Posts under Istio
This post is a companion to the talk I gave at Cloud Native Rejekts NA ’19 in San Diego on how to work around common issues when deploying applications with the Istio service mesh in a Kubernetes cluster. The Istio Service Mesh The rise of microservices, powered by Kubernetes, brings new challenges. One of the biggest changes with distributed applications is the need to understand and control the network traffic these microservices generate.
The Istio working group just released Istio 1.4.0 ahead of KubeCon + CloudNativeCon North America in San Diego this week. This post summarizes how this latest version continues the project’s recent focus on improving the operability and performance of Istio for production users. Highlights Continued work on performance improvements with alpha support for Mixer-less telemetry A complete update to service authorization system with the new AuthorizationPolicy Support for Istio installation, control plane configuration, and upgrades in the istioctl command More troubleshooting support in istioctl Proxy sidecar stability and feature improvements Laying the Groundwork for Performance Improvements Istio 1.
In our previous blog post about the Istio service mesh, we provided an overview of Istio’s features and capabilities and why you may (and sometimes may not, at least not yet) want to use it as a service mesh in your Kubernetes clusters. In this post, we’ll dive a little deeper into how Istio can help improve the runtime security of the applications in a service mesh and where it fits in the broader picture of Kubernetes security controls and practices.
Anyone who has even a passing interest in Kubernetes and the cloud native ecosystem has probably heard of Istio. Getting a clear description of what exactly Istio is, what it can (and can’t) do, and whether it’s a technology you might need are all a little harder to find. Hopefully, this post will help clear up some of the confusion. The Istio Service Mesh What is a service mesh? The term “service mesh” can apply either to the set of overlapping network connections between services in a distributed application or to a set of tools used to manage that group of connected services.