Google LLC has just announced beta availability of what it says is a critical tool for managing a relatively new kind of software emerging in the cloud computing era.
The public cloud computing giant is one of the main developers of Istio, the open-source “service mesh” is used to connect, manage and secure microservices, which in turn are the components of containerized apps.
Software containers are used by developers to build applications once that can run on any infrastructure or computing platform. Those containers are managed, or orchestrated, at large scale by open-source software called Kubernetes.
In a blog post today, Google Cloud Director of Engineering Chen Goldberg and Director of Product Management Jennifer Lin said the availability of Istio on Google Kubernetes Engine will provide more granular visibility, security and resilience for Kubernetes-based apps. The offering is being made available through Google’s recently announced Cloud Services Platform, which bundles together all of the tools and services developers need to get their container apps up and running on the company’s cloud or in on-premises data centers.
“Cloud Services Platform combines Kubernetes for container orchestration with Istio, the service management platform, helping you implement infrastructure, security, and operations best practices,” Goldberg and Lin wrote. “The goal is to bring you increased velocity and reliability, as well as to help manage governance at the scale you need.”
Istio, which hit version 1.0 in July, allows developers to manage and visualize applications as services instead of as individual infrastructure components. It provides data such as logs, traces and telemetry that can then be used to enforce security policies for those apps. It also enables the encryption of network traffic, thereby boosting security.
With Istio, developers no longer need to build the operational mechanisms that are necessary to manage microservices, into the application code. Instead, it establishes a connective layer between the individual modules, thereby serving the same purpose but without making any major modifications to the code.
Holger Mueller, principal analyst and vice president of Constellation Research Inc., told in a report that in order to understand what Istio does, we should think of software containers as “cars.”
With Istio on GKE, developers can now deploy Istio to both new and existing container deployments at the click of a button, Goldberg and Lin said.
“It lets you incrementally roll out features, such as Istio security, bringing the benefits of Istio to your existing deployments,” they wrote. “It also simplifies Istio lifecycle management by automatically upgrading your Istio deployments when newer versions become available.”
Google has been pushing hard to get developers to use its Kubernetes service. Earlier this year it announced a number of new networking features for GKE that make it easier to scale up and secure Kubernetes deployments. These include Virtual Private Cloud-native clusters, which provide new features such as scale enhancement, IP management, hybrid connectivity and security checks, plus shared VPC, which enables administrative responsibilities to be delegated to cluster administrators.
Google has also made it easier to deploy Kubernetes applications directly through the Google Cloud Platform Marketplace.
“Once deployed to GKE, Kubernetes apps are managed as full applications, simplifying resource management,” Goldberg and Lin wrote. “You can also deploy Kubernetes apps to non-GKE Kubernetes clusters, whether they’re on-premises or in the cloud, for quick deployment that’s billed alongside other GCP spend.”