Envoy - is a high-performance proxy to mediate all inbound and outbound traffic for all services in the service mesh.
Pilot - provides service discovery for the Envoy sidecars, traffic management capabilities for intelligent routing.
Mixer - enforces access control and usage policies across the service mesh, and collects telemetry data from the Envoy proxy and other services.
Citadel - provides strong service-to-service and end-user authentication with built-in identity and credential management.
Istio types
DestinationRule configures the set of policies to be applied to a request after VirtualService routing has occurred. (Circuit Breaker, Load Balancers, TLS settings, Subset defintion)
VirtualService defines the rules that control how requests for a service are routed within an Istio service mesh.
ServiceEntry is commonly used to enable requests to services outside of an Istio service mesh.
Gateway configures a load balancer for HTTP/TCP traffic, most commonly operating at the edge of the mesh to enable ingress traffic for an application.
Traffic Management with Istio
Istio Security Architecture
Istio Multicluster
Multiple k8s clusters managed by single Istio instance