BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Google, IBM and Lyft Open-Source Microservice Service-Mesh Istio

Google, IBM and Lyft Open-Source Microservice Service-Mesh Istio

This item in japanese

Google, IBM and Lyft have open sourced Istio (Greek word for "sail"), a framework for managing, securing and monitoring microservices.

Microservices bring simplicity to the development, dividing the task of creating a complex system into dozens or even hundreds of small services that are easily understood and modified each by a small team of software engineers. But the complexity is not actually eliminated, being moved into the area of connecting, managing and monitoring the large number of these services. It is not easy to manage hundreds of services, dealing with deployment issues, version control, security, failover, policy enforcement, telemetry, monitoring, etc.. Istio wants to solve these problems.

According to Google, Istio is a "layer of infrastructure between a service and the network" which "combined with service deployments is commonly referred to as a service mesh." The Istio webpage explains the service mesh in more details:

Imagine if we could transparently inject a layer of infrastructure between a service and the network that gives operators the controls they need while freeing developers from having to bake solutions to distributed system problems into their code. This uniform layer of infrastructure combined with service deployments is commonly referred to as a service mesh. Just as microservices help to decouple feature teams from each other, a service mesh helps to decouple operators from application feature development and release processes. Istio turns disparate microservices into an integrated service mesh by systemically injecting a proxy into the network paths among them.

Istio can run on any any environment in the cloud or on premises. This first alpha version (0.1) runs on Kubernetes, but that is not an absolute requirement. Istio’s main features are:

  • Automatic load balancing for HTTP, gRPC, and TCP traffic
  • Fine-grained control of traffic behavior with rich routing rules
  • Traffic encryption, service-to-service authentication and strong identity assertions
  • Fleet-wide policy enforcement
  • In-depth telemetry and reporting

Underneath, Istio uses Envoy, a service proxy and communication bus open sourced by Lyft last September. They have used Envoy in production to "manage more than 100 services spanning 10,000 VMs, processing 2M requests/second." Shriram Rajagopalan (IBM) and Louis Ryan (Google) have recently presented technical details (PDF) on Istio at GlueCon 2017, the following being a high level diagram of the system:

istio

Envoy does traffic filtering and routing, service discovery, health checking to provide resilient load balancing, it supports TLS for security, gRPC for communication, MongoDB and DynamoDB parsers to collect statistics about database access, and others. Envoy was written in C++ 11, and it has been tested with microservices written in C++, Go, Java, PHP, Python, but it can be combined with other languages. Istio also does application and network monitoring that can be viewed in Prometheus and Grafana, and it is also integrated with Zipkin to troubleshoot latency issues.

The team behind Istio plans to integrate it with Google Cloud Endpoints and Apigee. Also, Red Hat, Pivotal, Weaveworks, Tigera, and Datawire are interested in integrating Istio with their respective products. The roadmap includes more details on what to expect in the future, version 1.0 being planned for later this year.

Rate this Article

Adoption
Style

BT