https://DevOpsCloud.io -- Cloud Monk Losang Jinpa

Return to CNCF Projects, Istio Glossary, CNCF Glossary, Service Mesh

Istio is an open-source service mesh platform that provides a unified way to connect, manage, and secure microservices in a distributed architecture. It addresses the complexities that arise when managing communication, security, and observability in a microservices environment.

• **Traffic Management:** Istio offers fine-grained control over traffic routing, allowing you to implement various deployment strategies like canary releases, A/B testing, and traffic mirroring.
• **Security:** Istio provides secure service-to-service communication through mutual TLS authentication and authorization policies. It also enables end-user authentication and authorization.
• **Observability:** Istio automatically collects telemetry data, including metrics, logs, and traces, giving you insights into the behavior and performance of your microservices.
• **Platform Independence:** Istio can run on various platforms, including Kubernetes, virtual machines, and on-premises environments.
• **Extensibility:** The platform is designed to be extensible, allowing you to integrate with other tools and customize its behavior to suit your needs.

• **Simplified Microservices Management:** Istio abstracts away the complexities of managing communication and security in a microservices architecture.
• **Improved Observability:** Istio provides deep visibility into service interactions, making it easier to troubleshoot issues and optimize performance.
• **Enhanced Security:** Mutual TLS and fine-grained access control policies help secure your microservices.
• **Flexibility:** Istio's traffic management capabilities enable various deployment strategies and fine-grained control over traffic flow.
• **Platform Independence:** Istio's ability to run on different platforms offers flexibility in deployment choices.

While Istio primarily operates through configuration and policies, here's an illustrative example of a VirtualService definition to route traffic:

```yaml apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata:

 name: my-service

 hosts:
 - my-service.default.svc.cluster.local
 http:
 - route:
   - destination:
       host: my-service-v1
       subset: v1
     weight: 75
   - destination:
       host: my-service-v2
       subset: v2
     weight: 25

This configuration defines a VirtualService that routes 75% of traffic to version 1 of the “my-service” and 25% to version 2, facilitating canary deployments.

• **Istio Official Website:** s://istio.io/(https://istio.io/)
• **Istio GitHub Repository:** s://github.com/istio/istio(https://github.com/istio/istio)
• **Istio Documentation:** s://istio.io/latest/docs/(https://istio.io/latest/docs/)

• Description: Istio is an open source service mesh microservices platform to connect microservices, manage microservices, and secure microservices.
• Documentation: https://istio.io/docs
  • Provide an Istio glossary of the top 40 Istio concepts sorted by the most commonly used. For each concept include a brief description and the URL for the Istio official documentation. Answer using MediaWiki format.

Snippet from Wikipedia: Service mesh

In software architecture, a service mesh is a dedicated infrastructure layer for facilitating service-to-service communications between services or microservices using a proxy.

A dedicated communication layer can provide numerous benefits, such as providing observability into communications, providing secure connections, and automating retries and backoff for failed requests.

A service mesh consists of network proxies paired with each service in an application and a set of task-management processes. The proxies are called the data plane and the management processes are called the control plane. The data plane intercepts calls between different services and processes them; the control plane is the brain of the mesh that coordinates the behavior of proxies and provides APIs for operations and maintenance personnel to manipulate and observe the entire network.

The service mesh architecture is implemented by software products such as Istio, Cilium, Linkerd, Consul, AWS App Mesh, Kuma, Traefik Mesh, Greymatter.io, and Open Service Mesh. Many service meshes use the Envoy proxy on the data plane.

Creative Commons Attribution-Share Alike 4.0

Fair Use Sources:

• Istio on DuckDuckGo
• Istio on GitHub
• Istio on O'Reilly
• Istio on Stackoverflow
• Istio on Reddit
• Istio on YouTube
• Istio for Archive Access for Fair Use Preservation, quoting, paraphrasing, excerpting and/or commenting upon