Apps

Managing microservices with Istio

Share this post:

Istio microservices managementNowadays, there are more and more developers adopting a microservices approach to build their applications.

One of the main drivers for this is the need to build cloud-native applications, which are continuously available and dynamically scalable. This approach helps the developers break the applications into small, manageable pieces that can be developed and managed independently by different teams.

A microservices approach has  a lot of benefits, but can also be complex. Before a service can be deployed into production, many data and control plane issues relating to the operability of the service must be resolved, including:

  • how to provide services discovery and request routing between different microservices
  • how to control and secure access to the application and to individual microservices
  • how to efficiently scale up (and down) microservices while maintaining connectivity and overall application resiliency
  • how to collect and send logging and monitoring data for later consumption
  • how to enable DevOps functions, such as Canary deployments, A/B testing and gradual rollouts or roll-backs

Traditionally, much of that functionality had to be invented or rediscovered by every new application team, with support codified into the different microservices. While this may be an achievable goal within the confines of a single application and source base, as applications grow more complex and microservices are implemented using different languages and runtimes, the work becomes tedious and open to error.

By implementing a common microservices fabric, Istio addresses many of the challenges faced by developers and operators as monolithic applications transition to a distributed microservices architecture.

The initial (0.1) release was just announced at the Glue 2017 Conference. It is a result of collaboration between IBM, Google and Lyft to provide traffic flow management, access policy enforcement and telemetery data aggregation between microservices. All those are achieved without requiring any changes to the application code.  Thus, developers can focus on business logic and quickly integrate new features.

Istio provides an infrastructure-level solution for managing all service-to-service communications. By deploying a special sidecar proxy to intercept and act on traffic between microservices throughout the environment, Istio provides a straightforward way to create a network of deployed services, often referred to as a “service mesh.” Istio automatically collects service metrics, logs and call traces for all traffic within a cluster, including cluster ingress and egress. The use of sidecar proxies enables a gradual and transparent introduction without architectural or application code changes.

The service mesh is configured and managed using Istio’s control plane functionality to deliver the required quality of service attributes, such as load balancing, fine-grain routing, service-to-service authentication, monitoring and more. Istio’s Mixer component provides a pluggable policy layer supporting fine-grain access controls, rate limits and quotas. Since Istio has a control on communication between services, it can enforce authentication and authorization between any pair of communication services,

Istio is not targeted at any specific deployment environment. During the initial stages of development, and as it currently stands, Istio supports Kubernetes-based deployments. However, it is being built to enable rapid and easy adaptation to other environments, such as VMs and Cloud Foundry.

How we got there and what’s next

Our journey to microservices fabric started with developing and open-sourcing Amalgam8. Amalgam8 provided service discovery, smart routing capabilities and controlled resiliency testing.

Istio is the next step in our journey, bringing more powerful functionality and capability around security, policy management, rate limiting, auditing and basic API management.

We are excited to continue to work on building and extending Istio. One of the goals is providing security policy enforcement together with data collection and analytics. It can be extremely helpful to reaching compliance in the cloud native deployments.

What  do you like about Istio. and what are the main challenges when it comes to building and operating microservices applications?

Learn more about Istio.

Related articles:

 

More Apps stories

French insurer teams with IBM Services to develop fraud detection solution

Auto insurance fraud costs companies billions of dollars every year. Those losses trickle down to policyholders who absorb some of that risk in policy rate increases. Thélem assurances, a French property and casualty insurer whose motto is “Thélem innovates for you”, has launched an artificial intelligence program, prioritizing a fraud detection use case as its […]

Continue reading

Cloud innovation in real estate: Apleona and IBM rely on new technologies

Digitization does not stop at the proverbial concrete gold — real estate. In fact, the real estate industry is on the move. Companies are realizing the benefits of digital transformation and are capitalizing on the power of new technologies such as cloud, AI and blockchain. Take, for example, Apleona GmbH, one of Europe’s largest real […]

Continue reading

Innovate with Enterprise Design Thinking in the IBM Garage

We’ve all been there. You have an amazing idea that’s really exciting. Maybe it’s a home improvement project, or perhaps it’s a new business idea. You think about all the details required to make it real. But, once you get to the seventh action item, you’re not so excited anymore. Sometimes when we realize the […]

Continue reading