Istio Arch-Overview

Simply put

Istio is a popular open-source service mesh framework that aims to provide a platform for service-to-service communication, monitoring, and security. It is built on top of the Envoy proxy, which is a lightweight, high-performance proxy server that can be used to route traffic to different services within a microservices architecture.

The architecture of Istio consists of several components that work together to provide a seamless way for services to communicate with each other. The key components of Istio are:

  1. Istio-sidecar : This is a sidecar proxy that is injected into each service in the microservices architecture. It intercepts incoming traffic and routes it to the appropriate service. The Istio-sidecar also performs traffic management, rate limiting, and security features.
  2. Istio-control plane : This is a set of components that manage the configuration of the service mesh. The control plane components include the Istio-config-server , which provides a centralized configuration store for the entire mesh, and the Istio-policy-server , which enforces policies on the traffic flowing through the mesh.
  3. Envoy proxy : This is the core component of Istio that provides the underlying infrastructure for routing and intercepting traffic. It is responsible for forwarding requests to the appropriate service and handling security features such as SSL termination, authentication, and rate limiting.

Istio Arch-observability

https://istio.io/latest/docs/concepts/observability/

Observability

Observability refers to the ability to monitor and analyze the behavior of distributed systems. In the context of Istio, observability refers to the collection and visualization of data that provides insights into the performance, reliability, and security of the system.

Istio provides several tools for observability, including metrics, distributed traces, and access logs.

Metrics

Metrics are a key concept in observability. Metrics are used to measure the performance and resource usage of the system. In Istio, metrics can be divided into three categories: proxy-level metrics, service-level metrics, and control plane metrics.

Proxy-level metrics are collected by the Istio proxy, which sits between the client and the service. These metrics provide information about the requests and responses being handled by the proxy, as well as the proxy's own resource usage.

Service-level metrics are collected by the Istio service, and provide information about the requests and responses being handled by the service itself.

Control plane metrics are collected by the Istio control plane components, such as the Istio-sidecar, and provide information about the health and status of the Istio system.

Proxy-level metrics

Proxy-level metrics are collected by the Istio proxy, which sits between the client and the service. These metrics provide information about the requests and responses being handled by the proxy, as well as the proxy's own resource usage.

Here are some examples of proxy-level metrics:

  • istio_request_count: The total number of requests received by the proxy.
  • istio_request_duration: The average duration of requests received by the proxy.
  • istio_request_size: The average size of requests received by the proxy.
  • istio_response_size: The average size of responses sent by the proxy.
  • istio_proxy_cpu_seconds_total: The total amount of CPU time consumed by the proxy.
  • istio_proxy_memory_usage_bytes: The amount of memory consumed by the proxy.
Service-level metrics

Service-level metrics are collected by the Istio service, and provide information about the requests and responses being handled by the service itself.

Here are some examples of service-level metrics:

  • istio_request_count: The total number of requests received by the service.
  • istio_request_duration: The average duration of requests received by the service.
  • istio_request_size: The average size of requests received by the service.
  • istio_response_size: The average size of responses sent by the service.
  • istio_service_cpu_seconds_total: The total amount of CPU time consumed by the service.
  • istio_service_memory_usage_bytes: The amount of memory consumed by the service.
Control plane metrics

Control plane metrics are collected by the Istio control plane components, such as the Istio-sidecar, and provide information about the health and status of the Istio system.

Here are some examples of control plane metrics:

  • istio_config_validation_errors_total: The total number of validation errors detected by Istio for the configuration of the service.
  • istio_proxy_config_validation_errors_total: The total number of validation errors detected by Istio for the configuration of the proxy.
  • istio_upstream_latency_seconds: The average latency of requests being sent to the upstream service by the proxy.
Distributed traces

Distributed traces are another important aspect of observability in Istio. Distributed traces are used to track the flow of requests between different services in a distributed system, and provide a high-level view of the performance and reliability of the system.

