Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Confidential & Proprietary
Stop reinventing the wheel
with Istio
Mete Atamel
Developer Advocate at Google
@meteatamel
Confidential & Proprietary
Agenda
1. The need for Istio
Containers, Kubernetes, Istio
2. What is Istio?
Istio at the high ...
The need for Istio
Containers, Kubernetes, Istio
Confidential & Proprietary
Code that solves a problem
Make that code production ready (logging, tracing, auth, load balanc...
Confidential & Proprietary
Code that solves a problem => You
Make that code production ready => Istio
A way to package and...
Confidential & Proprietary
What is a container?
Lightweight
Hermetically sealed
Isolated
Easily deployable
Introspectable
...
7
Docker: Tooling for the masses
FROM debian:latest
RUN apt-get update
RUN apt-get install -y nginx
CMD [“nginx”,”-g”,”dae...
Confidential & Proprietary
Containers are not enough
Service
Discovery
Redundancy
Scheduling
Scaling up &
down
Rolling out...
Confidential & Proprietary
Kubernetes
Κυβερνήτης means “governor” in Greek
• Manages container clusters
• Inspired and inf...
Confidential & Proprietary
Microservices in Kubernetes world
Service
Pods
Each pod containers
one or more containers
Nodes...
Confidential & Proprietary
Kubernetes is not enough either
Dependency
Visualisation
Tracing
Metrics
Logging
Circuit
Breaki...
What is Istio?
Istio at the high level, setup
Confidential & Proprietary
Istio: High level goals
Community maturing and gathering around common
tools
Decouple applicati...
Confidential & Proprietary
Istio
Ιστιο means “sail”. An open platform to connect, manage, and
secure microservices.
● Plat...
Confidential & Proprietary
Istio: At the very high level
Users
Cloud SQL
frontend
pictures payments
auth
External
Payment
...
Confidential & Proprietary
Istio: At the very high level
Users
Cloud SQL
frontend
pictures payments
auth
External
Payment
...
18
$ gcloud container clusters create hello-istio
--enable-kubernetes-alpha
--machine-type=n1-standard-2
--num-nodes=4
--n...
Confidential & Proprietary
Demo: Install Istio
Building Blocks
Envoy, Mixer, Pilot, Istio-Auth
Confidential & Proprietary
Istio Architecture
Mixer Istio-Auth
frontend payments
proxy proxy
Pilot
Discovery & config
data...
Confidential & Proprietary
Envoy Proxy
A high-performance proxy in C++, to mediate all
inbound/outbound traffic
● Dynamic ...
Confidential & Proprietary
Pilot
Responsible for managing Envoy proxies in the service mesh.
● Service discovery for Envoy...
Confidential & Proprietary
Pilot
Confidential & Proprietary
Mixer
1. Precondition Checking. Enables callers to verify a number of
preconditions before resp...
Confidential & Proprietary
Istio-Auth
1. Provides each service with a strong identity
2. Provides service-to-service and e...
Confidential & Proprietary
Demo: Deploy App
Add-ons
Grafana, Prometheus, Zipkin, ServiceGraph
Confidential & Proprietary
Grafana: Analytics and monitoring
Confidential & Proprietary
Prometheus: Query metrics
Confidential & Proprietary
Zipkin: Tracing
Confidential & Proprietary
ServiceGraph
Confidential & Proprietary
Demo: Install add-ons
Traffic Management
Request Routing, Discovery & Load Balancing, Failure Recovery &
Injection
Confidential & Proprietary
Traffic Management
Istio’s traffic management decouples traffic flow and infrastructure scaling...
Confidential & Proprietary
Request Routing
Confidential & Proprietary
Discovery & Load Balancing
Confidential & Proprietary
Failure Recovery
Out-of-the-box opt-in failure recovery features:
● Timeouts
● Bounded retries ...
Confidential & Proprietary
Fault Injection
Systematic fault injection to identify weaknesses in failure recovery policies
...
Confidential & Proprietary
Demo: Change routes
Confidential & Proprietary
Demo: Cleanup
Confidential & Proprietary
Thank you!
Mete Atamel
@meteatamel
Stop reinventing the wheel with Istio by Mete Atamel (Google)
Stop reinventing the wheel with Istio by Mete Atamel (Google)
Prochain SlideShare
Chargement dans…5
×

Stop reinventing the wheel with Istio by Mete Atamel (Google)

1 353 vues

Publié le

#Codemotion Rome 2018 - Containers provide a consistent environment to run services. Kubernetes help us to manage and scale our container cluster. Good start for a loosely coupled microservices architecture but not enough. How do you control the flow of traffic & enforce policies between services? How do you visualize service dependencies & identify issues? How can you provide verifiable service identities, test for failures? You can implement your own custom solutions or you can rely on Istio, an open platform to connect, manage and secure microservices.

