As you’ve seen throughout this book, Istio can bring a lot of value to organizations with its application-networking functionality. Organizations adopting Istio will likely have other constraints or assumptions that Istio may not fulfill out of the box. You will likely need to extend Istio’s capabilities to more nicely fit within these constraints.
As we saw in chapter 3, and reinforced throughout the book, the Envoy proxy is a foundational component of the Istio service mesh. Envoy is the service proxy that lives with the application instance and on the request path between services in a mesh. Although Envoy has a significant set of functionality that can simplify application networking for your services, you will most likely run into scenarios where you need to enhance Envoy for “last-mile” or customized integration. The following are examples of extension:
- Integrating with rate limiting or external authorization services
- Adding, removing, or modifying headers
- Calling out to other services to enrich a request payload
- Implementing custom protocols like HMAC signing/verification
- Non-standard security token handling