Recently, the architecture group has developed the service mesh platform based on isto, taking this opportunity to learn and record the relevant background knowledge for the convenience of looking back.
Effect of the first edition:
Official Manual: https://istio.io/latest/zh/docs/concepts/what-is-istio/
Stio is an open source project jointly developed by Google / IBM / LYFT.
Officially defined as:
Istio: an open platform for connecting, managing and protecting microservices.
Istio comes from Greek, which means “sail” in English and “sail” in Chinese. Its icon is as follows:
Kubernetes, another related product of Google, also originated from ancient Greece, meaning captain or pilot. The figure below shows the kubernetes Icon:
1. Introduction to service mesh
Isto, as an open source project to implement service mesh, needs to know service mesh first.
In the past few years, microservice architecture has become a popular style in software design. In this architecture, we decompose the application into independently deployable services. These services are usually lightweight, multilingual, and are usually developed and deployed by various functional teams. When the number of some services increases, it is difficult to manage and becomes more and more complex, the microservice architecture will always be effective. But it also brings challenges in management security, network traffic control and observability.
Service MeshIt can help to deal with these challenges.
- Service mesh is used to describe the microservices that make up an application and their interactions. With the increase of service quantity and complexity, it becomes more and more difficult to expand and manage. Service mesh can provide service discovery, load balancing, fault recovery, metrics and monitoring for microservice architecture.
- Service mesh can also meet more complex requirements, such as a / B testing, Canary publishing, rate limiting, access control, and end-to-end authentication.
- Service mesh provides an easy way to create a service network. The network has the functions of load balancing, service to service authentication, monitoring, etc., while the microservice code changes little or no.
2. Why istio?
Istio provides a simple way to build a network for deployed services. The network has the functions of load balancing, authentication between services, monitoring and so on, without any changes to the service code. Simply put, with istio, your service
There is no need for any microservice development framework (such as spring cloud and Dubbo), and it is no longer necessary to manually implement various complex service governance functions (many of which are not provided by spring cloud and Dubbo, and need to be self-contained)
Do it yourself. As long as the client and server of the service can have simple direct network access, a series of complete functions can be obtained by entrusting the network layer to istio.
It can be roughly understood as:Istio = microservice framework + service governance.
Istio’s key functions:
- Automatic load balancing of HTTP, grpc, websocket and TCP traffic.
- Through rich routing rules, retrying, fail over and fault injection, traffic behavior can be fine-grained controlled.
- Pluggable policy layer and configuration API, support access control, rate limit and quota.
- Automatic measurement, logging and tracking of all traffic in and out of the cluster entrance and exit.
- Through powerful identity based authentication and authorization, secure inter service communication is realized in the cluster.
- Istio is designed to achieve scalability and meet various deployment requirements.
Istio provides many key functions in the service network
With simple rule configuration and traffic routing, you can control traffic and API calls between services. Istio simplifies the configuration of service level attributes such as circuit breakers, timeouts, and retries, and can easily set up important tasks such as a / B testing, Canary deployment, and phased deployment based on percentage traffic segmentation.
By better understanding your traffic and out of the box recovery capabilities, you can identify problems before they occur, making calls more reliable, and making your network more powerful regardless of the conditions you face.
Istio’s security features allow developers to focus on application level security. Istio provides the underlying secure communication channel and manages authentication, authorization and encryption of service communication on a large scale. With istio, service communication is secure by default, allowing you to implement policies consistently across multiple protocols and runtime – all of which require little or no application changes.
Although istio is platform independent, it has greater advantages when combined with kubernetes (or infrastructure) network policy, including the ability to protect communication between pods or services at the network and application levels.
Istio’s powerful tracking, monitoring, and logging provides insight into service grid deployment. Istio’s monitoring function can truly understand how service performance affects upstream and downstream functions, and its custom dashboard can provide visibility into all service performance and let you know how this performance affects your other processes.
Istio’s mixer component is responsible for policy control and telemetry collection. It provides back-end abstraction and mediation, separates the rest of istio from the implementation details of each infrastructure back-end, and provides fine-grained control of all interactions between grid and infrastructure back-end for operation and maintenance.
All of these features allow you to set up, monitor, and implement SLO on services more effectively. Most importantly, of course, you can detect and fix problems quickly and effectively.
Istio is platform independent and is designed to run in a variety of environments, including cross cloud, on premises, kubernetes, mesos, etc. You can deploy istio on kubernetes or nomad with consult. Istio currently supports:
Services deployed on kubernetes
Services registered with consult
Services deployed on virtual machines
Integration and customization
Policy execution components can be extended and customized to integrate with existing ACL, log, monitoring, quota, audit and other solutions.
https://www.cnblogs.com/xishuai/p/microservices-and-service-mesh.html（Concept collation of microservices and service mesh architecture）
https://www.kubernetes.org.cn/5556.html（Explain the working principle of fusing and current limiting in istio practice）
https://blog.csdn.net/luanpeng825485697/article/details/84560659 (Introduction to isto and basic component principle (service mesh)
https://blog.csdn.net/chenhaifeng2016/article/details/78609208 (in depth analysis of service mesh service grid new generation istio)
https://zhuanlan.zhihu.com/p/101723832 (service governance of microservices: details of yvoy global grpc speed limit service LYFT / ratelimit)
https://www.jianshu.com/p/bed143a1c886 (Introduction to isto)
http://www.uml.org.cn/wfw/201909063.asp (what is istio? One article will give you a thorough understanding