KEMBAR78
Kubernetes And Istio and Azure AKS DevOps | PPTX
OM
Uploaded byOfir Makmal
PPTX, PDF1,309 views

Kubernetes And Istio and Azure AKS DevOps

This document discusses Kubernetes and Istio. It provides an overview of Kubernetes as a container orchestration engine and cluster management system. It then discusses the rise of microservices and some of the complexities they introduce. It introduces Istio as a service mesh that takes care of communication and policies between microservices to help manage this complexity. Key components of Istio like Pilot, Mixer, and Envoy are described. Examples of capabilities like intelligent routing, failure handling, and fault injection are provided. A demo application and platform is used to demonstrate Istio's observability, monitoring, and traffic shifting features.

Technology
In this document
Powered by AI

Overview of Kubernetes, its capabilities, and community engagement; statistics on Kubernetes usage.

High-level architecture of Kubernetes; introduction to Azure Kubernetes Service (AKS) features.

Demonstration of AKS cluster creation; managing applications in Kubernetes with namespaces and deployments.

Definition and importance of microservices architecture; characteristics of microservices.

Common complexities and challenges of managing microservices, including deployment and service integration.

Emergence of service meshes to ease microservices management; introduction to Istio and its capabilities.

Overview of Istio's control plane and data plane; key components like Envoy, Pilot, and Mixer.

Built-in monitoring and visualization tools in Istio, including support for Prometheus and Grafana.

Demo of BookApp application illustrating observability, intelligent routing, error handling, and traffic management.

Recap of Istio's features, its suitability for production environments, and stability for deployment.

Open floor for questions regarding the presentation by Ofir Makmal.

