Istio and managing microservices

More and more users have moved to microservices architecture for their applications, and this brings challenges as to how to manage these microservices efficiently. Istio is an open technology that provides a way to connect, secure, control, and observe networks of different microservices, regardless of platform, source, or vendor.

Istio relies heavily on the Kubernetes service registry and discovery. It will, by default, manage all services running on Kubernetes clusters. The reality is that a lot of users are depending on some framework for their microservices development and service registry and discovery. Spring Cloud and Apache Dubbo are two typical examples. These services might also be running outside of Kubernetes clusters. In that scenario, how can they move to the Istio service mesh without modifying their code and deployment model? In this post, I will share a solution.

Implement an MCP server and plug it into Istio

Starting from Istio 1.0, it has supported MCP (Mesh Configuration Protocol) for configuration distribution. This opens the door for easily integrating external systems. We can implement an MCP server by ourselves and easily plug it into Istio. This MCP server provides two major functions:

  • Connect and monitor the external service registry system to get the latest service info (e.g., Eureka Server in Spring Cloud and Zookeeper for Apache Dubbo).
  • Convert the external service info into Istio ServiceEntry and publish it through MCP resources.

The only thing you need to change from the Istio side is to add this MCP server address into the Istio config map. The following is a snippet for the sample configuration change:

configSources:     – address: istio-galley.istio-system.svc:9901     – address:

The following diagram shows architecture for the solution:

So what are the key points when implementing an MCP server?

MCP server

An implementation for an MCP server is actually in Istio Galley, meaning we can reference it and implement our own MCP server. The key takeaways I want to highlight are as follow:

  • Define the resource collection we want to monitor in our MCP server. In our case, we are monitoring all Istio supported collections:
coptions := source.CollectionOptionsFromSlice(metadata.Types.Collections())
Scroll to view full table
  • Define a Watcher for the MCP server which will set the MCP resources dynamically.
  • Define other server options (e.g., rate limit,  AuthChecker, etc.).

Move to Istio without any code or deployment model changes

By defining our own MCP server, we allow users to move to the Istio service mesh without any code and deployment model changes. This means we can easily use Istio to control, observe, connect, and secure services running outside Kubernetes clusters.

Learn more


More from Cloud

Modernizing child support enforcement with IBM and AWS

7 min read - With 68% of child support enforcement (CSE) systems aging, most state agencies are currently modernizing them or preparing to modernize. More than 20% of families and children are supported by these systems, and with the current constituents of these systems becoming more consumer technology-centric, the use of antiquated technology systems is archaic and unsustainable. At this point, families expect state agencies to have a modern, efficient child support system. The following are some factors driving these states to pursue modernization:…

7 min read

IBM Cloud Databases for Elasticsearch End of Life and pricing changes

2 min read - As part of our partnership with Elastic, IBM is announcing the release of a new version of IBM Cloud Databases for Elasticsearch. We are excited to bring you an enhanced offering of our enterprise-ready, fully managed Elasticsearch. Our partnership with Elastic means that we will be able to offer more, richer functionality and world-class levels of support. The release of version 7.17 of our managed database service will include support for additional functionality, including things like Role Based Access Control…

2 min read

Connected products at the edge

6 min read - There are many overlapping business usage scenarios involving both the disciplines of the Internet of Things (IoT) and edge computing. But there is one very practical and promising use case that has been commonly deployed without many people thinking about it: connected products. This use case involves devices and equipment embedded with sensors, software and connectivity that exchange data with other products, operators or environments in real-time. In this blog post, we will look at the frequently overlooked phenomenon of…

6 min read

SRG Technology drives global software services with IBM Cloud VPC under the hood

4 min read - Headquartered in Ft. Lauderdale, Florida, SRG Technology LLC. (SRGT) is a software development company supporting the education, healthcare and travel industries. Their team creates data systems that deliver the right data in real time to customers around the globe. Whether those customers are medical offices and hospitals, schools or school districts, government agencies, or individual small businesses, SRGT addresses a wide spectrum of software services and technology needs with round-the-clock innovative thinking and fresh approaches to modern data problems. The…

4 min read