An open platform to connect, manage, and secure microservices.
Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes, Mesos, etc.
Visit istio.io for in-depth information about using Istio.
Istio is composed of three main components:
-
Envoy - Sidecar proxies per microservice to handle ingress/egress traffic between services in the cluster and from a service to external services. The proxies form a secure microservice mesh providing a rich set of functions like discovery, rich layer-7 routing, circuit breakers, policy enforcement and telemetry recording/reporting functions.
Note: The service mesh is not an overlay network. It simplifies and enhances how microservices in an application talk to each other over the network provided by the underlying platform.
-
Mixer - Central component that is leveraged by the proxies and microservices to enforce policies such as ACLs, rate limits, quotas, authentication, request tracing and telemetry collection.
-
Manager - A component responsible for configuring the Envoy and Mixer at runtime.
Istio currently only supports the Kubernetes platform, although we plan support for additional platforms such as Cloud Foundry, and Mesos in the near future.
Istio is an open source project with an active development community. The project was started by teams from Google and IBM, in partnership with the Envoy team at Lyft.
The Istio project is divided across multiple GitHub repositories. Each repository contains information about how to build and test it.
-
istio/api. This repository defines component-level APIs and common configuration formats for the Istio platform.
-
istio/istio. This is the repo you are currently looking at. It hosts the various Istio sample programs along with the various documents that govern the Istio open source project.
-
istio/manager. This repository contains platform-specific code to populate the abstract service model, dynamically reconfigure the proxies when the application topology changes, as well as translate routing rules into proxy specific configuration. The istioctl command line utility is also available in this repository.
-
istio/mixer. This repository contains code to enforce various policies for traffic passing through the proxies, and collect telemetry data from proxies and microservices. There are plugins for interfacing with various cloud platforms, policy management services, and monitoring services.
-
istio/mixerclient. Client libraries for the mixer API.
-
istio/proxy. The Istio proxy contains extensions to the Envoy proxy (in the form of Envoy filters), that allow the proxy to delegate policy enforcement decisions to the mixer.
See the contribution guidelines for information on how to participate in the Istio project by submitting pull requests or issues.
There are several communication channels available to get support for Istio or to participate in its evolution.