SlideShare une entreprise Scribd logo

Javantura v6 - Istio Service Mesh - The magic between your microservices - Marko Lukša

Télécharger en tant que PPTX, PDF
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association

Individual microservices are relatively easy to develop, but managing a distributed system composed of microservices is never a simple task. Kubernetes helps, but it falls short of providing everything such a system needs. This is where the Istio Service Mesh comes in. Running microservices in production, you'll soon realize you want things like traffic splitting, automatic connection retries, timeouts and failovers, secure communication and authentication between your services, distributed metrics, tracing and logging. By introducing Istio into your architecture, you get all of that and more. And you get most of it without changing your code at all. In this talk, you'll see a demonstration of Istio in action and learn about the tricks that make its magic possible.

Technologie
1  sur  47
Istio Service MeshThe magic between your microservices Marko Lukša, Red Hat
Marko Lukša ● Software engineer at Red Hat ● 20+ years ● Currently working on: ○ Istio ○ Kubernetes ○ OpenShift ● Author of Kubernetes in Action ○ www.manning.com/books/kubernetes-in-action ○ FREE chapters 2-5: Exploring Kubernetes ■ www.manning.com/books/exploring-kubernetes
About you? Show of hands ● Develop Microservices? ● Heard of Istio? ● Using Istio? ● Using Kubernetes?
INTRO
Microservices: The fairy tale ● Smaller, simpler units ● Easier to develop ● Different languages ● Re-use existing components ● Independent development cycles ● Independent release cycles ● Independent scaling ● ...
Microservices: The reality *hacker icon source: https://www.freeiconspng.com/img/37219 *hourglass icon by Freepik from www.flaticon.com *monitoring icon by Francesco Daffini from www.onlinewebfonts.com User v2v1
IstioConnect, secure, control, and observe services.
Istio is an open-source service mesh
A service mesh is decentralized application networking infrastructure that connects your (micro)services
Istio is in-between your microservices User v2v1 ● No libraries to import ● No* code changes required ● Completely transparent to the application ● Sounds impossible?
HOW?
* * Optional
Sidecar container pattern sidecar noun /ˈsaɪd.kɑːr/ a small, low vehicle attached to the side of a motorcycle for carrying passengers. sidecar container a container that augments and improves the main application container, often without the main application’s knowledge. Pod Service (Your code) Sidecar Istio Proxy
Pod B Service B Istio Proxy Communication through Istio Proxy Pod A Service A Istio Proxy
Istio Control PlanePilot Mixer CitadelGalley Istio Service Mesh architecture Service A Service B Service C Istio Proxy Istio Proxy Istio Proxy HTTP/1.1 HTTP/2 gRPC TCP HTTP/1.1 HTTP/2 gRPC TCP mTLS mTLS
What kind of MAGIC does this enable?
Istio enables OBSERVABILITY
Istio Control Plane Monitoring with Istio Pod Service A Istio Proxy Pod Service B Istio Proxy
Monitoring
Distributed Tracing
Distributed Tracing Pod Service A Istio Proxy Pod Service B Istio Proxy Istio Control Plane Pod Service C Istio Proxy Pod Service D Istio Proxy ?? ? ? ? ? ? ?
Distributed Tracing With Jaeger
Visualizing Microservices $ kubectl get pods NAME READY STATUS RESTARTS AGE details-v1-54b6b58d9c-lk78s 2/2 Running 0 7h productpage-v1-69b749ff4c-xj2tl 2/2 Running 0 7h ratings-v1-7ffc85d9bf-pk8jt 2/2 Running 0 7h reviews-v1-fcd7cc7b6-5hmbl 2/2 Running 0 7h reviews-v2-655cc678db-td98q 2/2 Running 0 7h reviews-v3-645d59bdfd-ckphz 2/2 Running 0 7h
Visualizing Microservices with Kiali
Istio doesn't just enable us to OBSERVE traffic. It also allows us to SHAPE it!
Service myservice Traffic management Client v1 v1 v1 v2 v2 GET http://myservice 20% 20% 20% 20% 20% kind: Service metadata: name: myservice spec: ports: - ... selector: app: myservice
Service myservice Traffic management Client v1 v1 v1 v2 v2 GET http://myservice 20% 20% 20% 20% 20% kind: DestinationRule metadata: name: myservice spec: host: myservice.myns.svc.cluster.local subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 Subsetv2Subsetv1
Service myservice Subsetv2Subsetv1 Traffic management Client v1 v1 v1 v2 v2 90% 10% kind: VirtualService spec: hosts: ["myservice.myns.s.c.l"] http: - route: - weight: 90 destination: host: myservice subset: v1 - weight: 10 destination: host: myservice subset: v2 GET http://myservice
Service myservice Subsetv2-betaSubsetv1 Canary deployment Client v1 v1 v1 v2-beta v2-beta http: - match: - headers: Opt-in: exact: beta route: - destination: host: myservice subset: v2-beta - route: - destination: host: myservice subset: v1 regular users GET http://myservice HTTP/1.1 HTTP header opt-in: beta GET http://myservice HTTP/1.1 user-agent: Mozilla/5.0... opt-in: beta
Service myservice Subsetv1 Dark launch Client v1 v1 v1 Subsetv2-alpha v2-alpha v2-alpha kind: VirtualService spec: hosts: - myservice http: - route: - destination: host: myservice subset: v1 mirror: host: myservice subset: v2-alpha GET http://myservice
Istio also SECURES inter-service communication!
Man-in-the-middle attack
Encryption & authentication with Mutual TLS Pod Service A Istio Proxy Pod Service B Istio Proxy mTLS kind: DestinationRule metadata: name: service-b spec: host: service-b trafficPolicy: tls: mode: ISTIO_MUTUAL ...
Authorization with Istio RBAC Service A Service B apiVersion: "rbac.istio.io/v1alpha1" kind: ServiceRole metadata: name: service-b-viewer spec: rules: - services: - service-b.ns.svc.cluster.local methods: - GET apiVersion: "rbac.istio.io/v1alpha1" kind: ServiceRoleBinding metadata: name: bind-ratings spec: subjects: - user: cluster.local/ns/default/sa/service-a roleRef: kind: ServiceRole name: service-b-viewer Service C
Istio also adds FAULT TOLERANCE, RETRIES and RATE LIMITING!
Connection timeouts & retries Pod Service A Istio Proxy Pod Service B Istio Proxy kind: VirtualService metadata: name: service-b spec: hosts: - service-b http: - route: - destination: host: service-b subset: v1 timeout: 10s retries: attempts: 5 perTryTimeout: 2s Timeout: 10s Retry: 5x
Rate limiting Pod Service A Istio Proxy Pod Service B Istio Proxy kind: DestinationRule metadata: name: service-b spec: host: service-b trafficPolicy: connectionPool: tcp: maxConnections: 200 http: http2MaxRequests: 500 Max 200 connections Max 500 requests
Circuit breaker (Outlier detection) Pod Service A Istio Proxy Pod Service B Istio Proxy kind: DestinationRule metadata: name: service-b spec: host: service-b trafficPolicy: ... outlierDetection: consecutiveErrors: 3 interval: 5m baseEjectionTime: 10m If 3 errors in 5 minutes: eject for 10 minutes
...and even helps with TESTING by injecting FAULTS or DELAYS!
Chaos Engineering: Inserting a delay Pod Service A Istio Proxy Pod Service B Istio Proxy kind: VirtualService metadata: name: service-b spec: hosts: - service-b http: - route: - destination: host: service-b subset: v1 fault: delay: percent: 50 fixedDelay: 3s Insert 3 second delay in 50% of requests
Chaos Engineering: Inserting a fault Pod Service A Istio Proxy Pod Service B Istio Proxy kind: VirtualService metadata: name: service-b spec: hosts: - service-b http: - route: - destination: host: service-b subset: v1 fault: abort: percent: 10 httpStatus: 500 HTTP 500 in 10% of requests
Services are completely unaware of all this!
And more... ● Configurable load balancing ○ Consistent hash LB (e.g. cookie-based / sticky session) ○ Least connected, Round robin, Random ● Connection pools ● Prevent accessing external services ● HTTP redirects, URL rewrites, Injecting HTTP headers ● Growing support for well-known protocols ○ Not just HTTP-aware ○ MySQL, Postgres, Kafka, ...
DEMO
OpenShift Service Mesh ● Red Hat's distribution of Istio ○ Jaeger distributed tracing ○ Kiali for visualizing services ○ Prometheus for monitoring ○ Grafana for visualizing monitoring data ○ Istio operator - automatic install and management of Istio ● Maistra ○ Upstream, open-source project ○ OpenShift Service Mesh is based on Maistra ○ https://github.com/Maistra
THANK YOU! marko.luksa (gmail) twitter.com/markoluksa medium.com/@marko.luksa