Istio provides a distributed trace system called the Istio-Tracing tool, which allows you to collect and visualize distributed traces.

Access logs

Access logs are a type of observability data that provides information about the requests and responses being handled by the system. Istio provides built-in support for access logs, which can be configured to log requests and responses to a file or syslog.

In summary, Istio provides several tools for observability, including metrics, distributed traces, and access logs. These tools provide insights into the performance, reliability, and security of the system, and can be used to troubleshoot issues and optimize the behavior of the system.


Extensibility

WebAssembly (Wasm) is used in Istio to provide extensibility, allowing users to add their own custom logic to the Istio service mesh. This enables users to enforce policies, collect telemetry, and perform payload mutations, among other things.

The goals of the Istio Wasm sandbox are:

  • Efficiency : An extension should have low latency and minimal impact on CPU and memory usage.
  • Function : An extension should be able to enforce policy, collect telemetry, and perform payload mutations according to user-defined requirements.
  • Isolation : Programming errors or crashes in one extension should not impact other extensions.
  • Configuration : Extensions can be dynamically configured using an API that aligns with other Istio APIs.
  • Operator-friendly : Extensions can be canaried and deployed with different failure modes, such as log-only, fail-open, or fail-close.
  • Developer-friendly : Extensions can be written in multiple programming languages to accommodate different developer preferences.

The high-level architecture of Istio's WebAssembly sandbox includes the following components:

  • Filter Service Provider Interface (SPI) : This interface allows developers to build Proxy-Wasm plugins for filters. Filters are a type of Envoy extension that allow users to modify the behavior of Envoy proxies.
  • Sandbox : The sandbox is built on top of the V8 Wasm runtime and is embedded within the Envoy proxy. It provides a secure and isolated environment for running WebAssembly plugins.
  • Host APIs : These APIs provide access to functionality within the Envoy proxy, such as headers, trailers, and metadata. They allow WebAssembly plugins to interact with the request and response data flowing through the proxy.
  • Call out APIs : These APIs allow WebAssembly plugins to make gRPC and HTTP calls to external services. This enables plugins to collect additional data or make decisions based on information from external sources.
  • Stats and Logging APIs : These APIs allow WebAssembly plugins to emit metrics and log data for monitoring and troubleshooting purposes.

With the Istio Wasm sandbox, users can extend the functionality of the Istio service mesh in a flexible and customizable manner, providing additional control and insights into their distributed systems.


相关推荐
江畔柳前堤5 小时前
GO01-Go 语言与主流编程语言深度对比
开发语言·人工智能·后端·微服务·云原生·golang·go
探索云原生10 小时前
终于搞懂 Kueue:5 个核心对象一次讲透
linux·docker·ai·云原生·kubernetes
月落星还在12 小时前
Spring MVC 与 Spring Boot:从“手动挡”到“自动驾驶”的进化论,兼谈前后端分离的哲学
spring boot·spring·云原生·mvc
Database_Cool_15 小时前
数据库性能不够用,升级到什么方案好?阿里云 PolarDB(云原生数据库领导者,兼容 MySQL/PostgreSQL/Oracle)平滑升级与百倍弹性
数据库·阿里云·云原生
霸道流氓气质15 小时前
微服务架构核心概念业务示例
微服务·云原生·架构
ai_coder_ai16 小时前
编写自动化脚本,在自己后端服务中使用云原生Baas服务进行数据库相关操作
数据库·云原生·自动化
AOwhisky16 小时前
Python 学习笔记(第六期)——函数:定义、参数传递与作用域
笔记·python·学习·云原生·运维开发·函数·参数传递
小小龙学IT16 小时前
Tigris:下一代无服务器数据库
数据库·云原生·serverless
ai_coder_ai18 小时前
论模型驱动分析方法及应用
微服务·云原生·架构
Hiyajo pray19 小时前
云原生场景下:sdn 访问控制优化方案
云原生