Service Mesh -
Service Mesh's Control Plane
Greek word for "sail"
Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection
Layer 7 firewall + loadbalancer, ingress, blocking outgoing traffic, tracing, monitoring, logging
Policies and Telemetry
- is a high-performance proxy to mediate all inbound and outbound traffic for all services in the service mesh.
- provides service discovery for the Envoy sidecars, traffic management capabilities for intelligent routing.
- enforces access control and usage policies across the service mesh, and collects telemetry data from the Envoy proxy and other services.
- provides strong service-to-service and end-user authentication with built-in identity and credential management.
configures the set of policies to be applied to a request after VirtualService routing has occurred. (Circuit Breaker, Load Balancers, TLS settings, Subset defintion)
defines the rules that control how requests for a service are routed within an Istio service mesh.
is commonly used to enable requests to services outside of an Istio service mesh.
configures a load balancer for HTTP/TCP traffic, most commonly operating at the edge of the mesh to enable ingress traffic for an application.
Traffic Management with Istio
Istio Security Architecture
Multiple k8s clusters managed by single Istio instance
K8S OpenStack / Minikube
Terrafrom, Helm, kubectl, Siege or Docker
3 VMs (one master + 2 nodes)
Central loggin -> ELK Operator + rook.io Operator (as shared storage)