README
¶
Istio
Istio is an open source service mesh that layers transparently onto existing distributed applications. Istio’s powerful features provide a uniform and more efficient way to secure, connect, and monitor services. Istio is the path to load balancing, service-to-service authentication, and monitoring – with few or no service code changes.
- For in-depth information about how to use Istio, visit istio.io
- To ask questions and get assistance from our community, visit Github Discussions
- To learn how to participate in our overall community, visit our community page
In this README:
In addition, here are some other documents you may wish to read:
- Istio Community - describes how to get involved and contribute to the Istio project
- Istio Developer's Guide - explains how to set up and use an Istio development environment
- Project Conventions - describes the conventions we use within the code base
- Creating Fast and Lean Code - performance-oriented advice and guidelines for the code base
You'll find many other useful documents on our Wiki.
Introduction
Istio is an open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio's control plane provides an abstraction layer over the underlying cluster management platform, such as Kubernetes.
Istio is composed of these components:
-
Envoy - Sidecar proxies per microservice to handle ingress/egress traffic between services in the cluster and from a service to external services. The proxies form a secure microservice mesh providing a rich set of functions like discovery, rich layer-7 routing, circuit breakers, policy enforcement and telemetry recording/reporting functions.
Note: The service mesh is not an overlay network. It simplifies and enhances how microservices in an application talk to each other over the network provided by the underlying platform.
-
Istiod - The Istio control plane. It provides service discovery, configuration and certificate management. It consists of the following sub-components:
-
Pilot - Responsible for configuring the proxies at runtime.
-
Citadel - Responsible for certificate issuance and rotation.
-
Galley - Responsible for validating, ingesting, aggregating, transforming and distributing config within Istio.
-
-
Operator - The component provides user friendly options to operate the Istio service mesh.
Repositories
The Istio project is divided across a few GitHub repositories:
-
istio/api. This repository defines component-level APIs and common configuration formats for the Istio platform.
-
istio/community. This repository contains information on the Istio community, including the various documents that govern the Istio open source project.
-
istio/istio. This is the main code repository. It hosts Istio's core components, install artifacts, and sample programs. It includes:
-
istioctl. This directory contains code for the istioctl command line utility.
-
operator. This directory contains code for the Istio Operator.
-
pilot. This directory contains platform-specific code to populate the abstract service model, dynamically reconfigure the proxies when the application topology changes, as well as translate routing rules into proxy specific configuration.
-
security. This directory contains security related code, including Citadel (acting as Certificate Authority), citadel agent, etc.
-
-
istio/proxy. The Istio proxy contains extensions to the Envoy proxy (in the form of Envoy filters) that support authentication, authorization, and telemetry collection.
-
istio/ztunnel. The repository contains the Rust implementation of the ztunnel component of Ambient mesh.
Issue management
We use GitHub to track all of our bugs and feature requests. Each issue we track has a variety of metadata:
-
Epic. An epic represents a feature area for Istio as a whole. Epics are fairly broad in scope and are basically product-level things. Each issue is ultimately part of an epic.
-
Milestone. Each issue is assigned a milestone. This is 0.1, 0.2, ..., or 'Nebulous Future'. The milestone indicates when we think the issue should get addressed.
-
Priority. Each issue has a priority which is represented by the column in the Prioritization project. Priority can be one of P0, P1, P2, or >P2. The priority indicates how important it is to address the issue within the milestone. P0 says that the milestone cannot be considered achieved if the issue isn't resolved.
Istio is a Cloud Native Computing Foundation project.
Directories
¶
| Path | Synopsis |
|---|---|
|
cni
|
|
|
cmd/istio-cni
This is a sample chained plugin that supports multiple CNI versions.
|
This is a sample chained plugin that supports multiple CNI versions. |
|
pkg/plugin
This is a sample chained plugin that supports multiple CNI versions.
|
This is a sample chained plugin that supports multiple CNI versions. |
|
istioctl
|
|
|
cmd/istioctl
Command istioctl is a Istio configuration command line utility.
|
Command istioctl is a Istio configuration command line utility. |
|
pkg/authz
The auth package provides support for checking the authentication and authorization policy applied in the mesh.
