A service mesh is a necessary tool in your cloud native infrastructure. The era of service meshes ushers in a new layer of intelligent network services that are changing the architecture of modern applications and the confidence with which they are delivered. Istio, as one of many service meshes, but one with a vast set of features and capabilities, needs an end-to-end guide
9. Fault Tolerance
With our services communicating with numerous external resources, failures
can be caused by:
• Networking issues
• System overload
• Resource starvation (e.g. out of memory)
• Bad deployment/configuration
11. Client Libraries: The First Service Meshes?
• The restriction use of
multiple language-specific
frameworks and/or
application servers to run
them.
• Complexity when upgrade
version library.
• Forward compatibility and
Backward compatibility
12. Service Mesh
• It takes the logic governing service-
to-service communication out of
individual services and abstracts it
to a layer of infrastructure.
• Service engineer focus only on
service business.
• Don’t restrict to any
language/framework.
13. Control plan vs Data plan
• Data Plan:
• Touches every
packet/request in the
system.
• Service discovery
• Health checking
• Routing.
• Observability.
• Authentication/authoriz
ation.
• Load balancing
• Control Plan:
• Does not touch any
packet/request in the
system.
• Provide policy.
• Provide configuration.
• Unifies telemetry
collection.
15. What is Istio?
• Data plan: Envoy proxy as
Sidecar
• Control plan:
• Pilot
• Galley
• Citadel
• Mixer
Functionality:
• Load Balancing
• Fine-grained control traffic
• A pluggable policy layer
like rate limits, access
control, quotas.
• Automatic metrics, logs,
traces.
• Secure service-to-service
16. Galley
• Primary configuration
ingestion and distribution
mechanism within Istio.
• It provides a robust model
to validate, transform, and
distribute configuration
states to Istio components
insulating the Istio
components from
Kubernetes details
32. How it work
• Mixer collects metrics
emitted by Envoys
• Adapters in the Mixer
normalize and forward to
monitoring backend
• Metrics backend can be
swapped at runtime
35. Trace
• Envoy proxy is responsible for
generating the initial trace
headers and doing so in an
OpenTelemetry–compatible
way
• Your application requires a
thin-client library to collect
and propagate a small set of
HTTP headers:
• x-request-id
• x-b3-traceid
• x-b3-spanid
• x-b3-parentspanid
• x-b3-sampled
• x-b3-flags
• x-ot-span-context