istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/archive/v0.4/docs/concepts/what-is-istio/overview.html

2 lines
22 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html><html lang="en" itemscope itemtype="https://schema.org/WebPage" style="overflow-y: scroll;"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="title" content="Overview"><meta name="og:title" content="Overview"><meta name="og:image" content="/v0.4/img/logo.png"/><meta name="theme-color" content="#466BB0"/><meta name="description" content="Provides a conceptual introduction to Istio, including the problems it solves and its high-level architecture."><meta name="og:description" content="Provides a conceptual introduction to Istio, including the problems it solves and its high-level architecture."><title>Istioldie 0.4 / Overview</title><script> window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date; ga('create', 'UA-98480406-2', 'auto'); ga('send', 'pageview'); </script> <script async src='https://www.google-analytics.com/analytics.js'></script><link rel="alternate" type="application/rss+xml" title="Istio Blog RSS" href="/v0.4/feed.xml"><link rel="shortcut icon" href="/v0.4/favicons/favicon.ico" ><link rel="apple-touch-icon" href="/v0.4/favicons/apple-touch-icon-180x180.png" sizes="180x180"><link rel="icon" type="image/png" href="/v0.4/favicons/favicon-16x16.png" sizes="16x16"><link rel="icon" type="image/png" href="/v0.4/favicons/favicon-32x32.png" sizes="32x32"><link rel="icon" type="image/png" href="/v0.4/favicons/android-36x36.png" sizes="36x36"><link rel="icon" type="image/png" href="/v0.4/favicons/android-48x48.png" sizes="48x48"><link rel="icon" type="image/png" href="/v0.4/favicons/android-72x72.png" sizes="72x72"><link rel="icon" type="image/png" href="/v0.4/favicons/android-96x196.png" sizes="96x196"><link rel="icon" type="image/png" href="/v0.4/favicons/android-144x144.png" sizes="144x144"><link rel="icon" type="image/png" href="/v0.4/favicons/android-192x192.png" sizes="192x192"><link rel="manifest" href="/v0.4/manifest.json"><meta name="apple-mobile-web-app-title" content="Istio"><meta name="application-name" content="Istio"><link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic,900,900italic"><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"><link rel="stylesheet" href="/v0.4/css/all.css"><link rel="stylesheet" href="/v0.4/css/prism.css"></head><body class="language-unknown"> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script><div class="nav-hero-container" style="z-index: 200000;"><nav id="header-nav" class="navbar navbar-inverse" role="navigation" style="z-index: 200000;"><div class="container"><div class="row"><div class="col-md-11 nofloat center-block "><div class="navbar-header"> <button type="button" class="hamburger navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar-collapse-1" aria-expanded="false"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="navbar-brand" href="/v0.4/"><div> <img src="/v0.4/img/istio-logo.svg" alt="Istio Logo" height="54px"/> <span class="brand-name">Istioldie 0.4</span></div></a></div><div class="collapse navbar-collapse" id="navbar-collapse-1"><ul class="nav navbar-nav navbar-right"><li><a href="/v0.4/about" >About</a></li><li><a href="/v0.4/blog/posts/2017/mixer-spof-myth.html" >Blog</a></li><li><a href="/v0.4/docs/welcome" class='current'>Docs</a></li><li><a href="/v0.4/help" >Help</a></li><li><a href="/v0.4/community" >Community</a></li><li class="dropdown"> <a class="dropdown-toggle" data-toggle="dropdown" href=""> <i class='fa fa-lg fa-cog'></i> <span class="caret"></span> </a><ul class="dropdown-menu"><h6 class="dropdown-header">Other versions of this site</h6><li> <a href="https://istio.io">Current Release</a></li><li> <a href="https://preliminary.istio.io">Next Release</a></li><li> <a href="https://archive.istio.io">Older Releases</a></li></ul></li><li><form name="cse" id="searchbox_demo" class="navbar-form navbar-right" role="search"> <input type="hidden" name="cx" value="013699703217164175118:iwwf17ikgf4" /> <input type="hidden" name="ie" value="utf-8" /> <input type="hidden" name="hl" value="en" /><div class="form-group"><div class="input-group"> <input name="q" class="form-control search-box" type="text" size="30" /><div class="input-group-addon"> <span class="btn-search glyphicon