Publié dans : Technologie
  • DOWNLOAD FULL eBOOK INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookeBOOK Crime, eeBOOK Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • DOWNLOAD FULL eBOOK INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookeBOOK Crime, eeBOOK Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • Visit this site: tinyurl.com/sexinarea and find sex in your area for one night)) You can find me on this site too)
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • Looking to give a fun if you interested. I am a unique woman who likes to hang out, have fun and appreciate life. Send me a message so I know your serious on -- http://diaria.club/id322965 Copy this link in your browser
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • Sex in your area for one night is there SEX25.CLUB Copy and paste link in your browser to visit a site)
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici

Stop reinventing the wheel with Istio by Mete Atamel (Google)

  1. 1. Confidential & Proprietary Stop reinventing the wheel with Istio Mete Atamel Developer Advocate at Google @meteatamel
  2. 2. Confidential & Proprietary Agenda 1. The need for Istio Containers, Kubernetes, Istio 2. What is Istio? Istio at the high level, setup 3. Building Blocks Envoy, Mixer, Pilot, Istio-Auth 4. Add-ons Grafana, Prometheus, Zipkin, ServiceGraph 5. Traffic Management Request Routing, Discovery & Load Balancing, Failure Recovery & Injection
  3. 3. The need for Istio Containers, Kubernetes, Istio
  4. 4. Confidential & Proprietary Code that solves a problem Make that code production ready (logging, tracing, auth, load balancing, etc) A way to package and run that code consistently on different environments A way to deploy (hopefully optimally) and manage that code Solving a problem with software
  5. 5. Confidential & Proprietary Code that solves a problem => You Make that code production ready => Istio A way to package and run that code consistently => Docker A way to deploy and manage that code => Kubernetes Solving a problem with software
  6. 6. Confidential & Proprietary What is a container? Lightweight Hermetically sealed Isolated Easily deployable Introspectable Composable Linux (or Windows) processes A lightweight way to virtualize applications
  7. 7. 7 Docker: Tooling for the masses FROM debian:latest RUN apt-get update RUN apt-get install -y nginx CMD [“nginx”,”-g”,”daemon off;”] EXPOSE 80 Docker is a container runtime and image format Dockerfile defines the dependencies, environment and the code to run Container is a consistent invocation of a Dockerfile
  8. 8. Confidential & Proprietary Containers are not enough Service Discovery Redundancy Scheduling Scaling up & down Rolling out & back Resiliency Config & Secrets Health Checks
  9. 9. Confidential & Proprietary Kubernetes Κυβερνήτης means “governor” in Greek • Manages container clusters • Inspired and informed by Google’s internal container system called Borg • Supports multiple cloud and bare-metal environments • 100% Open source, written in Go Manage applications, not machines
  10. 10. Confidential & Proprietary Microservices in Kubernetes world Service Pods Each pod containers one or more containers Nodes Role: frontend Role: frontend Role: frontend Role: frontend Replication controller Replicas: 3 Env: prod microservice labels Service communication channel Blueprint “pod template” Env: prod Env: prod Env: prod registry containers
  11. 11. Confidential & Proprietary Kubernetes is not enough either Dependency Visualisation Tracing Metrics Logging Circuit Breaking Service Identity & Auth Fault Injection Traffic Flow & Policies Failover
  12. 12. What is Istio? Istio at the high level, setup
  13. 13. Confidential & Proprietary Istio: High level goals Community maturing and gathering around common tools Decouple application code from underlying platform and policies
  14. 14. Confidential & Proprietary Istio Ιστιο means “sail”. An open platform to connect, manage, and secure microservices. ● Platform support: Kubernetes, Mesos, Cloud Foundry ● Observability: Metrics, logs, traces, dependency visualisation ● Service Identity & Security: Provide verifiable identity to services, service-to-service authentication ● Traffic Management: Dynamically control traffic between services, ingress/egress routing, fault injection ● Policy enforcement: Precondition checking, quota management between services
  15. 15. Confidential & Proprietary Istio: At the very high level Users Cloud SQL frontend pictures payments auth External Payment Processor
