01 Managing Microservices With Istio
Kim Schlesinger edited this page Jul 20, 2018
·
3 revisions
Neeraj Poddar from Aspen Mesh: July 19, 2018
- A service mesh is a magical routing layer for microservices. The mesh provides service discovery, load balancing, encryption, auth and support
- An infrastructure layer that handles communications between your applications (microservices)
- Per-node proxy
- Sidecar Proxy
- The proxy lives in the same node as the app
- The sidecar should be compact
https://istio.io/docs/concepts/what-is-istio/overview/
- Istio uses Envoy as a sidecar
- Pilot
- Looks at the configuration files
- Mixer
- Enforces policies
- Quota enforement (how many requests per second, etc.)
- Telemetry
- Citadel
- Service to service auth
- End-User Auth
- Sidecar Injector
- Monitors K8s for new pods to inject
- Ingress Gateway
- allows traffic into your cluster
- Egress Gateway
- allows traffic out of your cluster
- Setting up how you want your traffic to flow into your mesh
- Request routing
- Looking at request headers
- Fault Injection
- Verifying the resilance of our applications
- Traffic Shifting
- A form of canary deployment
- Request Timeouts
- Configuring when a request should be abandoned
- How can you secure your microservices environment?
- Authentication
- Origin-based auth. Istio can make sure that the user has the proper credentials
- Peer-based auth: mutual TLS
- RBAC
- Rate Limiting
- Distributed Tracing
- Tracking how microservies interact
- Lets you see latency and trace failures
- See here