Apps

Managing microservices with Istio

Share this post:

Istio microservices managementNowadays, there are more and more developers adopting a microservices approach to build their applications.

One of the main drivers for this is the need to build cloud-native applications, which are continuously available and dynamically scalable. This approach helps the developers break the applications into small, manageable pieces that can be developed and managed independently by different teams.

A microservices approach has  a lot of benefits, but can also be complex. Before a service can be deployed into production, many data and control plane issues relating to the operability of the service must be resolved, including:

  • how to provide services discovery and request routing between different microservices
  • how to control and secure access to the application and to individual microservices
  • how to efficiently scale up (and down) microservices while maintaining connectivity and overall application resiliency
  • how to collect and send logging and monitoring data for later consumption
  • how to enable DevOps functions, such as Canary deployments, A/B testing and gradual rollouts or roll-backs

Traditionally, much of that functionality had to be invented or rediscovered by every new application team, with support codified into the different microservices. While this may be an achievable goal within the confines of a single application and source base, as applications grow more complex and microservices are implemented using different languages and runtimes, the work becomes tedious and open to error.

By implementing a common microservices fabric, Istio addresses many of the challenges faced by developers and operators as monolithic applications transition to a distributed microservices architecture.

The initial (0.1) release was just announced at the Glue 2017 Conference. It is a result of collaboration between IBM, Google and Lyft to provide traffic flow management, access policy enforcement and telemetery data aggregation between microservices. All those are achieved without requiring any changes to the application code.  Thus, developers can focus on business logic and quickly integrate new features.

Istio provides an infrastructure-level solution for managing all service-to-service communications. By deploying a special sidecar proxy to intercept and act on traffic between microservices throughout the environment, Istio provides a straightforward way to create a network of deployed services, often referred to as a “service mesh.” Istio automatically collects service metrics, logs and call traces for all traffic within a cluster, including cluster ingress and egress. The use of sidecar proxies enables a gradual and transparent introduction without architectural or application code changes.

The service mesh is configured and managed using Istio’s control plane functionality to deliver the required quality of service attributes, such as load balancing, fine-grain routing, service-to-service authentication, monitoring and more. Istio’s Mixer component provides a pluggable policy layer supporting fine-grain access controls, rate limits and quotas. Since Istio has a control on communication between services, it can enforce authentication and authorization between any pair of communication services,

Istio is not targeted at any specific deployment environment. During the initial stages of development, and as it currently stands, Istio supports Kubernetes-based deployments. However, it is being built to enable rapid and easy adaptation to other environments, such as VMs and Cloud Foundry.

How we got there and what’s next

Our journey to microservices fabric started with developing and open-sourcing Amalgam8. Amalgam8 provided service discovery, smart routing capabilities and controlled resiliency testing.

Istio is the next step in our journey, bringing more powerful functionality and capability around security, policy management, rate limiting, auditing and basic API management.

We are excited to continue to work on building and extending Istio. One of the goals is providing security policy enforcement together with data collection and analytics. It can be extremely helpful to reaching compliance in the cloud native deployments.

What  do you like about Istio. and what are the main challenges when it comes to building and operating microservices applications?

Learn more about Istio.

Related articles:

 

Add Comment
No Comments

Leave a Reply

Your email address will not be published.Required fields are marked *

More Apps Stories

Where are you in your application cloud journey?

Whether you are building a new application or using one that’s already built, enabling and running an app on public cloud is a dilemma for many companies’ IT organizations. It not just about using the public cloud infrastructure, though compute is an essential piece. That’s just a start. You can integrate your application with the […]

Continue reading

IBM expands partnership with Docker to drive apps to the public cloud

Today at DockerCon EU in Copenhagen, we’re sharing the news that IBM is expanding our relationship with Docker. Together, IBM and Docker will be making it easier for clients to modernize their existing applications with Docker Enterprise Edition, combined with IBM Cloud, software and services. Before we dive in, here’s a glimpse into the growth […]

Continue reading

HiThing! uses Bluemix to help people and machines communicate

“HiThing!, it’s too cold in here – can you turn up the heat?” “HiThing!, where is the pallet with the shipment I’m looking for?” “HiThing!, when is the next train leaving the station?” If a device or machine is automated, people can ask HiThing! from Proasistech about it the same way they’d talk to (or […]

Continue reading