A Match made in heaven.

New architectural patterns new problems to be thought of and solved. That’s for sure when you work with system architecture and not different with microservices architecture adoption. I don’t want to make you give up for sure :) Overall there are more advantages than problems.

Basically, you need think on D+0 in traffic monitoring, access control, discovery, security, resilience.

There are a lot of good things, right?

I’m assuming that you have some basic concepts about Kubernetes (k8s)

Service Mesh

So, What is Service Mesh? It is a configurable infrastructure layer for microservices application. It makes communication between service instances flexible, reliable, and fast… it provides: service discovery, load balancing, encryption, authentication and authorization, support for the circuit breaker and other capabilities.

Istio does all that, but it doesn’t require any changes to the code of any of those services.

How does Istio work?

The magic happens, Istio deploys a proxy (sidecar) next to each service. Istio service mesh is a sidecar container implementation of the features and functions needed when creating and managing microservices.

By using the sidecar model, Istio runs in a Linux container in your Kubernetes pods.

Setup

Download and extract the latest release.

curl -L https://git.io/getLatestIstio | sh - cd istio-1.0.5 kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml

After Installing Istio with default mutual TLS authentication, when you use this option deployed workloads are guaranteed to have Istio sidecars installed.

kubectl apply -f install/kubernetes/istio-demo-auth.yaml

If you want other options for install check the following link, please https://istio.io/docs/setup/kubernetes/quick-start/

Don't forget to enable Istio injection configuration. It automatically inject Envoy containers into your application pods.

kubectl label namespace <namespace> istio-injection=enabled

Or if you prefer, you can inject manually

istioctl kube-inject -f <your-app-spec>.yaml | kubectl apply -f -

Verifying the installation