Traffic Management with Istio ( with Demo )

Slide 1

Slide 1 text

Traffic Management with Istio ( with Demo ) 2019/08/08 Cloud Native FUKUOKA #02 loftkun

Slide 2

Slide 2 text

About me • @loftkun • ヤフー株式会社 SRE部 • 将棋好き • 対局結果検索サイトなど公開してます • ⾳楽好き • ROCK IN JAPAN FESTIVAL ⾏きます • ピアノ習いたい • コンテナ好き、k8sは前職で使ってた、現職でも使いたい

Slide 3

Slide 3 text

My k8s Environment

Slide 4

Slide 4 text

Machine CPU Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz 6Core/12Threads RAM 64GB OS Ubuntu 17.10 k8s minikube v1.2.0 ( Kubernetes v1.15.0 ) assign 12cpu & 40GB RAM kubectl v1.15.0 istio v1.2.2 helm v2.14.1

Slide 5

Slide 5 text

minikube start vm-driver=virtualbox Container VM ( Node ) Minikube BareMetal ssh -fNL 12345:192.168.99.100:12345 loft@192.168.3.5 192.168.3.5 grafana service のnodePortが12345の場合 http://localhost:12345 でアクセスできるぞ 192.168.99.100 192.168.3.4 Minikube ssh でログイン可能

Slide 6

Slide 6 text

minikube start vm-driver=none Container Minikube BareMetal 192.168.3.5 ( Node ) grafana service のnodePortが12345の場合 http://192.168.3.5:12345 でアクセスできるぞ 192.168.3.4 tcpdump –i docker0 全Pod間の通信をキャプチャできるぞ

Slide 7

Slide 7 text

Agenda Introduction How to use Bookinfo Traffic Management

Slide 8

Slide 8 text

Introduction What is Istio?

Slide 9

Slide 9 text

https://istio.io/ • サービスメッシュを構成するOSS • CNCF Platinum Member • Proxyコンテナ(Envoy)をSidecarとしてPod内にInjectionしてくれる • 様々な制御をkubectl applyできる(後ほどご紹介) • 便利なOSS同梱 • メトリクス (Prometheus/Grafana) • トレース (Jaeger/Zipkin) • サービスメッシュグラフの可視化(Kiali)

Slide 10

Slide 10 text

https://github.com/cncf/trailmap

Slide 11

Slide 11 text

https://github.com/cncf/trailmap

Slide 12

Slide 12 text

How to use Install à Sidecar Injection à Apply traffic rules

Slide 13

Slide 13 text

3 steps Install Sidecar Injection Apply traffic rules

Slide 14

Slide 14 text

Install Use Helm? $ kubectl apply istio-demo.yaml Cluster has tiller? $ helm template istio | kubectl apply $ helm install istio Y Y おすすめはHelm使⽤。パラメタ設定が楽。 • incubator/istioはメンテが⽌まってるので使わない • istio.ioのdoc記載の最新版をdownloadして使おう N N

Slide 15

Slide 15 text

Sidecar Injection Manual istioctl kube-injectコマンドでSidecarを埋め込んだmanifestを出⼒する $ kubectl apply -f < ( istioctl kube-inject -f my-manifests.yaml ) Automatic 対象のnamespaceにラベルを設定しておくだけでOK! $ kubectl label ns my-ns istio-injection=enabled

Slide 16

Slide 16 text

Apply traffic rules kubectl apply –f my-virtualservice.yaml • VirtualService • a set of traffic routing rules • 宛先別に様々なruleを設定できる Istio setup is done, Letʼs Traffic Management !

Slide 17

Slide 17 text

Bookinfo Istioが提供するサンプルアプリ

Slide 18

Slide 18 text

Architecture https://istio.io/docs/examples/bookinfo/ load balancing ( by reviews service )

Slide 19

Slide 19 text

Demo

Slide 20

Slide 20 text

Traffic Management Routing, Fault Injection, etc

Slide 21

Slide 21 text

Request Routing https://istio.io/docs/examples/bookinfo/

Slide 22

Slide 22 text

Demo

Slide 23

Slide 23 text

review v1 (星なし)

Slide 24

Slide 24 text

Request Routing ( by header ) https://istio.io/docs/examples/bookinfo/

Slide 25

Slide 25 text

Demo

Slide 26

Slide 26 text

No content

Slide 27

Slide 27 text

Canary Release に使えそう︕ review v2 (⿊い星)

Slide 28

Slide 28 text

Fault Injection (delay ) Injected Delay : 7sec https://istio.io/docs/examples/bookinfo/

Slide 29

Slide 29 text

Demo

Slide 30

Slide 30 text

No content

Slide 31

Slide 31 text

https://istio.io/docs/examples/bookinfo/

Slide 32

Slide 32 text

hard-corded Timeout : 10sec Injected Delay : 7sec https://istio.io/docs/examples/bookinfo/

Slide 33

Slide 33 text

hard-corded Timeout : 3sec Retry : 1 hard-corded Timeout : 10sec Injected Delay : 7sec Chaos Engineering に使えそう︕ https://istio.io/docs/examples/bookinfo/

Slide 34

Slide 34 text

No content

Slide 35

Slide 35 text

Other Traffic Managements • Traffic Shifting • Circuit Breaking • Mirroring and more ! https://istio.io/docs/tasks/traffic-management/

Slide 36

Slide 36 text

Appendix

Slide 37

Slide 37 text

なぜヨット︖

Slide 38

Slide 38 text

いろいろ船関連だった Kubernetes 操舵手(ギリシャ語) Helm 舵 tiller 舵柄(かじを操作するレバー) Istio 帆(ギリシャ語) Spinnaker 大きな三角形の帆

Slide 39

Slide 39 text

Thank you for listening ! 福岡新着ITイベント @ITEventFukuoka

Slide 40

Slide 40 text

Appendix : commands for demo with my home k8s

Slide 41

Slide 41 text

ssh config • ~/.ssh/config • ログイン ssh my-k8s

Slide 42

Slide 42 text

ssh port forwarding INGRESS_HOST=192.168.99.100 INGRESS_PORT=31380 ssh -fNL ${INGRESS_PORT}:${INGRESS_HOST}:${INGRESS_PORT} my-k8s • ローカルの31380ポートをnode(MinikubeのVM) 内の 31380ポートにforwarding • BookInfoは localhost:31380/productpage で⾒れる

Slide 43

Slide 43 text

ref • Request Routing • https://istio.io/docs/tasks/traffic-management/request-routing/ • Fault Injection • https://istio.io/docs/tasks/traffic-management/fault-injection/