Istio, an open-source project formed last year by Google, IBM and the ride-sharing service Lyft to create a consistent way to connect, manage, secure and monitor Kubernetes-based clusters of microservices, is now ready for production.
The creators of the spec today announced the official release of Istio 1.0, which defines a common way to manage traffic between container-based microservices, provide standard enforcement of access policies and a uniform method of aggregating telemetry data for monitoring and management. Launched in May 2017, the Istio project has moved to a production-ready spec in a relatively short amount of time.
Developed by Lyft to provide the service mesh for its popular ride-sharing app, the company contributed the source code and joined forces with Google and IBM to create the project. Since its launch last year, Istio has picked up considerable support.
“Just like Kubernetes greatly simplified containers – it has triggered an exploding ecosystem over the past four years — Istio greatly simplifies services,” Urs Hölzle, Google’s senior VP for technical infrastructure, said during the keynote address at the company’s Google Next conference last week in San Francisco. “You will see a very robust ecosystem of third-party providers and tools emerge for it, very, very soon.”
Google Cloud product manager Dan Ciruli today added that Istio’s release is an important part of its effort to deliver its Cloud Services Platform, the hybrid option announced last week at the Google Next conference that will let organizations run parts of their infrastructure on virtual machines and other components in Kubernetes clusters on premises or in the cloud.
“Istio is at its heart a service mesh—software that layers transparently onto an existing distributed application,” Ciruli said in a blog post announcing the Istio 1.0 release. “It collects logs, traces and telemetry, and adds security and policy without embedding client libraries. Moreover, Istio is also a platform, complete with APIs that let you integrate with systems for logging, telemetry and policy.”
Furthermore, Istio provides a service-based view of interactions across the mesh, Ciruli added, “Whereas traditional monitoring gives you low-level metrics such as nodes’ CPU consumption, Istio measures the actual traffic between services: requests per second, error rates and latency,” he noted. “It also generates a dependency graph, so you can see how services affect one another.”
As more organizations deploy Kubernetes-based clusters, Istio 1.0 will provide management of the underlying microservices, according to IBM Fellow Jason McGee. “Istio 1.0 adds a strong layer of microservice management on top of Kubernetes and other environments,” McGee said, in a blog post. “IBM supports Istio running on top of our IBM Cloud Kubernetes Services (IKS) and our IBM Cloud Private platform. We are providing support for one single Helm chart across IBM Cloud Kubernetes Service (IKS) and IBM Cloud Private (ICP).”
Red Hat is also a strong proponent and earlier supporter of Istio. Brian Harrington, the company’s Istio product manager, today predicted in a blog post that it will quickly become the de facto configurable infrastructure layer for microservices for Kubernetes. “Istio provides a method of integrating services like load balancing, mutual service-to-service authentication, transport layer encryption, and application telemetry requiring minimal (and in many cases no) changes to the code of individual services,” he said.
“This is in juxtaposition to other solutions like the various Java libraries from Netflix OSS,” Harrington added. “Utilizing these libraries requires both the use of Java for development as well as modification to source code, separately integrating these capabilities into each application component. I like to think of Istio as another component in your application stack, providing this functionality without extensive code changes.”
Other contributors to the project include Cisco, Covalent and Stripe. Among those readying Istio-compatible management plug-ins include Datadog, SolarWinds, Sysdig, Google (with Stackdriver) and Amazon Web Services (CloudWatch). Although not mentioned in today’s announcement, Dynatrace VP and chief technology strategist Alois Reitbauer said in an interview last week that its IT ops monitoring software supports Istio but it will extend that to include reconfiguration capabilities in the future.
Policy enforcement and networking tools from Aporeto, Cilium and Styra and Tigera have added Istio support and Apigee, the API management gateway provider acquired by Google, plans to use Istio. The Cloud Foundry Foundation, steward of the Cloud Foundry hybrid PaaS platform supported by IBM, Google, Pivotal, SAP and Ubuntu, among others, has said it will specify Istio into its new traffic routing stack as will Knative for its serverless project.
Fueling Istio’s development is the rapid rise of containerized microservices and broad consensus over the past year that Kubernetes has become the de facto standard for orchestrating clusters of these containers. Cloud-native applications built with microservices and containers are increasingly becoming the preferred approach to modern software development. While Kubernetes container management, orchestration and security, Istio provides a service mesh to manage, monitor and secure them collectively.
Several organizations have already started using Istio including eBay, Auto Trader UK, Descartes Labs, HP FitStation, Namely, PubNub and Trulia, which are using it to manage their respective microservices.