Istio Service Mesh Advances to Production
Istio, the “service mesh” intended to connect application components and thereby boost the capabilities of the Kubernetes cluster orchestrator, has advanced over the past year as a way of managing increasingly popular micro-services.
Partners Google Cloud, IBM (NYSE: IBM), ride sharer Lyft and Red Hat’s CoreOS unit along with other open source developers announced the 1.0 release of Istio on Tuesday (July 31). Among the goals is simplifying enterprise deployment of micro-services and allowing developers to add, change and route them within cloud-native applications. This, proponents said, can be done without having to update code or rebuild the underlying application containers.
“Apps, especially monolithic apps being broken into many microservices, can consist of hundreds, if not thousands, of moving parts,” Jason McGee, vice president of IBM Cloud, noted in a blog postannouncing the release.
“This could range from containers being updated simultaneously, or microservices triggering multiple functions by user actions,” McGee added. “By connecting and routing these pieces together, Istio gives developers control back over how their app is operating and where data is routed in the cloud.”
The partners also stressed that Istio 1.0 helps coordinate micro-services running on various distributions of the Google-developed (NASDAQ: GOOGL) Kubernetes cluster orchestrator. As Kubernetes emerges as a de facto standard for container orchestration, the service mesh functions as a “configurable infrastructure layer for micro-services” for managing services across Kubernetes and virtual machine infrastructure.
Istio’s boosters note that application developers using standard Java libraries must modify source code in order to add services like load balancing and transport layer encryption into each application component. “Think of Istio as another component in your application stack, providing this functionality without extensive code changes,” said Brian Harrington, Red Hat’s Istio product manager.
The partners said work on future versions of Istio include building a standard framework for installing Istio on top of cloud platforms as well as improving how infrastructure services outside the service mesh can “talk” to those running on Istio.
The service mesh is deployed on a batch of proxy servers co-located with application components. Those servers are used to handle various Istio functions, Red Hat’s (NYSE: RHT) Harrington said.
While the production-ready 1.0 version of Istio eliminates bugs and improves performance, supporters added that the release also includes new features designed to ease Kubernetes rollouts. Among them are improved handling of role-based access controls and other security features as enterprises deal with new European data privacy regulations.
Another is stronger transport layer security for communicating between services as well as between services and end users.
IBM’s McGee added that the new version of Istio also can run on top of various container deployment options, including bare metal servers with direct access to GPUs.
The other major player in Istio's development, Google Cloud, has also partnered with Cisco Systems (NASDAQ: CSCO) to deploy the technology as part of their hybrid cloud initiative. Cisco said this week it helped develop a model for Istio to move beyond operating within a single Kubernetes cluster by extending a single control plane across multiple Kubernetes clusters. The so-called "multi-cluster" capability is available as an trial feature in Istio 1.0.
"Just as Kubernetes provides orchestration of containers, Istio might best be viewed as providing orchestration of service-to-service networking yielding a much better way to develop and deploy microservice-based applications in a multicloud world," Cisco noted in a blog post.
--Editor's note: This story has been updated.