ISTIO

 ISTIO

So hello , today we will understand about ISTIO so before we go inside there are few basic terms which I saw while I was reading the documentation of ISTIO, which are:

Monitoring & Observability Tools:

  • Prometheus: Collects metrics (like CPU, memory, request counts) from services.

  • Grafana: Visualizes those metrics in dashboards.

  • Jaeger: Traces requests across services to see where time is spent.

  • Kiali: Visualizes the service mesh topology and health; integrates with Prometheus and Jaeger.

 Core Components:

  • Envoy Proxy: A smart proxy deployed next to each service (sidecar). It handles traffic, security, and observability.

  • Automatic Sidecar Injection: Istio automatically adds Envoy to your pods when you label the namespace (e.g., istio-injection=enabled).

  • VirtualService: Istio config that defines traffic routing rules (e.g., send 80% to v1, 20% to v2).

  • Kubernetes YAML: Configuration files written in YAML to define resources like pods, services, deployments, and Istio objects.

 Security & Networking:

  • TLS (Transport Layer Security): Encrypts communication between services.

  • mTLS (Mutual TLS): Both client and server authenticate each other using certificates.

  • Service Mesh: A layer that manages service-to-service communication, security, and observability without changing app code.

  • Mesh: The network of services connected and managed by the service mesh.

an open-source service mesh that helps manage, secure, and observe communication between microservices in cloud-native applications—especially those running on Kubernetes

acts as a transparent layer between services, handling:

  • Traffic management: Controls how requests flow between services.

  • Security: Encrypts communication and enforces access policies.

  • Observability: Collects metrics, logs, and traces for monitoring.

It uses Envoy proxies deployed alongside services to intercept and manage traffic, and a control plane to configure and update these proxies dynamicallyacts as a transparent layer between services, handling:

  • Traffic management: Controls how requests flow between services.

  • Security: Encrypts communication and enforces access policies.

  • Observability: Collects metrics, logs, and traces for monitoring.

It uses Envoy proxies deployed alongside services to intercept and manage traffic, and a control plane to configure and update these proxies dynamically

 How Istio Works

Istio has two main components:

  • Data Plane: Envoy proxies intercept traffic between services.

  • Control Plane: Manages configuration and policies, updating proxies as needed

  • supports two modes:

    • Sidecar mode: Deploys a proxy alongside each service.

    • Ambient mode: Uses node-level proxies for lower overhead

How to Use Istio

  1. Install Istio in your Kubernetes cluster using istioctl or Helm

  2. Label your namespace for automatic sidecar injection

  3. Deploy your app (e.g., Bookinfo sample app)

  4. Configure traffic rules using VirtualServices and DestinationRules

  5. Monitor and secure using dashboards like Kiali, Prometheus, and Jaeger


Charges & Pricing

Istio itself is free and open-source—no license fees. But there are indirect costs:

  • Resource usage: Envoy proxies consume CPU and memory

  • Operational overhead: Managing Istio requires expertise

  • Monitoring tools: Storing logs and metrics may incur cloud costs

Some vendors offer enterprise support (e.g., iMesh.ai) starting around $2,000/month for managed Istio environments

Who Can Use Istio?

Istio is ideal for:

  • DevOps teams managing microservices

  • Security engineers enforcing policies

  • Platform engineers building scalable infrastructure

It’s used by companies of all sizes

Case study:

Mindtickle

  • Challenge: Managing 300+ microservices across AWS EKS with high availability and security.

  • Solution: Used Istio for advanced network management, resiliency (timeouts, retries, circuit breakers), and topology-aware networking.

  • Outcome: Achieved better observability, reduced data transfer costs, and improved uptime

Prerequisites & Basics

Before diving into Istio, you should be familiar with:

  • Kubernetes (pods, services, namespaces)

  • kubectl CLI

  • Basic networking concepts (TLS, routing, load balancing)

You’ll need:

  • A running Kubernetes cluster (e.g., Minikube, GKE, EKS)

  • Internet access and permission to install tools

  • Ability to label namespaces and deploy apps

Comments

Post a Comment

Popular posts from this blog

FUNCTIONS

 FUNCTIONS Functions are like reusing code that you have written rather writing everything from scratch. For example like  in CPP //header file #include<iostream> using namespace std; // main program int main(){ //this will display hello world cout<<"hello world"; return 0; } now with function #include<iostream> using namespace std; //funtion declaration void Hello_World(){} int main(){ //calling funtion Hellow_World(); return 0; } //defining funtion void Hello_World(){ cout<<"hello world"; } here funtion can be divided in 3 parts Declaration:  means to tell it's name and it's arguments and with their type. Defination:means to tell what will be inside of it and what will it do. Calling: means to call that function using it's name or provoking it. So by this we are calling the function to print hello world rather writing the code from scratch. For more you can watch below link of YoutTube video :  Functions
Read more

Why companies prefer Linux ?

Why Companies Use Linux: 1. Open Source Freedom Companies can access and modify the source code without licensing restrictions. No vendor lock-in, meaning more control over systems and infrastructure. 2. Security and Stability Linux is less vulnerable to malware and cyberattacks. It can run for years without crashing—ideal for servers and networks. 3. Cost-Efficiency Most Linux distributions are free. Saves thousands in licensing costs compared to Windows or macOS. 4. Scalability and Performance Works efficiently across systems: from embedded devices to massive cloud data centers. Can be fine-tuned for speed and performance. 5. Development-Friendly Rich support for programming languages, tools (Git, Docker, Kubernetes), and automation. Perfect for building and deploying software quickly and reliably. 6. Cloud & Server Dominance Nearly all cloud providers (AWS, Azure, Google Cloud) run Linux-based servers. Powers most web hosting services and critical infrastructure worldwide.  ...
Read more

Why companies use Docker?

   Why Companies Use Docker 1. Consistent Environments Docker containers ensure that applications run the same across development, testing, and production. Eliminates the “it works on my machine” problem. 2. Rapid Deployment & Scalability Containers launch in seconds, enabling fast rollouts and updates. Ideal for microservices and cloud-native architectures. 3. Cost Efficiency Multiple containers can run on a single host, reducing infrastructure costs. Lightweight compared to virtual machines. 4. Portability Docker containers can run on any system with Docker installed—cloud, local, or hybrid environments. 5. Security & Isolation Each container is isolated, minimizing the risk of system-wide vulnerabilities. Easier to apply updates and patches without affecting other services.  Real-World Use Cases by Companies Company Use Case & Benefits 1.Netflix Uses Docker to deploy thousands of containers daily via its internal platform Titus. Enables massive scalability ...
Read more