Charmed Istio Ambient¶
Istio is an implementation of a service mesh. It helps you:
ensure all microservices in an application communicate via TLS without modifying the application
implement fine-grained authorization controls to control exactly which microservices can talk to each other, for example blocking all incoming traffic to
MyApp-backendexceptGETrequests coming fromMyApp-frontendgain visibility into the traffic flow of your microservice application via automated telemetry collection
Although Kubernetes natively provides facilities to do some of this, Istio implements richer solutions. For example, Istio’s AuthorizationPolicy object implements fine-grained authorization controls, and Istio can automate mutual TLS between all applications on the mesh.
Charmed Istio ambient is an opinionated deployment of Istio’s Ambient Mode using Juju. The goals of Charmed Istio ambient are to:
provide a simple-to-deploy, easy-to-manage Istio experience, giving most of Istio’s benefits without a need for advanced Istio experience
be customizable for power users, so users can build advanced use cases on top of the standard Charmed Istio base
It is implemented through the following charms:
istio-k8s: for deploying and managing the Istio control panel, such as the Istio daemon and its resources
istio-beacon-k8s: for integrating a Juju model and its applications to Charmed Istio, as well as deploying an Istio Waypoint for those applications
istio-ingress-k8s: for deploying and managing an Istio ingress gateway