Introducing the beta of Managed Istio on IBM Cloud Kubernetes Service
The IBM Cloud Kubernetes Service is a certified Kubernetes provider that fully manages the provisioning and lifecycle of highly available clusters running in regions around the world. On top of simplified cluster management, it adds extra capabilities through the integration of IBM Cloud services such as Monitoring with Sysdig, Logging with LogDNA, Watson APIs, Blockchain, data services, and the Internet of Things. Today, we’re excited to announce the managed Istio service mesh add-on to this list of capabilities.
Istio on IBM Cloud Kubernetes Service provides a seamless installation of Istio, automatic updates, and lifecycle management of Istio control plane components and integration with platform logging and monitoring tools. With managed Istio, it is carefully tuned for optimal performance in IBM Cloud Kubernetes Service.
With one click, you can get all Istio core components, additional tracing, monitoring, and visualization, and the BookInfo sample app up and running. Istio on IBM Cloud Kubernetes Service is offered as a managed add-on, so IBM Cloud automatically keeps all your Istio components up to date.
What is a service mesh?
Say you’ve broken down your monolith application into microservices. Or, you’ve built your application using cloud-native principles from the ground up. You’ve containerized your microservices and use Kubernetes to run them. With multiple microservices per application and several dev, test, and prod environments, you quickly have hundreds or thousands of microservices. Put yourself in the shoes of Rohan—a DevOps engineer:
Rohan wants to deploy canary versions of new microservices and control traffic sent to them.
Rohan needs to enable encryption of data between microservices even inside the cluster
Rohan wants better visibility into the microservices running in the cluster.
Rohan wants to enforce rate limiting and attribute-based whitelists and blacklists policies.
In the past, Rohan would have to drive these requirements back to the development team to add logic and libraries into their application code. This distracts the developers and microservices from maintaining focus on the business logic.
In 2017, IBM, Google, and Lyft joined forces and founded the Istio open source project to provide a language-agnostic,platform-independentt solution to this problem. Since then, Istio experienced a substantial growth in its contributors and users, including a 1.0 release in July 2018.
What is Istio?
Istio is a service mesh. The features of Istio can be broken down into these four categories:
Traffic Management: Control the traffic between your microservices to perform traffic splitting, failure recovery, and canary releases.
Security: Provide strong identity-based authentication, authorization, and encryption between microservices.
Observability: Collect metrics and logs for better visibility into the applications running in your cluster.
Policies: Enforce access controls, rate limits, and quotas to protect your applications.
Istio achieves all of this and more without any modifications to the application itself. Istio extends Kubernetes with new CRD’s and injected Envoy proxy sidecars running next to your containers. It allows you to declare routing rules that are translated and sent to all the sidecar proxies so that they can intercept and route network traffic between your containers. After routing, the sidecars also report telemetry data for aggregation. Istio is also able to handle the certificates necessary to provide strong identity to services and to upgrade to encrypted traffic.
Managed Istio add-on
Istio on IBM Cloud Kubernetes Service provides a one-step installation of Istio into your cluster. It’s offered as a managed add-on, so IBM Cloud automatically keeps all your Istio components up to date. The Istio installation is tuned and pre-configured to work out of the box with IBM Cloud Monitoring and Logging tools.
On top of the base Istio installation, you can add optional Istio components. These extras include the following:
Grafana: A web application for viewing traffic data collected from the Prometheus adapter endpoint.
Kiali: A web application to generate service graphs of your application and Istio configuration objects and visualize traffic flow.
Jaeger: A tracing system for collecting and viewing application logging and tracing data.
When you create a IBM Cloud Monitoring with Sysdig instance and deploy the Sysdig agent into your cluster, Sysdig is already automatically enabled to detect and scrape the data from the Istio Prometheus endpoints to display them in your IBM Cloud monitoring dashboard. Be sure to use the predefined Istio dashboard provided by Sysdig.
The Managed Istio on IBM Cloud Kubernetes Service is in Beta as we continue to work on building deeper integration with IBM Cloud and provide more management features to Istio. We would love to get feedback from you! Engage our team via Slack by registering here and join the discussion in the #general or #managed_istio_knative channels on our public IBM Cloud Kubernetes Service Slack.