Google, IBM and Lyft create platform for developing and managing microservices
© Shutterstock / Lightspring
Google, IBM and Lyft recently announced the alpha release of Istio — a brand new open-source project which offers developers a way to help connect, secure, manage and monitor microservices. The current release runs on Kubernetes platforms but its design is not platform specific.
Microservices are shaking up the world of IT, there’s no doubt about that — but if you think we’re talking about MicroProfile [open forum to optimize Enterprise Java for a microservices architecture by innovating across multiple implementations and collaborating on common areas of interest with a goal of standardization], you’re in for a surprise.
As it turns out, Google, IBM and Lyft have joined forces to create Istio, an open-source platform which “provides a way for developers to seamlessly connect, manage and secure networks of different microservices—regardless of platform, source or vendor.”
A match made in microservices heaven?
Istio offers developers “fine-grained visibility and control over traffic without requiring any changes to application code and provides CIOs and CSOs the tools needed to help enforce security and compliance requirements across the enterprise,” Varun Talwar, Product Manager, Cloud Service Platform, wrote in a blog post announcing the platform.
- Fleet-wide visibility: Failures happen, and operators need tools to stay on top of the health of clusters and their graphs of microservices. Istio produces detailed monitoring data about application and network behaviors that is rendered using Prometheus & Grafana, and can be easily extended to send metrics and logs to any collection, aggregation and querying system. Istio enables analysis of performance hotspots and diagnosis of distributed failure modes with Zipkin tracing.
- Resiliency and efficiency: When developing microservices, operators need to assume that the network will be unreliable. Operators can use retries, load balancing, flow-control (HTTP/2), and circuit-breaking to compensate for some of the common failure modes due to an unreliable network. Istio provides a uniform approach to configuring these features, making it easier to operate a highly resilient service mesh.
- Developer productivity: Istio provides a significant boost to developer productivity by letting them focus on building service features in their language of choice, while Istio handles resiliency and networking challenges in a uniform way. Developers are freed from having to bake solutions to distributed systems problems into their code. Istio further improves productivity by providing common functionality supporting A/B testing, canarying, and fault injection.
- Policy Driven Ops: Istio empowers teams with different areas of concern to operate independently. It decouples cluster operators from the feature development cycle, allowing improvements to security, monitoring, scaling, and service topology to be rolled out withoutcode changes. Operators can route a precise subset of production traffic to qualify a new service release. They can inject failures or delays into traffic to test the resilience of the service mesh, and set up rate limits to prevent services from being overloaded. Istio can also be used to enforce compliance rules, defining ACLs between services to allow only authorized services to talk to each other.
Check out the entire list of benefits here.
How it works
Count on IBM to show you how Istio works. Jason McGee, IBM Fellow, VP and CTO, IBM Cloud Platform explained in a blog post announcing the new platform that the aim of Istio is to convert “disparate microservices into an integrated service mesh by introducing programmable routing and a shared management layer.”
By injecting [Lyft’s] Envoy proxy servers into the network path between services, Istio provides sophisticated traffic management controls such as load-balancing and fine-grained routing. This routing mesh also enables the extraction of a wealth of metrics about traffic behavior, which can be used to enforce policy decisions such as fine-grained access control and rate limits that operators can configure. Those same metrics are also sent to monitoring systems. This way, it offers improved visibility into the data flowing in and out of apps, without requiring extensive configuration and reprogramming to ensure all parts of an app work together smoothly and securely.
Once we have control of the communication between services, we can enforce authentication and authorization between any pair of communicating services. Today, the communication is automatically secured via mutual TLS authentication with automatic certificate management.
Istio is not the final frontier
According to Talwar, this open-source platform is “just one piece of a solution to help make microservices easier to build, deploy, consume and manage. In large enterprises with diverse environments and widespread use of third-party software, developers also want to discover, instantiate and consume services in a platform-agnostic way. Developers providing services need faster time-to-market, greater reach and a simple way to track usage and costs. ”
The trio has just released version 0.1, which works in a Kubernetes cluster. The next release [0.2] will work across multiple Kubernetes clusters and some basic hybrid deployments. Take a look at the roadmap.
Get started with Istio here.