Recommandé

Api service mesh and microservice tooling
Api service mesh and microservice toolingApi service mesh and microservice tooling
Api service mesh and microservice tooling
Red Hat
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service Mesh
Rafik HARABI
 
Consul: Service Mesh for Microservices
Consul: Service Mesh for MicroservicesConsul: Service Mesh for Microservices
Consul: Service Mesh for Microservices
ArmonDadgar
 
Building a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istioBuilding a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istio
SAMIR BEHARA
 
Introduction to Istio Service Mesh
Introduction to Istio Service MeshIntroduction to Istio Service Mesh
Introduction to Istio Service Mesh
Georgios Andrianakis
 
WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh? WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh?
Anton Weiss
 
Managing traffic routing with istio and envoy workshop
Managing traffic routing with istio and envoy workshopManaging traffic routing with istio and envoy workshop
Managing traffic routing with istio and envoy workshop
Opsta
 
Stop reinventing the wheel with Istio by Mete Atamel (Google)
Stop reinventing the wheel with Istio by Mete Atamel (Google)Stop reinventing the wheel with Istio by Mete Atamel (Google)
Stop reinventing the wheel with Istio by Mete Atamel (Google)
Codemotion
 

Recommandé

Api service mesh and microservice tooling
Api service mesh and microservice toolingApi service mesh and microservice tooling
Api service mesh and microservice tooling
Red Hat
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service Mesh
Rafik HARABI
 
