Google Integrates Istio Service Mesh into Kubernetes Service

Istio, the open source service mesh that helps provide traffic management, observability, and security to microservices and distributed applications, is taking another step forward this week, as Google announces that it will be coming to Google Kubernetes Engine (GKE) next month in the form of a one-click integration.
Offered initially in beta, the integration will help GKE users by layering a service mesh onto existing GKE clusters and providing telemetry, logging, load balancing, routing and even security in the form of mTLS. All of this, the company notes, is turned on “by simply checking the ‘Enable Istio’ box in the GKE management console.”
Istio reached production ready status just earlier this year, but Google says in a blog post announcing the integration that the service mesh is in use by “dozens of early access customers already running it in production” and it expects that number to grow quickly, as more than 80 percent of its largest customers already use GKE to run their workloads in production.
Indeed, Urs Hölzle, Senior Vice President for Technical Infrastructure at Google, predicted in his talk at Cloud Next last August when Istio 1.0 was announced, that upwards of 90 percent of Kubernetes users will be running Istio within the next two years.
According to Google Cloud VP of Engineering Eyal Manor, Istio is the natural next step in the evolution of enterprises adopting containers and microservices.
“Kubernetes has taken the world by storm. Istio is the second phase, built on top of it. Once you’re in production, Istio helps you automate it in a secure and visible way,” said Manor. “Istio is that bridge between the current state of the enterprise and the future state of the enterprise, which is cloud native.”
According to Manor, a key feature of Istio is that it separates the handling of business logic from operations logic.
“Today when you want to apply in production security and communications, or logging and traceability, you usually need a developer to do some work. The more services you have, the more work you need,” said Manor. “With Istio, there’s one location where you can change the security, apply quotas, manage identity, and so on, without the developer having to do anything.”
In the announcement, Manor cites Descartes Labs, eBay, and AutoTrader UK among early users, offering an anecdote from Descartes Labs as to how Istio help to manage the increased complexity that can arise from building distributed applications on Kubernetes.
“Kubernetes gave them the ability to scale up and down with demand, but because their application has so many microservices and dependencies, finding performance problems was difficult. When one service was overloaded, it could take hours of work combing through logs to find the problem,” Manor writes. “Deploying Istio gave them clarity. For over a year now, Istio has let them see where the traffic to any given service is coming from, so they can resolve problems much more quickly.”
Beyond the GKE integration, Manor says that this integration is only the first step and that users can expect Istio to be integrated into “broad swaths” of its offerings, including GKE On-Prem, a binary-compatible version of GKE that you can run in your own private data center. And as for the growth of the project itself, Manor explains that project governance remains simple.
“Since the outset, we’ve reached out to multiple partners. It’s only been a year. IBM is a great partner and we have a governance model with them. VMware is contributing and growing along with multiple other companies,” said Manor. “It’s very early, but we’re hoping to work with everyone. The governance is very simple at this point. It’s Google and IBM working together and evolving as it matures. In the future, it will be a foundation. Right now, it’s an open source license. As adoption grows, we can see if we donate it or not, but right now it’s only semantics.”