Istio is an open source service mesh platform that provides a way to control how microservices share data with one another. It includes APIs that let Istio integrate into any logging platform, telemetry, or policy system. Istio is designed to run in a variety of environments: on-premise, cloud-hosted, in Kubernetes containers, in services running on virtual machines, and more.
Istio’s architecture is divided into the data plane and the control plane. In the data plane, Istio support is added to a service by deploying a sidecar proxy within your environment. This sidecar proxy sits alongside a microservice and routes requests to and from other proxies. Together, these proxies form a mesh network that intercepts network communication between microservices. The control plane manages and configures proxies to route traffic. The control plane also configures components to enforce policies and collect telemetry.
With a service mesh like Istio, dev and ops are better equipped to handle the change from monolithic applications to cloud-native apps―collections of small, independent, and loosely coupled microservice applications. Istio provides behavioral insights and operational control over the service mesh and the microservices it supports. Using a service mesh reduces the complexity of deployments, and takes some of the burden off of your development teams. Istio’s features let you run a distributed microservice architecture. These features include:
- Traffic management - Traffic routing and rules configuration in Isitio allow you to control the flow of traffic and API calls between services.
- Security - Istio provides the underlying communication channel and manages authentication, authorization, and encryption of service communication at scale. With Istio, you can enforce policies consistently across multiple protocols and runtimes with minimal application changes. When using Istio with Kubernetes (or infrastructure) network policies, the benefits include the ability to secure pod-to-pod or service-to-service communication at the network and application layers.
Observability - Get insights into your service mesh deployment with Istio’s tracing, monitoring, and logging features. Monitoring lets you see how service activity impacts performance upstream and downstream. Custom dashboards provide visibility into the performance of all your services.
Red Hat OpenShift Service Mesh is based on Istio and is available for Red Hat OpenShift. It provides behavioral insight into—and control of—the networked microservices in your service mesh through the use of sidecar proxies that intercept network communication between microservices.
Red Hat OpenShift Service Mesh provides additional features beyond standard Istio and makes it easier to deploy on Red Hat OpenShift.