Istio 0.2.7 architecture
The previous step deployed the Istio Pilot, Mixer, Ingress-Controller, and Egress-Controller, and the Istio CA (Certificate Authority).
Pilot 飞行员 - Responsible for configuring the Envoy and Mixer at runtime.
Envoy 全权使者 - Sidecar proxies per microservice to handle ingress/egress traffic between services in the cluster and from a service to external services. The proxies form a secure microservice mesh providing a rich set of functions like discovery, rich layer-7 routing, circuit breakers, policy enforcement and telemetry recording/reporting functions.
Mixer 混合器 - Create a portability layer on top of infrastructure backends. Enforce policies such as ACLs, rate limits, quotas, authentication, request tracing and telemetry collection at an infrastructure level.
Ingress/Egress 入口/出口 - Configure path based routing.
Istio CA 证书机构 - Secures service to service communication over TLS. Providing a key management system to automate key and certificate generation, distribution, rotation, and revocation
The overall architecture is shown below.
details service ratings service reviews service productpage service ingress: gateway