What is a service mesh?
- Helps "load balance", enable service to service authentication and monitoring.
|1||Istio service mesh||https://istio.io/latest/about/service-mesh/|
|4||Istio policy enforcement||https://istio.io/latest/docs/tasks/policy-enforcement/|
|5||Istio traffic management||https://istio.io/latest/docs/tasks/traffic-management/|
Istio case studies and docs
Security for enterprise applications:
# to control the version and target arch # curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.14.1 TARGET_ARCH=x86_64 sh - curl -L https://istio.io/downloadIstio | sh - # a folder will be downloaded of the latest release version cd istio-1.14.1 # move the istioctl client binary to folder in PATH mv bin/istioctl /usr/local/bin/ # application samples are found in the samples folder ls -m samples
The Istio architecture is documented on this page: https://istio.io/latest/docs/ops/deployment/architecture/
Istio service mesh is split into two layers, the data plane and the control plane.
The data plane consists of Envoy proxies deployed as sidecars.
The control plane manages and configures these proxies to route traffic.
Then general diagram found from the Istio Architecture document.
Envoy proxies are the only Istio components that interact with the data plane.
These proxies are deployed as sidecars to services and augment the services with Envoy's features.
Envoy helps with:
DNS sidecar proxy is needed
DNS sidecar proxy