istio VS anthos-service-mesh-packages

Istio is a popular open-source service mesh framework that provides a comprehensive solution for managing, securing, and observing microservices-based applications running on Kubernetes.

Leverage a service mesh like Istio or Linkerd to manage communication between microservices within the Kubernetes cluster. These service meshes can be configured to intercept JMX traffic and enforce access control policies. Benefits:

Open Source and Cloud Computing: A Match Made in Heaven The cloud is accelerating OSS adoption. Cloud-native technologies like Kubernetes [https://kubernetes.io/] and Istio [https://istio.io/], both open-source projects, are revolutionizing how applications are built and deployed across cloud platforms.

Consider the case of Bookinfo, a sample application provided by Istio, rewritten using CloudWeGo's Kitex for superior performance and extensibility.

It is a dedicated infrastructure layer that manages service-to-service communication, providing features like load balancing, encryption, authentication, and monitoring. Istio deploys sidecar proxies alongside each microservice instance. These proxies handle communication, providing features like load balancing, service discovery, encryption, monitoring and authentication.

5Y old post that sounds like they've done similar here: Caddy Issue Istio Issue but doesn't cover much of the implementation

In a production environment there will be a load balancer setup with an Ingress Controller, Service Mesh or some type of Custom Router. This allows all traffic to be sent to the single load balancer IP address and then route the traffic to a service based on the Domain name or subpath. We are using a NGINX ingress controller but service meshes like Istio have been becoming the most popular solution to use as they offer more segmentation, security and granular control.

Flagger is a progressive delivery tool that enables a Kubernetes operator to automate the promotion or rollback of deployments based on metrics analysis. It supports a variety of metrics including Prometheus, Datadog, and New Relic to name a few. It also works well with Istio service mesh, and can implement progressive traffic splitting between primary and canary releases.

End-to-end data encryption with a service mesh: Using an end-to-end data encryption mechanism with a service mesh like Istio, TLS can secure communication between different microservices within a Kubernetes cluster. This is a popular approach for modern, distributed microservice architectures.

module.asm.module.asm_install.module.gcloud_kubectl.null_resource.run_command[0] (local-exec): install_asm_1.10: ------------- module.asm.module.asm_install.module.gcloud_kubectl.null_resource.run_command[0] (local-exec): install_asm_1.10: Running: 'kpt pkg get --auto-set=false https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages.git/[email protected]+config2 asm' module.asm.module.asm_install.module.gcloud_kubectl.null_resource.run_command[0] (local-exec): install_asm_1.10: ------------- module.asm.module.asm_install.module.gcloud_kubectl.null_resource.run_command[0] (local-exec): install_asm_1.10: Running: 'kpt pkg get --auto-set=false https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages.git/[email protected]+config2 asm' module.asm.module.asm_install.module.gcloud_kubectl.null_resource.run_command[0] (local-exec): install_asm_1.10: ------------- module.asm.module.asm_install.module.gcloud_kubectl.null_resource.run_command[0] (local-exec): install_asm_1.10: Running: 'kpt pkg get --auto-set=false https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages.git/[email protected]+config2 asm' module.asm.module.asm_install.module.gcloud_kubectl.null_resource.run_command[0] (local-exec): install_asm_1.10: ------------- module.asm.module.asm_install.module.gcloud_kubectl.null_resource.run_command[0] (local-exec): .terraform/modules/asm/modules/asm/scripts/install_asm.sh: line 211: 15216 Segmentation fault: 11 ./install_asm_${ASM_VERSION} --verbose --project_id ${PROJECT_ID} --cluster_name ${CLUSTER_NAME} --cluster_location ${CLUSTER_LOCATION} --mode ${MODE} ${MCP_COMMAND_SNIPPET} ${OPTIONS_COMMAND_SNIPPET} ${CUSTOM_OVERLAYS_COMMAND_SNIPPET} ${OUTDIR_COMMAND_SNIPPET} ${ENABLE_ALL_COMMAND_SNIPPET} ${ENABLE_CLUSTER_ROLES_COMMAND_SNIPPET} ${ENABLE_CLUSTER_LABELS_COMMAND_SNIPPET} ${ENABLE_GCP_COMPONENTS_COMMAND_SNIPPET} ${ENABLE_REGISTRATION_COMMAND_SNIPPET} ${ENABLE_NAMESPACE_CREATION_COMMAND_SNIPPET} ${CA_COMMAND_SNIPPET} ${CA_CERTS_COMMAND_SNIPPET} ${SERVICE_ACCOUNT_COMMAND_SNIPPET} ${KEY_FILE_COMMAND_SNIPPET} ${REVISION_NAME_COMMAND_SNIPPET} module.asm.module.asm_install.module.gcloud_kubectl.null_resource.run_command[0] (local-exec): + cleanup module.asm.module.asm_install.module.gcloud_kubectl.null_resource.run_command[0] (local-exec): + rm -rf /tmp/kubectl_wrapper_6385_10294

