What is Istio?

You’ve been tasked with learning about the cloud-native ecosystem. You’ve been tasked with learning about Istio and how it functions in this world. In this three-minute and forty-five-second video, I’m going to distill the basics of Istio and give you an overview so that you are more comfortable reading the documentation.

We’re going to cover the basic function of Istio, look at what a service mesh is, list out some of the features of Istio, and take a look at the components that make up the architecture.

Istio is so much more than just what is gone over in this video, but you’ll walk away understanding where the different portions come together and how they can help you. See the bottom of this post for more resources on Istio.

What is Istio?


What is Istio?

Run Istio on the IBM Cloud Kubernetes Service

More about Istio, containers, and Kubernetes

Video Transcript

Hi, my name is JJ Asghar and I’m a developer advocate for the IBM Cloud. I’m here today to tell you about what Istio is. I’m going to take it directly from the website and move forward from there.

What is Istio?

So, what is Istio? Istio is an open-platform, independent service mesh the provides traffic management, policy enforcement, and telemetry collection. It runs on Kubernetes, Nomad, and Consul. I’m going to be focusing solely on Kubernetes during this talk, but you can take most of it and actually put it on Nomad and Consul if you need to.

What is a service mesh?

Before we go anywhere else, we need to discuss something called a service mesh. Simply put, a service mesh is a network of your microservices. It is how Service A and Service B can talk to one another and what is actually controlled around there.

As your service mesh grows, things get more and more complex, and you need to have a way to be able to control how different services—like Service A and Service B—talk to one another. That’s where Istio comes into play.

The features of Istio

So, let’s talk about the features of Istio. First, there’s load balancing—this allows for HTTP, TCP, any websocket trafficking, where you can actually control how communication is done between Service A and Service B or how things come from the outside in.

There’s fine-grained control to make sure that you have rules, retries, failovers, you even fault injection. You have a wonderful world of how you can specifically talk to Service A and not Service B in certain situations.

There’s also access control to make sure that the policies that you have for your cloud-native application are correct and enforceable.

And then finally, the most important part, visibility. You have logging, you have graphing—things you can actually put in front of them to be able to see how everything’s working. It’s all for free and comes together when you install Istio. Automatic metrics to be able to actually do how you expected to make it happen.

The components of Istio


So let’s take a look at the components of Istio. I’m going to start with something called Pilot here, which, as we like to say, drives the actual Istio service mesh for you. It has the AB testing, the controls the canary deployments, the timeouts—it actually has the intelligence of how everything works. It is the driver of Istio.


So let’s look at the next portion of the Istio architecture. The next one is something called Citadel. It is the security aspect of your service mesh. It actually has a CA built inside of it. It allows for Service A and Service B to be able to talk to each other if they need to. You can actually upgrade unencrypted traffic through your service mesh and through Citadel to make sure that it is encrypted going back and forth.

When you start looking outside of just one Kubernetes cluster, and you look into multiple and extend your service mesh across it, sending things over the internet, you probably want them to be secure. Citadel does that for you.


And then finally, there’s something called Mixer. It is the central point of where all the sidecars and all the ways Istio works comes together. It actually puts the telemetry together to make sure that it gets to Pilot to be able to show you those pretty graphs that we were talking about earlier with the visibility.

Mixer is also pluggable, so that it allows for things to add other stuff instead of just what Istio gives you. There are other third-party companies who have actually gotten their applications to work using Mixer specifically.

And that’s the basics of Istio. You have your Pilot, your Mixer, and your Citadel. If you’d like to get deeper or learn more, please go to the IBM Cloud Blog. I’m JJ, and I hope to see around soon.

Learn more about Istio on the IBM Cloud

Istio resources

More from Cloud

Modernizing child support enforcement with IBM and AWS

7 min read - With 68% of child support enforcement (CSE) systems aging, most state agencies are currently modernizing them or preparing to modernize. More than 20% of families and children are supported by these systems, and with the current constituents of these systems becoming more consumer technology-centric, the use of antiquated technology systems is archaic and unsustainable. At this point, families expect state agencies to have a modern, efficient child support system. The following are some factors driving these states to pursue modernization:…

7 min read

IBM Cloud Databases for Elasticsearch End of Life and pricing changes

2 min read - As part of our partnership with Elastic, IBM is announcing the release of a new version of IBM Cloud Databases for Elasticsearch. We are excited to bring you an enhanced offering of our enterprise-ready, fully managed Elasticsearch. Our partnership with Elastic means that we will be able to offer more, richer functionality and world-class levels of support. The release of version 7.17 of our managed database service will include support for additional functionality, including things like Role Based Access Control…

2 min read

Connected products at the edge

6 min read - There are many overlapping business usage scenarios involving both the disciplines of the Internet of Things (IoT) and edge computing. But there is one very practical and promising use case that has been commonly deployed without many people thinking about it: connected products. This use case involves devices and equipment embedded with sensors, software and connectivity that exchange data with other products, operators or environments in real-time. In this blog post, we will look at the frequently overlooked phenomenon of…

6 min read

SRG Technology drives global software services with IBM Cloud VPC under the hood

4 min read - Headquartered in Ft. Lauderdale, Florida, SRG Technology LLC. (SRGT) is a software development company supporting the education, healthcare and travel industries. Their team creates data systems that deliver the right data in real time to customers around the globe. Whether those customers are medical offices and hospitals, schools or school districts, government agencies, or individual small businesses, SRGT addresses a wide spectrum of software services and technology needs with round-the-clock innovative thinking and fresh approaches to modern data problems. The…

4 min read