$30 off During Our Annual Pro Sale. View Details »

Welcome to the service mesh era!

Alex Khaerov
April 25, 2019
Programming
1
280

Welcome to the service mesh era!

Adopting a microservices architecture brings a host of benefits, including increased autonomy, flexibility, and modularity. But the process of decoupling a single-tier monolithic application into smaller services introduces new obstacles: what's running, how to roll out updates, how to secure and monitor all such fleet? To address these challenges, you can use a service mesh. With this talk, we are going to refresh basic knowledge and pillars of the "service mesh" and share our experience and concerns about the most popular one - Istio. Welcome to the service mesh era!

Alex Khaerov

April 25, 2019
Tweet

More Decks by Alex Khaerov

See All by Alex Khaerov
Cloud-native pipeline with Tekton
hayorov
0
33
Container security
hayorov
0
190
"Family budget" in minutes 
with Chainstack
hayorov
0
300
Bye, bye Virtual Environments?
hayorov
0
210
Quorum in minutes 
with Chainstack
hayorov
0
290
Securing Helm
hayorov
0
34
Entangled In Dependencies: Pipenv&Poetry
hayorov
0
280
To Helm Or Not To Helm
hayorov
0
440
TheURBN game #highload2017
hayorov
0
22

Other Decks in Programming

See All in Programming
状態設計から「なんとなく」を無くそう
qnighy
36
13k
「価値」あるものを作るためにエンジニアができること - NIFTY Tech Day 2023
niftycorp
0
140
ブログのリアクションから始めるGoのパフォーマンス分析入門
always_allokay
0
100
文系出身・開発未経験エンジニアが 入社から5年間で実践した学習法 〜エンジニアの世界で圧倒的に成長するために〜 (LT) - NIFTY Tech Day 2023
niftycorp
1
140
飛び出せ!フロントエンド知見共有会~Next,Astro,Sveltekitを使ったエンジニアたちの声~ - NIFTY Tech Day 2023
niftycorp
0
140
Vue & Vite Rustify
kazupon
4
1k
機械学習ソフトウェアにおけるテスト手法
hitsuji1991
PRO
3
1.1k
アクセシビリティを理解するとフロントエンドのテストが楽になる!
nano72mkn
1
1.9k
Is efficiency a good thing?
hollycummins
0
110
Developing a Vim plugin with Ruby
okuramasafumi
0
230
車両情報のリアルタイム特徴量基盤の構築
mot_techtalk
3
1.1k
アーキテクチャ刷新の現場 / Scene of architectural renewal
nrslib
6
1.1k

Featured

See All Featured
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
185
15k
Typedesign – Prime Four
hannesfritz
35
1.8k
Building a Scalable Design System with Sketch
lauravandoore
453
32k
Writing Fast Ruby
sferik
615
59k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
24
2k
Being A Developer After 40
akosma
52
580k
Automating Front-end Workflow
addyosmani
1354
200k
Code Review Best Practice
trishagee
53
14k
Building Effective Engineering Teams - LeadDev
addyosmani
22
1.2k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
54
33k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
15
1.7k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
352
21k

Transcript

  1. Alex Khaerov
    @hayorov
    Welcome to the service mesh era!

    View Slide

  2. @hayorov
    Hello!

    View Slide

  3. @hayorov
    company
    who I am

    View Slide

  4. @hayorov
    Alex Khaerov
    company
    who I am
    @hayorov

    View Slide

  5. @hayorov
    Alex Khaerov
    company
    who I am
    @hayorov
    doing software development for 9+ years
    active in the Python and K8s developer communities
    organises Moscow Python Conf, Helm Summit 2019
    a huge fan of laptop stickers

    View Slide

  6. @hayorov
    Chainstack
    Multi-cloud and multi-blockchain Platform as a Service
    Alex Khaerov
    company
    who I am
    @hayorov
    doing software development for 9+ years
    active in the Python and K8s developer communities
    organises Moscow Python Conf, Helm Summit 2019
    a huge fan of laptop stickers

    View Slide

  7. @hayorov
    Chainstack
    Multi-cloud and multi-blockchain Platform as a Service
    Alex Khaerov
    company
    who I am
    @hayorov
    doing software development for 9+ years
    active in the Python and K8s developer communities
    organises Moscow Python Conf, Helm Summit 2019
    a huge fan of laptop stickers
    We are based in Singapore "

    View Slide

  8. @hayorov
    Frontend Backend Infrastructure Blockchains
    We use and love

    View Slide

  9. @hayorov
    Frontend Backend Infrastructure Blockchains
    We use and love

    View Slide

  10. @hayorov
    Frontend Backend Infrastructure Blockchains
    We use and love

    View Slide

  11. @hayorov
    Frontend Backend Infrastructure Blockchains
    We use and love

    View Slide

  12. @hayorov
    Frontend Backend Infrastructure Blockchains
    We use and love

    View Slide

  13. @hayorov
    Frontend Backend Infrastructure Blockchains
    We are hiring:
    careers.chainstack.com
    We use and love

    View Slide

  14. @hayorov
    Frontend Backend Infrastructure Blockchains
    We use and love
    DevOps, SRE wanted!

