Istio - Service Mesh

1. Docs
2. API Access Control
3. Maistra Istio
4. Admiral
5. Ambient Mesh - Istio Data Plane
6. Kiali project, observability for the Istio service mesh
7. Jaeger tracing. Open source, end-to-end distributed tracing
8. Envoy micro proxy
   1. Envoy Gateway
9. Kibana
10. AWS App Mesh
11. Istio and AWS EKS
12. Istio Tools
13. Videos
14. Tweets

Docs

• Istio.io
• github.com: Istio
• blog.openshift.com: How to Explain Service Mesh in Plain English
• Red Hat Developer: Istio Service Mesh
• karlstoney.com: Istio 503’s with UC’s and TCP Fun Times
• medium.com/solo-io blog Connecting the world’s applications with APIs and Service Mesh
• medium.com/solo-io: Istio the Easy Way (Again!)
• blog.christianposta.com: Istio as an Example of When Not to Do Microservices
• istiobyexample.dev 🌟
  • istiobyexample.dev: Fault Injection
• medium.com: Getting started with Istio
• blog.openshift.com: Red Hat OpenShift Service Mesh is now available: What you should know 🌟
• magalix.com: Getting Started With Istio: Overview And Installation
• The Istio project just consolidated its control plane services: Pilot, Citadel, Galley, and the sidecar injector, into a single binary, Istiod
• magalix.com: Working with Istio: Track your services with Kiali
• banzaicloud.com: Istio telemetry V2 (Mixerless) deep dive
• medium.com: How to Manage Microservices on Kubernetes With Istio How to implement DevSecOps on microservices architecture with a service mesh
• github.com/askmeegs/learn-istio 🌟
• banzaicloud.com: What’s new in Istio 1.6, a quick walkthrough
• Riding the Tiger: Lessons Learned Implementing Istio 🌟
• dev.to/aurelievache: Understanding Istio: part 1 – Istio Components
  • dev.to/aurelievache: Understanding Istio: part 9 – DestinationRule
  • dev.to/aurelievache: Understanding Istio: part 16 – Observability / Metrics
• banzaicloud.com: Controlling egress traffic with Istio
• banzaicloud.com: Istio ingress controller as an API gateway
• openshift.com: Monitoring Services like an SRE in OpenShift ServiceMesh Part 2: Collecting Standard Metrics 🌟
• istio.io: Learn Microservices using Kubernetes and Istio 🌟 step-by-step tutorial
• thenewstack.io - Service Mesh: The Gateway to Cloud Migration
• thenewstack.io: Kubernetes, Microservices, and Istio  — A Great Fit!
• medium: Observability With Istio, Kiali, and Grafana in Kubernetes and Spring Boot 🌟
• solo.io: Learn how to rate limit requests in Istio 🌟
• solo.io: Identity Federation for Multi-Cluster Kubernetes and Service Mesh
• sysdig.com: How to monitor Istio, the Kubernetes service mesh
• tetrate.io: VM to container communications 101 How can I use Istio Service Mesh to make VMs and containers talk to each other?
• redhat-scholars: istio-tutorial 🌟 Polyglot microservices (Java, Node, .NET) + Istio on Kubernetes/OpenShift
• medium: Introduction to Istio Traffic Management. Traffic Routing with Istio by Example 🌟
• loginradius.com: Istio Service Mesh: A Beginners Guide 🌟 This post will give a high-level introduction to Istio and its related concepts and terminologies.
• dzone: The Kubernetes Service Mesh: A Brief Introduction to Istio 🌟 In this blog we explore what the Istio service mesh is, its architecture, when and where to use it, plus some criticisms of the platform.
• blog.jetstack.io: Istio OIDC Authentication A service mesh is an architectural pattern that provides common network services as a feature of the infrastructure. This typically includes features such as service discovery and policy enforcement to control how services within the mesh can communicate with each other.
• medium.com: Increasing observability on Istio: The new Kiali health configuration
• dzone: Istio Service Mesh, the Step-by-Step Guide, Part 1: Theory 🌟 In Part 1, we go over the concepts behind Istio and Service Mesh, such as their architecture, how they function, and more.
  • dzone: Istio Service Mesh, the Step-by-Step Guide, Part 2: Tutorial 🌟
• solo.io: The evolution of VM support in Istio 1.8 (with video)
• jetstack.io: Securing Istio workloads with mTLS using cert-manager
• thenewstack.io: Why Do You Need Istio When You Already Have Kubernetes? 🌟
• medium: Managing Microservices With Istio Service Mesh in Kubernetes
• thenewstack.io: Solo.io: Istio Is Winning the Service Mesh War
• dzone: vice Meshes: Why Istio? An Introduction There are 3 leading contenders in the cluster ecosystem for service mesh, all open source. We compare and discuss why Istio is the best choice in most scenarios.
• tetrate.io: Why do you need Istio when you already have Kubernetes?
• learncloudnative.com: Attach multiple VirtualServices to Istio Gateway
• thenewstack.io: What Is Istio and Why Does Kubernetes Need it? 🌟
• youtube: Istio & Service Mesh - simply explained in 15 mins 🌟
• dev.to: A GitOps recipe for Progressive Delivery with Istio 🌟 GitOps and Progressive Delivery featuring IstioMesh, PrometheusIO, Flux v2 & Flagger.
• samos-it.com: Securing Redis with Istio TLS origination Istio is daunting and not all use cases are well documented. The public docs focus mostly on using the egress gateway for TLS orignation. The use case of using the sidecar for TLS origination with a database isn’t documented well. This blog post hopes to solve that.
• solo.io: Istio multi-cluster on Red Hat OpenShift with Gloo Mesh
• giffgaff.io: Using Istio with Nginx ingress
• solo.io: Ode to Istio 🌟
