DEV Community

Cover image for Istio - Your next K8s must-have tool
Maxime Guilbert
Maxime Guilbert

Posted on • Updated on

Istio - Your next K8s must-have tool

If you're working with K8s and you don't know what Istio is, this post is for you!

What is Istio?

Istio is a service mesh based on Envoy. (https://www.envoyproxy.io/)

A service mesh is a dedicated infrastructure layer for facilitating service-to-service communications between services or microservices, often using a sidecar proxy. (https://en.wikipedia.org/wiki/Service_mesh)

It has 4 objectives :

  • Connect
  • Secure
  • Control
  • Observe

Connect

It will help you to connect services, load balance the traffic between them, set-up fault injection to test your infra, set-up circuit breaker...

For example, you can define weight to destinations to have a percentage of the traffic going in a specific feature, and the rest in another one. Really powerful for testing a new feature.

Alt Text

Secure

By default, Istio does its best to secure traffic and setup TLS between your services or with external services. It also works with databases and other services that are not exposing services on HTTP or HTTPS ports.

Also, you can set-up multiple things for Authentication and Authorization, like mutual TLS, checking JWT tokens...

Control

With its Ingress-Egress Gateway and all the traffic management, you easily have full control of the traffic.

The best example is the Gateway. You can block all the traffic and only open what you need or what you want to expose, only with Kubernetes elements. (No need to set-up a firewall or specific similar tools)

Observe

Istio is natively set-up to have good observability of all the traffic and services. It embeds Prometheus, and if you want it can install for you some other tools like:

I won't speak about these tools because they need their post.


Why do you need Istio?

Easy to use

As we saw, Istio will simplify your life on a Kubernetes cluster. Just by installing Istio, you can have a cluster with basic security and all the tools to observe your services. Then just with little bricks, you can add more security.

All is Kubernetes

And the most important part, all Istio's elements are Kubernetes elements! So you don't need to know how to set-up firewalls or some other networking tools...


How-to install Istio?

First, install Istio on your cluster following the documentation (https://istio.io/latest/docs/setup/install/) where you have multiples processes to do it. (with Helm, Istioctl...)

Then add the label "istio-injection: enabled" to the namespaces where you want Istio to act.

 kubectl label ns my-namespace istio-injection=enabled
Enter fullscreen mode Exit fullscreen mode

Finally, restart all your pods in these namespaces and the Istio agent will be automatically injected into your service.


Links


By my side, I crushed on this tool at the moment I understand what I was able to do with it.

I hope it will help you!

Top comments (0)