Istio is an open source tool founded by Google, IBM, and Lyft that provides a uniform way to connect, manage and secure microservices. It is also part of Cloud Native Computing Foundation (CNCF) project and currently only supports Kubernetes and Consul-based environments . Istio allows us to manage traffic flow across microservices, enforce access policies and aggregate telemetry data without administration from the node running the microservice. It manages how service-to-service communicate within a cluster. Istio uses what we refer to as Custom Resource Definition (CRD) to extend Kubernetes API. Its most common applicability is for traffic Management. Istio also can also be used to provide insights into how applications are working and performance metrics. It can be used with Grafana to provide visualization. Istio has a command line Interface (CLI) that is used to deploy and manage back-end services.
Istio has several components which are Envoy, Mixer, Pilot, Citadel and Node Agent. Envoy is a sidecar container that runs in each container for the purpose of handling ingress/egress traffic between service-to-service in the cluster. Mixer enforces policies such as authentication, request tracing and telemetry collection at an infrastructure level. It is a central component that is leveraged by the proxies and containers for the purpose of enforcing policies. Pilot is responsible for setting up the Mixer and Envoy at runtime. Citadel is responsible for issuing certificates and rotation of the certificated generated. Lastly, the Node Agent serves the purpose of automating keys and certificates generated on a node level.
Istio as a Kubernetes service mesh manages services by providing dynamic routing, operation metrics, load balancing and idempotency. Istio ensures application reliability as it ensures the resiliency of microservices running in the cluster. In production environments as we scale our microservices from tens to thousands we need a tool like istio to handle management and operational complexities.