Intro
Architecture
Istio Architecture
Istio control plane is a single process - istiod, which contains three components Pilot, Citadel and Galley. You can bring containers in Kubernetes and virtual machines into the Istio mesh together.
Components
The following figure show the components in Istio mesh.
Transparent Traffic Hijacking
The following figure shows the transparent traffic hijacking and traffic routing in Istio.
Note
- Only TCP traffic is shown in the figure. Traffic for UDP and other protocols will not be hijacked.
- It is based on Istio 1.14.
- It shows the traffic routing in
reviewspod of the Bookinfo sample.
Data Plane
Envoy is the default sidecar proxy in Istio.
See Envoy section.
Envoy
xDS
Istiod distributes the proxy configurations to Envoy via xDS protocol.
