From e6e984a8139b7305ca3eb6039f1ed2b21bc32a0f Mon Sep 17 00:00:00 2001 From: Mitchell Hashimoto Date: Wed, 20 Jun 2018 15:03:02 +0900 Subject: [PATCH] website: address Armon's feedback --- website/source/intro/index.html.md | 5 ++++- website/source/intro/vs/istio.html.md | 17 ++++++++++------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/website/source/intro/index.html.md b/website/source/intro/index.html.md index 7052b9eeb2..ff914838b2 100644 --- a/website/source/intro/index.html.md +++ b/website/source/intro/index.html.md @@ -16,7 +16,7 @@ detailed reference of available features. ## What is Consul? -Consul has multiple components, but as a whole, it is a tool for +Consul is a service mesh solution that has multiple components for discovering, connecting, configuring, and securing services in your infrastructure. It provides several key features: @@ -39,6 +39,9 @@ infrastructure. It provides several key features: certificates for services to establish mutual TLS connections. [Intentions](/docs/connect/intentions.html) can be used to define which services are allowed to communicate. + Service segmentation can be easily managed with intentions that can + be changed in real time instead of using complex network topologies + and static firewall rules. * **Multi Datacenter**: Consul supports multiple datacenters out of the box. This means users of Consul do not have to worry about building additional layers of diff --git a/website/source/intro/vs/istio.html.md b/website/source/intro/vs/istio.html.md index 7b0a6511a5..49437e9dec 100644 --- a/website/source/intro/vs/istio.html.md +++ b/website/source/intro/vs/istio.html.md @@ -18,10 +18,10 @@ or others. At a minimum, three Istio-dedicated services along with at least one separate distributed system (in addition to Istio) must be configured for the full functionality of Istio. -Istio is architected to work on any platform. However, the documentation -and resources for installing and configuring Istio on non-Kubernetes systems -are few and the number of moving pieces Istio requires poses a challenge for -installation, configuration, and operation. +Istio plans to work on any platform, but currently has a hard dependency +on the Kubernetes API. While the documentation covers connecting non-Kubernetes +services, it assumes that a Kubernetes deployment exists for the control +plane. Istio provides layer 7 features for path-based routing, traffic shaping, load balancing, and telemetry. Access control policies can be configured @@ -38,9 +38,12 @@ on any platform, including directly onto the machine. Consul uses an agent-based model where each node in the cluster runs a Consul Client. This client maintains a local cache that is efficiently updated from servers. As a result, all secure service communication APIs respond in -microseconds and do not require any external communication. Further, -service-to-service communication continues operating even if the Consul -cluster is degraded. +microseconds and do not require any external communication. This allows us to +do connection enforcement at the edge without communicating to central +servers. Istio flows requests to a central Mixer service and must push +updates out via Pilot. This dramatically reduces the scalability of Istio, +whereas Consul is able to efficiently distribute updates and perform all +work on the edge. The data plane for Consul is pluggable. It includes a built-in proxy with a larger performance trade off for ease of use. But you may also use third