  16. 16. Confidential & Proprietary Istio: At the very high level Users Cloud SQL frontend pictures payments auth External Payment Processor proxy proxy proxy proxy ingress
  17. 17. 18 $ gcloud container clusters create hello-istio --enable-kubernetes-alpha --machine-type=n1-standard-2 --num-nodes=4 --no-enable-legacy-authorization --zone europe-west1-b Creating cluster hello-istio...done. Created [https://container.googleapis.com/v1/projects/dotnet-atamel/zones/europe-west1-b/clusters/hello-istio] NAME LOCATION MASTER_VERSION MASTER_IP MACHINE_TYPE NODE_VERSION NUM_NODES STATUS hello-istio europe-west1-b 1.7.12-gke.0 ALPHA 35.190.192.251 n1-standard-2 1.7.12-gke.0 4 RUNNING $ kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value core/account) clusterrolebinding "cluster-admin-binding" created
  18. 18. Confidential & Proprietary Demo: Install Istio
  19. 19. Building Blocks Envoy, Mixer, Pilot, Istio-Auth
  20. 20. Confidential & Proprietary Istio Architecture Mixer Istio-Auth frontend payments proxy proxy Pilot Discovery & config data to Envoy sidecars TLS certs to Envoy sidecars Policy checks, telemetry Traffic transparently proxied — unaware of Envoy sidecars Control Plane HTTP/1.1, HTTP/2, gRPC with or without TLS
  21. 21. Confidential & Proprietary Envoy Proxy A high-performance proxy in C++, to mediate all inbound/outbound traffic ● Dynamic service discovery ● Load balancing, TLS termination ● HTTP/2 & gRPC proxying ● Circuit breakers, health checks, rich metrics Deployed as a sidecar to the relevant service in the same Kubernetes pod
  22. 22. Confidential & Proprietary Pilot Responsible for managing Envoy proxies in the service mesh. ● Service discovery for Envoy ● Traffic management capabilities for routing (A/B testing, canary deployments) ● Resiliency (timeouts, retries, circuit breakers) ● Converts high level routing rules into Envoy specific configurations and propogates them to sidecars at runtime
  23. 23. Confidential & Proprietary Pilot
  24. 24. Confidential & Proprietary Mixer 1. Precondition Checking. Enables callers to verify a number of preconditions before responding to an incoming request from a service consumer. 2. Quota Management. Enables services to allocate and free quota (eg. rate limits) 3. Telemetry Reporting. Enables services to report logging and monitoring
  25. 25. Confidential & Proprietary Istio-Auth 1. Provides each service with a strong identity 2. Provides service-to-service and end-user authentication using mutual TLS 3. Provides a key management system to automate key and certificate generation, distribution, rotation, and revocation
  26. 26. Confidential & Proprietary Demo: Deploy App
  27. 27. Add-ons Grafana, Prometheus, Zipkin, ServiceGraph
  28. 28. Confidential & Proprietary Grafana: Analytics and monitoring
  29. 29. Confidential & Proprietary Prometheus: Query metrics
  30. 30. Confidential & Proprietary Zipkin: Tracing
  31. 31. Confidential & Proprietary ServiceGraph
  32. 32. Confidential & Proprietary Demo: Install add-ons
  33. 33. Traffic Management Request Routing, Discovery & Load Balancing, Failure Recovery & Injection
  34. 34. Confidential & Proprietary Traffic Management Istio’s traffic management decouples traffic flow and infrastructure scaling Dynamic request routing for A/B testing, gradual rollouts, canary releases Discovery & load balancing across services Failure recovery using timeouts, retries, and circuit breakers Fault injection to test the compatibility of recovery policies across services
  35. 35. Confidential & Proprietary Request Routing
  36. 36. Confidential & Proprietary Discovery & Load Balancing
  37. 37. Confidential & Proprietary Failure Recovery Out-of-the-box opt-in failure recovery features: ● Timeouts ● Bounded retries with timeout budgets and variable jitter between retries ● Limits on number of concurrent connections ● Periodic health checks on each member of the load balancing pool ● Fine-grained circuit breakers (passive health checks) – applied per instance in the load balancing pool
  38. 38. Confidential & Proprietary Fault Injection Systematic fault injection to identify weaknesses in failure recovery policies ● HTTP/gRPC error codes ● Delay injection frontend movies proxy proxy stars proxy timeout: 100ms retries: 3 300ms timeout: 200ms retries: 2 400ms
  39. 39. Confidential & Proprietary Demo: Change routes
  40. 40. Confidential & Proprietary Demo: Cleanup
  41. 41. Confidential & Proprietary Thank you! Mete Atamel @meteatamel

×