheus adapter endpoint.

  • Kiali: A web application to generate service graphs of your application and Istio configuration objects and visualize traffic flow.

  • Jaeger: A tracing system for collecting and viewing application logging and tracing data.

IBM Cloud Analysis with LogDNA

If you’re using LogDNA for log collection and search in your IBM Cloud Kubernetes Cluster, you can view logs from your application and the Istio components from your Istio enabled cluster. No additional configuration is required.

IBM Cloud Monitoring with Sysdig

When you create a IBM Cloud Monitoring with Sysdig instance and deploy the Sysdig agent into your cluster, Sysdig is already automatically enabled to detect and scrape the data from the Istio Prometheus endpoints to display them in your IBM Cloud monitoring dashboard. Be sure to use the predefined Istio dashboard provided by Sysdig.

Head to our documentation for more information on how to get started with Istio: “Using the managed Istio add-on (beta).”

Join the conversation

The Managed Istio on IBM Cloud Kubernetes Service is in Beta as we continue to work on building deeper integration with IBM Cloud and provide more management features to Istio. We would love to get feedback from you! Engage our team via Slack by registering here and join the discussion in the #general or #managed_istio_knative channels on our public IBM Cloud Kubernetes Service Slack.


More from Announcements

IBM TechXchange underscores the importance of AI skilling and partner innovation

3 min read - Generative AI and large language models are poised to impact how we all access and use information. But as organizations race to adopt these new technologies for business, it requires a global ecosystem of partners with industry expertise to identify the right enterprise use-cases for AI and the technical skills to implement the technology. During TechXchange, IBM's premier technical learning event in Las Vegas last week, IBM Partner Plus members including our Strategic Partners, resellers, software vendors, distributors and service…

Introducing Inspiring Voices, a podcast exploring the impactful journeys of great leaders

< 1 min read - Learning about other people's careers, life challenges, and successes is a true source of inspiration that can impact our own ambitions as well as life and business choices in great ways. Brought to you by the Executive Search and Integration team at IBM, the Inspiring Voices podcast will showcase great leaders, taking you inside their personal stories about life, career choices and how to make an impact. In this first episode, host David Jones, Executive Search Lead at IBM, brings…

IBM watsonx Assistant and NICE CXone combine capabilities for a new chapter in CCaaS

5 min read - In an age of instant everything, ensuring a positive customer experience has become a top priority for enterprises. When one third of customers (32%) say they will walk away from a brand they love after just one bad experience (source: PWC), organizations are now applying massive investments to this experience, particularly with their live agents and contact centers.  For many enterprises, that investment includes modernizing their call centers by moving to cloud-based Contact Center as a Service (CCaaS) platforms. CCaaS solutions…

See what’s new in SingleStoreDB with IBM 8.0

3 min read - Despite decades of progress in database systems, builders have compromised on at least one of the following: speed, reliability, or ease. They have two options: one, they could get a document database that is fast and easy, but can’t be relied on for mission-critical transactional applications. Or two, they could rely on a cloud data warehouse that is easy to set up, but only allows lagging analytics. Even then, each solution lacks something, forcing builders to deploy other databases for…