• thenewstack.io: Istio 1.10 Improves Scalability and Revision Control
• istio.io: Configuring failover for external services Learn how to configure locality load balancing and failover for endpoints that are outside of your mesh.
• medium: Automated canary deployments with Flagger and Istio
• thenewstack.io: Multicluster Management with Kubernetes and Istio
• piotrminkowski.com: Multicluster Traffic Mirroring with Istio and Kind
• thenewstack.io: Securing Istio Workloads with Auth0
• tetrate.io: Multicluster Management with Kubernetes and Istio 🌟
• thenewstack.io: Why Do You Need Istio When You Already Have Kubernetes? 🌟
• solo.io: Upgrading Istio without Downtime
• tetrate.io: Using Istio Service Mesh as API Gateway 🌟
• mirantis.com: Your App Deserves More than Kubernetes Ingress: Kubernetes Ingress vs. Istio Gateway [webinar]
• solo.io: Configuration as Data, GitOps, and Controllers: it’s not simple for multi-cluster
• solo.io: Istio’s networking: An in-depth look at traffic and architecture 🌟 Istio’s networking in a demo environment
• solo.io: Navigating Istio Config: a look into Istio’s toolkit
• inder-devops.medium.com: On-premise to cloud migration mock drills using Istio 🌟 Part 1 of a series of articles about cloud migration. Application workload migration from one kubernetes cluster to another using Istio. This article explains an approach that makes use of service mesh capability to migrate entire platform from onpremise to cloud or cluster to cluster migration.
• baeldung.com: Service Mesh Architecture with Istio
• chrishaessig.medium.com: Multi cluster setup with istio
• elastisys.com: Istio and OAuth2-Proxy in Kubernetes for microservice authentication
• medium.com/@sumudu_liyan: How To Install Istio On Kubernetes Cluster
• engineering.mercari.com: Dynamic Service Routing using Istio With Dynamic Service Routing you can route traffic between different versions of each microservice dynamically. Learn how you can do so with Kubernetes and Istio in this article
• medium.com/@nanditasahu031: Istio Service Mesh 🌟
• istio.io: Merbridge - Accelerate your mesh with eBPF Replacing iptables rules with eBPF allows transporting data directly from inbound sockets to outbound sockets, shortening the datapath between sidecars and services.
• freecodecamp.org: Learn Istio – How to Manage, Monitor, and Secure Microservices 🌟
• useanvil.com: Load balancing gRPC in Kubernetes with Istio
• jimmysong.io: Understanding the Sidecar Injection, Traffic Intercepting & Routing Process in Istio This article will cover Istio and:
  • What is the sidecar pattern and what advantages does it have?
  • How are the sidecar injections done in Istio?
  • How does the sidecar proxy do transparent traffic hijacking?
  • How is the traffic routed upstream?
• blog.getambassador.io: Kubernetes Canary Testing and Release with Istio In this article, you’ll learn about Canary testing in Kubernetes and how Istio can help perform seamless Canary upgrades
• medium.com/globant: Istio JWT Authentication & Authorization at the edge This article covers:
  • What is a JWT, and why should you care?
  • Dissecting Istio’s JWT edge authentication & authorization
  • How to build an external authz service for Istio
• medium.com/codex: Egress Traffic Control for Nginx Ingress Controller with Istio Proxy Sidecar
• medium.com/marionete: How to expose Kubernetes services to external traffic using Istio Gateway In this article, you’ll walk through the necessary configurations to expose services inside a Service Mesh to external traffic. The first scenario covers an HTTP endpoint, while the second examines the HTTPS configurations.
• natarajsundar.medium.com: Istio service mesh, a start to finish tutorial with Side Car architecture and an analysis + comparison of the Ambient mesh architecture In this blog post, you will find an end-to-end tutorial on how to get Istio up and running in your Kubernetes cluster. You will also discuss the Istio Ambient Mesh.
• alexandrev.medium.com: How To Enable Sticky Session on Your Kubernetes Workloads using Istio? 🌟
• medium.com/@wessel__: Istio with Authentik: securing your cluster and providing authentication and authorization In this article, you will learn how to manage user access to individual apps deployed in your cluster using Istio and Authentik
• medium.com/@hammadsaif061: Simplifying Microservices Management with Kubernetes and Service Mesh
• itnext.io: Taffic Shaping - Kubernetes & Istio | Daniele Polencic How can you roll out an app only to a subset of your users in Kubernetes? Let’s explore Canary Releases with Istio, Kiali and the Gateway API!
• medium.com/@lupass93: Zero Trust Architecture on Kubernetes with Istio Service Mesh This article will show how to implement a Zero Trust Architecture on Kubernetes with Istio:
  • What is Zero Trust Architecture
  • Istio Architecture
  • How to enable mTLS
  • How to enable access control and authorization between your microservices
• medium.com/hamburger-berater-team: Varnish Sharding with Istio in Kubernetes How to use Istio to transparently implement consistent Hash-based Load Balancing across multiple Varnish instances — sharding based on the HTTP request URI.
• medium.com/@marc.guerrini: DIY — Istio — validate JWT his tutorial demonstrates how to protect an application using Istio, from initial setup to adding security features to the ingress gateway