Consul: Service Mesh for Microservices
Consul: Service Mesh for MicroservicesConsul: Service Mesh for Microservices
Consul: Service Mesh for Microservices
ArmonDadgar
 
Building a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istioBuilding a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istio
SAMIR BEHARA
 
Introduction to Istio Service Mesh
Introduction to Istio Service MeshIntroduction to Istio Service Mesh
Introduction to Istio Service Mesh
Georgios Andrianakis
 
WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh? WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh?
Anton Weiss
 
Managing traffic routing with istio and envoy workshop
Managing traffic routing with istio and envoy workshopManaging traffic routing with istio and envoy workshop
Managing traffic routing with istio and envoy workshop
Opsta
 
Stop reinventing the wheel with Istio by Mete Atamel (Google)
Stop reinventing the wheel with Istio by Mete Atamel (Google)Stop reinventing the wheel with Istio by Mete Atamel (Google)
Stop reinventing the wheel with Istio by Mete Atamel (Google)
Codemotion
 
New Features in Confluent Platform 6.0 / Apache Kafka 2.6
New Features in Confluent Platform 6.0 / Apache Kafka 2.6New Features in Confluent Platform 6.0 / Apache Kafka 2.6
New Features in Confluent Platform 6.0 / Apache Kafka 2.6
Kai Wähner
 
Istio a service mesh
Istio a service meshIstio a service mesh
Istio a service mesh
Chandresh Pancholi
 
Istio: Using nginMesh as the service proxy
Istio: Using nginMesh as the service proxyIstio: Using nginMesh as the service proxy
Istio: Using nginMesh as the service proxy
Lee Calcote
 
Apache Kafka + Apache Mesos + Kafka Streams - Highly Scalable Streaming Micro...
Apache Kafka + Apache Mesos + Kafka Streams - Highly Scalable Streaming Micro...Apache Kafka + Apache Mesos + Kafka Streams - Highly Scalable Streaming Micro...
Apache Kafka + Apache Mesos + Kafka Streams - Highly Scalable Streaming Micro...
Kai Wähner
 
Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...
Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...
Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...
confluent
 
Manage your APIs and Microservices with an API Gateway
Manage your APIs and Microservices with an API GatewayManage your APIs and Microservices with an API Gateway
Manage your APIs and Microservices with an API Gateway
Thibault Charbonnier
 
Connecting All Abstractions with Istio
Connecting All Abstractions with IstioConnecting All Abstractions with Istio
Connecting All Abstractions with Istio
VMware Tanzu
 
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Daniel Oh
 
Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service Mesh
Natanael Fonseca
 
Building Microservices with Apache Kafka
Building Microservices with Apache KafkaBuilding Microservices with Apache Kafka
Building Microservices with Apache Kafka
confluent
 
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...
HostedbyConfluent
 
How did we move the mountain? - Migrating 1 trillion+ messages per day across...
How did we move the mountain? - Migrating 1 trillion+ messages per day across...How did we move the mountain? - Migrating 1 trillion+ messages per day across...
How did we move the mountain? - Migrating 1 trillion+ messages per day across...
HostedbyConfluent
 
Cloud native Kafka | Sascha Holtbruegge and Margaretha Erber, HiveMQ
Cloud native Kafka | Sascha Holtbruegge and Margaretha Erber, HiveMQCloud native Kafka | Sascha Holtbruegge and Margaretha Erber, HiveMQ
Cloud native Kafka | Sascha Holtbruegge and Margaretha Erber, HiveMQ
HostedbyConfluent
 
Api gateway in microservices
Api gateway in microservicesApi gateway in microservices
Api gateway in microservices
Kunal Hire
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
Yong Feng
 
Distributed Enterprise Monitoring and Management of Apache Kafka (William McL...
Distributed Enterprise Monitoring and Management of Apache Kafka (William McL...Distributed Enterprise Monitoring and Management of Apache Kafka (William McL...
Distributed Enterprise Monitoring and Management of Apache Kafka (William McL...
HostedbyConfluent
 
Application Rollout - Istio
Application Rollout - Istio Application Rollout - Istio
Application Rollout - Istio
Mandar Jog
 
Kong
KongKong
Kong
Troublemaker Khunpech
 
Using Microservices Architecture and Patterns to Address Applications Require...
Using Microservices Architecture and Patterns to Address Applications Require...Using Microservices Architecture and Patterns to Address Applications Require...
Using Microservices Architecture and Patterns to Address Applications Require...
Prem Sankar Gopannan
 
Service mesh in action with onap
Service mesh in action with onapService mesh in action with onap
Service mesh in action with onap
Huabing Zhao
 
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannotapidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays
 
Putting Microservices on a Diet: with Istio!
Putting Microservices on a Diet: with Istio!Putting Microservices on a Diet: with Istio!
Putting Microservices on a Diet: with Istio!
QAware GmbH
 

Contenu connexe

Tendances

Istio: Using nginMesh as the service proxy
Istio: Using nginMesh as the service proxyIstio: Using nginMesh as the service proxy
Istio: Using nginMesh as the service proxy
Lee Calcote
 
