The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.
Istio is a type of service mesh designed to manage the interaction and operation of services in a microservices architecture. Istio is an open source project that coordinates communication between services, providing service discovery, load balancing, security, recovery, telemetry, and policy enforcement capabilities. Istio uses a sidecar service mesh model. This means that network communication proxy capabilities are implemented in a separate container for every service or application container that is deployed. Envoy is the product that implements this proxy capability and these special containers run alongside every other container. The Istio sidecar service mesh frees developers from having to program these types of capabilities into application code and makes development and enhancement of applications in a microservice architecture much more efficient and rapid.
Istio's control plane provides an abstraction layer over the underlying cluster management platform, Kubernetes.
Istio contains the following components:
Pilot: A component responsible for configuring the proxies at runtime.
Envoy: Sidecar proxies per microservice to handle ingress/egress traffic between services in the cluster and from a service to external services. The proxies form a secure microservice mesh providing a rich set of functions like discovery, rich layer-7 routing, policy enforcement and telemetry recording/reporting functions.
Mixer: A component that is leveraged by the proxies and microservices to enforce policies such as authorization, rate limits, quotas, authentication, request tracing and telemetry collection.
Citadel: A centralized component responsible for certificate issuance and rotation.