Service Mesh Components
Core Architecture
-
Control Plane
- Service discovery
- Configuration management
- Certificate management
-
Data Plane
- Traffic routing
- Load balancing
- Security enforcement
Implementation Patterns
Traffic Management
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews-route
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
exact: jason
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3
Circuit Breaking
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews-cb-policy
spec:
host: reviews
trafficPolicy:
outlierDetection:
consecutive5xxErrors: 7
interval: 5m
baseEjectionTime: 15m
Security Patterns
mTLS Configuration
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: default
namespace: prod
spec:
mtls:
mode: STRICT
Observability
Tracing Configuration
apiVersion: telemetry.istio.io/v1alpha1
kind: Telemetry
metadata:
name: mesh-default
spec:
tracing:
- randomSamplingPercentage: 50
customTags:
env:
literal:
value: production
Production Example
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: prod-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
credentialName: prod-cert
hosts:
- "*.example.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: prod-routes
spec:
hosts:
- "*.example.com"
gateways:
- prod-gateway
http:
- match:
- uri:
prefix: /api/v1
route:
- destination:
host: api-service
subset: v1
port:
number: 80