Introduction to Istio, Ingress and Sidecar

Dear Friend,

Our Previous editions discussed the need for istio and how Istio works.

In this edition, we can review the concept again...

Istio is an open-source service mesh platform that provides a way to connect, monitor, and secure microservices.

The fundamental idea behind Istio is to push microservices concerns into the infrastructure by leveraging Kubernetes.?

This is achieved by including the Envoy proxy as a sidecar container within each Pod.

Since we touch many terminologies, Getting clarity on them and their dependencies is essential in starting with Istio.

Let's dive into it,

1. Istio is an open-source service mesh platform that provides traffic management, security, and observability for microservices. It helps to connect, secure, and manage microservices running in a Kubernetes cluster.
2. Envoy Proxy is a high-performance proxy server. Istio uses it to manage network traffic between microservices. Envoy Proxy is responsible for load balancing, routing, and communication between microservices.
3. Sidecar is a design pattern used in Istio, where each microservice has a separate container called a Sidecar that runs alongside it. The Sidecar container provides service discovery, traffic management, and security features.
4. Ingress is a component in Istio that manages incoming traffic from external sources and routes it to the appropriate microservice. It provides a single entry point for external traffic into the service mesh.
5. Service Mesh is a term used to describe the collection of microservices that work together to provide a complete application. It includes Istio, Envoy Proxy, Sidecar, Ingress, and other components that help manage and secure microservices.

Architecture Diagram of Istio Mesh

The diagram illustrates how an Envoy proxy sits as a sidecar and handles traffic between services.

At a higher level, two components make up the Istio Mesh...

Data Plane ( Envoy Proxy )

The data plane intercepts and routes network traffic between microservices. It performs load balancing, implements routing rules, and manages service communication.

Control Plane

The control plane is responsible for managing the configuration of the service mesh. It defines and distributes policies, routing rules, and other settings to the data plane proxies. It ensures that the desired behaviour and policies are enforced throughout the service mesh.

What's Next?

Read about Manual, Automatic Side car injection at the official istio site.