What is Istio?

You’ve been tasked with learning about the cloud-native ecosystem. You’ve been tasked with learning about Istio and how it functions in this world. In this three-minute and forty-five-second video, I’m going to distill the basics of Istio and give you an overview so that you are more comfortable reading the documentation.

We’re going to cover the basic function of Istio, look at what a service mesh is, list out some of the features of Istio, and take a look at the components that make up the architecture.

Istio is so much more than just what is gone over in this video, but you’ll walk away understanding where the different portions come together and how they can help you. See the bottom of this post for more resources on Istio.

Run Istio on the IBM Cloud Kubernetes Service

More about Istio, containers, and Kubernetes

Video Transcript

Hi, my name is JJ Asghar and I’m a developer advocate for the IBM Cloud. I’m here today to tell you about what Istio is. I’m going to take it directly from the website and move forward from there.

What is Istio?

So, what is Istio? Istio is an open-platform, independent service mesh the provides traffic management, policy enforcement, and telemetry collection. It runs on Kubernetes, Nomad, and Consul. I’m going to be focusing solely on Kubernetes during this talk, but you can take most of it and actually put it on Nomad and Consul if you need to.

What is a service mesh?

Before we go anywhere else, we need to discuss something called a service mesh. Simply put, a service mesh is a network of your microservices. It is how Service A and Service B can talk to one another and what is actually controlled around there.

As your service mesh grows, things get more and more complex, and you need to have a way to be able to control how different services—like Service A and Service B—talk to one another. That’s where Istio comes into play.

The features of Istio

So, let’s talk about the features of Istio. First, there’s load balancing—this allows for HTTP, TCP, any websocket trafficking, where you can actually control how communication is done between Service A and Service B or how things come from the outside in.

There’s fine-grained control to make sure that you have rules, retries, failovers, you even fault injection. You have a wonderful world of how you can specifically talk to Service A and not Service B in certain situations.

There’s also access control to make sure that the policies that you have for your cloud-native application are correct and enforceable.

And then finally, the most important part, visibility. You have logging, you have graphing—things you can actually put in front of them to be able to see how everything’s working. It’s all for free and comes together when you install Istio. Automatic metrics to be able to actually do how you expected to make it happen.

The components of Istio


So let’s take a look at the components of Istio. I’m going to start with something called Pilot here, which, as we like to say, drives the actual Istio service mesh for you. It has the AB testing, the controls the canary deployments, the timeouts—it actually has the intelligence of how everything works. It is the driver of Istio.


So let’s look at the next portion of the Istio architecture. The next one is something called Citadel. It is the security aspect of your service mesh. It actually has a CA built inside of it. It allows for Service A and Service B to be able to talk to each other if they need to. You can actually upgrade unencrypted traffic through your service mesh and through Citadel to make sure that it is encrypted going back and forth.

When you start looking outside of just one Kubernetes cluster, and you look into multiple and extend your service mesh across it, sending things over the internet, you probably want them to be secure. Citadel does that for you.


And then finally, there’s something called Mixer. It is the central point of where all the sidecars and all the ways Istio works comes together. It actually puts the telemetry together to make sure that it gets to Pilot to be able to show you those pretty graphs that we were talking about earlier with the visibility.

Mixer is also pluggable, so that it allows for things to add other stuff instead of just what Istio gives you. There are other third-party companies who have actually gotten their applications to work using Mixer specifically.

And that’s the basics of Istio. You have your Pilot, your Mixer, and your Citadel. If you’d like to get deeper or learn more, please go to the IBM Cloud Blog. I’m JJ, and I hope to see around soon.

Learn more about Istio on the IBM Cloud

Istio resources


More from compute

Mainframe Application Modernization Beyond Banking

4 min read - Looking at mainframe modernization in industries like insurance, automotive and retail. This is part one in a five-part series on mainframe modernization. When you think of the world’s biggest modernization challenges, you immediately think of banking, and for good reason. Banks were among the first to roll out advanced mobile apps some 15 years ago, and they had already started offering online services in the mid-1990s. Well before that, banks were interacting through massive electronic payment gateways and operating mainframe…

IBM Tech Now: April 17, 2023

< 1 min read - Envizi + Turbonomic, IBM Power Updates and the IBM CIS Standard Next Plan  Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 74 Watch the video This week, we're focusing on the following topics: IBM Envizi + IBM Turbonomic IBM Power Updates IBM…

Focusing on Increasing Our Clients’ Profitability and Performance When They Need It Most

4 min read - Exciting updates from IBM Power. As we noted last quarter when we announced this year’s strategic direction for IBM Power, one of the most common questions we hear from our clients is how they can trim their IT spending without compromising performance and data protection. A short time later, these concerns are even more prevalent as the global economic market continues to fluctuate and perpetuate uncertainty amidst rising interest rates and inflation. As the demand on IT services continues to…

Securing the Boot Process for IBM Cloud Bare Metal Servers for VPC

4 min read - IBM Cloud Bare Metal Servers for VPC have been available for almost a year, and we continue the steady rollout of additional features to ensure bare metal servers meet our customers’ requirements. The latest IBM Cloud Bare Metal Servers for VPC features are focused squarely on security by providing customers with the ability to enable Secure Boot and to use a Trusted Platform Module (TPM 2.0). Secure Boot and TPM are software- and hardware-based mechanisms used to validate and enforce…