Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Overview
Istio is a full featured, customisable, and extensible service mesh.
Architecture
Istio provides a data plane that is composed of Envoy-based sidecars. These intelligent proxies control all network traffic in and out of your meshed apps and workloads.
The control plane manages the configuration, policy, and telemetry via the following components:
Mixer - Enforces access control and usage policies. Collects telemetry from the proxies that is pushed into Prometheus.
Pilot - Provides service discovery and traffic management policy/configuration for the proxies.
Citadel - Provides identity and security capabilities that allow for mTLS between services.
Galley - Abstracts and provides configuration to components.
The following architecture diagram demonstrates how the various components within the data plane and control plane interact.
Selection criteria
It's important to understand and consider the following areas when evaluating Istio for your workloads:
Design goals
The following design goals guide the Istio project:
Maximize Transparency - Allow adoption with the minimum amount of work to get real value from the system.
Extensibility - Must be able to grow and adapt with changing needs.
Portability - Run easily in different kinds of environments - cloud, on-premises.
Policy Uniformity - Consistency in policy definition across variety of resources.
Capabilities
Istio provides the following set of capabilities:
Mesh - gateways (multi-cluster), virtual machines (mesh expansion)
Traffic Management - routing, splitting, timeouts, circuit breakers, retries, ingress, egress
Policy - access control, rate limit, quota, custom policy adapters
Security - authentication (jwt), authorisation, encryption (mTLS), external CA (HashiCorp Vault)
Observability - golden metrics, mirror, tracing, custom adapters, prometheus, grafana
Scenarios
Istio is well suited to and suggested for the following scenarios:
Require extensibility and rich set of capabilities
Mesh expansion to include VM based workloads
Multi-cluster service mesh
Next steps
The following documentation describes how you can install Istio on Azure Kubernetes Service (AKS):
You can also further explore Istio concepts and additional deployment models: