Istio Service Mesh

1. Proposition

  • Services are usually composed of many Pods executing containers. 
  • A single application may consist of numerous services.
  • Each service may have multiple versions deployed concurrently.
  • Service-to-service communication occurs over the network.
  • Networks can be unreliable and insecure, so services must identify and deal with network idiosyncrasies. 
  • Istio uses side-car proxies to enhance network security, reliability, and visibility.
  • Network functions are abstracted away from the application's primary container, and implemented in a common out-of-process proxy delivered as a separate container in the same Pod.