Istio - A Service Mesh for Microservices

A follow up to Microservices & Securitypost.

I spoke about using a tool such as Istio to secure and manage microservices. Istio released v1.0 on July 31, 2018 and currently is at v1.0.2 as of September 18, 2018.

Per the website: Istio provides behavioral insights and operational control over the service mesh as a whole, offering a complete solution to satisfy the diverse requirements of microservice applications.

The means Istio is an end-to-end solution to controlling a complex spider web of services through the usage of it's split architecture shown below.

Istio Architecture

Two of the largest befits to using Istio is automatic metrics and secure service-to-service communications. Istio will automatically grab a ton of statically information and logs for a cluster pushing that information to a dashboard (below) for developers and managers to view.

Istio Dashboard

The realtime graphs show exactly how the services are working within the environment to provide direct intelligent on system health.

Secondly, Istio provides secure communications between services by default. Pilot, Mixer, Citadel, Galley, and Envoy provide different parts of the security architecture. Each of these services runs within the VM cluster to provide a single set of functions but together protect the service mesh. You can read the detailed information on the Istio website.

Istio is not just for Kubenetes environment. According to documentation, this can be deployed in other cloud or on-premises environments. Microservices are expanding the zero trust model to cover individual services and protecting core functions and data from threat actors. Istio is a step forward in how these are managed, controlled, and secured in the complex cloud systems deployed today.

Jesse Spangenberger

Jesse Spangenberger