Downloaded 47 times
Copyright © SELA Software & Education Labs, Ltd. | 14-18 Baruch Hirsch St., Bnei Brak 51202, Israel | www.selagroup.com December 27, 30-31, 2018 SELA DEVELOPER PRACTICE Ofir Makmal | CTO | Sela Group ofirm@sela.co.il + Kubernetes and Istio A Service Mesh platform
Ku·ber·ne·tes Kubernetes can be many things… Its a scalable, self-healing and resilient ● Container orchestration engine ● Cluster management system ● Mesos, Swarm, Rancher, _______ replacement ● Microservices, CI/CD, Machine Learning platforms ● Portable ‘cloud’ But, It’s NOT just another way to run containers... 2
The Kubernetes Journey Recent surveys from from CNCF shows that over 83% of the companies that are using containers are using Kubernetes July 2018 It has a huge community: ● ~36K Stars ● ~1600 Contributors! ● ~13K Forks ● ~1000 Pending pull requests! 3
High Level Architecture © Copyright SELA Software & Education Labs Ltd. | 14-18 Baruch Hirsch St Bnei Brak, 51202 Israel | www.selagroup.com | DevOps Course - Kubernetes Introduction
5
Azure Kubernetes Service (AKS) ● Fully managed Kubernetes cluster ● Set up master and nodes ● One-Click scale and upgrade operations ● Built-in secured dashboard ● Support Block and CIFS volumes on Azure ● Support for GPU workloads ● Fully integrated with Azure Monitor and Log Analytics Also, fully integrated with Azure DevOps 6
Azure DevOps ● Full-blown Git Repos ● Issues and Tasks boards ● Pipelines support ○ Thousands of steps extensions ● Build on Windows, Linux and Mac! ● Release on Windows, Linux and Mac! ● Manage test plans and load tests ● Built-in Private package managers ○ Private NPM, Nuget, Maven, Gradle, PIP ○ Similar to JFrog Artifactory, Nexus ● Managed from your Azure Account 7
Demo Creating an AKS Cluster Azure DevOps Kubectl, walkthrough
We all know Kubernetes Building Blocks
And we all know how to run an application... Creating a Namespace, defining a Deployment to manage a ReplicaSet of Pods, exposing them as Services and Ingress, maybe mounting Persistent Volumes into their containers, injecting ConfigMaps and Secrets as environment variables. After deployment, we expect that Kubernetes will take care the rest. 10
Deployment Architecture © Copyright SELA Software & Education Labs Ltd. | 14-18 Baruch Hirsch St Bnei Brak, 51202 Israel | www.selagroup.com | DevOps Course - Kubernetes Introduction
Micro-services applications are not that simple. 12
Back to basics ’Micro-services is a software development technique—[…] that structures an application as a collection of loosely coupled services. In a microservices architecture, services are fine-grained and the protocols are lightweight. The benefit of decomposing an application into different smaller services is that it improves modularity and makes the application easier to understand, develop, test, and more resilient to architecture erosion. It also parallelizes development by enabling small autonomous teams to develop, deploy and scale independently. […] Microservices-based architectures enable continuous delivery and deployment.’ * Wikipedia
Micro-services 101 • Small – do one thing and do it well • Simple! • Has clear domain boundaries and well-defined API’s • Standalone • Independent development • Independent deployment • Build and release is automatic • Testable • Loosely coupled
With simplicity, comes complexity ® • How to deploy or update services with zero-downtime? • How to A/B test the application? • How to handle network failures? • How to manage security between services? • How to handle timeouts? Retries? • How to rate limit? Add quotas? • Telemetry, Logging, Monitoring? • What about Polyglot, Legacy systems? • Different Tech Stacks
We used to do this ourself • Integrating services and libraries for the following: • Eureka - Service Registry • Ribbon - Client Side Load Balancing • Hystrix - Circuit Breaker • Zipkin - Distributed Tracing • Prometheus - Monitoring • Grafana - Dashboards and Visualization • Nginx - API Gateway • Many of them requires complicated code in our API libraries
The rise of Service Mesh • Managing a horde of Microservices yourself is too hard • Service Meshes are taking care of all communication and policies needs between services and allows extensibility by middlewares • Istio, Linkerd, Conduit – are all different approaches to Service Mesh
Introducing Istio • Initiative from Google, IBM and Lyft • Built for Kubernetes • But also supports – Nomad, Consul, and in the future will support Cloud Foundry and Mesos • A uniform way to connect, manage and secure Micro-services: • Advanced Load-Balancing for TCP, HTTP, gRPC, and Web Sockets • Rule-based Traffic Control • Advanced policies – ACL’s, Mutual-TLS, Rotating Certificates, Rate- limits, etc.. • Automatic metrics, logs, traces collection • IstioCtl – like KubeCtl, only for Istio (we can actually use KubeCtl most of the time)
Control Plane vs Data Plane • Control Plane • Abstract platform specific capabilities • Provide cluster wide Rules Api for Routing • Propagate Policy and Configuration • Manages data plan • Data Plane • Service Discovery • Routing • Load Balancing • Authentication and Authorization • Health Checking • Observability
Envoy • Originally built at Lyft • Now a CNCF Graduate • A C++ based L4/L7 proxy • Battle-tested with great performance • Acts as the smart Data-Plane managed by Istio • Many built-in mechanism used by Istio • API Driven updates (without hot-reload) • In recent versions being injected as a side-car
Pilot – Discovery and Traffic management • Manages the lifecycle of Envoy instances deployed across Istio • Intelligent Router • Handle timeouts, retries • Implement Circuit-Breaker • Allows A/B testing • Sophisticated Deployments
Mixer • Manages Access Control and Policies • Extract request attributes • Collects Telemetry and metrics • Tracing & Metric backend can be changed at runtime (Prometheus, InfluxDB, StackDriver, etc..) Citadel • Service-to-service authentication and Mutual TLS • Supports RBAC (Role-Based Access Control) - like Kubernetes • Automatically manages credentials and certificates
BookInfo
Built-in Addons • Prometheus & Grafana • Out-of-the-box cluster-wide metric-collection, and support for alert’s manager • Fully customizable dashboards using Grafana • Service Graph • For Observability • Open Tracing • Vendor-neutral APIs and instrumentation for distributed tracing • Jaeger or Zipkin
Demo Demo Application – Simple BookApp Platform observability, monitoring, and tracing
Istio has Building Blocks too
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: reviews spec: hosts: - reviews http: - route: - destination: host: reviews subset: v1 VirtualService
apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: reviews spec: host: reviews subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 DestinationRule
Intelligent Routing Capabilities • Request Routing • Manage multiple environments (dev, test, prod) and multiple versions (vX, vY) at the same time while configuring sophisticated rules based-on Uri, Headers and more. • Implement Weight-based version routing • Allows A/B testing and Canary Deployments • Handle Ingress and Egress routing rules and gateways • Warm-up services with request mirroring • Load Balancing • Handle service-registration and service-discovery • Advanced Algorithms • Weighted round robin, Weighted least request, Ring-Hash, Maglev, Random, Orig- Destination • Zone-awareness, priorities and more
Failure Handling • Timeouts and Deadlines • Following request journey in the Service Mesh • Supports per-request configuration • Retries • Supports variable jitter between retries • Rate-limiting and Quotas • Connection limits, requests throttling • Circuit-Breaker • Help getting failed services back to shape after subsequent failures (fully configurable)
Fault Injection • Allows to test the failure handling mechanism • Enables granular Chaos testing (i.e Netflix’s Chaos Monkey) • Introduce latency to specific services or users • Inject statistical errors to requests
Demo Traffic Shifting Faults Injection
Recap • Istio introduces unparalleled support for the unique challenges that comes with Micro-services • Istio is vendor-agnostic, and supports both on-prem and cloud deployments • Istio is now stable for GA and considered production ready. • v0.8+ Includes major API changes (VirtualService, DestinationRule)
Questions Ofir Makmal ofirm@sela.co.il

