Istio On Kubernetes

August 16, 2017

Chris Hiestand
Software Engineer / Consultant
twitter: @dimmer
github: https://github.com/chrishiestand

What is Istio

  • Open source, Golang
  • Released by Google, IBM, and Lyft
  • It's a Service mesh

Features

  • Automatic load balancing for HTTP, gRPC, and TCP traffic
  • Fine-grained control of traffic behavior with rich routing rules
  • Traffic encryption, service-to-service authentication and strong identity assertions
  • Fleet-wide policy enforcement
  • In-depth telemetry and reporting

But wait, there's more!

Egress Features

  • Service Authentication
  • Load Balancing
  • Retry and Circuit Breaker
  • Fine-grained routing
  • Telemetry
  • Request Tracing
  • Fault Injection

Ingress Features

  • Service Authentication
  • Authorization
  • Rate Limits
  • Load Shedding
  • Telemetry
  • Request Tracing
  • Fault Injection

source: https://istio.io/talks/istio_talk_gluecon_2017.pdf

Example K8s Pod
kubernetes pod
Example K8s Node
kubernetes pod
Example K8s Cluster
kubernetes cluster topology
Sidecar Pattern (in a pod)
sidecar

source: http://blog.kubernetes.io/2015/06/the-distributed-system-toolkit-patterns.html

Basic Istio Routing*
basic istio routing
*Not always the case
Istio Architecture
Istio topology

source: https://istio.io/docs/concepts/what-is-istio/overview.html

Demo Architecture
Istio demo arch

source: https://istio.io/docs/samples/bookinfo.html

Peanut Butter JellyDemo time!

Some Early Adoption (0.1) Limitations*

  • Egress service only supports HTTP(S) requests
  • Istio-Auth (mTLS) only supports HTTP requests
  • Request Tracing only supports HTTP requests?

*Not a complete list

0.2 Roadmap

  • TCP telemetry collection and policy enforcement.
  • Support for VMs joining an Istio Mesh.
  • Fully-automated injection of Envoy proxies into Kubernetes pods.
  • Standard extension points for addons and plugins.
  • Expanded authorization with callouts to external services.
  • Mixer request tracing with Zipkin.
  • Additional logging and analysis plugins.
  • Cluster-wide rate limiting.
  • Basic API management features.
  • Configuration rollout and management.
  • Configuration and policy enforcement APIs.
  • Improved system stability and performance.

source: https://istio.io/docs/reference/release-roadmap.html

Thank you!