Open shimmerjs opened 6 years ago
control traffic between services with dynamic route configuration
conduct A/B tests
release canaries
gradually upgrade versions using red/black deployments
apply organizational policy to interaction btwn services
ensure acls are enforced and enable secure comms btwn services
helps manage dependencies between services via telemetry and metrics
? can it be entire deployment orchestration tool? ? does it scale cleanly across clusters
L4/L7 hybrid proxy. mediates all inbound and outbound traffic for all services in the mesh.
features: dynamic service discovery, load balancing, tls terminiation, http/2 & grpc proxying, health checks, staged rollouts with %-based traffic split, fault injection, rich metrics
programs envoys, responsible for service discovery, registration, and load balancing
service-to-service and end-user authentication using mutual tls, with built-in identity and credential management
provides CA, stores them in kube secrets
adds fault tolerance to your app without any code changes via circuitbreaker
fleetwide policy enforcement and management
responsible for enforcing ACL and usage policies across the mesh, and collecting telemetry data from envoy proxy and other services.
? istio controls every namespace on your cluster?
/metrics
https://istio.io/blog/canary-deployments-using-istio.html https://spiffe.io
envoy
pilot progmramming enoys
istio-auth ?
mixer res for enforicing polices across mesh
isito security
resiliency
traffic splitting
traffic steering
istio
control traffic between services with dynamic route configuration
conduct A/B tests
release canaries
gradually upgrade versions using red/black deployments
apply organizational policy to interaction btwn services
ensure acls are enforced and enable secure comms btwn services
helps manage dependencies between services via telemetry and metrics
? can it be entire deployment orchestration tool? ? does it scale cleanly across clusters
components
envoy
L4/L7 hybrid proxy. mediates all inbound and outbound traffic for all services in the mesh.
features: dynamic service discovery, load balancing, tls terminiation, http/2 & grpc proxying, health checks, staged rollouts with %-based traffic split, fault injection, rich metrics
pilot
programs envoys, responsible for service discovery, registration, and load balancing
istio-auth
service-to-service and end-user authentication using mutual tls, with built-in identity and credential management
provides CA, stores them in kube secrets
adds fault tolerance to your app without any code changes via circuitbreaker
mixer
fleetwide policy enforcement and management
responsible for enforcing ACL and usage policies across the mesh, and collecting telemetry data from envoy proxy and other services.
demo
? istio controls every namespace on your cluster?
notes
/metrics
additional reading
https://istio.io/blog/canary-deployments-using-istio.html https://spiffe.io