glyphicon-search"></span></div></div></div></form> <script type="text/javascript" src="https://www.google.com/cse/brand?form=searchbox_demo"></script></li></ul></div></div></div></div></nav></div><div class="container"><div class="row"><div class="col-md-11 nofloat center-block" style="margin-top: 3px;"><ul class="col-sm-10 nav nav-tabs"><li role="presentation" ><a href="/v0.4/docs/welcome/">Welcome</a></li><li role="presentation" class='active'><a href="/v0.4/docs/concepts/">Concepts</a></li><li role="presentation" ><a href="/v0.4/docs/setup/">Setup</a></li><li role="presentation" ><a href="/v0.4/docs/tasks/">Tasks</a></li><li role="presentation" ><a href="/v0.4/docs/guides/">Guides</a></li><li role="presentation" ><a href="/v0.4/docs/reference/">Reference</a></li></ul></div></div></div><script src="/v0.4/js/navtree.min.js"></script><div class="container docs"><div class="row"><div class="col-md-11 nofloat center-block"><div class="row"><div id="sidebar-container" class="col-sm-3"><ul class="sidebar"><li><h5 class='sidebar-title'>Concepts</h5></li><script type="text/javascript"> var docs = []; docs.push({path: [ "index.md", ], url: "/docs/concepts/", title: "Concepts", order: 10, overview: "Concepts help you learn about the different parts of the Istio system and the abstractions it uses."}); docs.push({path: [ "policy-and-control", "attributes.md", ], url: "/docs/concepts/policy-and-control/attributes.html", title: "Attributes", order: 10, overview: "Explains the important notion of attributes, which is a central mechanism for how policies and control are applied to services within the mesh."}); docs.push({path: [ "policy-and-control", "index.md", ], url: "/docs/concepts/policy-and-control/", title: "Policies and Control", order: 40, overview: "Introduces the policy control mechanisms."}); docs.push({path: [ "policy-and-control", "mixer-config.md", ], url: "/docs/concepts/policy-and-control/mixer-config.html", title: "Mixer Configuration", order: 30, overview: "An overview of the key concepts used to configure Mixer."}); docs.push({path: [ "policy-and-control", "mixer.md", ], url: "/docs/concepts/policy-and-control/mixer.html", title: "Mixer", order: 20, overview: "Architectural deep-dive into the design of Mixer, which provides the policy and control mechanisms within the service mesh."}); docs.push({path: [ "security", "index.md", ], url: "/docs/concepts/security/", title: "Security", order: 30, overview: "Describes Istio's authorization and authentication functionality."}); docs.push({path: [ "security", "mutual-tls.md", ], url: "/docs/concepts/security/mutual-tls.html", title: "Mutual TLS Authentication", order: 10, overview: "Describes Istio's mutual TLS authentication architecture which provides a strong service identity and secure communication channels between services."}); docs.push({path: [ "traffic-management", "fault-injection.md", ], url: "/docs/concepts/traffic-management/fault-injection.html", title: "Fault Injection", order: 40, overview: "Introduces the idea of systematic fault injection that can be used to uncover conflicting failure recovery policies across services."}); docs.push({path: [ "traffic-management", "handling-failures.md", ], url: "/docs/concepts/traffic-management/handling-failures.html", title: "Handling Failures", order: 30, overview: "An overview of failure recovery capabilities in Envoy that can be leveraged by unmodified applications to improve robustness and prevent cascading failures."}); docs.push({path: [ "traffic-management", "index.md", ], url: "/docs/concepts/traffic-management/", title: "Traffic Management", order: 20, overview: "Describes the various Istio features focused on traffic routing and control."}); docs.push({path: [ "traffic-management", "load-balancing.md", ], url: "/docs/concepts/traffic-management/load-balancing.html", title: "Discovery & Load Balancing", order: 25, overview: "Describes how traffic is load balanced across instances of a service in the mesh."}); docs.push({path: [ "traffic-management", "overview.md", ], url: "/docs/concepts/traffic-management/overview.html", title: "Overview", order: 0, overview: "Provides a conceptual overview of traffic management in Istio and the features it enables."