Apache Kafka + Apache Mesos + Kafka Streams - Highly Scalable Streaming Micro...
Apache Kafka + Apache Mesos + Kafka Streams - Highly Scalable Streaming Micro...Apache Kafka + Apache Mesos + Kafka Streams - Highly Scalable Streaming Micro...
Apache Kafka + Apache Mesos + Kafka Streams - Highly Scalable Streaming Micro...
Kai Wähner
 
Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...
Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...
Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...
confluent
 
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...
HostedbyConfluent
 
How did we move the mountain? - Migrating 1 trillion+ messages per day across...
How did we move the mountain? - Migrating 1 trillion+ messages per day across...How did we move the mountain? - Migrating 1 trillion+ messages per day across...
How did we move the mountain? - Migrating 1 trillion+ messages per day across...
HostedbyConfluent
 
Cloud native Kafka | Sascha Holtbruegge and Margaretha Erber, HiveMQ
Cloud native Kafka | Sascha Holtbruegge and Margaretha Erber, HiveMQCloud native Kafka | Sascha Holtbruegge and Margaretha Erber, HiveMQ
Cloud native Kafka | Sascha Holtbruegge and Margaretha Erber, HiveMQ
HostedbyConfluent
 
Api gateway in microservices
Api gateway in microservicesApi gateway in microservices
Api gateway in microservices
Kunal Hire
 

Tendances (20)

New Features in Confluent Platform 6.0 / Apache Kafka 2.6
New Features in Confluent Platform 6.0 / Apache Kafka 2.6New Features in Confluent Platform 6.0 / Apache Kafka 2.6
New Features in Confluent Platform 6.0 / Apache Kafka 2.6
 
Istio a service mesh
Istio a service meshIstio a service mesh
Istio a service mesh
 
Istio: Using nginMesh as the service proxy
Istio: Using nginMesh as the service proxyIstio: Using nginMesh as the service proxy
Istio: Using nginMesh as the service proxy
 
Apache Kafka + Apache Mesos + Kafka Streams - Highly Scalable Streaming Micro...
Apache Kafka + Apache Mesos + Kafka Streams - Highly Scalable Streaming Micro...Apache Kafka + Apache Mesos + Kafka Streams - Highly Scalable Streaming Micro...
Apache Kafka + Apache Mesos + Kafka Streams - Highly Scalable Streaming Micro...
 
Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...
Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...
Flexible Authentication Strategies with SASL/OAUTHBEARER (Michael Kaminski, T...
 
Manage your APIs and Microservices with an API Gateway
Manage your APIs and Microservices with an API GatewayManage your APIs and Microservices with an API Gateway
Manage your APIs and Microservices with an API Gateway
 
Connecting All Abstractions with Istio
Connecting All Abstractions with IstioConnecting All Abstractions with Istio
Connecting All Abstractions with Istio
 
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
 
Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service Mesh
 
Building Microservices with Apache Kafka
Building Microservices with Apache KafkaBuilding Microservices with Apache Kafka
Building Microservices with Apache Kafka
 
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...
Exposing and Controlling Kafka Event Streaming with Kong Konnect Enterprise |...
 
How did we move the mountain? - Migrating 1 trillion+ messages per day across...
How did we move the mountain? - Migrating 1 trillion+ messages per day across...How did we move the mountain? - Migrating 1 trillion+ messages per day across...
How did we move the mountain? - Migrating 1 trillion+ messages per day across...
 
Cloud native Kafka | Sascha Holtbruegge and Margaretha Erber, HiveMQ
Cloud native Kafka | Sascha Holtbruegge and Margaretha Erber, HiveMQCloud native Kafka | Sascha Holtbruegge and Margaretha Erber, HiveMQ
Cloud native Kafka | Sascha Holtbruegge and Margaretha Erber, HiveMQ
 
Api gateway in microservices
Api gateway in microservicesApi gateway in microservices
Api gateway in microservices
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
 
Distributed Enterprise Monitoring and Management of Apache Kafka (William McL...
Distributed Enterprise Monitoring and Management of Apache Kafka (William McL...Distributed Enterprise Monitoring and Management of Apache Kafka (William McL...
Distributed Enterprise Monitoring and Management of Apache Kafka (William McL...
 
Application Rollout - Istio
Application Rollout - Istio Application Rollout - Istio
Application Rollout - Istio
 
Kong
KongKong
Kong
 
Using Microservices Architecture and Patterns to Address Applications Require...
Using Microservices Architecture and Patterns to Address Applications Require...Using Microservices Architecture and Patterns to Address Applications Require...
Using Microservices Architecture and Patterns to Address Applications Require...
 
