Making Microservices Micro with Istio Service Mesh

Slide 1

Slide 1 text

with Istio Making Microservices Micro

Slide 2

Slide 2 text

2 @saturnism @googlecloud @istiomesh @kubernetesio Ray Tsang Developer Advocate Google Cloud Platform @saturnism | +RayTsang

Slide 3

Slide 3 text

3 @saturnism @googlecloud @istiomesh @kubernetesio Ray Tsang Developer Architect Traveler Photographer flickr.com/saturnism

Slide 4

Slide 4 text

4 @saturnism @googlecloud @istiomesh @kubernetesio Microservices? You probably heard a lot already! No theories here - just a how to solve problems

Slide 5

Slide 5 text

5 @saturnism @googlecloud @istiomesh @kubernetesio A B C D

Slide 6

Slide 6 text

6 @saturnism @googlecloud @istiomesh @kubernetesio A B C D

Slide 7

Slide 7 text

7 @saturnism @googlecloud @istiomesh @kubernetesio A B C D

Slide 8

Slide 8 text

8 @saturnism @googlecloud @istiomesh @kubernetesio So many instances… Deployment Resource Isolation & Utilization Resilliency Networking

Slide 9

Slide 9 text

9 @saturnism @googlecloud @istiomesh @kubernetesio apiVersion: extensions/v1beta1 kind: Deployment metadata: name: work-server-v1 ... spec: replicas: 2 template: ... spec: containers: - name: work-server image: saturnism/work-server-istio:v1

Slide 10

Slide 10 text

10 @saturnism @googlecloud @istiomesh @kubernetesio web browsers Scheduler kubectl web browsers scheduler Kubelet Kubelet Kubelet Kubelet Config file Kubernetes Master Container Image

Slide 11

Slide 11 text

11 @saturnism @googlecloud @istiomesh @kubernetesio Control Plane Cluster of machines as one Well-defined API & types Abstraction of infrastructure

Slide 12

Slide 12 text

12 @saturnism @googlecloud @istiomesh @kubernetesio Let's see it...

Slide 13

Slide 13 text

13 @saturnism @googlecloud @istiomesh @kubernetesio A B C D How?

Slide 14

Slide 14 text

14 @saturnism @googlecloud @istiomesh @kubernetesio Beyond Deployment Load Balancing Fault Tolerance Observability & Insight Monitoring & Tracing Circuit Breaking

Slide 15

Slide 15 text

15 @saturnism @googlecloud @istiomesh @kubernetesio Popular Open Source Tools Eureka - Service Registry Ribbon - Client Side LB Hystrix - Circuit Breaker Zipkin - Distributed Tracing Prometheus - Monitoring Grafana - Data Visualization

Slide 16

Slide 16 text

16 @saturnism @googlecloud @istiomesh @kubernetesio Eureka Service Registry Zuul API Gateway Zipkin Distributed Trace Prometheus Metrics Store Grafana Visualization Microservice A Ribbon Hystrix Tracer Metrics Archaius Centralized Config

Slide 17

Slide 17 text

17 @saturnism @googlecloud @istiomesh @kubernetesio Microservice A Ribbon Hystrix Tracer Metrics Microservice A Ribbon Hystrix Tracer Metrics Microservice A Ribbon Hystrix Tracer Metrics Microservice B Ribbon Hystrix Tracer Metrics Eureka Service Registry

Slide 18

Slide 18 text

18 @saturnism @googlecloud @istiomesh @kubernetesio This is easy when... Single stack Framework w/ Spring Boot

Slide 19

Slide 19 text

19 @saturnism @googlecloud @istiomesh @kubernetesio This becomes more difficult... Multiple stack Multiple frameworks Polyglot Legacy

Slide 20

Slide 20 text

20 @saturnism @googlecloud @istiomesh @kubernetesio At the end of the day... Let Microservice A talk to Microservice B!

Slide 21

Slide 21 text

21 @saturnism @googlecloud @istiomesh @kubernetesio As simple as... Making a HTTP request?

Slide 22

Slide 22 text

22 @saturnism @googlecloud @istiomesh @kubernetesio Enter Istio, a Service Mesh!

Slide 23

Slide 23 text

23 @saturnism @googlecloud @istiomesh @kubernetesio What Where When How A complete framework for connecting, securing, managing and monitoring services Secure and monitor traffic for microservices and legacy services An open platform with key contributions from Google, IBM, Lyft and others Multi-environment and multi-platform, but Kubernetes first

Slide 24

Slide 24 text

24 @saturnism @googlecloud @istiomesh @kubernetesio Control Plane Service to Service Communication Routing Rules Retries Circuit Breaker Performance Monitoring Tracing

Slide 25

Slide 25 text

25 @saturnism @googlecloud @istiomesh @kubernetesio Eureka Service Registry Zuul API Gateway Zipkin Distributed Trace Prometheus Metrics Store Grafana Visualization Microservice A Ribbon Hystrix Tracer Metrics Archaius Centralized Config

