Connect, secure, control, and observe services.
Apache License 2.0
32260
1023
6936

Istio

CII Best Practices Go Report Card GoDoc

Istio logo

Istio is an open source service mesh that layers transparently onto existing distributed applications. Istio’s powerful features provide a uniform and more efficient way to secure, connect, and monitor services. Istio is the path to load balancing, service-to-service authentication, and monitoring – with few or no service code changes.

  • For in-depth information about how to use Istio, visit istio.io
  • To ask questions and get assistance from our community, visit discuss.istio.io
  • To learn how to participate in our overall community, visit our community page

In this README:

In addition, here are some other documents you may wish to read:

You'll find many other useful documents on our Wiki.

Introduction

Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes.

Istio is composed of these components:

  • Envoy - Sidecar proxies per microservice to handle ingress/egress traffic between services in the cluster and from a service to external services. The proxies form a secure microservice mesh providing a rich set of functions like discovery, rich layer-7 routing, circuit breakers, policy enforcement and telemetry recording/reporting functions.

    Note: The service mesh is not an overlay network. It simplifies and enhances how microservices in an application talk to each other over the network provided by the underlying platform.

  • Istiod - The Istio control plane. It provides service discovery, configuration and certificate management. It consists of the following sub-components:

    • Pilot - Responsible for configuring the proxies at runtime.

    • Citadel - Responsible for certificate issuance and rotation.

    • Galley - Responsible for validating, ingesting, aggregating, transforming and distributing config within Istio.

  • Operator - The component provides user friendly options to operate the Istio service mesh.

Repositories

The Istio project is divided across a few GitHub repositories:

  • istio/api. This repository defines component-level APIs and common configuration formats for the Istio platform.

  • istio/community. This repository contains information on the Istio community, including the various documents that govern the Istio open source project.

  • istio/istio. This is the main code repository. It hosts Istio's core components, install artifacts, and sample programs. It includes:

    • istioctl. This directory contains code for the istioctl command line utility.

    • operator. This directory contains code for the Istio Operator.

    • pilot. This directory contains platform-specific code to populate the abstract service model, dynamically reconfigure the proxies when the application topology changes, as well as translate routing rules into proxy specific configuration.

    • security. This directory contains security related code, including Citadel (acting as Certificate Authority), citadel agent, etc.

  • istio/proxy. The Istio proxy contains extensions to the Envoy proxy (in the form of Envoy filters) that support authentication, authorization, and telemetry collection.

Issue management

We use GitHub to track all of our bugs and feature requests. Each issue we track has a variety of metadata:

  • Epic. An epic represents a feature area for Istio as a whole. Epics are fairly broad in scope and are basically product-level things. Each issue is ultimately part of an epic.

  • Milestone. Each issue is assigned a milestone. This is 0.1, 0.2, ..., or 'Nebulous Future'. The milestone indicates when we think the issue should get addressed.

  • Priority. Each issue has a priority which is represented by the column in the Prioritization project. Priority can be one of P0, P1, P2, or >P2. The priority indicates how important it is to address the issue within the milestone. P0 says that the milestone cannot be considered achieved if the issue isn't resolved.


Cloud Native Computing Foundation logo

Istio is a Cloud Native Computing Foundation project.

Contributors

howardjohn
istio-testing
hzxuzhonghu
ramaraochavali
kyessenov
douglas-reid
rshriram
costinm
geeknoid
ayj
nmittler
bianpengyuan
stevenctl
ostromart
esnible
mandarjog
frankbu
sebastienvas
ozevren
yangminzhu
richardwxn
ldemailly
andraxylia
ymesika
myidpt
JimmyCYJ
linsun
hklai
guptasu
quanjielin
diemtvu
ericvn
wattli
zirain
Monkeyanator
lookuptable
GregHanson
jmuk
ZackButcher
lei-tang
rkpagadala
irisdingbj
jwendell
vadimeisenbergibm
gargnupur
hanxiaop
ijsnellf
jacob-delgado
clyang82
morvencao
sushicw
elfinhe
pitlv2109
yutongz
gyliu513
kebe7jun
dgn
zhlsunshine
chxchx
Nino-K
selmanj
dddddai
yxue
AdamKorcz
xiaolanz
jmazzitelli
therealmitchconnors
lambdai
ingwonsong
tariq1890
utka
sdake
kailun-qin
carolynhu
louiscryan
elevran
my-git9
brian-avery
objectiser
qiwzhang
lichuqiang
sbezverk
adiprerepa
aryan16
gy95
wzshiming
jeffmendoza
silenceshell
Tahler
SpecialYang
ChenglongGao327
venilnoronha
johscheuer
kramerul
jasonwzm
kfaseela
c0d1ngm0nk3y
john-a-joyce
shankgan
nschhina