November 20, 2018 By JJ Asghar 4 min read

What is Istio?

You’ve been tasked with learning about the cloud-native ecosystem. You’ve been tasked with learning about Istio and how it functions in this world. In this three-minute and forty-five-second video, I’m going to distill the basics of Istio and give you an overview so that you are more comfortable reading the documentation.

We’re going to cover the basic function of Istio, look at what a service mesh is, list out some of the features of Istio, and take a look at the components that make up the architecture.

Istio is so much more than just what is gone over in this video, but you’ll walk away understanding where the different portions come together and how they can help you. See the bottom of this post for more resources on Istio.

Run Istio on the IBM Cloud Kubernetes Service

More about Istio, containers, and Kubernetes

Video Transcript

Hi, my name is JJ Asghar and I’m a developer advocate for the IBM Cloud. I’m here today to tell you about what Istio is. I’m going to take it directly from the website and move forward from there.

What is Istio?

So, what is Istio? Istio is an open-platform, independent service mesh the provides traffic management, policy enforcement, and telemetry collection. It runs on Kubernetes, Nomad, and Consul. I’m going to be focusing solely on Kubernetes during this talk, but you can take most of it and actually put it on Nomad and Consul if you need to.

What is a service mesh?

Before we go anywhere else, we need to discuss something called a service mesh. Simply put, a service mesh is a network of your microservices. It is how Service A and Service B can talk to one another and what is actually controlled around there.

As your service mesh grows, things get more and more complex, and you need to have a way to be able to control how different services—like Service A and Service B—talk to one another. That’s where Istio comes into play.

The features of Istio

So, let’s talk about the features of Istio. First, there’s load balancing—this allows for HTTP, TCP, any websocket trafficking, where you can actually control how communication is done between Service A and Service B or how things come from the outside in.

There’s fine-grained control to make sure that you have rules, retries, failovers, you even fault injection. You have a wonderful world of how you can specifically talk to Service A and not Service B in certain situations.

There’s also access control to make sure that the policies that you have for your cloud-native application are correct and enforceable.

And then finally, the most important part, visibility. You have logging, you have graphing—things you can actually put in front of them to be able to see how everything’s working. It’s all for free and comes together when you install Istio. Automatic metrics to be able to actually do how you expected to make it happen.

The components of Istio

Pilot

So let’s take a look at the components of Istio. I’m going to start with something called Pilot here, which, as we like to say, drives the actual Istio service mesh for you. It has the AB testing, the controls the canary deployments, the timeouts—it actually has the intelligence of how everything works. It is the driver of Istio.

Citadel

So let’s look at the next portion of the Istio architecture. The next one is something called Citadel. It is the security aspect of your service mesh. It actually has a CA built inside of it. It allows for Service A and Service B to be able to talk to each other if they need to. You can actually upgrade unencrypted traffic through your service mesh and through Citadel to make sure that it is encrypted going back and forth.

When you start looking outside of just one Kubernetes cluster, and you look into multiple and extend your service mesh across it, sending things over the internet, you probably want them to be secure. Citadel does that for you.

Mixer

And then finally, there’s something called Mixer. It is the central point of where all the sidecars and all the ways Istio works comes together. It actually puts the telemetry together to make sure that it gets to Pilot to be able to show you those pretty graphs that we were talking about earlier with the visibility.

Mixer is also pluggable, so that it allows for things to add other stuff instead of just what Istio gives you. There are other third-party companies who have actually gotten their applications to work using Mixer specifically.

And that’s the basics of Istio. You have your Pilot, your Mixer, and your Citadel. If you’d like to get deeper or learn more, please go to the IBM Cloud Blog. I’m JJ, and I hope to see around soon.

Learn more about Istio on the IBM Cloud

Istio resources

Was this article helpful?
YesNo

More from Cloud

IBM Cloud Reference Architectures unleashed

2 min read - The ability to onboard workloads to cloud quickly and seamlessly is paramount to accelerate enterprises digital transformation journey. At IBM Cloud, we're thrilled to introduce the IBM Cloud® Reference Architectures designed to empower clients, technical architects, strategists and partners to revolutionize the way businesses harness the power of the cloud. VPC resiliency: Strengthening your foundation Explore the resilience of IBM Cloud Virtual Private Cloud through our comprehensive resources. Dive into our VPC Resiliency white paper, a blueprint for building robust…

Enhance your data security posture with a no-code approach to application-level encryption

4 min read - Data is the lifeblood of every organization. As your organization’s data footprint expands across the clouds and between your own business lines to drive value, it is essential to secure data at all stages of the cloud adoption and throughout the data lifecycle. While there are different mechanisms available to encrypt data throughout its lifecycle (in transit, at rest and in use), application-level encryption (ALE) provides an additional layer of protection by encrypting data at its source. ALE can enhance…

Attention new clients: exciting financial incentives for VMware Cloud Foundation on IBM Cloud

4 min read - New client specials: Get up to 50% off when you commit to a 1- or 3-year term contract on new VCF-as-a-Service offerings, plus an additional value of up to USD 200K in credits through 30 June 2025 when you migrate your VMware workloads to IBM Cloud®.1 Low starting prices: On-demand VCF-as-a-Service deployments begin under USD 200 per month.2 The IBM Cloud benefit: See the potential for a 201%3 return on investment (ROI) over 3 years with reduced downtime, cost and…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters