Open in app

Sign in

Write

Sign in

Microservices & Istio

Shiwani Biradar
4 min readJan 22, 2020

In this post we’ll see the istio architecture and installation.

Before going on istio we will understand the structure of microservices.

What are microservices??

A microservice is a small, loosely coupled distributed service. Microservices allows you to take a large application and decompose or break into easily manageable small components with narrowly defined responsibilities.

Reasons behind to use microservices:

  • For a large application, it is difficult to understand the complexity and make code changes fast and correctly, sometimes it becomes hard to manage the code.
  • For small change, the whole application needs to be built and deployed.
  • For small change, the whole application needs to be built and deployed.

Benefits of microservices:

  • Small modules: Application is broken into smaller modules which are easy for developers to code and maintain
  • Easier Process Adaption :By using microservices, new Technology & Process Adaption becomes easier. You can try new technologies with the newer microservices that we use.
  • Independent scaling: Each microservice can scale independently via X-axis scaling (cloning with more CPU or memory) and Z-axis scaling (sharding), based upon their needs.
  • Unaffected: Large applications remain largely unaffected by the failure of a single module.
  • DURS :Each service can be independently DURS (deployed, updated, replaced, and scaled).

Now what is istio??

Istio is an open source service mesh, that layers transparently onto existing distributed applications.Istio’s diverse features set let you successfully and efficiently, run a distributed microservice architecture and provide a uniform way to secure, connect and monitor microservices. Istio is an Open Source project developed in partnership between teams from Google, IBM, and Lyft and it provides a solution to the complexities of microservice based application, to name a few:

  • Traffic management: Timeouts, retries, load balancing,
  • Security: End-user Authentication and Authorization,
  • Observability: Tracing, monitoring, and logging.

Service mesh:

A service mesh is a dedicated infrastructure layer that controls service-to-service communication over a network. It provides a method in which separate parts of an application can communicate with each other. Service meshes appear commonly in concert with cloud-based applications, containers and microservices. In short it is network of microservices that makeup applications and the interactions between them.

Core features of istio:

  • Traffic Management
  • Security
  • Observability
  • Platform support
  • Integration and customization

Architecture of istio:

Architecture of Istio

Service mesh consists of 2 component:

  1. Control Plane
  2. Data Plane

Control plane:

Control plane manages and configures the proxies to route traffic. Plus it configures Mixers to enforce policies and collect telemetry. It is composed of three components: The Pilot, the Mixer, and the Citadel that in combination configure Envoys to route traffic, enforce policies and collect telemetry data.

Pilot: Pilot provides services discovery for the Envoy sidecars, traffic management capabilities for intelligent routing and resiliency.This converts high-level routing rules that control traffic behaviour into Envoy-specific configurations and propagates them to the sidecars at runtime.

  • Citadel: Secures service to service communication over TLS. Providing a key management system to automate key and certificate generation, distribution, rotation, and revocation.
  • Mixer: The mixer is a platform-independent component which accesses control and usage policies across the service-mesh and collects telemetry data from the envoy proxy and other services.

Data plane:

The injected proxies enable Istio to easily achieve our requirements.data plane is composed of a set of intelligent proxies named Envoy which is deployed as a sidecar. These proxies mediate and control all the network communication between micro-services along with Mixer.

  • Envoy: Envoy is a high-performance proxy developed in C++ to mediate all inbound and outbound traffic for all services in the service mesh.Envoy is deployed as a sidecar to the relevant service in the same Kubernetes pod. This deployment allows Istio to extract a wealth of signals about traffic behaviour as attributes.

Now we will start the installation of istio :

  • for istio installation , firstly we will create a new namespace in kubernetes cluster.

$ kubectl create namespace istio-system

  • installation of istio

$ curl -L https://git.io/getLatestIstio | ISTIO_VERSION=1.3.2 sh -

  • This command install the istio of version 1.3.2.

Now go into istio directory

  • Enter the following command to install the Istio CRDs first:

$ export PATH=$PWD/bin:$PATH

$ for i in install/kubernetes/helm/istio-init/files/crd*yaml; do kubectl apply -f $i; done

  • Install istio

$ kubectl apply -f install/kubernetes/istio-demo.yaml

  • To check created service

$ kubectl get svc -n istio-system

  • To check running pods

$ kubectl get pods -n istio-system

In this way we are completed the installation of istio on kubernetes clusters.In next tutorial we will see how to launch application using istio on kubernetes .

--

--

Shiwani Biradar

Written by Shiwani Biradar

25 Followers

Technical & complicated minded !

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams