Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
m
miniature-ambulance-98143
05/25/2023, 4:38 PMAnyone using Istio service mesh instead of default Traefik? I am interested in knowing the benefits of Istio over Traefik
r
rough-farmer-49135
05/25/2023, 4:41 PMI hear people talk about Traefik as an ingress controller. I haven't really looked at it, but I hadn't heard people talking about it having service mesh capabilities.
m
miniature-ambulance-98143
05/25/2023, 4:47 PMYes it seems to be a simple service mesh that comes OOB with K3s Rancher installations
From the feature set perspective not much difference i feel
r
rough-farmer-49135
05/25/2023, 4:48 PMIt comes as the default installed ingress controller with K3S, just like RKE & RKE2 come with nginx as the default installed ingress controller.
m
miniature-ambulance-98143
05/25/2023, 4:48 PMIstio is complex to setup for sure
I have experience with Istio so considering migrating from Traefik to Istio but would like to understand any real benefits i gain that Traefik doesn’t provide me
r
rough-farmer-49135
05/25/2023, 4:50 PMI think you might want to look up a bit more about what service meshes do. At a 5k yard level, an ingress controller performs basic routing from outside the cluster to internal services. A service mesh allows a lot of network management, joining distinct networks into common IP spaces, traffic logging, and goes between all the pods and not just at the external boundary (though it can do things with the external boundary too).
m
miniature-ambulance-98143
05/25/2023, 4:51 PMGot it so Traefik is more of a Ingress controller than a service mesh compared to Istio?
r
rough-farmer-49135
05/25/2023, 4:52 PMIstio lives as a sidecar on pods in a configured workspace and will do metrics on all network traffic to/from those pods and their other destinations and can also allow securing traffic to implement things like zero trust where every service has to authenticate to every other service and be authorized in a way that doesn't require the application itself to be aware.
Traefik is definitely an ingress controller and I don't know if it or a sister project has service mesh capability or not. Istio is definitely a service mesh, and I think it might have an ingress controller but it can also be used with any ingress controller if you want it to just log/monitor/secure traffic within your cluster.
m
miniature-ambulance-98143
05/25/2023, 4:55 PMSo would you use a combination of Traefik + Istio to handle the API management capabilities of Traefik with the Istio service mesh capability?
In other works do both complement each other?
Traefik handles North-South traffic with Istio handling east-west traffic?
r
rough-farmer-49135
05/25/2023, 4:58 PMMy understanding is they can and it's an option. Don't know if it's optimal for a given scenario or not. There's just a lot of a la carte with Kubernetes, so how much something is a good option or a bad option can be kinda' specific.
m
miniature-ambulance-98143
05/25/2023, 4:58 PMOkay it depends on my use case really and my setup
r
rough-farmer-49135
05/25/2023, 4:59 PMI'd recommend you look up some tutorials on service meshes and/or Istio specifically, ask yourself why you want/need that functionality, and then combine as appropriate.
Yep.
You can look up ingress controllers too, but they're pretty simple. Basically just a web server sort of appliance to service ingress rules with the various config options that you get with them (so similar tradeoffs if you're considering httpd vs nginx for a basic web server, a lot of differences in how you configure things and what's an option but pretty similar and can often be drop in replacements).
✅ 1
a
acceptable-match-53099
05/28/2023, 2:42 PMThere is the Traefik Mesh