What is Istio?

You’ve been tasked with learning about the cloud-native ecosystem. You’ve been tasked with learning about Istio and how it functions in this world. In this three-minute and forty-five-second video, I’m going to distill the basics of Istio and give you an overview so that you are more comfortable reading the documentation.

We’re going to cover the basic function of Istio, look at what a service mesh is, list out some of the features of Istio, and take a look at the components that make up the architecture.

Istio is so much more than just what is gone over in this video, but you’ll walk away understanding where the different portions come together and how they can help you. See the bottom of this post for more resources on Istio.

Run Istio on the IBM Cloud Kubernetes Service

More about Istio, containers, and Kubernetes

• Istio: A Complete Guide

• Kubernetes: A Complete Guide

• IBM Cloud Kubernetes Service

• VIDEO – Kubernetes Explained

• VIDEO – Kubernetes vs. Docker: It’s Not an Either/Or Question

• VIDEO – What is Knative?

• VIDEO – What are microservices?

• Kubernetes Tutorials: 5 Ways to Get You Building Fast

• Kubernetes Clusters: Architecture for Rapid, Controlled Cloud App Delivery

• Jason McGee: “Unifying Containers, Apps, and Functions“

• The New Builders Podcast Ep. 44: Knative—It’s a Win-Win-Win

• Full IBM Cloud YouTube lightboarding video playlist here

Video Transcript

Hi, my name is JJ Asghar and I’m a developer advocate for the IBM Cloud. I’m here today to tell you about what Istio is. I’m going to take it directly from the website and move forward from there.

What is Istio?

So, what is Istio? Istio is an open-platform, independent service mesh the provides traffic management, policy enforcement, and telemetry collection. It runs on Kubernetes, Nomad, and Consul. I’m going to be focusing solely on Kubernetes during this talk, but you can take most of it and actually put it on Nomad and Consul if you need to.

What is a service mesh?

Before we go anywhere else, we need to discuss something called a service mesh. Simply put, a service mesh is a network of your microservices. It is how Service A and Service B can talk to one another and what is actually controlled around there.

As your service mesh grows, things get more and more complex, and you need to have a way to be able to control how different services—like Service A and Service B—talk to one another. That’s where Istio comes into play.

The features of Istio

So, let’s talk about the features of Istio. First, there’s load balancing—this allows for HTTP, TCP, any websocket trafficking, where you can actually control how communication is done between Service A and Service B or how things come from the outside in.

There’s fine-grained control to make sure that you have rules, retries, failovers, you even fault injection. You have a wonderful world of how you can specifically talk to Service A and not Service B in certain situations.

There’s also access control to make sure that the policies that you have for your cloud-native application are correct and enforceable.

And then finally, the most important part, visibility. You have logging, you have graphing—things you can actually put in front of them to be able to see how everything’s working. It’s all for free and comes together when you install Istio. Automatic metrics to be able to actually do how you expected to make it happen.

The components of Istio

Pilot

So let’s take a look at the components of Istio. I’m going to start with something called Pilot here, which, as we like to say, drives the actual Istio service mesh for you. It has the AB testing, the controls the canary deployments, the timeouts—it actually has the intelligence of how everything works. It is the driver of Istio.

Citadel

So let’s look at the next portion of the Istio architecture. The next one is something called Citadel. It is the security aspect of your service mesh. It actually has a CA built inside of it. It allows for Service A and Service B to be able to talk to each other if they need to. You can actually upgrade unencrypted traffic through your service mesh and through Citadel to make sure that it is encrypted going back and forth.

When you start looking outside of just one Kubernetes cluster, and you look into multiple and extend your service mesh across it, sending things over the internet, you probably want them to be secure. Citadel does that for you.

Mixer

And then finally, there’s something called Mixer. It is the central point of where all the sidecars and all the ways Istio works comes together. It actually puts the telemetry together to make sure that it gets to Pilot to be able to show you those pretty graphs that we were talking about earlier with the visibility.

Mixer is also pluggable, so that it allows for things to add other stuff instead of just what Istio gives you. There are other third-party companies who have actually gotten their applications to work using Mixer specifically.

And that’s the basics of Istio. You have your Pilot, your Mixer, and your Citadel. If you’d like to get deeper or learn more, please go to the IBM Cloud Blog. I’m JJ, and I hope to see around soon.

Learn more about Istio on the IBM Cloud

Istio resources

• Istio documentation

• “IBM, Google Cloud and the open community launch Istio 1.0 to bring microservices to the enterprise“

• “Five Exciting Things About Istio v1.0“

• “Istio and microservices: DevOps velocity, without the complexity“