Service mesh in action with onap
Service mesh in action with onapService mesh in action with onap
Service mesh in action with onap
 

Similaire à Javantura v6 - Istio Service Mesh - The magic between your microservices - Marko Lukša

Putting Microservices on a Diet: with Istio!
Putting Microservices on a Diet: with Istio!Putting Microservices on a Diet: with Istio!
Putting Microservices on a Diet: with Istio!
QAware GmbH
 
Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service Mesh
Christian Posta
 
Managing microservices with istio on OpenShift - Meetup
Managing microservices with istio on OpenShift - MeetupManaging microservices with istio on OpenShift - Meetup
Managing microservices with istio on OpenShift - Meetup
José Román Martín Gil
 
Monitoring at scale: Migrating to Prometheus at Fastly
Monitoring at scale: Migrating to Prometheus at FastlyMonitoring at scale: Migrating to Prometheus at Fastly
Monitoring at scale: Migrating to Prometheus at Fastly
Marcus Barczak
 
Putting microservices on a diet with Istio
Putting microservices on a diet with IstioPutting microservices on a diet with Istio
Putting microservices on a diet with Istio
QAware GmbH
 
Genomic Computation at Scale with Serverless, StackStorm and Docker Swarm
Genomic Computation at Scale with Serverless, StackStorm and Docker SwarmGenomic Computation at Scale with Serverless, StackStorm and Docker Swarm
Genomic Computation at Scale with Serverless, StackStorm and Docker Swarm
Dmitri Zimine
 

Similaire à Javantura v6 - Istio Service Mesh - The magic between your microservices - Marko Lukša (20)

apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannotapidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
 
Putting Microservices on a Diet: with Istio!
Putting Microservices on a Diet: with Istio!Putting Microservices on a Diet: with Istio!
Putting Microservices on a Diet: with Istio!
 
Putting microservices on a diet with istio
Putting microservices on a diet with istioPutting microservices on a diet with istio
Putting microservices on a diet with istio
 
Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service Mesh
 
Managing microservices with istio on OpenShift - Meetup
Managing microservices with istio on OpenShift - MeetupManaging microservices with istio on OpenShift - Meetup
Managing microservices with istio on OpenShift - Meetup
 
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud with...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud with...Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud with...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud with...
 
Api observability
Api observability Api observability
Api observability
 
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
 
Consul First Steps
Consul First StepsConsul First Steps
Consul First Steps
 
Mist.io @ AWSUGGR
Mist.io @ AWSUGGRMist.io @ AWSUGGR
Mist.io @ AWSUGGR
 
Red Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your wayRed Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your way
 
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
 
Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...
Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...
Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...
 
Monitoring at scale: Migrating to Prometheus at Fastly
Monitoring at scale: Migrating to Prometheus at FastlyMonitoring at scale: Migrating to Prometheus at Fastly
Monitoring at scale: Migrating to Prometheus at Fastly
 
Istio canaries and kubernetes
Istio canaries and kubernetesIstio canaries and kubernetes
Istio canaries and kubernetes
 
Putting microservices on a diet with Istio
Putting microservices on a diet with IstioPutting microservices on a diet with Istio
Putting microservices on a diet with Istio
 
Migrate a on-prem platform to the public cloud with Java - SpringBoot and PCF
Migrate a on-prem platform to the public cloud with Java - SpringBoot and PCFMigrate a on-prem platform to the public cloud with Java - SpringBoot and PCF
Migrate a on-prem platform to the public cloud with Java - SpringBoot and PCF
 
2023-May.pptx
2023-May.pptx2023-May.pptx
2023-May.pptx
 
Genomic Computation at Scale with Serverless, StackStorm and Docker Swarm
Genomic Computation at Scale with Serverless, StackStorm and Docker SwarmGenomic Computation at Scale with Serverless, StackStorm and Docker Swarm
Genomic Computation at Scale with Serverless, StackStorm and Docker Swarm
 
Serhiy Kalinets "Building Service Mesh with .NET Core"
Serhiy Kalinets "Building Service Mesh with .NET Core"Serhiy Kalinets "Building Service Mesh with .NET Core"
Serhiy Kalinets "Building Service Mesh with .NET Core"
 

Plus de HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association

Javantura v7 - Behaviour Driven Development with Cucumber - Ivan Lozić
Javantura v7 - Behaviour Driven Development with Cucumber - Ivan LozićJavantura v7 - Behaviour Driven Development with Cucumber - Ivan Lozić
Javantura v7 - Behaviour Driven Development with Cucumber - Ivan Lozić
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Javantura v7 - Learning to Scale Yourself: The Journey from Coder to Leader -...
Javantura v7 - Learning to Scale Yourself: The Journey from Coder to Leader -...Javantura v7 - Learning to Scale Yourself: The Journey from Coder to Leader -...
Javantura v7 - Learning to Scale Yourself: The Journey from Coder to Leader -...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
JavaCro'19 - The State of Java and Software Development in Croatia - Communit...
JavaCro'19 - The State of Java and Software Development in Croatia - Communit...JavaCro'19 - The State of Java and Software Development in Croatia - Communit...
JavaCro'19 - The State of Java and Software Development in Croatia - Communit...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Javantura v6 - On the Aspects of Polyglot Programming and Memory Management i...
Javantura v6 - On the Aspects of Polyglot Programming and Memory Management i...Javantura v6 - On the Aspects of Polyglot Programming and Memory Management i...
Javantura v6 - On the Aspects of Polyglot Programming and Memory Management i...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Javantura v6 - When remote work really works - the secrets behind successful ...
Javantura v6 - When remote work really works - the secrets behind successful ...Javantura v6 - When remote work really works - the secrets behind successful ...
Javantura v6 - When remote work really works - the secrets behind successful ...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Javantura v6 - Spring HATEOAS hypermedia-driven web services, and clients tha...
Javantura v6 - Spring HATEOAS hypermedia-driven web services, and clients tha...Javantura v6 - Spring HATEOAS hypermedia-driven web services, and clients tha...
Javantura v6 - Spring HATEOAS hypermedia-driven web services, and clients tha...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Javantura v6 - End to End Continuous Delivery of Microservices for Kubernetes...
Javantura v6 - End to End Continuous Delivery of Microservices for Kubernetes...Javantura v6 - End to End Continuous Delivery of Microservices for Kubernetes...
Javantura v6 - End to End Continuous Delivery of Microservices for Kubernetes...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Javantura v6 - Master the Concepts Behind the Java 10 Challenges and Eliminat...
Javantura v6 - Master the Concepts Behind the Java 10 Challenges and Eliminat...Javantura v6 - Master the Concepts Behind the Java 10 Challenges and Eliminat...
Javantura v6 - Master the Concepts Behind the Java 10 Challenges and Eliminat...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 