}); docs.push({path: [ "traffic-management", "pilot.md", ], url: "/docs/concepts/traffic-management/pilot.html", title: "Pilot", order: 10, overview: "Introduces Pilot, the component responsible for managing a distributed deployment of Envoy proxies in the service mesh."}); docs.push({path: [ "traffic-management", "request-routing.md", ], url: "/docs/concepts/traffic-management/request-routing.html", title: "Request Routing", order: 20, overview: "Describes how requests are routed between services in an Istio service mesh."}); docs.push({path: [ "traffic-management", "rules-configuration.md", ], url: "/docs/concepts/traffic-management/rules-configuration.html", title: "Rules Configuration", order: 50, overview: "Provides a high-level overview of the domain-specific language used by Istio to configure traffic management rules in the service mesh."}); docs.push({path: [ "what-is-istio", "goals.md", ], url: "/docs/concepts/what-is-istio/goals.html", title: "Design Goals", order: 20, overview: "Describes the core principles that Istio's design adheres to."}); docs.push({path: [ "what-is-istio", "index.md", ], url: "/docs/concepts/what-is-istio/", title: "What is Istio?", order: 10, overview: "A broad overview of the Istio system."}); docs.push({path: [ "what-is-istio", "overview.md", ], url: "/docs/concepts/what-is-istio/overview.html", title: "Overview", order: 15, overview: "Provides a conceptual introduction to Istio, including the problems it solves and its high-level architecture."}); genSideBarTree(docs) </script></ul></div><div id="tab-container" class="col-xs-1 tab-neg-margin pull-left"> <a id="sidebar-tab" class="glyphicon glyphicon-chevron-left" href="javascript:void 0;"> </a></div><div id="content-container" class="thin-left-border col-sm-9 markdown"><div id="toc" class="toc"></div><div id="doc-content"><h1>Overview</h1><p>This document introduces Istio: an open platform to connect, manage, and secure microservices. Istio provides an easy way to create a network of deployed services with load balancing, service-to-service authentication, monitoring, and more, without requiring any changes in service code. You add Istio support to services by deploying a special sidecar proxy throughout your environment that intercepts all network communication between microservices, configured and managed using Istios control plane functionality.</p><p>Istio currently only supports service deployment on Kubernetes, though other environments will be supported in future versions.</p><p>For detailed conceptual information about Istio components see our other <a href="/v0.4/docs/concepts/">Concepts</a> guides.</p><h2 id="why-use-istio">Why use Istio?</h2><p>Istio addresses many of the challenges faced by developers and operators as monolithic applications transition towards a distributed microservice architecture. The term <strong>service mesh</strong> is often used to describe the network of microservices that make up such applications and the interactions between them. As a service mesh grows in size and complexity, it can become harder to understand and manage. Its requirements can include discovery, load balancing, failure recovery, metrics, and monitoring, and often more complex operational requirements such as A/B testing, canary releases, rate limiting, access control, and end-to-end authentication.</p><p>Istio provides a complete solution to satisfy the diverse requirements of microservice applications by providing behavioral insights and operational control over the service mesh as a whole. It provides a number of key capabilities uniformly across a network of services:</p><ul><li><p><strong>Traffic Management</strong>. Control the flow of traffic and API calls between services, make calls more reliable, and make the network more robust in the face of adverse conditions.</p></li><li><p><strong>Observability</strong>. Gain understanding of the dependencies between services and the nature and flow of traffic between them, providing the ability to quickly identify issues.</p></li><li><p><strong>Policy Enforcement</strong>. Apply organizational policy to the interaction between services, ensure access policies are enforced and resources are fairly distributed among consumers. Policy changes are made by configuring the mesh, not by changing application code.</p></li><li><p><strong>Service Identity and Security</strong>. Provide services in the mesh with a verifiable identity and provide the ability to protect service traffic as it flows over networks of varying degrees of trustability.