install_asm: Setting up necessary files... install_asm: Fetching/writing GCP credentials to kubeconfig file... install_asm: [WARNING]: nc not found, skipping k8s connection verification install_asm: [WARNING]: (Installation will continue normally.) install_asm: Checking installation tool dependencies... install_asm: Getting account information... install_asm: Confirming cluster information for kevin-anthos-asm/europe-north1-a/anthos-asm-demo... install_asm: Downloading ASM.. % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 41.7M 100 41.7M 0 0 31.5M 0 0:00:01 0:00:01 --:--:-- 31.5M install_asm: Downloading ASM kpt package... fetching package "/asm" from "https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages" to "asm" install_asm: Confirming node pool requirements for kevin-anthos-asm/europe-north1-a/anthos-asm-demo... install_asm: Checking Istio installations... install_asm: Enabling required APIs... install_asm: Binding user:[email protected] to required IAM roles... install_asm: Checking for project kevin-anthos-asm... install_asm: Reading labels for europe-north1-a/anthos-asm-demo... install_asm: Adding labels to europe-north1-a/anthos-asm-demo... install_asm: Enabling Workload Identity on europe-north1-a/anthos-asm-demo... install_asm: (This could take awhile, up to 10 minutes) install_asm: Initializing meshconfig API... install_asm: Enabling Stackdriver on europe-north1-a/anthos-asm-demo... install_asm: Querying for core/account... install_asm: Binding [email protected] to cluster admin role... clusterrolebinding.rbac.authorization.k8s.io/kevin.davin-cluster-admin-binding created install_asm: Creating istio-system namespace... namespace/istio-system created install_asm: Configuring kpt package... asm/ set 22 field(s) of setter "gcloud.container.cluster" to value "anthos-asm-demo" asm/ set 40 field(s) of setter "gcloud.core.project" to value "kevin-anthos-asm" asm/ set 2 field(s) of setter "gcloud.project.projectNumber" to value "62405001080" asm/ set 6 field(s) of setter "gcloud.project.environProjectNumber" to value "62405001080" asm/ set 21 field(s) of setter "gcloud.compute.location" to value "europe-north1-a" asm/ set 2 field(s) of setter "gcloud.compute.network" to value "kevin-anthos-asm-default" asm/ set 6 field(s) of setter "anthos.servicemesh.rev" to value "asm-193-2" asm/ set 2 field(s) of setter "anthos.servicemesh.tag" to value "1.9.3-asm.2" install_asm: Installing validation webhook fix... service/istiod created install_asm: Installing ASM control plane... install_asm: ...done! install_asm: Installing ASM CanonicalService controller in asm-system namespace... namespace/asm-system created customresourcedefinition.apiextensions.k8s.io/canonicalservices.anthos.cloud.google.com created role.rbac.authorization.k8s.io/canonical-service-leader-election-role created clusterrole.rbac.authorization.k8s.io/canonical-service-manager-role created clusterrole.rbac.authorization.k8s.io/canonical-service-metrics-reader created serviceaccount/canonical-service-account created rolebinding.rbac.authorization.k8s.io/canonical-service-leader-election-rolebinding created clusterrolebinding.rbac.authorization.k8s.io/canonical-service-manager-rolebinding created clusterrolebinding.rbac.authorization.k8s.io/canonical-service-proxy-rolebinding created service/canonical-service-controller-manager-metrics-service created deployment.apps/canonical-service-controller-manager created install_asm: Waiting for deployment... deployment.apps/canonical-service-controller-manager condition met install_asm: ...done! install_asm: install_asm: ***************************** client version: 1.9.3-asm.2 control plane version: 1.9.3-asm.2 data plane version: 1.9.3-asm.2 (2 proxies) install_asm: ***************************** install_asm: The ASM control plane installation is now complete. install_asm: To enable automatic sidecar injection on a namespace, you can use the following command: install_asm: kubectl label namespace istio-injection- istio.io/rev=asm-193-2 --overwrite install_asm: If you use 'istioctl install' afterwards to modify this installation, you will need install_asm: to specify the option '--set revision=asm-193-2' to target this control plane install_asm: instead of installing a new one. install_asm: To finish the installation, enable Istio sidecar injection and restart your workloads. install_asm: For more information, see: install_asm: https://cloud.google.com/service-mesh/docs/proxy-injection install_asm: The ASM package used for installation can be found at: install_asm: /home/kevin_davin/anthos/asm/2021-05-11-apres-midi/asm-downloads/asm install_asm: The version of istioctl that matches the installation can be found at: install_asm: /home/kevin_davin/anthos/asm/2021-05-11-apres-midi/asm-downloads/istio-1.9.3-asm.2/bin/istioctl install_asm: A symlink to the istioctl binary can be found at: install_asm: /home/kevin_davin/anthos/asm/2021-05-11-apres-midi/asm-downloads/istioctl install_asm: The combined configuration generated for installation can be found at: install_asm: /home/kevin_davin/anthos/asm/2021-05-11-apres-midi/asm-downloads/asm-193-2-manifest-raw.yaml install_asm: The full, expanded set of kubernetes resources can be found at: install_asm: /home/kevin_davin/anthos/asm/2021-05-11-apres-midi/asm-downloads/asm-193-2-manifest-expanded.yaml install_asm: ***************************** install_asm: Successfully installed ASM.