Plus de HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association (20)

Java cro'21 the best tools for java developers in 2021 - hujak
Java cro'21 the best tools for java developers in 2021 - hujakJava cro'21 the best tools for java developers in 2021 - hujak
Java cro'21 the best tools for java developers in 2021 - hujak
 
JavaCro'21 - Java is Here To Stay - HUJAK Keynote
JavaCro'21 - Java is Here To Stay - HUJAK KeynoteJavaCro'21 - Java is Here To Stay - HUJAK Keynote
JavaCro'21 - Java is Here To Stay - HUJAK Keynote
 
Javantura v7 - Behaviour Driven Development with Cucumber - Ivan Lozić
Javantura v7 - Behaviour Driven Development with Cucumber - Ivan LozićJavantura v7 - Behaviour Driven Development with Cucumber - Ivan Lozić
Javantura v7 - Behaviour Driven Development with Cucumber - Ivan Lozić
 
Javantura v7 - The State of Java - Today and Tomowwow - HUJAK's Community Key...
Javantura v7 - The State of Java - Today and Tomowwow - HUJAK's Community Key...Javantura v7 - The State of Java - Today and Tomowwow - HUJAK's Community Key...
Javantura v7 - The State of Java - Today and Tomowwow - HUJAK's Community Key...
 
Javantura v7 - Learning to Scale Yourself: The Journey from Coder to Leader -...
Javantura v7 - Learning to Scale Yourself: The Journey from Coder to Leader -...Javantura v7 - Learning to Scale Yourself: The Journey from Coder to Leader -...
Javantura v7 - Learning to Scale Yourself: The Journey from Coder to Leader -...
 
JavaCro'19 - The State of Java and Software Development in Croatia - Communit...
JavaCro'19 - The State of Java and Software Development in Croatia - Communit...JavaCro'19 - The State of Java and Software Development in Croatia - Communit...
JavaCro'19 - The State of Java and Software Development in Croatia - Communit...
 
Javantura v6 - Java in Croatia and HUJAK - Branko Mihaljević, Aleksander Radovan
Javantura v6 - Java in Croatia and HUJAK - Branko Mihaljević, Aleksander RadovanJavantura v6 - Java in Croatia and HUJAK - Branko Mihaljević, Aleksander Radovan
Javantura v6 - Java in Croatia and HUJAK - Branko Mihaljević, Aleksander Radovan
 
Javantura v6 - On the Aspects of Polyglot Programming and Memory Management i...
Javantura v6 - On the Aspects of Polyglot Programming and Memory Management i...Javantura v6 - On the Aspects of Polyglot Programming and Memory Management i...
Javantura v6 - On the Aspects of Polyglot Programming and Memory Management i...
 
Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...
Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...
Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...
 
Javantura v6 - How to help customers report bugs accurately - Miroslav Čerkez...
Javantura v6 - How to help customers report bugs accurately - Miroslav Čerkez...Javantura v6 - How to help customers report bugs accurately - Miroslav Čerkez...
Javantura v6 - How to help customers report bugs accurately - Miroslav Čerkez...
 
Javantura v6 - When remote work really works - the secrets behind successful ...
Javantura v6 - When remote work really works - the secrets behind successful ...Javantura v6 - When remote work really works - the secrets behind successful ...
Javantura v6 - When remote work really works - the secrets behind successful ...
 
Javantura v6 - Kotlin-Java Interop - Matej Vidaković
Javantura v6 - Kotlin-Java Interop - Matej VidakovićJavantura v6 - Kotlin-Java Interop - Matej Vidaković
Javantura v6 - Kotlin-Java Interop - Matej Vidaković
 
Javantura v6 - Spring HATEOAS hypermedia-driven web services, and clients tha...
Javantura v6 - Spring HATEOAS hypermedia-driven web services, and clients tha...Javantura v6 - Spring HATEOAS hypermedia-driven web services, and clients tha...
Javantura v6 - Spring HATEOAS hypermedia-driven web services, and clients tha...
 
Javantura v6 - End to End Continuous Delivery of Microservices for Kubernetes...
Javantura v6 - End to End Continuous Delivery of Microservices for Kubernetes...Javantura v6 - End to End Continuous Delivery of Microservices for Kubernetes...
Javantura v6 - End to End Continuous Delivery of Microservices for Kubernetes...
 
Javantura v6 - How can you improve the quality of your application - Ioannis ...
Javantura v6 - How can you improve the quality of your application - Ioannis ...Javantura v6 - How can you improve the quality of your application - Ioannis ...
Javantura v6 - How can you improve the quality of your application - Ioannis ...
 
Javantura v6 - Just say it v2 - Pavao Varela Petrac
Javantura v6 - Just say it v2 - Pavao Varela PetracJavantura v6 - Just say it v2 - Pavao Varela Petrac
Javantura v6 - Just say it v2 - Pavao Varela Petrac
 
Javantura v6 - Automation of web apps testing - Hrvoje Ruhek
Javantura v6 - Automation of web apps testing - Hrvoje RuhekJavantura v6 - Automation of web apps testing - Hrvoje Ruhek
Javantura v6 - Automation of web apps testing - Hrvoje Ruhek
 
Javantura v6 - Master the Concepts Behind the Java 10 Challenges and Eliminat...
Javantura v6 - Master the Concepts Behind the Java 10 Challenges and Eliminat...Javantura v6 - Master the Concepts Behind the Java 10 Challenges and Eliminat...
Javantura v6 - Master the Concepts Behind the Java 10 Challenges and Eliminat...
 
Javantura v6 - Building IoT Middleware with Microservices - Mario Kusek
Javantura v6 - Building IoT Middleware with Microservices - Mario KusekJavantura v6 - Building IoT Middleware with Microservices - Mario Kusek
Javantura v6 - Building IoT Middleware with Microservices - Mario Kusek
 
Javantura v6 - JDK 11 & JDK 12 - Dalibor Topic
Javantura v6 - JDK 11 & JDK 12 - Dalibor TopicJavantura v6 - JDK 11 & JDK 12 - Dalibor Topic
Javantura v6 - JDK 11 & JDK 12 - Dalibor Topic
 

Dernier

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 

Dernier (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 

Javantura v6 - Istio Service Mesh - The magic between your microservices - Marko Lukša

