What is Istio?

Now that we have looked at what a service mesh is in general, this section focuses on Istio: one of the most widely used service mesh implementations and the one offered as a managed add-on in AKS.

Istio is an open-source service mesh that originated at Google, IBM, and Lyft, and is now a CNCF graduated project . It builds on the general service mesh model described in the previous section and provides a concrete implementation that runs on top of Kubernetes.

What Istio Adds

Istio groups its capabilities into a few main areas. Each of the pages below explains one area in more detail, including the Istio resources involved and when you would use them.

• Traffic Management

  Route, split, and shape traffic between services using Istio routing rules.

• Resilience

  Improve reliability with retries, timeouts, circuit breaking, and outlier detection.

• Security

  Enforce mTLS, workload identity, and authorization between services.

• Observability

  Get consistent metrics, traces, and traffic visibility across services.

• Ingress and Egress Control

  Manage traffic entering and leaving the mesh with Istio gateways.

When Istio is a Good Fit

Istio is most useful when:

• You operate multiple services that call each other frequently
• You need consistent traffic policies across teams
• You want mTLS between services without every team implementing it in application code
• You need safer release patterns such as traffic splitting and canary deployments
• You need better visibility into service-to-service dependencies

Istio may not be the right first step for very small applications, simple lift-and-shift deployments, or teams that do not yet need service mesh features. It adds powerful capabilities, but also adds operational concepts that teams need to understand.