|
The auth package provides support for checking the authentication and authorization policy applied in the mesh. |
|
pkg/clioptions
Package clioptions contains flags which can be added to istioctl commands.
|
Package clioptions contains flags which can be added to istioctl commands. |
|
operator
|
|
|
cmd/mesh
Package mesh contains types and functions.
|
Package mesh contains types and functions. |
|
pkg/apis/istio/v1alpha1
Package v1alpha1 contains API Schema definitions for the istio v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=install.istio.io
|
Package v1alpha1 contains API Schema definitions for the istio v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=install.istio.io |
|
pkg/component
Package component defines an in-memory representation of IstioOperator.<Feature>.<Component>.
|
Package component defines an in-memory representation of IstioOperator.<Feature>.<Component>. |
|
pkg/metrics
Package metrics defines metrics and monitoring functionality used throughout operator.
|
Package metrics defines metrics and monitoring functionality used throughout operator. |
|
pkg/object
Package manifest provides functions for going between in-memory k8s objects (unstructured.Unstructured) and their JSON or YAML representations.
|
Package manifest provides functions for going between in-memory k8s objects (unstructured.Unstructured) and their JSON or YAML representations. |
|
pkg/patch
Package patch implements a simple patching mechanism for k8s resources.
|
Package patch implements a simple patching mechanism for k8s resources. |
|
pkg/tpath
struct.go contains functions for traversing and modifying trees of Go structs.
|
struct.go contains functions for traversing and modifying trees of Go structs. |
|
pkg/translate
Package translate defines translations from installer proto to values.yaml.
|
Package translate defines translations from installer proto to values.yaml. |
|
pilot
|
|
|
pkg/config/aggregate
Package aggregate implements a read-only aggregator for config stores.
|
Package aggregate implements a read-only aggregator for config stores. |
|
pkg/config/kube/crdclient
Package crdclient provides an implementation of the config store and cache using Kubernetes Custom Resources and the informer framework from Kubernetes
|
Package crdclient provides an implementation of the config store and cache using Kubernetes Custom Resources and the informer framework from Kubernetes |
|
pkg/config/kube/ingress
Package ingress provides a read-only view of Kubernetes ingress resources as an ingress rule configuration type store
|
Package ingress provides a read-only view of Kubernetes ingress resources as an ingress rule configuration type store |
|
pkg/config/memory
Package memory provides an in-memory volatile config store implementation
|
Package memory provides an in-memory volatile config store implementation |
|
pkg/leaderelection/k8sleaderelection
Package leaderelection implements leader election of a set of endpoints.
|
Package leaderelection implements leader election of a set of endpoints. |
|
pkg/networking/core/loadbalancer
packages used for load balancer setting
|
packages used for load balancer setting |
|
pkg/serviceregistry/kube/controller/ambient
nolint: gocritic
|
nolint: gocritic |
|
pkg/metadata_exchange
Module
|
|
|
pkg
|
|
|
backoff
Package backoff is a wrapper of `github.com/cenkalti/backoff/v4`.
|
Package backoff is a wrapper of `github.com/cenkalti/backoff/v4`. |
|
cache
Package cache provides general-purpose in-memory caches.
|
Package cache provides general-purpose in-memory caches. |
|
channels
Package buffer provides an implementation of an unbounded buffer.
|
Package buffer provides an implementation of an unbounded buffer. |
|
config
Package config is a common, top-level folder for aggregating Istio-wide config related libraries and utilities.
|
Package config is a common, top-level folder for aggregating Istio-wide config related libraries and utilities. |
|
config/resource
Package resource contains core abstract types for representing configuration resources.
|
Package resource contains core abstract types for representing configuration resources. |
|
config/xds
nolint: lll
|
nolint: lll |
|
ctrlz
Package ctrlz implements Istio's introspection facility.
|
Package ctrlz implements Istio's introspection facility. |
|
ctrlz/topics
Package topics defines several canonical ControlZ topics.
|
Package topics defines several canonical ControlZ topics. |
|
env
Package env makes it possible to track use of environment variables within a procress in order to generate documentation for these uses.
