# Meshing Around with Istio
This notebook contains my notes from the *Meshing Around with Istio* session by Jonathan Johnson at *UberConf 2019*. I'm familiar with the concept of a service mesh on an orchestration platform, but haven't really used one so I wanted to see some examples.

### Service Mesh Funcionality
Service meshes can provide:

* Load balancing
* Service discovery
* Health check
* Authentication
* Traffic management and routing
* Circuit breaking
* Security
* Metrics and telemetry
* Fault injection

### Do You Need One?
Service meshes add complexity. It is probably not needed for environements with few appplications and connections.

Jonathan quoted someone as saying "Kubernetes is not hard, distributed computing is hard." Istio provides various tools to help address the problems that are mentioned in the *falacies of distributed computing*.

### History of Meshing
The old approach was using libraries in the application to provide various functionality for distributed systems. Examples include several pieces from the Netflix OSS stack: Zuul, Hystrix, and Ribbon. The downside to this approach is it takes work to integrate these into each application. You must also support libraries for each platform in a polygot environment.

Next, people tried a *node agent* approach. A daemonset was deployed on each node in the Kubernetes cluster, and handled ingress/egress traffic for all pods on that node. Linkerd used this approach originally.

Finally, people have lately started using the *sidecar pattern*. In this pattern, a container is added to the application pod. It is similar to the node agent, but one sidecar is deployed for each container. 

Under the sidecar approach, polyglot langauges are easily supported and it removes complexity from applications having to do this themselves.

### Mesh Providers

* Istio - Uses Envoy for the sidecar
* Conduit - Uses Linkerd for the sidecar
* AWS has AppMesh, which uses Envoy

Istio is a pretty young project, Envoy is a bit more established. Driven by Google, IBM, Lyft. It is intentionally kept separate from Kubernetes.

Istio produces a lot of metrics and data that can be fed into various monitoring solutions.

Istio architecture:
* Control plane
    * Pilot - Ensures Envoy containers are injected
    * Mixer -  Collects telementry data from Envoy
    * Citadel - Key management when mTLS enabled.
* Data plane - Sidecar
    * Envoy - High performance proxy: <1ms added latency. Mediates all ingress/egress traffic

### Installing Istio
Jonathan recommended installing Istio using Helm.

### Custom Resource Definitions
Istio adds 51 custom resource definitions in its 1.0 version. What can it do?

* Routing rules
    * A/B
    * Canary
    * Load balancing
    * Shifting
    * Mirroring
    * Ingress/Egress gateway rules
* Resilience
    * Timeouts
    * Circuit breaker
    * Failover
    * Retries
    * Rate limiting/throttling
    * Delay and fault injection (chaos engineering)
* Observability
    * Metrics
    * Telemetry
    * Logs
    * Distributed tracing
    * Monitoring
    * Transaction correlation
    * Service dependencies
    * Traffic flow

### Other Information
[Kiali](https://www.kiali.io/) is a dashboard for Istio

RedHat provides free [Introducing Istio Service Mesh for Applications](https://www.oreilly.com/library/view/introducing-istio-service/9781491988770/) ebook that is a good short getting strated book.

Jonathan said that a great learning resource for both Kubernetes and Istio is [Katacoda](https://www.katacoda.com/). He went through part of the Istio introduction course and it looked like it had some great information.

Finally, Jonathan said there are also some great Istio tutorials on the [OpenShift website](https://learn.openshift.com/servicemesh/)

### Takeaways
* Katacoda looked really nice for learning things in the Kubernetes space. I would like to go through some Kubernetes and Istio tutorials.
    * As part of the tutorials, try out using various applications with Kubernetes, such as WeaveScope, Jaeger, etc.