More Related Content

PDF
Istio : Service Mesh
byKnoldus Inc.
 
PDF
Istio service mesh introduction
byKyohei Mizumoto
 
PDF
Service Mesh on Kubernetes with Istio
byMichelle Holley
 
PDF
Kubernetes 101
byWinton Winton
 
PDF
Kubernetes 101
byCrevise Technologies
 
PPTX
Introduction to helm
byJeeva Chelladhurai
 
PPTX
Everything You Need To Know About Persistent Storage in Kubernetes
byThe {code} Team
 
PDF
Deep dive into Kubernetes Networking
bySreenivas Makam
 
Istio : Service Mesh
byKnoldus Inc.
 
Istio service mesh introduction
byKyohei Mizumoto
 
Service Mesh on Kubernetes with Istio
byMichelle Holley
 
Kubernetes 101
byWinton Winton
 
Kubernetes 101
byCrevise Technologies
 
Introduction to helm
byJeeva Chelladhurai
 
Everything You Need To Know About Persistent Storage in Kubernetes
byThe {code} Team
 
Deep dive into Kubernetes Networking
bySreenivas Makam
 

What's hot

PPTX
Microservices Part 3 Service Mesh and Kafka
byAraf Karsh Hamid
 
PDF
An Introduction to Kubernetes
byImesh Gunaratne
 
PPTX
Rancher and Kubernetes Best Practices
byAvinash Patil
 
PPTX
CloudStack Architecture
byCloudStack - Open Source Cloud Computing Project
 
PPTX
Microservice Architecture Software Architecture Microservice Design Pattern
byjeetendra mandal
 
PPTX
Introduction to openshift
byMamathaBusi
 
PDF
Introduction to Istio on Kubernetes
byJonh Wendell
 
PPTX
Microservices With Istio Service Mesh
byNatanael Fonseca
 
PDF
OpenStack Deployment in the Enterprise
byCisco Canada
 
PPTX
Red Hat Openshift Fundamentals.pptx
byssuser18b1c6
 
PDF
Red Hat OpenShift Container Platform Overview
byJames Falkner
 
PDF
Microservice Architecture
byNguyen Tung
 
PPTX
Microservices
bySmartBear
 
PDF
Kubernetes: A Short Introduction (2019)
byMegan O'Keefe
 
PDF
Kubernetes Basics
byEueung Mulyana
 
PDF
Kubernetes Application Deployment with Helm - A beginner Guide!
byKrishna-Kumar
 
PDF
Istio Service Mesh for Developers and Platform Engineers
bySaiLinnThu2
 
PDF
Getting Started with Kubernetes
byVMware Tanzu
 
PDF
Cluster-as-code. The Many Ways towards Kubernetes
byQAware GmbH
 
PDF
What Is Helm
byAMELIAOLIVIA2
 
Microservices Part 3 Service Mesh and Kafka
byAraf Karsh Hamid
 
An Introduction to Kubernetes
byImesh Gunaratne
 
Rancher and Kubernetes Best Practices
byAvinash Patil
 
CloudStack Architecture
byCloudStack - Open Source Cloud Computing Project
 
Microservice Architecture Software Architecture Microservice Design Pattern
byjeetendra mandal
 
Introduction to openshift
byMamathaBusi
 
Introduction to Istio on Kubernetes
byJonh Wendell
 
Microservices With Istio Service Mesh
byNatanael Fonseca
 
OpenStack Deployment in the Enterprise
byCisco Canada
 
Red Hat Openshift Fundamentals.pptx
byssuser18b1c6
 
Red Hat OpenShift Container Platform Overview
byJames Falkner
 
Microservice Architecture
byNguyen Tung
 
Microservices
bySmartBear
 
Kubernetes: A Short Introduction (2019)
byMegan O'Keefe
 
Kubernetes Basics
byEueung Mulyana
 
Kubernetes Application Deployment with Helm - A beginner Guide!
byKrishna-Kumar
 
Istio Service Mesh for Developers and Platform Engineers
bySaiLinnThu2
 
Getting Started with Kubernetes
byVMware Tanzu
 
Cluster-as-code. The Many Ways towards Kubernetes
byQAware GmbH
 
What Is Helm
byAMELIAOLIVIA2
 

Similar to Kubernetes And Istio and Azure AKS DevOps

PDF
Istio Up Running Using a Service Mesh to Connect Secure Control and Observe 1...
bykecketatyz
 
PDF
Introduction-to-Service-Mesh-with-Istio-and-Kiali-OSS-Japan-July-2019.pdf
byTinaCondrache1
 
PDF
Introduction-to-Service-Mesh-with-Istio-and-Kiali-OSS-Japan-July-2019.pdf
byALVAROEMMANUELSOCOPP
 
PPTX
Manging Container Deployments at Scale
byMofizur Rahman
 
PPTX
Istio Mesh – Managing Container Deployments at Scale
byMofizur Rahman
 
PPTX
Hybrid cloud openstack meetup
bydfilppi
 
PPTX
Anton Grishko "Multi-cloud with Google Anthos, Kubernetes and Istio. How to s...
byFwdays
 
PPTX
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
byChristian Posta
 
PDF
Introduction to Istio Service Mesh
byGeorgios Andrianakis
 
PPTX
Do You Need A Service Mesh?
byNGINX, Inc.
 
PDF
[WSO2Con Asia 2018] Architecting for Container-native Environments
byWSO2
 
PDF
From CoreOS to Kubernetes and Concourse CI
byDenis Izmaylov
 
PPTX
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
byChristian Posta
 
PDF
What next after microservices
byBilgin Ibryam
 
PDF
Docker microservices and the service mesh
byDocker, Inc.
 
PDF
Putting Microservices on a Diet: with Istio!
byQAware GmbH
 
PDF
Putting microservices on a diet with Istio
byQAware GmbH
 
PDF
Managing Microservices With The Istio Service Mesh on Kubernetes
byIftach Schonbaum
 
PPTX
Kubernetes Ingress to Service Mesh (and beyond!)
byChristian Posta
 
PPTX
Production ready tooling for microservices on kubernetes
byChandresh Pancholi
 
Istio Up Running Using a Service Mesh to Connect Secure Control and Observe 1...
bykecketatyz
 
Introduction-to-Service-Mesh-with-Istio-and-Kiali-OSS-Japan-July-2019.pdf
byTinaCondrache1
 
Introduction-to-Service-Mesh-with-Istio-and-Kiali-OSS-Japan-July-2019.pdf
byALVAROEMMANUELSOCOPP
 
Manging Container Deployments at Scale
byMofizur Rahman
 
Istio Mesh – Managing Container Deployments at Scale
byMofizur Rahman
 
Hybrid cloud openstack meetup
bydfilppi
 
Anton Grishko "Multi-cloud with Google Anthos, Kubernetes and Istio. How to s...
byFwdays
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
byChristian Posta
 
Introduction to Istio Service Mesh
byGeorgios Andrianakis
 
Do You Need A Service Mesh?
byNGINX, Inc.
 
[WSO2Con Asia 2018] Architecting for Container-native Environments
byWSO2
 
From CoreOS to Kubernetes and Concourse CI
byDenis Izmaylov
 
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
byChristian Posta
 
What next after microservices
byBilgin Ibryam
 
Docker microservices and the service mesh
byDocker, Inc.
 
Putting Microservices on a Diet: with Istio!
byQAware GmbH
 
Putting microservices on a diet with Istio
byQAware GmbH
 
Managing Microservices With The Istio Service Mesh on Kubernetes
byIftach Schonbaum
 
Kubernetes Ingress to Service Mesh (and beyond!)
byChristian Posta
 
Production ready tooling for microservices on kubernetes
byChandresh Pancholi
 

Recently uploaded

PDF
Application Monitoring and Observability: Elastic Stack Solution for Producti...
byPattabhi Amperayani
 
PDF
NSSHOEU-J 4x35mm² Cable Specification.pdf
byAnhui Feichun Special Cable Co., Ltd.
 
PPTX
Top Trends in Kubernetes Security: TalosCon 2025
byCheryl Hung
 
PPTX
Agentic AI Solutions and Services | Aeologic
byankitaeologic
 
PDF
Planetek Italia Corporate Profile brochure
byPlanetek Italia Srl
 
PDF
The invisible key: Securing the new attack vector of OAuth tokens
byGianluca Varisco
 
PDF
Atlantix is an AI-first venture studio, building companies with AI at the core
byadmin625551
 
PPTX
Session 5 - Specialized AI Associate Series: Build a Document Understanding ...
byDianaGray10
 
PPTX
Hybrid Active Directory Cyber Resiliency
byFrancesco Faenzi
 
PDF
What is Google Cloud Platform (GCP)? A 5-Minute Guide for Beginners (2025)
byTeleglobal International
 
PDF
Ask Me Anything About AI Assist: Practical Answers for Real Workflows
bySafe Software
 
PPTX
"Daily workflows with Cursor IDE", Maksym Anisimov
byFwdays
 
PDF
A fool with a tool is still a fool - Plone Conference 2025
byAndreas Jung
 
PDF
Dragino商品カタログ 2025.7 LoRaWAN・NB-IoT・LTE-M(LTE Cat.M1)対応センサーリスト
byCRI Japan, Inc.
 
PDF
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
PPTX
CBD Belgium 2025 - The adventures of a Microsoft 365 Platform Owner.pptx
byJasper Oosterveld
 
PDF
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
PPTX
UiPath Automation Suite Installation (Hands-On) [2/3]
bysuhanisingh58689
 
PDF
Fairness and Bias in AI Ethics and Explainability
byShiwani Gupta
 
PPTX
BioVault.net ADW 2025 CODATA: SyftBox: a General Purpose Solution for Data Vi...
byMadhava Jay
 
Application Monitoring and Observability: Elastic Stack Solution for Producti...
byPattabhi Amperayani
 
NSSHOEU-J 4x35mm² Cable Specification.pdf
byAnhui Feichun Special Cable Co., Ltd.
 
Top Trends in Kubernetes Security: TalosCon 2025
byCheryl Hung
 
Agentic AI Solutions and Services | Aeologic
byankitaeologic
 
Planetek Italia Corporate Profile brochure
byPlanetek Italia Srl
 
The invisible key: Securing the new attack vector of OAuth tokens
byGianluca Varisco
 
Atlantix is an AI-first venture studio, building companies with AI at the core
byadmin625551
 
Session 5 - Specialized AI Associate Series: Build a Document Understanding ...
byDianaGray10
 
Hybrid Active Directory Cyber Resiliency
byFrancesco Faenzi
 
What is Google Cloud Platform (GCP)? A 5-Minute Guide for Beginners (2025)
byTeleglobal International
 
Ask Me Anything About AI Assist: Practical Answers for Real Workflows
bySafe Software
 
"Daily workflows with Cursor IDE", Maksym Anisimov
byFwdays
 
A fool with a tool is still a fool - Plone Conference 2025
byAndreas Jung
 
Dragino商品カタログ 2025.7 LoRaWAN・NB-IoT・LTE-M(LTE Cat.M1)対応センサーリスト
byCRI Japan, Inc.
 
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
CBD Belgium 2025 - The adventures of a Microsoft 365 Platform Owner.pptx
byJasper Oosterveld
 
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
UiPath Automation Suite Installation (Hands-On) [2/3]
bysuhanisingh58689
 
Fairness and Bias in AI Ethics and Explainability
byShiwani Gupta
 
BioVault.net ADW 2025 CODATA: SyftBox: a General Purpose Solution for Data Vi...
byMadhava Jay
 

Kubernetes And Istio and Azure AKS DevOps

  • 1.
    Copyright © SELASoftware & Education Labs, Ltd. | 14-18 Baruch Hirsch St., Bnei Brak 51202, Israel | www.selagroup.com December 27, 30-31, 2018 SELA DEVELOPER PRACTICE Ofir Makmal | CTO | Sela Group ofirm@sela.co.il + Kubernetes and Istio A Service Mesh platform
  • 2.
    Ku·ber·ne·tes Kubernetes can bemany things… Its a scalable, self-healing and resilient ● Container orchestration engine ● Cluster management system ● Mesos, Swarm, Rancher, _______ replacement ● Microservices, CI/CD, Machine Learning platforms ● Portable ‘cloud’ But, It’s NOT just another way to run containers... 2
  • 3.
    The Kubernetes Journey Recentsurveys from from CNCF shows that over 83% of the companies that are using containers are using Kubernetes July 2018 It has a huge community: ● ~36K Stars ● ~1600 Contributors! ● ~13K Forks ● ~1000 Pending pull requests! 3
  • 4.
    High Level Architecture ©Copyright SELA Software & Education Labs Ltd. | 14-18 Baruch Hirsch St Bnei Brak, 51202 Israel | www.selagroup.com | DevOps Course - Kubernetes Introduction
  • 5.
  • 6.
    Azure Kubernetes Service(AKS) ● Fully managed Kubernetes cluster ● Set up master and nodes ● One-Click scale and upgrade operations ● Built-in secured dashboard ● Support Block and CIFS volumes on Azure ● Support for GPU workloads ● Fully integrated with Azure Monitor and Log Analytics Also, fully integrated with Azure DevOps 6
  • 7.
    Azure DevOps ● Full-blownGit Repos ● Issues and Tasks boards ● Pipelines support ○ Thousands of steps extensions ● Build on Windows, Linux and Mac! ● Release on Windows, Linux and Mac! ● Manage test plans and load tests ● Built-in Private package managers ○ Private NPM, Nuget, Maven, Gradle, PIP ○ Similar to JFrog Artifactory, Nexus ● Managed from your Azure Account 7
  • 8.
    Demo Creating an AKSCluster Azure DevOps Kubectl, walkthrough
  • 9.
  • 10.
    And we allknow how to run an application... Creating a Namespace, defining a Deployment to manage a ReplicaSet of Pods, exposing them as Services and Ingress, maybe mounting Persistent Volumes into their containers, injecting ConfigMaps and Secrets as environment variables. After deployment, we expect that Kubernetes will take care the rest. 10
  • 11.
    Deployment Architecture © CopyrightSELA Software & Education Labs Ltd. | 14-18 Baruch Hirsch St Bnei Brak, 51202 Israel | www.selagroup.com | DevOps Course - Kubernetes Introduction
  • 12.
  • 13.
    Back to basics ’Micro-servicesis a software development technique—[…] that structures an application as a collection of loosely coupled services. In a microservices architecture, services are fine-grained and the protocols are lightweight. The benefit of decomposing an application into different smaller services is that it improves modularity and makes the application easier to understand, develop, test, and more resilient to architecture erosion. It also parallelizes development by enabling small autonomous teams to develop, deploy and scale independently. […] Microservices-based architectures enable continuous delivery and deployment.’ * Wikipedia
  • 14.
    Micro-services 101 • Small– do one thing and do it well • Simple! • Has clear domain boundaries and well-defined API’s • Standalone • Independent development • Independent deployment • Build and release is automatic • Testable • Loosely coupled
  • 15.
    With simplicity, comescomplexity ® • How to deploy or update services with zero-downtime? • How to A/B test the application? • How to handle network failures? • How to manage security between services? • How to handle timeouts? Retries? • How to rate limit? Add quotas? • Telemetry, Logging, Monitoring? • What about Polyglot, Legacy systems? • Different Tech Stacks
  • 16.
    We used todo this ourself • Integrating services and libraries for the following: • Eureka - Service Registry • Ribbon - Client Side Load Balancing • Hystrix - Circuit Breaker • Zipkin - Distributed Tracing • Prometheus - Monitoring • Grafana - Dashboards and Visualization • Nginx - API Gateway • Many of them requires complicated code in our API libraries
