Istio Service Mesh

A Service Mesh is the network of micro-services that make up applications and the interactions between them. As a service mesh grows in size and complexity, it can become harder to understand and manage. Its requirements can include discovery, load balancing, failure recovery, metrics, and monitoring.
Developers must use micro-services to architect for portability, meanwhile operators are managing extremely large hybrid and multi-cloud deployments. Istio’s diverse feature set lets you successfully, and efficiently, run a distributed micro-service architecture, and provides a uniform way to secure, connect, and monitor micro-services. At a high level, Istio helps reduce the complexity of these deployments, and eases the strain on your development teams. It is a completely open source service mesh that layers transparently onto existing distributed applications. It is also a platform, including APIs that let it integrate into any logging platform, or telemetry or policy system.

You add Istio support to services by deploying a special sidecar proxy(envoy) throughout your environment that intercepts all network communication between micro-services, then configure and manage Istio using its control plane functionality. Istio’s security capabilities free developers to focus on security at the application level. Istio provides the underlying secure communication channel, and manages authentication, authorization, and encryption of service communication at scale. With Istio, service communications are secured by default, letting you enforce policies consistently across diverse protocols and runtimes - all with little or no application changes.
Istio’s robust tracing, monitoring, and logging features give you deep insights into your service mesh deployment. Gain a real understanding of how service performance impacts things upstream and downstream with Istio’s monitoring features, while its custom dashboards provide visibility into the performance of all your services and let you see how that performance is affecting your other processes.

While Istio is platform independent, using it with Kubernetes (or infrastructure) network policies, the benefits are even greater, including the ability to secure pod-to-pod or service-to-service communication at the network and application layers.

Command above downloads the latest release (numerically) of Istio => curl -sL https://istio.io/downloadIstioctl | sh -
To download a specific version(say  version 1.4.3) => curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.4.3 sh -
Command to enable istio sidecar injection=> kubectl label namespace default istio-injection=enabled
After successful integration of istio in Kubernetes(K8s) environment, a kubernetes namspace called "istio-system" will be created.
 Command to check all pods, svcs, deployments created under istio-system namespace => kubectl -n istio-system get all

Istio commandline => istioctl
istio visualization tools => kiali, Netflix’s Vizceral(https://github.com/nmnellis/vistio)
 
 Tool troubleshooting and Monitoring Docker & Kubernetes => Weave Scope
TimeSeries Database to store Metrics => Prometheus
Metrics Visualization Tool => Grafana

 Open source tracing tool, to visualize the latency of requests within your mesh => Zipkin
Vizceral is an open source project released by Netflix to monitor network traffic between applications and clusters in near real time. Vistio is an adaptation of Vizceral for Istio and mesh monitoring. It utilizes metrics generated by Istio Mixer which are then fed into Prometheus. Vistio queries Prometheus and stores that data locally to allow for the replaying of traffic. 

ref:
Istio documentation - https://istio.io/docs/
Istio Blog - https://istio.io/blog/
Istio Architecture - https://istio.io/docs/ops/deployment/architecture/
Demystifying Istio sidecar model - https://istio.io/blog/2019/data-plane-setup/
Istio routing Basics - https://www.tigera.io/blog/istio-routing-basics/ 
Kubernetes Istio overview - https://itnext.io/kubernetes-istio-simply-visually-explained-58a7d158b83f 

Kubernetes Documentation - https://kubernetes.io/docs 
Kubernetes Blog - https://kubernetes.io/blog/ 
What is Istio - https://istio.io/docs/concepts/what-is-istio/
Istio Service Mesh source code - https://github.com/istio/istio
Envoy Proxy source code - https://github.com/envoyproxy/envoy



How To Install and Use Istio With Kubernetes - https://www.digitalocean.com/community/tutorials/how-to-install-and-use-istio-with-kubernetes 
Running Istio on Kubernetes(k8s):
    1. https://www.tigera.io/blog/running-istio-on-kubernetes-in-production-part-i/ 
    2. https://www.tigera.io/blog/istio-and-kubernetes-in-production-part-2-tracing/ 
Istio installation with shared control plane - https://istio.io/docs/setup/install/multicluster/shared/  

Customizable Install with Istioctl - https://istio.io/docs/setup/install/istioctl/ 

Istio Traffic Management issues - https://istio.io/docs/ops/common-problems/network-issues/ 

Istio diagnostic tools - https://istio.io/docs/ops/diagnostic-tools/ 


 IBM tutorial on Istio Multi Cluster support:
  1. https://www.ibm.com/cloud/blog/istio-multicluster-support
  2. https://www.infoq.com/articles/kubernetes-multicluster-comms/ 
setup multi-cluster istio dns setup - https://preliminary.istio.io/docs/setup/install/multicluster/gateways/#setup-dns

Istio Service Discovery(or Traffic routing) - https://istio.io/docs/concepts/traffic-management/

 Istio Service Discovery(or Traffic routing) Architecture - https://istio.io/docs/ops/deployment/architecture/ 

 Demystifying Istio's Sidecar Injection Model - https://istio.io/blog/2019/data-plane-setup/

Istio and CoreDns - https://istio.io/docs/setup/install/multicluster/gateways/ 

Kubernetes coredns istio grpc plugin - https://github.com/istio-ecosystem/istio-coredns-plugin 

Istio diagnostic tools - https://istio.io/docs/ops/diagnostic-tools/ 




Istio WebAssesmbly(wasm) - https://istio.io/blog/2020/wasm-announce/