|
Package env makes it possible to track use of environment variables within a procress in order to generate documentation for these uses. |
|
kube/apimirror
Package apimirror contains copies of Kubernetes APIs.
|
Package apimirror contains copies of Kubernetes APIs. |
|
kube/informerfactory
Package informerfactory provides a "factory" to generate informers.
|
Package informerfactory provides a "factory" to generate informers. |
|
kube/inject
Package inject implements kube-inject or webhoook autoinject feature to inject sidecar.
|
Package inject implements kube-inject or webhoook autoinject feature to inject sidecar. |
|
kube/labels
Package labels provides utility methods for retrieving Istio-specific labels from Kubernetes resources.
|
Package labels provides utility methods for retrieving Istio-specific labels from Kubernetes resources. |
|
lazy
Package lazy is a package to expose lazily computed values.
|
Package lazy is a package to expose lazily computed values. |
|
ledger
Package ledger implements a modified map with three unique characteristics: 1.
|
Package ledger implements a modified map with three unique characteristics: 1. |
|
log
Package log provides the canonical logging functionality used by Go-based Istio components.
|
Package log provides the canonical logging functionality used by Go-based Istio components. |
|
monitoring
Package monitoring provides a common instrumentation library for Istio components.
|
Package monitoring provides a common instrumentation library for Istio components. |
|
slices
Package slices defines various functions useful with slices of any type.
|
Package slices defines various functions useful with slices of any type. |
|
test/csrctrl/controllers
An example implementation of a CSR Controller.
|
An example implementation of a CSR Controller. |
|
test/csrctrl/signer
Package signer implements a CA signer that uses keys stored on local disk.
|
Package signer implements a CA signer that uses keys stored on local disk. |
|
test/framework/components/gcemetadata
Package gcemetadata provides basic utilities around configuring the fake GCE Metadata Server component for integration testing.
|
Package gcemetadata provides basic utilities around configuring the fake GCE Metadata Server component for integration testing. |
|
test/framework/components/registryredirector
Package registryredirector provides basic utilities around configuring the fake image registry server component for integration testing.
|
Package registryredirector provides basic utilities around configuring the fake image registry server component for integration testing. |
|
util/protomarshal
Package protomarshal provides operations to marshal and unmarshal protobuf objects.
|
Package protomarshal provides operations to marshal and unmarshal protobuf objects. |
|
version
Package version provides build version information.
|
Package version provides build version information. |
|
webhooks/validation/controller
Package controller implements a k8s controller for managing the lifecycle of a validating webhook.
|
Package controller implements a k8s controller for managing the lifecycle of a validating webhook. |
|
wellknown
Package wellknown contains common names for filters, listeners, etc.
|
Package wellknown contains common names for filters, listeners, etc. |
|
samples
|
|
|
extauthz/src
Module
|
|
|
security
|
|
|
pkg/credentialfetcher
Package credentialfetcher fetches workload credentials through platform plugins.
|
Package credentialfetcher fetches workload credentials through platform plugins. |
|
pkg/nodeagent/cache
Package cache is the in-memory secret store.
|
Package cache is the in-memory secret store. |
|
pkg/nodeagent/plugin/providers/google/stsclient
Package stsclient is for oauth token exchange integration.
|
Package stsclient is for oauth token exchange integration. |
|
pkg/nodeagent/sds
Package sds implements secret discovery service in NodeAgent.
|
Package sds implements secret discovery service in NodeAgent. |
|
tests
|
|
|
common/jwt
package jwt includes sample JWT Token used in e2e tests.
|
package jwt includes sample JWT Token used in e2e tests. |
|
fuzz
nolint: revive
|
nolint: revive |
|
util/leak
leak checks for goroutine leaks in tests This is (heavily) inspired by https://github.com/grpc/grpc-go/blob/master/internal/leakcheck/leakcheck.go and https://github.com/fortytw2/leaktest
|
leak checks for goroutine leaks in tests This is (heavily) inspired by https://github.com/grpc/grpc-go/blob/master/internal/leakcheck/leakcheck.go and https://github.com/fortytw2/leaktest |
|
tools
|
|
|
bug-report/pkg/common
Package common contains resource names, which may vary from version to version.
|
Package common contains resource names, which may vary from version to version. |