- Use Cases
- Istio Management
What is Istio Service Mesh Management?
A service mesh is an infrastructure layer that aids in communication between services or microservices, using a proxy. As applications are decomposed from monoliths, all of the resulting microservices need new tools to address the connectivity challenges that arise in handling distributed services. Modern applications are often composed of tens, hundreds, or more microservices that run in containers distributed on-premises and in the cloud. An Istio service mesh defines both the control plane (to configure desired service connectivity and behavior) and the data plane (to direct traffic, enforce security rules, and provide observability).
Istio has had years to mature into a robust solution for enterprise environments, but also continues to develop many new innovations with releases on a quarterly cadence. Enterprise Istio service mesh management enhances basic open source Istio with long-term production support, multi-cluster capabilities, advanced/federated security with FIPS-ready builds, software lifecycle management, and everything else you need for successful Day 2 operations.
Why you need Istio management
You can implement and manage Istio yourself, but you should think about what Istio is going to need in terms of investment. Open source Istio will require a lot of administrative effort to self-support and adapt to enterprise requirements, or you can choose a more comprehensive Istio management product which comes with enterprise production support. If you want to make it easier for your API producing and consuming developers, an Istio-native developer portal enables GitOps and CI/CD methodologies.
From a business standpoint, adopting an enterprise solution for Istio service mesh management means you will have reduced risk, increased security, and easier management of the connectivity between Kubernetes-based and legacy applications. Istio management even helps with application modernization and “migration to cloud” initiatives by smoothing the adoption process and providing ongoing updates and support.
Deploying new versions of Istio for lifecycle management.
Why choose Solo.io for service mesh management
Solo.io’s Gloo Mesh delivers robust service mesh management capabilities by enhancing open source Istio. By default, basic open source distributions of Istio don’t go far enough to deliver features needed for comprehensive application networking. Traffic routing alone isn’t enough, and if you use pure open source you inherit the burden of developing and maintaining missing enterprise features forever. Solo.io adds comprehensive functionality to your service mesh, reducing complexity while increasing security, reliability, and observability for consistent applications and microservices connectivity.
adminSubjects:
- kind: User
name: kubernetes-admin
createAdminRole: true
Tame the Istio lifecycle
Istio has new releases every quarter, making it hard to keep current. Enjoy automated installation, no-interruption upgrades, inventory, and health checks, and get N-4 version long term support and patching so you can upgrade on your schedule.
Manage application connectivity for microservices
For traffic between microservices and traditional applications, you’ll need routing, circuit breaking, rate limiting, load balancing, and locality-aware failover to maintain reliable connections to your resources. Extend capabilities with WebAssembly (Wasm.)
apiVersion: networking.mesh.gloo.solo.io/v1
kind: TrafficPolicy
metadata:
namespace: gloo-mesh
name: petstore
spec:
destinationSelector:
- kubeServiceRefs:
services:
- clusterName: cluster-1
name: petstore
namespace: default
policy:
requestTimeout: 100ms
retries:
attempts: 5
perTryTimeout: 5ms
Zero trust security for all connections
Establish comprehensive security controls where every connection is validated before being allowed. Integrate with your existing external authentication and authorization servers. Use mTLS encryption to protect data-in-motion on all connections.
Federate configurations across multiple clusters with policies as code
Manage application networking with common policies implemented consistently everywhere, from one cluster to thousands. Developers and operators can use declarative CRDs, usually as part of a DevOps or GitOps process, to manage traffic, implement security policy, and configure observability.
Gloo Portal for developers to share APIs and usage.
Limit access to resources in multi-tenant environments
Use granular role-based access controls and delegation to limit which clients and administrators have permissions to applications, resources, and management tools in custom-defined workspaces.
Create a developer portal to catalog APIs
Fully integrated with Gloo Mesh, Gloo Portal abstracts the complexity and enables developers to publish, document, share, discover, and use APIs with rich controls and comprehensive security information.
GigaOm guides to the service mesh market and evaluating vendors
Application networking is a team sport
While not strictly a security feature of a service mesh, one important consideration is the availability of enterprise support and defined service-level agreements (SLAs) for response. Community support for open source software itself doesn’t meet the requirements for production deployments, so you need a vendor on standby to help you out. Inevitably there will be issues and when a CVE (common vulnerabilities and exposures) incident is discovered, it is reassuring to know that someone can quickly patch your code and even backport the fix to older versions if you haven’t kept up with the rapid pace of new releases.
How It Works
Watch short videos outlining key concepts about Istio service mesh management.
