Managing microservices with Istio

Share this post:

Istio microservices managementNowadays, there are more and more developers adopting a microservices approach to build their applications.

One of the main drivers for this is the need to build cloud-native applications, which are continuously available and dynamically scalable. This approach helps the developers break the applications into small, manageable pieces that can be developed and managed independently by different teams.

A microservices approach has  a lot of benefits, but can also be complex. Before a service can be deployed into production, many data and control plane issues relating to the operability of the service must be resolved, including:

  • how to provide services discovery and request routing between different microservices
  • how to control and secure access to the application and to individual microservices
  • how to efficiently scale up (and down) microservices while maintaining connectivity and overall application resiliency
  • how to collect and send logging and monitoring data for later consumption
  • how to enable DevOps functions, such as Canary deployments, A/B testing and gradual rollouts or roll-backs

Traditionally, much of that functionality had to be invented or rediscovered by every new application team, with support codified into the different microservices. While this may be an achievable goal within the confines of a single application and source base, as applications grow more complex and microservices are implemented using different languages and runtimes, the work becomes tedious and open to error.

By implementing a common microservices fabric, Istio addresses many of the challenges faced by developers and operators as monolithic applications transition to a distributed microservices architecture.

The initial (0.1) release was just announced at the Glue 2017 Conference. It is a result of collaboration between IBM, Google and Lyft to provide traffic flow management, access policy enforcement and telemetery data aggregation between microservices. All those are achieved without requiring any changes to the application code.  Thus, developers can focus on business logic and quickly integrate new features.

Istio provides an infrastructure-level solution for managing all service-to-service communications. By deploying a special sidecar proxy to intercept and act on traffic between microservices throughout the environment, Istio provides a straightforward way to create a network of deployed services, often referred to as a “service mesh.” Istio automatically collects service metrics, logs and call traces for all traffic within a cluster, including cluster ingress and egress. The use of sidecar proxies enables a gradual and transparent introduction without architectural or application code changes.

The service mesh is configured and managed using Istio’s control plane functionality to deliver the required quality of service attributes, such as load balancing, fine-grain routing, service-to-service authentication, monitoring and more. Istio’s Mixer component provides a pluggable policy layer supporting fine-grain access controls, rate limits and quotas. Since Istio has a control on communication between services, it can enforce authentication and authorization between any pair of communication services,

Istio is not targeted at any specific deployment environment. During the initial stages of development, and as it currently stands, Istio supports Kubernetes-based deployments. However, it is being built to enable rapid and easy adaptation to other environments, such as VMs and Cloud Foundry.

How we got there and what’s next

Our journey to microservices fabric started with developing and open-sourcing Amalgam8. Amalgam8 provided service discovery, smart routing capabilities and controlled resiliency testing.

Istio is the next step in our journey, bringing more powerful functionality and capability around security, policy management, rate limiting, auditing and basic API management.

We are excited to continue to work on building and extending Istio. One of the goals is providing security policy enforcement together with data collection and analytics. It can be extremely helpful to reaching compliance in the cloud native deployments.

What  do you like about Istio. and what are the main challenges when it comes to building and operating microservices applications?

Learn more about Istio.

Related articles:


More Apps stories

An intelligent approach to multicloud management

Here’s a staggering fact: According to an IBM Institute for Business Value study, 94 percent of enterprise customers surveyed stated they are using multicloud, multicluster environments (public, private and at the edge) to optimize cloud workloads and take advantage of innovation and avoid cloud vendor lock in. Yet, less than 40 percent have the procedures […]

Continue reading

Three ways to drive customer value and remove infrastructure burdens

Building cloud-native applications can become a huge challenge with the vast and growing array of choices. As organizations wrestle with becoming more agile and adopting DevOps practices, how can they maintain their existing investment and start on a path towards a cloud-native future? Take a quick look at the Cloud Native Computing Foundation interactive map […]

Continue reading

Primerica modernizes applications with hybrid cloud and container technologies

The Primerica business really started at the kitchen tables of Middle American families. Those personal, sometimes difficult conversations about finances and life insurance built trust. That trust allowed us to help families get the financial services they needed to protect themselves and future generations. Our reputation and our business grew into the Primerica we are […]

Continue reading