</p></li></ul><p>In addition to these behaviors, Istio is designed for extensibility to meet diverse deployment needs:</p><ul><li><p><strong>Platform Support</strong>. Istio is designed to run in a variety of environments including ones that span Cloud, on-premise, Kubernetes, Mesos etc. Were initially focused on Kubernetes but are working to support other environments soon.</p></li><li><p><strong>Integration and Customization</strong>. The policy enforcement component can be extended and customized to integrate with existing solutions for ACLs, logging, monitoring, quotas, auditing and more.</p></li></ul><p>These capabilities greatly decrease the coupling between application code, the underlying platform, and policy. This decreased coupling not only makes services easier to implement, but also makes it simpler for operators to move application deployments between environments or to new policy schemes. Applications become inherently more portable as a result.</p><h2 id="architecture">Architecture</h2><p>An Istio service mesh is logically split into a <strong>data plane</strong> and a <strong>control plane</strong>.</p><ul><li><p>The <strong>data plane</strong> is composed of a set of intelligent proxies (Envoy) deployed as sidecars that mediate and control all network communication between microservices.</p></li><li><p>The <strong>control plane</strong> is responsible for managing and configuring proxies to route traffic, as well as enforcing policies at runtime.</p></li></ul><p>The following diagram shows the different components that make up each plane:</p><figure><img src="./img/architecture/arch.svg" alt="The overall architecture of an Istio-based application." title="Istio Architecture" /><figcaption>Istio Architecture</figcaption></figure><h3 id="envoy">Envoy</h3><p>Istio uses an extended version of the <a href="https://envoyproxy.github.io/envoy/">Envoy</a> proxy, a high-performance proxy developed in C++, to mediate all inbound and outbound traffic for all services in the service mesh. Istio leverages Envoys many built-in features such as dynamic service discovery, load balancing, TLS termination, HTTP/2 &amp; gRPC proxying, circuit breakers, health checks, staged rollouts with %-based traffic split, fault injection, and rich metrics.</p><p>Envoy is deployed as a <strong>sidecar</strong> to the relevant service in the same Kubernetes pod. This allows Istio to extract a wealth of signals about traffic behavior as <a href="/v0.4/docs/concepts/policy-and-control/attributes.html">attributes</a>, which in turn it can use in <a href="/v0.4/docs/concepts/policy-and-control/mixer.html">Mixer</a> to enforce policy decisions, and be sent to monitoring systems to provide information about the behavior of the entire mesh. The sidecar proxy model also allows you to add Istio capabilities to an existing deployment with no need to rearchitect or rewrite code. You can read more about why we chose this approach in our <a href="/v0.4/docs/concepts/what-is-istio/goals.html">Design Goals</a>.</p><h3 id="mixer">Mixer</h3><p><a href="/v0.4/docs/concepts/policy-and-control/mixer.html">Mixer</a> is a platform-independent component responsible for enforcing access control and usage policies across the service mesh and collecting telemetry data from the Envoy proxy and other services. The proxy extracts request level <a href="/v0.4/docs/concepts/policy-and-control/attributes.html">attributes</a>, which are sent to Mixer for evaluation. More information on this attribute extraction and policy evaluation can be found in <a href="/v0.4/docs/concepts/policy-and-control/mixer-config.html">Mixer Configuration</a>. Mixer includes a flexible plugin model enabling it to interface with a variety of host environments and infrastructure backends, abstracting the Envoy proxy and Istio-managed services from these details.