# Meshing around with Istio


Service meshes can provide:

* Load balancing
* Service discovery
* Health check
* Authentication
* Traffic management and routing
* Circuit breaking
* Security
* Metrics and telemetry
* Fault injection

### Do you need it?
Service meshes add complexity. It is probably not needed for few connections.

"Kubernetes is not hard, distributed computing is hard." Istio tries to help address the falacies of distributed computing.

### History of Meshing
Older approach: libraries used in the application. Examples: Zuul, Hystrix, Ribbon. It's work to integrate these into each application, and you must support libraries for each platform in a polygot environment.

Node agent approach: Linkerd. Deployed as daemonset on the node, handled ingress and egress traffic on that node.

Sidecar pattern: Pod running alongside the application. Nice thing is that polyglot is supported, light footprint, remove complexity from applications.

Main mesh solutions:

* Istio (Envoy)
* Conduit (Linkerd)
* AWS has AppMesh, which uses Envoy

Istio produces a lot of metrics and data that can be fed into various monitoring solutions.

Istio is a pretty young project, Envoy is a bit more established. Driven by Google, IBM, Lyft. It is intentionally kept separate from Kubernetes.

Istio architecture:
* Control plane
    * Pilot - Ensures Envoy containers
    * Mixer -  Collects telementry data from Envoy
    * Citadel - Key management when mTLS enabled.
* Data plane - Sidecar
    * Envoy - High performance proxy: <1ms added latency. Mediates all ingress/egress traffic

### Installing Istio
Recommended to install using Helm

### Istio Injection
1. namespace label
    * You can choose to not include certain applications in your service mesh.
2. Inject before create/apply

### Custom Resource Definitions
Istio adds 51 CRDs in 1.0. What can it do?

* Routing rules
    * A/B
    * Canary
    * Load balancing
    * Shifting
    * Mirroring
    * Ingress/Egress gateway rules
* Resilience
    * Timeouts
    * Circuit breaker
    * Failover
    * Retries
    * Rate limiting/throttling
    * Delay and fault injection (chaos engineering)
* Observability
    * Metrics
    * Telemetry
    * Logs
    * Distributed tracing
    * Monitoring
    * Transaction correlation
    * Service dependencies
    * Traffic flow

Kiali is a dashboard for Istio

RedHat provides free "Introducing Istio Service Mesh for Applications" from OReily

He went through Istio course on Katacoda. Looks like they have multiple Kubernetes-ecosystem courses

Go to learn.openshift.com for Istio tutorials

### Takeaways

* Go through Kubernetes and Istio tutorials on Katacoda
* Try out using various applications with Kubernetes (WeaveScope, Jaeger, etc.)

Testing java
