Scribd
Upload
42 views

Kubernetes Istio Freshers - Experienced

Uploaded by

devinegoal34
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
42 views

Kubernetes Istio Freshers - Experienced

Uploaded by

devinegoal34
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

FREE FRESHRE’S AND EXPERIENCED

DEVOPS/SRE JOB READY COURSE


❖ RECORDED VIDEOS ON YOUTUBE
WEEK BY WEEK PROJECTS AND VIDEOS
❖ YOUTUBE - https://www.youtube.com/praveensingampalli
❖ TELEGRAM - https://t.me/DevOpsSREbootcamp3
❖ INSTAGRAM – SINGAM4DEVOPS
❖ WEBSITE - www.praveensingampalli.com
ISTIO
Istio is an open source service mesh platform that provides a way to control how microservices share data
with one another. It includes APIs that let Istio integrate into any logging platform, telemetry, or policy
system. Istio is designed to run in a variety of environments: on-premise, cloud-hosted, in Kubernetes
containers, in services running on virtual machines, and more.

● Traffic management - Traffic routing and rules configuration in Isitio allow you to control the flow of traffic and API calls
between services.
● Security - Istio provides the underlying communication channel and manages authentication, authorization, and encryption of
service communication at scale. With Istio, you can enforce policies consistently across multiple protocols and runtimes with
minimal application changes. When using Istio with Kubernetes (or infrastructure) network policies, the benefits include the
ability to secure pod-to-pod or service-to-service communication at the network and application layers.
● Observability - Get insights into your service mesh deployment with Istio’s tracing, monitoring, and logging features.
Monitoring lets you see how service activity impacts performance upstream and downstream. Custom dashboards provide
visibility into the performance of all your services.
ISTIO Architecture

Istio service mesh provides a modular architecture similar to kubernetes logically splitted into a control plane and
a data plane:

The control plane: is the brain of the main network who manage,
control, and supervise the network of microservies.

The control plane manages and configures the proxies to route traffic.
Additionally, the control plane configures Mixers to enforce policies and
collect telemetry.

The data plane: The data plane is composed of a set of intelligent


proxies (Envoy) deployed as sidecars.

These proxies mediate and control all network communication between


microservices along with Mixer, a general-purpose policy and telemetry
hub.

The sidecars deployed within the services and acting as proxy form the
service mesh network.
Components
Routing in Small Picture
Routing in Big Picture
Final Overview
● The ingress controller is responsible for allowing and redirecting the inbound traffic to the services running inside the
service mesh.
● The egress controller is responsible for allowing outbound traffic from the service mesh. If an application should
connect, for example, to an external database or service, such configuration should be explicitly defined for the
egress controller.
● Pilot and Galley are responsible for the mesh configuration: they pull data from Kubernetes API Server and mix it
with the local configuration defined within the mesh then push the configuration to different proxies forming the mesh.
● Citadel push tls certificate to services enabling mutual TLS.
● Mixer has two roles: gather metrics from the different components and enforce policy by double check each request.
In a high level deployment scenario Telemetry and Policy check should be deployed separately.
● Dashboards gather metrics from the telemetry service and display it in a user friendly format.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy