Traffic Management with Istio ( with Demo )

4cb5b950cfd0eabf5d6b828c951d4549?s=47 loftkun
August 08, 2019
Technology
0
150

Traffic Management with Istio ( with Demo )

2019/08/08 Thu

Cloud Native FUKUOKA #02 - connpass
https://cnjp.connpass.com/event/139837/

4cb5b950cfd0eabf5d6b828c951d4549?s=128

loftkun

August 08, 2019
Tweet

Want more?

4cb5b950cfd0eabf5d6b828c951d4549?s=48 loftkun
2
230
4cb5b950cfd0eabf5d6b828c951d4549?s=48 loftkun
0
35
4cb5b950cfd0eabf5d6b828c951d4549?s=48 loftkun
0
200
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
1
130
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
1
67
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
0
67
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenhchung
4
130
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
3
150
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
2
220
C35e01544a0dd94a2cf1619ee8a42ebb?s=48 clairelew
2
410
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
1
110
B3ace07412a5178ea778e7eec161fc0a?s=48 jcasabona
4
200

Transcript

  1. 1.

    Traffic Management with Istio ( with Demo ) 2019/08/08 Cloud

    Native FUKUOKA #02 loftkun
  2. 2.

    About me • @loftkun • ヤフー株式会社 SRE部 • 将棋好き •

    対局結果検索サイトなど公開してます • ⾳楽好き • ROCK IN JAPAN FESTIVAL ⾏きます • ピアノ習いたい • コンテナ好き、k8sは前職で使ってた、現職でも使いたい
  3. 3.

    My k8s Environment

  4. 4.

    Machine CPU Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz 6Core/12Threads RAM

    64GB OS Ubuntu 17.10 k8s minikube v1.2.0 ( Kubernetes v1.15.0 ) assign 12cpu & 40GB RAM kubectl v1.15.0 istio v1.2.2 helm v2.14.1
  5. 5.

    minikube start vm-driver=virtualbox Container VM ( Node ) Minikube BareMetal

    ssh -fNL 12345:192.168.99.100:12345 loft@192.168.3.5 192.168.3.5 grafana service のnodePortが12345の場合 http://localhost:12345 でアクセスできるぞ 192.168.99.100 192.168.3.4 Minikube ssh でログイン可能
  6. 6.

    minikube start vm-driver=none Container Minikube BareMetal 192.168.3.5 ( Node )

    grafana service のnodePortが12345の場合 http://192.168.3.5:12345 でアクセスできるぞ 192.168.3.4 tcpdump –i docker0 全Pod間の通信をキャプチャできるぞ
  7. 7.

    Agenda Introduction How to use Bookinfo Traffic Management

  8. 8.

    Introduction What is Istio?

  9. 9.

    https://istio.io/ • サービスメッシュを構成するOSS • CNCF Platinum Member • Proxyコンテナ(Envoy)をSidecarとしてPod内にInjectionしてくれる •

    様々な制御をkubectl applyできる(後ほどご紹介) • 便利なOSS同梱 • メトリクス (Prometheus/Grafana) • トレース (Jaeger/Zipkin) • サービスメッシュグラフの可視化(Kiali)
  10. 10.

    https://github.com/cncf/trailmap

  11. 11.

    https://github.com/cncf/trailmap

  12. 12.

    How to use Install à Sidecar Injection à Apply traffic

    rules
  13. 13.

    3 steps Install Sidecar Injection Apply traffic rules

  14. 14.

    Install Use Helm? $ kubectl apply istio-demo.yaml Cluster has tiller?

    $ helm template istio | kubectl apply $ helm install istio Y Y おすすめはHelm使⽤。パラメタ設定が楽。 • incubator/istioはメンテが⽌まってるので使わない • istio.ioのdoc記載の最新版をdownloadして使おう N N
  15. 15.

    Sidecar Injection Manual istioctl kube-injectコマンドでSidecarを埋め込んだmanifestを出⼒する $ kubectl apply -f <

    ( istioctl kube-inject -f my-manifests.yaml ) Automatic 対象のnamespaceにラベルを設定しておくだけでOK! $ kubectl label ns my-ns istio-injection=enabled
  16. 16.

    Apply traffic rules kubectl apply –f my-virtualservice.yaml • VirtualService •

    a set of traffic routing rules • 宛先別に様々なruleを設定できる Istio setup is done, Letʼs Traffic Management !
  17. 17.

    Bookinfo Istioが提供するサンプルアプリ

  18. 18.

    Architecture https://istio.io/docs/examples/bookinfo/ load balancing ( by reviews service )

  19. 19.

    Demo

  20. 20.

    Traffic Management Routing, Fault Injection, etc

  21. 21.

    Request Routing https://istio.io/docs/examples/bookinfo/

  22. 22.

    Demo

  23. 23.

    review v1 (星なし)

  24. 24.

    Request Routing ( by header ) https://istio.io/docs/examples/bookinfo/

  25. 25.

    Demo

  26. 26.
    None
  27. 27.

    Canary Release に使えそう︕ review v2 (⿊い星)

  28. 28.

    Fault Injection (delay ) Injected Delay : 7sec https://istio.io/docs/examples/bookinfo/

  29. 29.

    Demo

  30. 30.
    None
  31. 31.

    https://istio.io/docs/examples/bookinfo/

  32. 32.

    hard-corded Timeout : 10sec Injected Delay : 7sec https://istio.io/docs/examples/bookinfo/

  33. 33.

    hard-corded Timeout : 3sec Retry : 1 hard-corded Timeout :

    10sec Injected Delay : 7sec Chaos Engineering に使えそう︕ https://istio.io/docs/examples/bookinfo/
  34. 34.
    None
  35. 35.

    Other Traffic Managements • Traffic Shifting • Circuit Breaking •

    Mirroring and more ! https://istio.io/docs/tasks/traffic-management/
  36. 36.

    Appendix

  37. 37.

    なぜヨット︖

  38. 38.

    いろいろ船関連だった Kubernetes 操舵手(ギリシャ語) Helm 舵 tiller 舵柄(かじを操作するレバー) Istio 帆(ギリシャ語) Spinnaker

    大きな三角形の帆
  39. 39.

    Thank you for listening ! 福岡新着ITイベント @ITEventFukuoka

  40. 40.

    Appendix : commands for demo with my home k8s

  41. 41.

    ssh config • ~/.ssh/config • ログイン ssh my-k8s

  42. 42.

    ssh port forwarding INGRESS_HOST=192.168.99.100 INGRESS_PORT=31380 ssh -fNL ${INGRESS_PORT}:${INGRESS_HOST}:${INGRESS_PORT} my-k8s •

    ローカルの31380ポートをnode(MinikubeのVM) 内の 31380ポートにforwarding • BookInfoは localhost:31380/productpage で⾒れる
  43. 43.

    ref • Request Routing • https://istio.io/docs/tasks/traffic-management/request-routing/ • Fault Injection •

    https://istio.io/docs/tasks/traffic-management/fault-injection/
  44. 44.

    Appendix : BookInfo screenshot

  45. 45.

    review v1のレスポンス

  46. 46.

    reload

  47. 47.
    None
  48. 48.

    review v2のレスポンス(⿊い星)

  49. 49.

    reload

  50. 50.
    None
  51. 51.

    review v3のレスポンス(⾚い星)