Istio on IBM Cloud Try it at no charge View product documentation

Connect, secure, control and observe microservices at scale

An easy path to Kubernetes

Istio is an open technology that provides a way for developers to seamlessly connect, manage and secure networks of different microservices — regardless of platform, source or vendor. Istio is currently one of the fastest-growing open source projects based on Github contributors, and its strength is its community. IBM is proud to be a founder and contributor of the Istio project and a leader of Istio Working Groups.

To learn more about the world of service mesh, read the O’Reilly ebook, Istio Explained, written by Istio control board members, Lin Sun, IBM Master Inventor, and Dan Berg, IBM Distinguished Engineer.

How Istio works
Get Istio running with a single click Istio on IBM Cloud Kubernetes Service is offered as a managed add-on that integrates Istio directly with your Kubernetes cluster. A single click deploys a tuned, production-ready Istio instance on your IBM Cloud Kubernetes Service cluster. View documentation
Benefits Seamless installation
A single click runs Istio core components and tracing, monitoring and visualization tools.
Update management
IBM Cloud updates all Istio components and manages the control-plane components lifecycle.
Platform tool integration
Get certified

The following courses show how to manage microservices with IBM Cloud® Kubernetes Service and Istio.

A–Z: Containers and Kubernetes

Set up and deploy an application; scale and update applications with IBM Watson® services.

Take the course
Microservices with Istio

Learn how 12-factor method, microservices and Istio work in IBM Cloud Kubernetes Service.

Take the course
Beyond the basics

Install Istio beside microservices as Guestbook mock application; deploy it to a cluster.

Take the course

Looking for more information?

Slack our Kubernetes developers

See the documentation. For anything else, simply join our Slack channel and ask away.

What is Istio?

Istio is a configurable, open source service-mesh layer that connects, monitors, and secures the containers in a Kubernetes cluster. Istio works natively with Kubernetes only, but its open source nature makes it possible for anyone to write extensions enabling Istio to run on any cluster software.

Kubernetes is a container orchestration tool, and one core unit of Kubernetes is a node. A node consists of one or more containers, along with other components. Kubernetes manages availability and resource consumption of nodes, adding pods as demand increases with the pod autoscaler. Istio injects additional containers into the pod to add security, management and monitoring.

Because it is open source, Istio can run on any public cloud provider that supports it and any private cloud with willing administrators.

What is a service mesh?

When organizations move to microservices, they need to support dozens or hundreds of specific applications. Managing those endpoints separately means supporting a large number of virtual machines (VMs), including demand. Cluster software like Kubernetes can create pods and scale them up, but Kubernetes does not provide routing, traffic rules, or strong monitoring or debugging tools.

Enter the service mesh.

As the number of services increases, the number of potential ways to communicate increases exponentially. Two services have only two communication paths. Three services have six, while 10 services have 90. A service mesh provides a single way to configure those communications paths by creating a policy for the communication.

A service mesh instruments the services and directs communications traffic according to a predefined configuration. Instead of configuring a running container, or writing code to do so, an administrator can provide configuration to the service mesh and have it complete that work. Previously, this had to happen with web servers and service-to-service communication.

The most common way to do this in a cluster is to use the sidecar pattern. A sidecar is a new container, inside the pod, that routes and observes communications traffic between services and containers.

What’s the relationship between Istio and Kubernetes?

Istio layers on top of Kubernetes, adding containers that are essentially invisible to the programmer and administrator. Called sidecar containers, these act as a "person in the middle," directing traffic and monitoring the interactions between components. The two work in combination in the following three ways.

Configuration: The primary method to set configuration with Kubernetes is the kubectl command, commonly kubectl -f <filename>, where the file is a YAML file. Istio users can either run new and different types of YAML files with kubectl or use the new, optional, ioctl command.

Monitoring: With Istio, you can monitor the health of your applications running with Kubernetes. Istio instrumentation can manage and visualize the health of applications, providing more insight than the general monitoring of cluster and nodes that Kubernetes provides.

Management: Because the interface for Istio is essentially the same as Kubernetes, managing it takes little additional work. Istio allows the user to create policies that impact and manage the entire Kubernetes cluster, reducing time to manage each cluster while eliminating the need for custom management code.

What is the difference between Istio and Envoy?

Istio uses a heavily extended version of Envoy to perform the monitoring, management and logging. Every pod needs to be tracked, and Istio needs to aggregate and provide information about all of the pods. One possible alternative to using Istio would be to deploy Envoy into the Kubernetes cluster directly and write management code. This is essentially recreating Istio, with the associated costs and bugs of a custom development project.

Get started for free on IBM Cloud®

Create your no-cost account today and get access to more than 40 always-free products.

Explore our free tier