[翻译]什么是Istio? 它是服务网格。棒极了，那什么是服务网格？

我不知道在技术社区中有多少人有这样的观点，35年以后，咱们的生活就会像是“银翼杀手”的续集。“银翼杀手”向咱们展示了一个技术的将来，其中的许多视觉建筑，像动画广告板，视频通话，如今都是那么的普通，而这些是咱们小的时候想都不会想到的东西。“银翼杀手”里面的场景居然如此充分地实现了，这使得像我同样的人开始在思考云能作的事情，若是咱们用心地在上面思考的话。

许多年来，这意味着大规模的应用－和许多可持续的工做。没有更多的东西了。其中一个当咱们的技术深刻到云原生架构的结果，就是咱们更增强调基于微服务的应用，这意味这一个单一的服务能够微多个应用提供难以评估的益处－有点像是“代码复用”的终极版本。

可是，当你已经有了一个应用，这个应用包含了成千上完的独立服务，你这样才能管理好你的架构，以致于不让你的应用，至少你的理智－彻底脱离轨道呢？咱们须要的是一个架构，能够帮助咱们链接，管理，还有保证这些微服务的安全，同事提供了负载均衡，身份验证和监控等等功能。

若是有这个的事情存在，你固然愿意参与进来，不是吗？固然你会。好的，你的机会来了。

Istio就是这样的一个开源项目，它完成了全部的这些事情。在周一，就是9月25号的时候，它们已经举办了一次用户测试的“黑客马拉松”活动。我想咱们能够直接从那些参与到这项活动的人身上得到更多的细节，因此咱们将会和Google的软件工程师Douglas Reid和Mandar Jog交流一下，他们一直致力于领导这些开发成果。

Nick Chase:先生们，很是谢谢今天花时间和我会谈。对于那么还不知道什么是Istio的人来讲，请解释一下它。

Mandar Jog: Istio是一个服务网格，它提供了全部微服务须要的交叉功能。例如，你须要流量管理。你须要找到那些你须要触及的服务，有人必须决定你须要和那些服务对接。

而后接下来是可观测的，基本上就是遥测和指标。因此你须要找到某些东西被调用了多少次，一样的，能够追溯。日志都记录在一样的区域。

而后就是强制策略，就是访问控制，或者是任何种类的特定策略的制定，例如在什么样的条件下，一个特定的服务应该和另一个通讯。

最后，Istio验证提供了身份验证，因此你能够基于你总体的身份和身份验证故事实现服务对服务的验证和中央的验证。

Douglas Reid:这些只是一些功能上的东西，可是从另一个不一样的角度来看，我认为Istio是Lyft，IBM和Google这些公司在分布式环境中部署，管理和服务应用软件中用户经验积累的产品。这有些像是这些年来如何简单地去管理规模化，特别是分布式系统，积累的一些最佳实践。

NC: 因此基本上来说，你拥有的就是这种微服务，Istio就是这样的一个请求编排器？

MJ:Istio 处于不一样的服务之间。它解释了这些咱们以前提到的请求。

NC:我不少时候同时听到关于Envoy和Istio的不少事情，这二者之间有什么区别？

DR:Envoy是Istio的一个组件.Envoy是服务的代理。它是Istio的数据平面层。Istio一样也有一个控制面板，叫作Pilot.Pilot控制Envoy的部署，而后帮助配置它们，一样的还有Mixer,帮助作出决策。Envoy 在请求时间调用Mixer。PPilot还控制Envoy用来保护流量的全部其余部分的部署。

NC: Istio 是专一于本身的领域，仍是大家正和其它的项目创建联系来打造一个生态呢？

MJ:还无疑问。例如，LinkerD 如今也能够和Istio一块儿运行。它们能够调用Mixer,因此基本上LinkerD,从最简单的的角度上来讲，能够取代 Envoy做为这个请求的解释器或者代理，而后正如Envoy调用Mixer去作决策，LinderD一样也能够调用Mixer去作决策。Nginx一样仍是运行着，或者已经被通知，它们将会和Mixer进行通讯，全部你可使用Ngix做为你的代理，而不是Envoy.

事实上，Mixer和Envoy之间的协议是很好的被定义和发布的，这意味着理论上是不可替换的。因此做为Istio,咱们定义的就是配置的界面，还有Envoy是如何和Mixer进行通讯的。

DR:Mixer采用了Prometheus做为它内置的度量报告机制，咱们一样也有给StatsD的插件，我肯定这里会有其它的专有指标和遥测方案的插件。咱们正在打算实行配额系统。咱们有了一个配额系统。我认为如今它是创建在Redis上面，咱们期待看到更多的第三方的开发，正如咱们容许编写适配器的生态系统，从而创建和其它项目更多的联系。

MJ:一样的，从策略层面上来讲，Istio正在和其它的几个伙伴一块儿合做。例如开放政策机构(OPA)就是咱们正在合做的第一个策略适配者，你能够在新的半标准语言中去实现你的策略，这和社区工做的标准是一致的。