    View Slide

  15. @hayorov
    September 11 - 12, 2019

    Pakhuis de Zwijger

    Amsterdam,
    The Netherlands
    https://events.linuxfoundation.org/events/helm-summit-2019/
    CFP is open – Apply now! | #helmsummit

    View Slide

  16. @hayorov
    @hayorov
    Agenda
    Background
    What is Istio?
    Core features
    Operating principle
    Our experience

    View Slide

  17. @hayorov
    Monolithic app
    +



    View Slide

  18. @hayorov
    Monolithic app
    +



    “Bear Metal”

    View Slide

  19. @hayorov
    Monolithic app
    +
    Monolithic app
    +
    Virtualization



    “Bear Metal”

    View Slide

  20. @hayorov
    Monolithic app
    +
    Monolithic app
    +
    Virtualization
    Microservices
    +
    Containers



    “Bear Metal”

    View Slide

  21. @hayorov
    Monolithic app
    +
    Monolithic app
    +
    Virtualization
    Microservices
    +
    Containers



    In fact, this is how your Minikube
    cluster looks like, haha!
    “Bear Metal”

    View Slide

  22. @hayorov
    All you knows

    View Slide

  23. ->

    View Slide

  24. @hayorov
    All you knows

    View Slide

  25. @hayorov
    -> -> ?

    View Slide

  26. @hayorov
    @hayorov
    Istio

    View Slide

  27. @hayorov
    From assess to trial.
    Source: Technology Radar, April 2019, thoughtworks.com

    View Slide

  28. @hayorov
    From assess to trial.
    Source: Technology Radar, April 2019, thoughtworks.com
    24

    View Slide

  29. @hayorov
    @hayorov
    Istio
    service mesh technology.
    Wait! What technology?

    View Slide

  30. @hayorov
    @hayorov
    service mesh
    provides a transparent and
    language-independent way to flexibly
    and easily automate application network
    functions.

    View Slide

  31. @hayorov
    @hayorov
    Istio
    service mesh technology
    abstraction level to the network
    intercepts all traffic
    executes a set of operations

    View Slide

  32. @hayorov
    Istio Value Proposition

    View Slide

  33. @hayorov

    View Slide

  34. @hayorov
    Data plane

    View Slide

  35. @hayorov
    Data plane
    Control plane

    View Slide

  36. @hayorov

    View Slide

  37. @hayorov

    View Slide

  38. @hayorov

    View Slide

  39. @hayorov

    View Slide

  40. @hayorov

    View Slide

  41. @hayorov

    View Slide

  42. @hayorov

    View Slide

  43. @hayorov

    View Slide

  44. @hayorov

    View Slide

  45. @hayorov

    View Slide

  46. @hayorov

    View Slide

  47. @hayorov

    View Slide

  48. @hayorov

    View Slide

  49. @hayorov

    View Slide

  50. @hayorov

    View Slide

  51. @hayorov

    View Slide

  52. @hayorov
    @hayorov
    • Telemetry.
    • Single common load balancer for all the services (HTTP, path based).
    • Traffic shifting (v1/v2) with simple YAML configuration.
    • Circuit breaking, traffic mirroring, retries.
    What Chainstack have been waiting from Istio

    View Slide

  53. @hayorov
    @hayorov
    1.1
    Performance
    0.2 (Oct, 2017)
    the first touch
    1.0 (Oct, 2018)
    major release
    1.1.x
    Milestones

    View Slide

  54. @hayorov
    @hayorov
    Fact 1: Simple installation
    Official helm charts
    Install with Helm via helm template
    or with Helm and Tiller using helm install
    Istio on GKE
    Extra checkbox in gconsole.
    In beta status.

    View Slide

  55. @hayorov
    @hayorov
    Fact 2: We cannot easily get network interaction
    data on network traffic
    Istio comes with a precompiled and preconfigured envoy proxy,
    supporting only the zipkin protocol.
    Only bytes metrics, no RPS or request latencies.
    Zipkin protocol is much verbose than Jaeger == less effective.

    View Slide

  56. @hayorov
    @hayorov
    By default, Istio comes with plain TCP configured for all ports,
    which means that no traces are sent.
    Fact 3: No magic, need to configure
    Solution: Name all the ports of the kubernetes service entities.
    Composite names can be used, like http-magic (proto-extra format).
    Dirty workaround: Patch the Pilot component.

    View Slide

  57. @hayorov
     Fact 4: High compute resource
    consumption 
    •150 pods;
    •50 services;
    •25 virtualservices;
    •30 destination rules.
    “Pilote” CPU consumption
    •Envoy degrades at big scale (>5k rps);
    •Side-car consumes ~600Mb RAM (each instance).

    View Slide

  58. @hayorov
    @hayorov
    Despite all of this…
    Istio is a great tool
    and performance is getting better.

    View Slide

  59. Thank you
    questions…

    @hayorov

    View Slide

  60. Thank you
    questions…

    Alex Khaerov
    @hayorov

    View Slide