</p><h3 id="pilot">Pilot</h3><p><a href="/v0.4/docs/concepts/traffic-management/pilot.html">Pilot</a> provides service discovery for the Envoy sidecars, traffic management capabilities for intelligent routing (e.g., A/B tests, canary deployments, etc.), and resiliency (timeouts, retries, circuit breakers, etc.). It converts a high level routing rules that control traffic behavior into Envoy-specific configurations, and propagates them to the sidecars at runtime. Pilot abstracts platform-specifc service discovery mechanisms and synthesizes them into a standard format consumable by any sidecar that conforms to the <a href="https://github.com/envoyproxy/data-plane-api">Envoy data plane APIs</a>. This loose coupling allows Istio to run on multiple environments (e.g., Kubernetes, Consul/Nomad) while maintaining the same operator interface for traffic management.</p><h3 id="istio-auth">Istio-Auth</h3><p><a href="/v0.4/docs/concepts/security/mutual-tls.html">Istio-Auth</a> provides strong service-to-service and end-user authentication using mutual TLS, with built-in identity and credential management. It can be used to upgrade unencrypted traffic in the service mesh, and provides operators the ability to enforce policy based on service identity rather than network controls. Future releases of Istio will add fine-grained access control and auditing to control and monitor who accesses your service, API, or resource, using a variety of access control mechanisms, including attribute and role-based access control as well as authorization hooks.</p><h2 id="whats-next">Whats next</h2><ul><li><p>Learn about Istios <a href="/v0.4/docs/concepts/what-is-istio/goals.html">design goals</a>.</p></li><li><p>Explore our <a href="/v0.4/docs/guides/">Guides</a>.</p></li><li><p>Read about Istio components in detail in our other <a href="/v0.4/docs/concepts/">Concepts</a> guides.</p></li><li><p>Learn how to deploy Istio with your own services using our <a href="/v0.4/docs/tasks/">Tasks</a> guides.</p></li></ul></div></div></div></div></div></div><script src="/v0.4/js/sidebar.min.js"></script><footer><div class="container"><div class="row"><div class="col-lg-2 col-md-2 col-sm-2"></div><div class="col-lg-3 col-md-3 col-sm-3 col-xs-12 center-block"><ul><li><a class="header" href="/v0.4/docs/welcome">Docs</a></li><li><a href="/v0.4/docs/concepts">Concepts</a></li><li><a href="/v0.4/docs/setup">Setup</a></li><li><a href="/v0.4/docs/tasks">Tasks</a></li><li><a href="/v0.4/docs/guides">Guides</a></li><li><a href="/v0.4/docs/reference">Reference</a></li></ul></div><div class="col-lg-3 col-md-3 col-sm-3 col-xs-12 center-block"><ul><li><a class="header" href="/v0.4/help">Help</a></li><li><a href="/v0.4/faq">FAQ</a></li><li><a href="/v0.4/glossary">Glossary</a></li><li><a href="/v0.4/troubleshooting">Troubleshooting</a></li><li><a href="/v0.4/bugs">Report Bugs</a></li><li><a href="https://github.com/istio/istio.github.io/issues/new?title=Issue with _docs/concepts/what-is-istio/overview.md">Doc Bugs & Gaps</a></li><li><a href="https://github.com/istio/istio.github.io/edit/master/_docs/concepts/what-is-istio/overview.md">Edit This Page</a></li></ul></div><div class="col-lg-3 col-md-3 col-sm-3 col-xs-12 center-block"><ul><li> <a class="header" href="/v0.4/community">Community</a></li><li> <a href="https://groups.google.com/forum/#!forum/istio-users" target="_blank" rel="noopener">User</a> | <a href="https://groups.google.com/forum/#!forum/istio-dev" target="_blank" rel="noopener">Dev Mailing Lists</a></li><li><a href="https://twitter.com/IstioMesh" target="_blank" rel="noopener">Twitter</a></li><li><a href="https://stackoverflow.com/questions/tagged/istio" target="_blank" rel="noopener">Stack Overflow</a></li><li><a href="https://github.com/istio/community" target="_blank" rel="noopener">GitHub</a></li><li><a href="https://github.com/istio/community/blob/master/WORKING-GROUPS.md" target="_blank" rel="noopener">Working Groups</a></li></ul></div><div class="col-lg-1 col-md-1 col-sm-1"></div></div><div class="row"><p class="description small text-center"> Istio 0.4, Copyright &copy; 2017 Istio Authors<br> Archived on 20-Dec-2017</p></div></div></footer><script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/jquery.validate.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery.form/4.2.1/jquery.form.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-visible/1.2.0/jquery.visible.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.6.0/slick.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> <script src="/v0.4/js/common.min.js"></script> <script src="/v0.4/js/search.js"></script> <script src="/v0.4/js/prism.min.js"></script></body></html>
Reference in New Issue View Git Blame Copy Permalink