App Modernization with Istio Using Mixer to Apply Policies
Istio is an open source framework for connecting, securing, and managing microservices. It can be used with any service, including but not limited to services that are hosted in a Kubernetes cluster. Istio lets you create a network of deployed services with load balancing, service-to-service authentication, monitoring, and more, without requiring any changes in service code.
Istio support is added to services by deploying a special Envoy sidecar proxy to each of your application's pods in your environment. "Sidecar" means that it gets deployed alongside your application. Your application interacts with the outside world, both ingress and egress, through the Envoy Proxy. Developers of applications can take advantage of the communication and networking enhancements provided by Envoy - like client-side load balancing, circuit breakers, logging, mTLS, etc. - without additional coding and without finding the libraries in the language of choice.
Here's an example: In reliable distributed systems, it's common for a system to want to retry a request after a failure, possibly with an exponential backoff delay. There are libraries for Java and Golang and Node.js that do this. However, employing them within the app means each app will need to solve that problem independently. The Istio sidecar could do this for the app automatically. No need to embed the Hystrix library into your app!
Due to the proximity of the sidecar to the application, there's no significant latency when communicating between them; in some cases no network stack at all. (Read more on this.)
Apigee enables you to create APIs and share them with other developers who might be part of your organization, external to your organization, or even unknown to you. API teams using Apigee achieve this by combining APIs into "API Products" that offer different capabilities and levels of service. Apigee enables you to control who consumes each API product and how much is consumed.
The Apigee Istio Mixer adapter lets you use Apigee to manage APIs for services exposed outside the Istio service mesh or between services running entirely within the mesh. With the adapter, you can employ Apigee API management features to services running in an Istio service mesh, such as:
- API discovery and documentation
- Self-service API adoption
- Usage analytics
In addition, there are certain capabilities that you do not want to build for every service that you create and deploy to a service mesh. The adapter provides some of these capabilities, including security, caching, and quota enforcement. More information on the Apigee Istio adapter is here
This lab shows you how to install and configure Istio on Kubernetes Engine, deploy an Istio-enabled multi-service application, and install Apigee Istio Mixer adapter. The Apigee Istio Mixer plugin provides additional security and governance with api key/token validation, quota enforcement, and analytics.
Join Qwiklabs to read the rest of this lab...and more!
- Get temporary access to the Google Cloud Console.
- Over 200 labs from beginner to advanced levels.
- Bite-sized so you can learn at your own pace.
Create GKE Cluster
Create a disk to mount the gRPC to HTTP transcode
Start the persistent disk setup configuration job
Install the Istio components in the YAML file
Deploy the Hipster Shop application from the K8s artifacts
Apply the Apigee adapter definitions and handler configurations
Apply the Apigee Istio Mixer adapter rule configuration