The open source project Istio is the leading service mesh implementation that offers powerful features to secure, control, connect, and monitor cloud-native, distributed applications. Istio is designed for workloads that run in one or more Kubernetes clusters, but you can also extend your service mesh to include virtual machines and other endpoints that are hosted outside your cluster.

Interested in learning more about what a service mesh is? Click here.

Key features

Some of the key Istio features include:

  • Automatic load balancing for HTTP, gRPC, WebSocket, MongoDB, and TCP traffic
  • Secure TLS encryption for service-to-service communication with identity-based authentication and authorization
  • Advanced routing and traffic management policies, such as retries, failovers, and fault injection
  • Fine-grained access control and quotas
  • Automatic logs, metrics, and traces for traffic in the service mesh

Istio architecture

Istio comes with the Istio control plane istiod and Envoy sidecar proxies that build the Istio data plane. Envoy is a network proxy that manages all inbound and outbound traffic for the service mesh. With its powerful, pluggable filter chain mechanism, you can perform tasks on requests that enter or leave the proxy, such as header transformation, load balancing, retry, timeouts, failovers, or tracing. To do that, Envoy proxies run alongside your app as depicted in the following diagram.

Figure: Istio architecture
Figure: Istio architecture

For more information about the Istio architecture and how it works, see the Istio documentation.

Why Solo uses Istio

Solo.io believed early on that Istio’s powerful features will shape the future of the service mesh. As a top Istio contributor with over 40K open source contributions and 9400+ GitHub stars, and a member of the Istio steering committee, Solo plays a significant role in guiding the project and building an essential foundation for today’s service mesh market. Committed to developing the best service mesh and API gateway solutions in the market, Solo has helped thousands of organizations adopt a service mesh architecture for their microservices and build enterprise-grade load balancing, routing, traffic management, and compliance capabilities.

With Gloo Mesh Enterprise, Solo builds upon and hardens the Istio distribution for production. You can use the Kubernetes custom resource definitions (CRDs) for Gloo Mesh to simplify the setup of a multi-mesh and hybrid-mesh microservices architecture, and customize it to your needs.

With full long-term support for Istio n-4 versions and access to Istio experts with SLAs, you get the expertise for how to build a state-of-the-art service mesh that is easy to configure, secure, and monitor, and that meets your organization’s availability, security, and compliance standards.

To learn more about Gloo Mesh Enterprise, see About Gloo Mesh Enterprise. To learn more about Solo’s hardened Istio distribution, see About Solo distribution of Istio.