[翻譯]什麼是Istio? 它是服務網格。棒極了，那什麼是服務網格？

我不知道在技術社區中有多少人有這樣的觀點，35年以後，咱們的生活就會像是「銀翼殺手」的續集。「銀翼殺手」向咱們展示了一個技術的將來，其中的許多視覺建築，像動畫廣告板，視頻通話，如今都是那麼的普通，而這些是咱們小的時候想都不會想到的東西。「銀翼殺手」裏面的場景居然如此充分地實現了，這使得像我同樣的人開始在思考雲能作的事情，若是咱們用心地在上面思考的話。

許多年來，這意味着大規模的應用－和許多可持續的工做。沒有更多的東西了。其中一個當咱們的技術深刻到雲原生架構的結果，就是咱們更增強調基於微服務的應用，這意味這一個單一的服務能夠微多個應用提供難以評估的益處－有點像是「代碼複用」的終極版本。

可是，當你已經有了一個應用，這個應用包含了成千上完的獨立服務，你這樣才能管理好你的架構，以致於不讓你的應用，至少你的理智－徹底脫離軌道呢？咱們須要的是一個架構，能夠幫助咱們鏈接，管理，還有保證這些微服務的安全，同事提供了負載均衡，身份驗證和監控等等功能。

若是有這個的事情存在，你固然願意參與進來，不是嗎？固然你會。好的，你的機會來了。

Istio就是這樣的一個開源項目，它完成了全部的這些事情。在週一，就是9月25號的時候，它們已經舉辦了一次用戶測試的「黑客馬拉松」活動。我想咱們能夠直接從那些參與到這項活動的人身上得到更多的細節，因此咱們將會和Google的軟件工程師Douglas Reid和Mandar Jog交流一下，他們一直致力於領導這些開發成果。

Nick Chase:先生們，很是謝謝今天花時間和我會談。對於那麼還不知道什麼是Istio的人來講，請解釋一下它。

Mandar Jog: Istio是一個服務網格，它提供了全部微服務須要的交叉功能。例如，你須要流量管理。你須要找到那些你須要觸及的服務，有人必須決定你須要和那些服務對接。

而後接下來是可觀測的，基本上就是遙測和指標。因此你須要找到某些東西被調用了多少次，一樣的，能夠追溯。日誌都記錄在一樣的區域。

而後就是強制策略，就是訪問控制，或者是任何種類的特定策略的制定，例如在什麼樣的條件下，一個特定的服務應該和另一個通訊。

最後，Istio驗證提供了身份驗證，因此你能夠基於你總體的身份和身份驗證故事實現服務對服務的驗證和中央的驗證。

Douglas Reid:這些只是一些功能上的東西，可是從另一個不一樣的角度來看，我認爲Istio是Lyft，IBM和Google這些公司在分佈式環境中部署，管理和服務應用軟件中用戶經驗積累的產品。這有些像是這些年來如何簡單地去管理規模化，特別是分佈式系統，積累的一些最佳實踐。

NC: 因此基本上來說，你擁有的就是這種微服務，Istio就是這樣的一個請求編排器？

MJ:Istio 處於不一樣的服務之間。它解釋了這些咱們以前提到的請求。

NC:我不少時候同時聽到關於Envoy和Istio的不少事情，這二者之間有什麼區別？

DR:Envoy是Istio的一個組件.Envoy是服務的代理。它是Istio的數據平面層。Istio一樣也有一個控制面板，叫作Pilot.Pilot控制Envoy的部署，而後幫助配置它們，一樣的還有Mixer,幫助作出決策。Envoy 在請求時間調用Mixer。PPilot還控制Envoy用來保護流量的全部其餘部分的部署。

NC: Istio 是專一於本身的領域，仍是大家正和其它的項目創建聯繫來打造一個生態呢？

MJ:還無疑問。例如，LinkerD 如今也能夠和Istio一塊兒運行。它們能夠調用Mixer,因此基本上LinkerD,從最簡單的的角度上來講，能夠取代 Envoy做爲這個請求的解釋器或者代理，而後正如Envoy調用Mixer去作決策，LinderD一樣也能夠調用Mixer去作決策。Nginx一樣仍是運行着，或者已經被通知，它們將會和Mixer進行通訊，全部你可使用Ngix做爲你的代理，而不是Envoy.

事實上，Mixer和Envoy之間的協議是很好的被定義和發佈的，這意味着理論上是不可替換的。因此做爲Istio,咱們定義的就是配置的界面，還有Envoy是如何和Mixer進行通訊的。

DR:Mixer採用了Prometheus做爲它內置的度量報告機制，咱們一樣也有給StatsD的插件，我肯定這裏會有其它的專有指標和遙測方案的插件。咱們正在打算實行配額系統。咱們有了一個配額系統。我認爲如今它是創建在Redis上面，咱們期待看到更多的第三方的開發，正如咱們容許編寫適配器的生態系統，從而創建和其它項目更多的聯繫。

MJ:一樣的，從策略層面上來講，Istio正在和其它的幾個夥伴一塊兒合做。例如開放政策機構(OPA)就是咱們正在合做的第一個策略適配者，你能夠在新的半標準語言中去實現你的策略，這和社區工做的標準是一致的。

