Using Istio for Ingress & Feature Flag Deployment in AKS

What is a Service Mesh?

According to Wikipedia, it is
"In software architecture, a service mesh is a dedicated infrastructure layer for facilitating service-to-service communications between microservices, often using a sidecar proxy."

What is Ingress (in Kubernetes)?

"Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource."

What is Istio?

Istio is all about traffic. Whether that traffic is between the Microservices within a Kubernetes* cluster (East-West) or traffic entering/leaving the Kubernetes* Cluster (Ingress traffic or North-South).
*"(Istio can be used in other Orchestration platforms also besides Kubernetes)."

So Istio is

1. Service Mesh (E-W) & Ingress Gateway (N-S)
2. Open Sourced by Google, IBM & Lyft in May 2017
3. Service Mesh designed to connect, secure and monitor microservices

Istio architecture from Istio Website.

Istio features

1. Traffic Management
   1. Discovery.
   2. Load balancing
   3. Rate limiting
2. Resilience
   1. Failure recovery
   2. Fault Injection
   3. Circuit Breaker
3. Observability
   1. Metrics
   2. Monitoring & Alerts
4. Deployment
   1. Canary rollouts
   2. Feature Flag Deployment
5. Security
   1. Access control
   2. End-to-end authentication
   3. Security in transit- mTLS
6. Ingress Gateway
   1. Prefix based traffic routing

For this article, I came up with a Made up use case. I have created 4 Microservice. Each is written in .NET Core and packaged as Docker.

1. Healthcare
   1. Benefits
   2. Insurance.
2. Hospital

The Healthcare microservice internally depends on benefits which depend on Insurance.
The Hospital microservice does not talk to any other microservice.
The Healthcare and Hospital microservice needs to be invoked from the outside world.
Below is the diagram of the microservices and their interaction.

So I installed Istio in my cluster. Enabled the namespace to inject Istio pods.

The installation had also installed Kiali.

What does Kiali provide? Well, it answers the below questions.

1. Which microservices are part of my service mesh?
2. How are they connected?
3. How are they performing?
4. How can I operate on them?

Now using Kiali I had a look at my cluster.

Couple of things you can do with Kiali is do Routing

1. Weighted Routing between different version of your Microservice
2. A more interesting and more useful part is the ability to Feature Flag release based on HTTP Header Routing.

Below are the configurations.

Weighted Routing

Flag release based on HTTP Header Routing

Setting up Ingress Gateway