API Access Control

• medium: API Access Control using Istio Ingress Gateway
• medium: API Authentication using Istio Ingress Gateway, OAuth2-Proxy and Keycloak

Maistra Istio

• Maistra.io
• github.com: Maistra Istio
• Installing on OKD/OCP

Admiral

• istio-ecosystem/admiral Admiral provides automatic configuration and service discovery for multicluster Istio service mesh. Istio has a very robust set of multi-cluster capabilities. Managing this configuration across multiple clusters at scale is challenging. Admiral takes an opinionated view on this configuration and provides automatic provisioning and syncing across clusters. This removes the complexity for developers and mesh operators.

Ambient Mesh - Istio Data Plane

• istio.io: Introducing Ambient Mesh A new dataplane mode for Istio without sidecars.

Kiali project, observability for the Istio service mesh

• kiali.io
• github.com: kiali
• medium.com: kiali project
• itnext.io: Find issues in your Istio mesh with Kiali
• dzone: Deployment Monitoring Tools — Kiali A description of common issues with deployment monitoring, and a features list of Kiali and how to use it.

Jaeger tracing. Open source, end-to-end distributed tracing

• Monitor and troubleshoot transactions in complex distributed systems
• jaegertracing.io
• hackernoon.com: A Guide to Deploying Jaeger on Kubernetes in Production
• hackernoon.com: How To Use OpenTelemetry And Jaeger To Implement Distributed Tracing And APM
• faun.pub: A beginner’s guide to Jaeger Welcome to A beginner’s guide to Jaeger (5 Part Series)
• infracloud.io: Linking Traces with Continuous Profiling using Pyroscope The future of observability lies in distributed tracing with continuous profiling. In this article, you will learn how you can link traces with continuous profiling using Pyroscope and Jaeger.

Envoy micro proxy

• envoyproxy.io
• getenvoy.io
• Controlling outbound traffic from Kubernetes
• medium: Troubleshooting Envoy with Kiali Inspect and debug your Envoy configuration

Envoy Gateway

• Envoy Gateway Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway.

Kibana

• kibana
• The Best Tools for Exporting Elasticsearch Data from Kibana

AWS App Mesh

• aws.amazon.com/app-mesh
• allthingsdistributed.com: Redefining application communications with AWS App Mesh

Istio and AWS EKS

• itnext.io: Observing gRPC-based Microservices on Amazon EKS running Istio Observing a gRPC-based Kubernetes application using Jaeger, Zipkin, Prometheus, Grafana, and Kiali on Amazon EKS running Istio service mesh

Istio Tools

• Istio Performance/Stability Testing

Videos

Click to expand!

Tweets

Click to expand!

💎 Hidden gem feature

Did you know that Kiali can automatically generate all the Authorization Policies of a namespace?

Via telemetry, Kiali can define one Authz Policy per each service in the mesh.@IstioMesh #servicemesh #authorization #security #k8s pic.twitter.com/YlEKRq6nq0

— Kiali (@KialiProject) May 16, 2021

How can you roll out an app only to a subset of your users in Kubernetes?

Let's explore Canary Releases with Istio, Kiali and the Gateway API! pic.twitter.com/Ao4LkBRRu3

— Daniele Polencic — @danielepolencic@hachyderm.io (@danielepolencic) May 15, 2023