Slide 26

Slide 26 text

26 @saturnism @googlecloud @istiomesh @kubernetesio Eureka Service Registry Zuul API Gateway Zipkin Distributed Trace Prometheus Metrics Store Grafana Visualization Microservice A Ribbon Hystrix Tracer Metrics Archaius Centralized Config

Slide 27

Slide 27 text

27 @saturnism @googlecloud @istiomesh @kubernetesio Eureka Service Registry Zuul API Gateway Zipkin Distributed Trace Prometheus Metrics Store Grafana Visualization Microservice A Ribbon Hystrix Tracer Metrics Archaius Centralized Config

Slide 28

Slide 28 text

28 @saturnism @googlecloud @istiomesh @kubernetesio Microservice A Ribbon Hystrix Tracer Metrics Proxy Microservice A

Slide 29

Slide 29 text

29 @saturnism @googlecloud @istiomesh @kubernetesio A C++ based L4/L7 proxy Low memory footprint Battle-tested @ Lyft 100+ services 10,000+ VMs 2M req/s An awesome team willing to work with the community!

Slide 30

Slide 30 text

30 @saturnism @googlecloud @istiomesh @kubernetesio Dynamic service discovery Load balancing TLS termination HTTP/2 gRPC proxying Circuit breakers Health checks Traffic split Fault injection ...

Slide 31

Slide 31 text

31 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice B Istio Pilot Configure proxies Kubernetes

Slide 32

Slide 32 text

32 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice B Service calls http://service-b/

Slide 33

Slide 33 text

33 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice B Service calls http://service-b/ Service Mesh transparently intercepts request, forwards to local proxy

Slide 34

Slide 34 text

34 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice B Service calls http://service-b/ Service Mesh transparently intercepts request, forwards to local proxy Proxy has a list of destinations, load balances the request to a destination proxy

Slide 35

Slide 35 text

35 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice B Service calls http://service-b/ Service Mesh transparently intercepts request, forwards to local proxy Proxy has a list of destinations, load balances the request to a destination proxy If allowed, destination proxy forwards the request to Service B instance

Slide 36

Slide 36 text

36 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice B Service calls http://service-b/ Service Mesh transparently intercepts request, forwards to local proxy Proxy has a list of destinations, load balances the request to a destination proxy Destination proxy checks with a mixer to enforce policy, quota, ACL, etc Service B response goes back to the caller

Slide 37

Slide 37 text

37 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice B Service calls http://service-b/ Service Mesh transparently intercepts request, forwards to local proxy Proxy has a list of destinations, load balances the request to a destination proxy Destination proxy checks with a mixer to enforce policy, quota, ACL, etc If allowed, destination proxy forwards the request to Service B instance Service B response goes back to the caller

Slide 38

Slide 38 text

38 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice B Through the Proxy - Traffic Control - enforce routing rules & policies - Resiliency - Circuit Breaker, Retries - Monitoring - Record metrics - Observability - Record traces - Security - Mutual TLS! Encryption

Slide 39

Slide 39 text

39 @saturnism @googlecloud @istiomesh @kubernetesio Platform Services Proxy Microservice A Proxy Microservice B Zipkin Prometheus Grafana Istio Mixer

Slide 40

Slide 40 text

40 @saturnism @googlecloud @istiomesh @kubernetesio or Cloud Platform Services Proxy Microservice A Proxy Microservice B ... BlueMix Google Cloud Istio Mixer

Slide 41

Slide 41 text

41 @saturnism @googlecloud @istiomesh @kubernetesio Let's see it...

Slide 42

Slide 42 text

42 @saturnism @googlecloud @istiomesh @kubernetesio Pod Istio Proxy Service A Istio CA istio:*.myorg.com SAN: “Istio:foo.prod.myorg.com” - Service account: foo - Namespace: prod Service B Istio Proxy Pod SAN: “Istio:bar.prod.myorg.com” - Service account: bar - Namespace: prod istio:*.myorg.com istio:*.myorg.com Issue & mount as k8s secrets Orchestrate Key & Certificate: - Generation - Deployment - Rotation - Revocation

Slide 43

Slide 43 text

43 @saturnism @googlecloud @istiomesh @kubernetesio Visibility Resiliency & Efficiency Traffic Control Security Policy Enforcement

Slide 44

Slide 44 text

44 @saturnism @googlecloud @istiomesh @kubernetesio ● 0.1: a single Kubernetes namespace ● 0.2 (just launched): a single Kubernetes cluster and external VMs ● 0.3 (by end of year): production readiness within a single cluster ● 1.0: (2018): complete mesh across all environments

Slide 45

Slide 45 text

45 @saturnism @googlecloud @istiomesh @kubernetesio ● Install Kubernetes (v1.7+ for Initializers) ○ Google Container Engine Alpha clusters ● istio.io quickstart ● Helm chart ○ helm install incubator/istio ● Take a lab! Getting started

Slide 46

Slide 46 text

46 @saturnism @googlecloud @istiomesh @kubernetesio 46 Learn more on istio.io Let us know on istio-users@googlegroups.com Examples on github.com/saturnism/istio-by-example-java Try our Code Labs g.co/codelabs/cloud! Thank you!