refcard cover
Refcard #306

Getting Started With Istio

Learn the basics of Istio and explore the concept of a service mesh. This Refcard outlines how to install Istio, how to use intelligent routing, how to enable service-to-service security and access control, and much more.

Published: Jul. 11, 2019
Free PDF for Easy Reference
refcard cover

Written By

author avatar Christian Posta
author avatar Alex Soto
Software Engineer, Red Hat
Section 1

What Is a Service Mesh and Istio?

A service mesh is a decentralized application infrastructure for making service-to-service communication safe, reliable, and understandable.

A service mesh uses a "service proxy" deployed with each application instance to facilitate this functionality. A service proxy understands Layer 7 requests and messages and can route, secure, observe, and apply policy to these messages consistently and independently of how the service is implemented. The proxies deployed in a single cluster domain form the "mesh."

Istio is an open-source service mesh, which allows you to connect, secure, and control the traffic for your microservices in a declarative and non-intrusive way much like Kubernetes.

Some of the features that Istio enables for cloud-native applications:

  • Intelligent routing and client-side software load balancing

  • Resilience against service and network failures

  • Policy enforcement between services

  • Observability of your L7 communication

  • Securing service to service communication

Section 2

Istio Architecture

Istio follows the typical service-mesh architecture with the following logical separation:

  • Data plane that is composed of Envoy service proxies deployed (as a sidecar) along with your service through which all application traffic flows

  • Control plane that manages and configures the data plane (Envoy service proxies) while also managing back-end infrastructure that complements the data plane (like metrics sinks, policy engines, and security infrastructure)

All communication within the service mesh happens through each application's Envoy proxy. Any service resilience logic (retries, time-outs, circuit breaking, etc.) can be moved from your service into the service mesh.

This is a preview of the Getting Started With Istio Refcard. To read the entire Refcard, please download the PDF from the link above.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}