  • 17.
    The rise ofService Mesh • Managing a horde of Microservices yourself is too hard • Service Meshes are taking care of all communication and policies needs between services and allows extensibility by middlewares • Istio, Linkerd, Conduit – are all different approaches to Service Mesh
  • 18.
    Introducing Istio • Initiativefrom Google, IBM and Lyft • Built for Kubernetes • But also supports – Nomad, Consul, and in the future will support Cloud Foundry and Mesos • A uniform way to connect, manage and secure Micro-services: • Advanced Load-Balancing for TCP, HTTP, gRPC, and Web Sockets • Rule-based Traffic Control • Advanced policies – ACL’s, Mutual-TLS, Rotating Certificates, Rate- limits, etc.. • Automatic metrics, logs, traces collection • IstioCtl – like KubeCtl, only for Istio (we can actually use KubeCtl most of the time)
  • 20.
    Control Plane vsData Plane • Control Plane • Abstract platform specific capabilities • Provide cluster wide Rules Api for Routing • Propagate Policy and Configuration • Manages data plan • Data Plane • Service Discovery • Routing • Load Balancing • Authentication and Authorization • Health Checking • Observability
  • 21.
    Envoy • Originally builtat Lyft • Now a CNCF Graduate • A C++ based L4/L7 proxy • Battle-tested with great performance • Acts as the smart Data-Plane managed by Istio • Many built-in mechanism used by Istio • API Driven updates (without hot-reload) • In recent versions being injected as a side-car
  • 22.
    Pilot – Discoveryand Traffic management • Manages the lifecycle of Envoy instances deployed across Istio • Intelligent Router • Handle timeouts, retries • Implement Circuit-Breaker • Allows A/B testing • Sophisticated Deployments
  • 23.
    Mixer • Manages AccessControl and Policies • Extract request attributes • Collects Telemetry and metrics • Tracing & Metric backend can be changed at runtime (Prometheus, InfluxDB, StackDriver, etc..) Citadel • Service-to-service authentication and Mutual TLS • Supports RBAC (Role-Based Access Control) - like Kubernetes • Automatically manages credentials and certificates
  • 24.
  • 25.
    Built-in Addons • Prometheus& Grafana • Out-of-the-box cluster-wide metric-collection, and support for alert’s manager • Fully customizable dashboards using Grafana • Service Graph • For Observability • Open Tracing • Vendor-neutral APIs and instrumentation for distributed tracing • Jaeger or Zipkin
  • 26.
    Demo Demo Application –Simple BookApp Platform observability, monitoring, and tracing
  • 27.
  • 28.
    apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name:reviews spec: hosts: - reviews http: - route: - destination: host: reviews subset: v1 VirtualService
  • 29.
    apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name:reviews spec: host: reviews subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 DestinationRule
  • 30.
    Intelligent Routing Capabilities •Request Routing • Manage multiple environments (dev, test, prod) and multiple versions (vX, vY) at the same time while configuring sophisticated rules based-on Uri, Headers and more. • Implement Weight-based version routing • Allows A/B testing and Canary Deployments • Handle Ingress and Egress routing rules and gateways • Warm-up services with request mirroring • Load Balancing • Handle service-registration and service-discovery • Advanced Algorithms • Weighted round robin, Weighted least request, Ring-Hash, Maglev, Random, Orig- Destination • Zone-awareness, priorities and more
  • 31.
    Failure Handling • Timeoutsand Deadlines • Following request journey in the Service Mesh • Supports per-request configuration • Retries • Supports variable jitter between retries • Rate-limiting and Quotas • Connection limits, requests throttling • Circuit-Breaker • Help getting failed services back to shape after subsequent failures (fully configurable)
  • 32.
    Fault Injection • Allowsto test the failure handling mechanism • Enables granular Chaos testing (i.e Netflix’s Chaos Monkey) • Introduce latency to specific services or users • Inject statistical errors to requests
  • 33.
  • 34.
    Recap • Istio introducesunparalleled support for the unique challenges that comes with Micro-services • Istio is vendor-agnostic, and supports both on-prem and cloud deployments • Istio is now stable for GA and considered production ready. • v0.8+ Includes major API changes (VirtualService, DestinationRule)
  • 35.