DR: 而後還有其它值得一提的項目就是，Istio正在和SPIFFE緊密合做，支持SPIFFE做爲Istio的一項認證協議。

Me:因此Istio有點像是一應俱全的傘。

MJ:從一個運營者的角度，Istio是操做者能夠進行交互的配置。你能夠配置Istio去作一些網絡工做，這裏也有一些Istio支持的網絡功能，例如路由規則，目的地策略，還有其它的事情。一樣在策略管理和度量方面，這裏也有其它的功能，是能夠做爲插件的。因此當它們發展的時候，Istio支持它們。有點像是Istio的大傘。（未完待續）

 

There is also the matter of how the proxy is being configured. Pilot also exposes a configuration interface that Envoy calls out to, so that’s kind of the third interface. The umbrella defines things in terms of interfaces and protocols, and then we have implementations of all those components in action for a working system.

NC: So what it what this Istio user hackathon all about?

DR:  So as we work towards the next release of Istio, we’re getting closer to what we think are release candidates for all the components, and we are writing up the documentation and all the changes we’ve made over the last couple of months. This event is really to get early adopters to take a look at it, try to run through the documentation, tell us where we might have certain bugs that need to be closed before we consider the release blessed, and see where feature gaps are and so we can start planning for future work on Istio.

NC: What is the next Istio release, and when do you expect to have it?

DR: Our goal is to have it ready by the end of September.

NC: Do you have need to have like kubernetes experience or any other particular prerequisites in order to participate in this event?

MJ:  Some kubernetes would be helpful but it’s not required. We have setup instructions, and we will kind of walk you through how to set up a kubernetes cluster and get things started, so that it shouldn’t be a real impediment.

NC: Are there any particular hardware prerequisites?

DR: What I think what we’re going to do is Google is going to provide a bunch of experimental projects so you can set up clusters, so you shouldn’t need to provide any hardware. I think IBM is going to do that as well on Bluemix, so there should be a fair amount of available infrastructure for testing. So you need a laptop and the ability to run Git, or even just the installer and that should be enough. So I think there aren’t any real hardware requirements that I know of.

NC: Once this release is out, where do you think Istio is on the production-ready scale?

MJ: Istio 0.2 is the release where we have enough features that people can actually get something done, so I’m really looking forward to feedback. Production-readiness, performance, and all that are goals for 0.3.

DR:  In some ways, it’s like the difference between Istio and Envoy and the various components. Certain components of Istio have been used in production environments, and we are well aware of their characteristics. Others have gone through big rewrites over the last couple of months as we learned some things, and we’re still starting to get a feel for what needs to be hardened and what needs to be addressed. So depending on what you’re trying to do with it, you might have different opinions about production-readiness. I think we’re getting close to beta-type status, but we’re not quite there yet.

NC: So where do you think Istio is going?

DR: Well, the Silicon Valley answer is that ultimately Istio will help power all of the world’s services, but I think we’re we’re a long way from that. We’ve got a lot of stuff to do before we get there. I mean one of the features that we were doing for this cycle was just an enabling of VMs that aren’t part of any Kubernetes cluster to join a mesh. So we want to keep working on doing that and expanding to more environments, as well as supporting multiple environments at the same time. Sort of a hybrid scenario. So those are some of our near-term goals.

MJ:  I think Doug covered the really long term and the near term. There are several intermediate goals, but they they kind of get into the nitty-gritty of what’s what’s important. One of the things that we really would like to see is a is a robust kind of vendor community that is building on top of Istio, or on the side of Istio. There are certain things that Istio does foundationally, and we would like to see where those belong to the stack, and then there are also areas and tasks on the side of Istio, and we would also like to see something come up there.

DR:  We’re really focused on getting more community engagement. We’ve been trying to get stuff out, but I think we need to start focusing more on how do we enable community, how do we excite the community, how do we meet the community’s needs now that we’ve sort of got the initial foothold out in the world?

NC: So what do what kind of engagement do you need the most in the community?

DR:  We could use development support, documentation support, design support, process support…

MJ:  We also want to see people do scenario testing to see whether the things we think are relevant are relevant to what people are actually doing. Then we’d like to see people actually trying them out and giving us some feedback. We would really like to get feedback, especially on configuration because that is the surface that an operator touches, and that is how an operator interacts with the system, so so that that feedback is extremely valuable to us

Also, Mixer has an adapter framework, which is the extensibility mechanism for Istio, and it’s how you can write new adapters to enable new functions. That has gone through a big rewrite between 0.1 and 0.2, so it’s another place where we really want feedback from users. For this event it’s unlikely that we’ll be able to get that feedback, but I’m just kind of laying that out there. For 0.2 these are some of the things that we really want some feedback for

DR: There’s a lot of stuff that we want to see happen but probably don’t have the experience to make happen ourselves, like the expertise to make this work on Amazon’s Cloud or different environments like that. I think we could really use community support. So that’s what I’d like to see.

If you’d like to participate in the user testing hackathon, you can sign up here to get instructions and access to donated hardware resources. Missed the date?  You can still help out by executing the test tasks and providing feedback.