Managing microservices with Istio
Nowadays, there are more and more developers adopting a microservices approach to build their applications.
One of the main drivers for this is the need to build cloud-native applications, which are continuously available and dynamically scalable. This approach helps the developers break the applications into small, manageable pieces that can be developed and managed independently by different teams.
A microservices approach has a lot of benefits, but can also be complex. Before a service can be deployed into production, many data and control plane issues relating to the operability of the service must be resolved, including:
- how to provide services discovery and request routing between different microservices
- how to control and secure access to the application and to individual microservices
- how to efficiently scale up (and down) microservices while maintaining connectivity and overall application resiliency
- how to collect and send logging and monitoring data for later consumption
- how to enable DevOps functions, such as Canary deployments, A/B testing and gradual rollouts or roll-backs
Traditionally, much of that functionality had to be invented or rediscovered by every new application team, with support codified into the different microservices. While this may be an achievable goal within the confines of a single application and source base, as applications grow more complex and microservices are implemented using different languages and runtimes, the work becomes tedious and open to error.
By implementing a common microservices fabric, Istio addresses many of the challenges faced by developers and operators as monolithic applications transition to a distributed microservices architecture.
The initial (0.1) release was just announced at the Glue 2017 Conference. It is a result of collaboration between IBM, Google and Lyft to provide traffic flow management, access policy enforcement and telemetery data aggregation between microservices. All those are achieved without requiring any changes to the application code. Thus, developers can focus on business logic and quickly integrate new features.
Istio provides an infrastructure-level solution for managing all service-to-service communications. By deploying a special sidecar proxy to intercept and act on traffic between microservices throughout the environment, Istio provides a straightforward way to create a network of deployed services, often referred to as a “service mesh.” Istio automatically collects service metrics, logs and call traces for all traffic within a cluster, including cluster ingress and egress. The use of sidecar proxies enables a gradual and transparent introduction without architectural or application code changes.
The service mesh is configured and managed using Istio’s control plane functionality to deliver the required quality of service attributes, such as load balancing, fine-grain routing, service-to-service authentication, monitoring and more. Istio’s Mixer component provides a pluggable policy layer supporting fine-grain access controls, rate limits and quotas. Since Istio has a control on communication between services, it can enforce authentication and authorization between any pair of communication services,
Istio is not targeted at any specific deployment environment. During the initial stages of development, and as it currently stands, Istio supports Kubernetes-based deployments. However, it is being built to enable rapid and easy adaptation to other environments, such as VMs and Cloud Foundry.
How we got there and what’s next
Our journey to microservices fabric started with developing and open-sourcing Amalgam8. Amalgam8 provided service discovery, smart routing capabilities and controlled resiliency testing.
Istio is the next step in our journey, bringing more powerful functionality and capability around security, policy management, rate limiting, auditing and basic API management.
We are excited to continue to work on building and extending Istio. One of the goals is providing security policy enforcement together with data collection and analytics. It can be extremely helpful to reaching compliance in the cloud native deployments.
What do you like about Istio. and what are the main challenges when it comes to building and operating microservices applications?
- developerWorks: IBM, Google and Lyft give microservices a ride on the Istio Service Mesh by IBM Fellow Jason McGee
- Forbes: Google, IBM And Lyft Want To Simplify Microservices Management With Istio
- Research blog: Upping the microservices game with Istio: A microservice mesh by IBM Fellow Tamar Eilam
via Cloud computing news https://ibm.co/2cigQr9
June 5, 2017 at 03:24AM