With the recent availability of Istio 1.0 it is not surprising that it continues to capture much attention from the technical press and developer community. As an open platform to connect, manage, and secure microservices, Istio promises to make it much easier to build and operate micro-service based applications. So what is behind all this interest and what problem does it solve?
Off-loading management of service-to-service networking
It’s clear that developing applications as a set of micro-services offers several advantages. Breaking up a large application into a set of services allows individual development teams to focus on building simple services – doing one thing – and doing it very well. Kubernetes adds to this by providing orchestration of containers, scaling, and resiliency.
But because microservices need to be connected, what started out simple suddenly becomes complex. Each development team must now know how to handle secure service-to-service communication, authentication, traffic management, and many other aspects of networking that may go way beyond the skillset of each team. Add to this the operational requirements for observability and management, and things quickly become much more complicated.
Istio reduces this complexity by off-loading management of service-to-service networking to a distributed service mesh. Sidecar proxies, sitting next to each service instance, manage traffic, setup secure connections and work in concert with control plane elements operating across the entire mesh. Load balancing, A/B testing, policy changes, and failure recovery can now all be done without having to get each application development team involved. Most importantly, this single control plane means that it’s now easy to apply a consistent set of policies across the microservices.
By now, you have hopefully heard about Cisco’s hybrid cloud work and partnership with Google , so when our team started to get involved with Istio, we immediately saw an opportunity for Istio to play a role in hybrid computing across multiple public and private clouds. Working upstream with the rest of the Istio community, Cisco engineers helped to develop a model for Istio to move beyond operating within a single Kubernetes cluster by simply extending a single control plane across multiple Kubernetes clusters. This capability is available as an Alpha feature in Istio 1.0, and over time we expect to see the community develop different ways for Istio to play across multiple clouds.
In summary, just as Kubernetes provides orchestration of containers, Istio might best be viewed as providing orchestration of service-to-service networking yielding a much better way to develop and deploy microservice-based applications in a multicloud world.
By Lew Tucker