Istio is open services platform to manage service interactions across containers.
Istio basically is implemented as a sidecar proxy, which sits in front of Kubernetes Pods and inspects all inbound and outbound connection.
So all inbound and outbound connectivity to your application goes via the sidecar proxy. You can than apply various finer grained security profiles like which services can communicate to each other or route to services based on traffic weights (like in case of A/B testing or rolling out new version of services)
Istio provides a standard way to do service integration, service discovery, automate network functions and manage security policies. As each cloud vendor, provides different services/offerings to handle these capabilities, istio brings a level of uniformity and portability.
In the earlier article, we had setup a production topology on Google Cloud without istio –
https://navveenbalani.dev/index.php/articles/setting-up-production-topology-on-google-cloud/.
In order to use Istio with earlier article, we would need to configure and run our micro services in istio enabled environment and inject
the sidecar in each pod. To create istio enabled environment, we have 2 options – Create a GKE Cluster and enable istio add-on during setup
or deploy open source istio into existing GKE cluster.
In the next article, I would modify the application to use istio and deploy it on GKE istio enabled cluster.
Tip –
As we use Google endpoints in our application, we would need to manually integrate Istio with existing Google Cloud Endpoints services
https://istio.io/docs/examples/platform/endpoints/