  • 1. Istio Service MeshThe magic between your microservices Marko Lukša, Red Hat
  • 2. Marko Lukša ● Software engineer at Red Hat ● 20+ years ● Currently working on: ○ Istio ○ Kubernetes ○ OpenShift ● Author of Kubernetes in Action ○ www.manning.com/books/kubernetes-in-action ○ FREE chapters 2-5: Exploring Kubernetes ■ www.manning.com/books/exploring-kubernetes
  • 3. About you? Show of hands ● Develop Microservices? ● Heard of Istio? ● Using Istio? ● Using Kubernetes?
  • 5.
  • 6. Microservices: The fairy tale ● Smaller, simpler units ● Easier to develop ● Different languages ● Re-use existing components ● Independent development cycles ● Independent release cycles ● Independent scaling ● ...
  • 7. Microservices: The reality *hacker icon source: https://www.freeiconspng.com/img/37219 *hourglass icon by Freepik from www.flaticon.com *monitoring icon by Francesco Daffini from www.onlinewebfonts.com User v2v1
  • 8. IstioConnect, secure, control, and observe services.
  • 9. Istio is an open-source service mesh
  • 10. A service mesh is decentralized application networking infrastructure that connects your (micro)services
  • 11. Istio is in-between your microservices User v2v1 ● No libraries to import ● No* code changes required ● Completely transparent to the application ● Sounds impossible?
  • 12. HOW?
  • 14. Sidecar container pattern sidecar noun /ˈsaɪd.kɑːr/ a small, low vehicle attached to the side of a motorcycle for carrying passengers. sidecar container a container that augments and improves the main application container, often without the main application’s knowledge. Pod Service (Your code) Sidecar Istio Proxy
  • 15. Pod B Service B Istio Proxy Communication through Istio Proxy Pod A Service A Istio Proxy
  • 16. Istio Control PlanePilot Mixer CitadelGalley Istio Service Mesh architecture Service A Service B Service C Istio Proxy Istio Proxy Istio Proxy HTTP/1.1 HTTP/2 gRPC TCP HTTP/1.1 HTTP/2 gRPC TCP mTLS mTLS
  • 17. What kind of MAGIC does this enable?
  • 19. Istio Control Plane Monitoring with Istio Pod Service A Istio Proxy Pod Service B Istio Proxy
  • 22. Distributed Tracing Pod Service A Istio Proxy Pod Service B Istio Proxy Istio Control Plane Pod Service C Istio Proxy Pod Service D Istio Proxy ?? ? ? ? ? ? ?
  • 24. Visualizing Microservices $ kubectl get pods NAME READY STATUS RESTARTS AGE details-v1-54b6b58d9c-lk78s 2/2 Running 0 7h productpage-v1-69b749ff4c-xj2tl 2/2 Running 0 7h ratings-v1-7ffc85d9bf-pk8jt 2/2 Running 0 7h reviews-v1-fcd7cc7b6-5hmbl 2/2 Running 0 7h reviews-v2-655cc678db-td98q 2/2 Running 0 7h reviews-v3-645d59bdfd-ckphz 2/2 Running 0 7h
  • 26. Istio doesn't just enable us to OBSERVE traffic. It also allows us to SHAPE it!
  • 27. Service myservice Traffic management Client v1 v1 v1 v2 v2 GET http://myservice 20% 20% 20% 20% 20% kind: Service metadata: name: myservice spec: ports: - ... selector: app: myservice
  • 28. Service myservice Traffic management Client v1 v1 v1 v2 v2 GET http://myservice 20% 20% 20% 20% 20% kind: DestinationRule metadata: name: myservice spec: host: myservice.myns.svc.cluster.local subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 Subsetv2Subsetv1
  • 29. Service myservice Subsetv2Subsetv1 Traffic management Client v1 v1 v1 v2 v2 90% 10% kind: VirtualService spec: hosts: ["myservice.myns.s.c.l"] http: - route: - weight: 90 destination: host: myservice subset: v1 - weight: 10 destination: host: myservice subset: v2 GET http://myservice
  • 30. Service myservice Subsetv2-betaSubsetv1 Canary deployment Client v1 v1 v1 v2-beta v2-beta http: - match: - headers: Opt-in: exact: beta route: - destination: host: myservice subset: v2-beta - route: - destination: host: myservice subset: v1 regular users GET http://myservice HTTP/1.1 HTTP header opt-in: beta GET http://myservice HTTP/1.1 user-agent: Mozilla/5.0... opt-in: beta
  • 31. Service myservice Subsetv1 Dark launch Client v1 v1 v1 Subsetv2-alpha v2-alpha v2-alpha kind: VirtualService spec: hosts: - myservice http: - route: - destination: host: myservice subset: v1 mirror: host: myservice subset: v2-alpha GET http://myservice
  • 34. Encryption & authentication with Mutual TLS Pod Service A Istio Proxy Pod Service B Istio Proxy mTLS kind: DestinationRule metadata: name: service-b spec: host: service-b trafficPolicy: tls: mode: ISTIO_MUTUAL ...
  • 35. Authorization with Istio RBAC Service A Service B apiVersion: "rbac.istio.io/v1alpha1" kind: ServiceRole metadata: name: service-b-viewer spec: rules: - services: - service-b.ns.svc.cluster.local methods: - GET apiVersion: "rbac.istio.io/v1alpha1" kind: ServiceRoleBinding metadata: name: bind-ratings spec: subjects: - user: cluster.local/ns/default/sa/service-a roleRef: kind: ServiceRole name: service-b-viewer Service C
  • 36. Istio also adds FAULT TOLERANCE, RETRIES and RATE LIMITING!
  • 37. Connection timeouts & retries Pod Service A Istio Proxy Pod Service B Istio Proxy kind: VirtualService metadata: name: service-b spec: hosts: - service-b http: - route: - destination: host: service-b subset: v1 timeout: 10s retries: attempts: 5 perTryTimeout: 2s Timeout: 10s Retry: 5x
  • 38. Rate limiting Pod Service A Istio Proxy Pod Service B Istio Proxy kind: DestinationRule metadata: name: service-b spec: host: service-b trafficPolicy: connectionPool: tcp: maxConnections: 200 http: http2MaxRequests: 500 Max 200 connections Max 500 requests
  • 39. Circuit breaker (Outlier detection) Pod Service A Istio Proxy Pod Service B Istio Proxy kind: DestinationRule metadata: name: service-b spec: host: service-b trafficPolicy: ... outlierDetection: consecutiveErrors: 3 interval: 5m baseEjectionTime: 10m If 3 errors in 5 minutes: eject for 10 minutes
  • 40. ...and even helps with TESTING by injecting FAULTS or DELAYS!
  • 41. Chaos Engineering: Inserting a delay Pod Service A Istio Proxy Pod Service B Istio Proxy kind: VirtualService metadata: name: service-b spec: hosts: - service-b http: - route: - destination: host: service-b subset: v1 fault: delay: percent: 50 fixedDelay: 3s Insert 3 second delay in 50% of requests
  • 42. Chaos Engineering: Inserting a fault Pod Service A Istio Proxy Pod Service B Istio Proxy kind: VirtualService metadata: name: service-b spec: hosts: - service-b http: - route: - destination: host: service-b subset: v1 fault: abort: percent: 10 httpStatus: 500 HTTP 500 in 10% of requests
  • 44. And more... ● Configurable load balancing ○ Consistent hash LB (e.g. cookie-based / sticky session) ○ Least connected, Round robin, Random ● Connection pools ● Prevent accessing external services ● HTTP redirects, URL rewrites, Injecting HTTP headers ● Growing support for well-known protocols ○ Not just HTTP-aware ○ MySQL, Postgres, Kafka, ...
  • 45. DEMO
  • 46. OpenShift Service Mesh ● Red Hat's distribution of Istio ○ Jaeger distributed tracing ○ Kiali for visualizing services ○ Prometheus for monitoring ○ Grafana for visualizing monitoring data ○ Istio operator - automatic install and management of Istio ● Maistra ○ Upstream, open-source project ○ OpenShift Service Mesh is based on Maistra ○ https://github.com/Maistra
  • 47. THANK YOU! marko.luksa (gmail) twitter.com/markoluksa medium.com/@marko.luksa