Managing Microservices on Kubernetes with Istio

Last week IBM and Google announced Istio, an open platform to connect, manage, and secure microservices. Istio improves the visibility of the data flowing between the different services and the good news for developers is that you don’t have to change your code.

There is good documentation available, but in a nutshell Istio inserts proxies in pods which are called instead of the custom containers (services) directly. This allows Istio to control and monitor the requests to the services. As a developer you simply use Istio to automatically add a bunch of additional containers and pods to your Kubernetes deployments without having to change your app.

The Istio website explains the concepts in more detail. As Jason McGee writes in this blog Instio’s main functionality is:

  • Automatic zone-aware load balancing and failover for HTTP/1.1, HTTP/2, gRPC, and TCP traffic.
  • Fine-grained control of traffic behavior with rich routing rules, fault tolerance, and fault injection.
  • A pluggable policy layer and configuration API supporting access controls, rate limits and quotas.
  • Automatic metrics, logs and traces for all traffic within a cluster, including cluster ingress and egress.
  • Secure service-to-service authentication with strong identity assertions between services in a cluster.

I’ve installed the BookInfo sample to try the functionality. It was very easy to set up, both on Minikube and on IBM Bluemix. I like especially the dashboard (Grafana) which visualizes metrics like request rates, success/failure rates, etc. in a cluster.

istio1

The ServiceGraph addon provides a graphical visualization of the service interaction graph for the cluster.

istio3

With the Zipkin dashboard you can see the invocation chains of microservices.

istio2

If you want to try out Istio follow these instructions and set up the sample.