DR: 而后还有其它值得一提的项目就是，Istio正在和SPIFFE紧密合做，支持SPIFFE做为Istio的一项认证协议。

Me:因此Istio有点像是一应俱全的伞。

MJ:从一个运营者的角度，Istio是操做者能够进行交互的配置。你能够配置Istio去作一些网络工做，这里也有一些Istio支持的网络功能，例如路由规则，目的地策略，还有其它的事情。一样在策略管理和度量方面，这里也有其它的功能，是能够做为插件的。因此当它们发展的时候，Istio支持它们。有点像是Istio的大伞。（未完待续）

 

There is also the matter of how the proxy is being configured. Pilot also exposes a configuration interface that Envoy calls out to, so that’s kind of the third interface. The umbrella defines things in terms of interfaces and protocols, and then we have implementations of all those components in action for a working system.

NC: So what it what this Istio user hackathon all about?

DR:  So as we work towards the next release of Istio, we’re getting closer to what we think are release candidates for all the components, and we are writing up the documentation and all the changes we’ve made over the last couple of months. This event is really to get early adopters to take a look at it, try to run through the documentation, tell us where we might have certain bugs that need to be closed before we consider the release blessed, and see where feature gaps are and so we can start planning for future work on Istio.

NC: What is the next Istio release, and when do you expect to have it?

DR: Our goal is to have it ready by the end of September.

NC: Do you have need to have like kubernetes experience or any other particular prerequisites in order to participate in this event?

MJ:  Some kubernetes would be helpful but it’s not required. We have setup instructions, and we will kind of walk you through how to set up a kubernetes cluster and get things started, so that it shouldn’t be a real impediment.

NC: Are there any particular hardware prerequisites?

DR: What I think what we’re going to do is Google is going to provide a bunch of experimental projects so you can set up clusters, so you shouldn’t need to provide any hardware. I think IBM is going to do that as well on Bluemix, so there should be a fair amount of available infrastructure for testing. So you need a laptop and the ability to run Git, or even just the installer and that should be enough. So I think there aren’t any real hardware requirements that I know of.

NC: Once this release is out, where do you think Istio is on the production-ready scale?

MJ: Istio 0.2 is the release where we have enough features that people can actually get something done, so I’m really looking forward to feedback. Production-readiness, performance, and all that are goals for 0.3.

DR:  In some ways, it’s like the difference between Istio and Envoy and the various components. Certain components of Istio have been used in production environments, and we are well aware of their characteristics. Others have gone through big rewrites over the last couple of months as we learned some things, and we’re still starting to get a feel for what needs to be hardened and what needs to be addressed. So depending on what you’re trying to do with it, you might have different opinions about production-readiness. I think we’re getting close to beta-type status, but we’re not quite there yet.

NC: So where do you think Istio is going?

DR: Well, the Silicon Valley answer is that ultimately Istio will help power all of the world’s services, but I think we’re we’re a long way from that. We’ve got a lot of stuff to do before we get there. I mean one of the features that we were doing for this cycle was just an enabling of VMs that aren’t part of any Kubernetes cluster to join a mesh. So we want to keep working on doing that and expanding to more environments, as well as supporting multiple environments at the same time. Sort of a hybrid scenario. So those are some of our near-term goals.

MJ:  I think Doug covered the really long term and the near term. There are several intermediate goals, but they they kind of get into the nitty-gritty of what’s what’s important. One of the things that we really would like to see is a is a robust kind of vendor community that is building on top of Istio, or on the side of Istio. There are certain things that Istio does foundationally, and we would like to see where those belong to the stack, and then there are also areas and tasks on the side of Istio, and we would also like to see something come up there.

DR:  We’re really focused on getting more community engagement. We’ve been trying to get stuff out, but I think we need to start focusing more on how do we enable community, how do we excite the community, how do we meet the community’s needs now that we’ve sort of got the initial foothold out in the world?

NC: So what do what kind of engagement do you need the most in the community?

DR:  We could use development support, documentation support, design support, process support…

MJ:  We also want to see people do scenario testing to see whether the things we think are relevant are relevant to what people are actually doing. Then we’d like to see people actually trying them out and giving us some feedback. We would really like to get feedback, especially on configuration because that is the surface that an operator touches, and that is how an operator interacts with the system, so so that that feedback is extremely valuable to us

Also, Mixer has an adapter framework, which is the extensibility mechanism for Istio, and it’s how you can write new adapters to enable new functions. That has gone through a big rewrite between 0.1 and 0.2, so it’s another place where we really want feedback from users. For this event it’s unlikely that we’ll be able to get that feedback, but I’m just kind of laying that out there. For 0.2 these are some of the things that we really want some feedback for

DR: There’s a lot of stuff that we want to see happen but probably don’t have the experience to make happen ourselves, like the expertise to make this work on Amazon’s Cloud or different environments like that. I think we could really use community support. So that’s what I’d like to see.

If you’d like to participate in the user testing hackathon, you can sign up here to get instructions and access to donated hardware resources. Missed the date?  You can still help out by executing the test tasks and providing feedback.