February 12, 2019 By jason-mcalpin 4 min read

Introducing the beta of Managed Istio on IBM Cloud Kubernetes Service

The IBM Cloud Kubernetes Service is a certified Kubernetes provider that fully manages the provisioning and lifecycle of highly available clusters running in regions around the world. On top of simplified cluster management, it adds extra capabilities through the integration of IBM Cloud services such as Monitoring with Sysdig, Logging with LogDNA, Watson APIs, Blockchain, data services, and the Internet of Things. Today, we’re excited to announce the managed Istio service mesh add-on to this list of capabilities.

Istio on IBM Cloud Kubernetes Service provides a seamless installation of Istio, automatic updates, and lifecycle management of Istio control plane components and integration with platform logging and monitoring tools. With managed Istio, it is carefully tuned for optimal performance in IBM Cloud Kubernetes Service.

With one click, you can get all Istio core components, additional tracing, monitoring, and visualization, and the BookInfo sample app up and running. Istio on IBM Cloud Kubernetes Service is offered as a managed add-on, so IBM Cloud automatically keeps all your Istio components up to date.

What is a service mesh?

Say you’ve broken down your monolith application into microservices. Or, you’ve built your application using cloud-native principles from the ground up. You’ve containerized your microservices and use Kubernetes to run them. With multiple microservices per application and several dev, test, and prod environments, you quickly have hundreds or thousands of microservices. Put yourself in the shoes of Rohan—a DevOps engineer:

  • Rohan wants to deploy canary versions of new microservices and control traffic sent to them.

  • Rohan needs to enable encryption of data between microservices even inside the cluster

  • Rohan wants better visibility into the microservices running in the cluster.

  • Rohan wants to enforce rate limiting and attribute-based whitelists and blacklists policies.

In the past, Rohan would have to drive these requirements back to the development team to add logic and libraries into their application code. This distracts the developers and microservices from maintaining focus on the business logic.

In 2017, IBM, Google, and Lyft joined forces and founded the Istio open source project to provide a language-agnostic,platform-independentt solution to this problem. Since then, Istio experienced a substantial growth in its contributors and users, including a 1.0 release in July 2018.

What is Istio?

Istio is a service mesh. The features of Istio can be broken down into these four categories:

  • Traffic Management: Control the traffic between your microservices to perform traffic splitting, failure recovery, and canary releases.

  • Security: Provide strong identity-based authentication, authorization, and encryption between microservices.

  • Observability: Collect metrics and logs for better visibility into the applications running in your cluster.

  • Policies: Enforce access controls, rate limits, and quotas to protect your applications.

Istio achieves all of this and more without any modifications to the application itself. Istio extends Kubernetes with new CRD’s and injected Envoy proxy sidecars running next to your containers. It allows you to declare routing rules that are translated and sent to all the sidecar proxies so that they can intercept and route network traffic between your containers. After routing, the sidecars also report telemetry data for aggregation. Istio is also able to handle the certificates necessary to provide strong identity to services and to upgrade to encrypted traffic.

Managed Istio add-on

Istio on IBM Cloud Kubernetes Service provides a one-step installation of Istio into your cluster. It’s offered as a managed add-on, so IBM Cloud automatically keeps all your Istio components up to date. The Istio installation is tuned and pre-configured to work out of the box with IBM Cloud Monitoring and Logging tools.

On top of the base Istio installation, you can add optional Istio components. These extras include the following:

  • Grafana: A web application for viewing traffic data collected from the Prometheus adapter endpoint.

  • Kiali: A web application to generate service graphs of your application and Istio configuration objects and visualize traffic flow.

  • Jaeger: A tracing system for collecting and viewing application logging and tracing data.

IBM Cloud Analysis with LogDNA

If you’re using LogDNA for log collection and search in your IBM Cloud Kubernetes Cluster, you can view logs from your application and the Istio components from your Istio enabled cluster. No additional configuration is required.

IBM Cloud Monitoring with Sysdig

When you create a IBM Cloud Monitoring with Sysdig instance and deploy the Sysdig agent into your cluster, Sysdig is already automatically enabled to detect and scrape the data from the Istio Prometheus endpoints to display them in your IBM Cloud monitoring dashboard. Be sure to use the predefined Istio dashboard provided by Sysdig.

Head to our documentation for more information on how to get started with Istio: “Using the managed Istio add-on (beta).”

Join the conversation

The Managed Istio on IBM Cloud Kubernetes Service is in Beta as we continue to work on building deeper integration with IBM Cloud and provide more management features to Istio. We would love to get feedback from you! Engage our team via Slack by registering here and join the discussion in the #general or #managed_istio_knative channels on our public IBM Cloud Kubernetes Service Slack.

More from Announcements

IBM Hybrid Cloud Mesh and Red Hat Service Interconnect: A new era of app-centric connectivity 

2 min read - To meet customer demands, applications are expected to be performing at their best at all times. Simultaneously, applications need to be flexible and cost effective, and therefore supported by an underlying infrastructure that is equally reliant, performant and secure as the applications themselves.   Easier said than done. According to EMA's 2024 Network Management Megatrends report only 42% of responding IT professionals would rate their network operations as successful.   In this era of hyper-distributed infrastructure where our users, apps, and data…

IBM named a Leader in Gartner Magic Quadrant for SIEM, for the 14th consecutive time

3 min read - Security operations is getting more complex and inefficient with too many tools, too much data and simply too much to do. According to a study done by IBM, SOC team members are only able to handle half of the alerts that they should be reviewing in a typical workday. This potentially leads to missing the important alerts that are critical to an organization's security. Thus, choosing the right SIEM solution can be transformative for security teams, helping them manage alerts…

IBM and MuleSoft expand global relationship to accelerate modernization on IBM Power 

2 min read - As companies undergo digital transformation, they rely on APIs as the backbone for providing new services and customer experiences. While APIs can simplify application development and deliver integrated solutions, IT shops must have a robust solution to effectively manage and govern them to ensure that response times and costs are kept low for all applications. Many customers use Salesforce’s MuleSoft, named a leader by Gartner® in full lifecycle API management for seven consecutive times, to manage and secure APIs across…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters