Istio is the most popular service mesh for Kubernetes. It handles traffic management, security, and observability between your microservices — without changing application code.
What Is Istio?
Istio injects sidecar proxies (Envoy) alongside your pods. These proxies handle mTLS, load balancing, retries, circuit breaking, and telemetry automatically.
Key features (all free):
- Mutual TLS between all services
- Traffic splitting (canary deployments)
- Rate limiting and circuit breaking
- Distributed tracing (Jaeger/Zipkin)
- Metrics (Prometheus/Grafana)
Install Istio
curl -L https://istio.io/downloadIstio | sh -
cd istio-*
export PATH=$PWD/bin:$PATH
istioctl install --set profile=demo
kubectl label namespace default istio-injection=enabled
Traffic Management API
# Canary deployment: 90% v1, 10% v2
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: my-service
spec:
hosts:
- my-service
http:
- route:
- destination:
host: my-service
subset: v1
weight: 90
- destination:
host: my-service
subset: v2
weight: 10
Use Cases
- Zero-trust security — automatic mTLS everywhere
- Canary deployments — gradual traffic shifting
- Circuit breaking — prevent cascade failures
- A/B testing — route by headers/cookies
- Observability — traces, metrics, logs
Istio vs Alternatives
| Feature | Istio | Linkerd | Consul Connect |
|---|---|---|---|
| Proxy | Envoy | Linkerd2 | Envoy |
| Complexity | High | Low | Medium |
| Features | Most | Essential | Good |
| Performance | Good | Best | Good |
| Community | Largest | Growing | HashiCorp |
Need web data at scale? Check out my scraping tools on Apify or email spinov001@gmail.com for custom solutions.
Top comments (0)