Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Making Microservices Micro with Istio Service Mesh

Ray Tsang
November 09, 2017
Technology
4
6k

Making Microservices Micro with Istio Service Mesh

Presented at Devoxx Belgium 2017
Video: https://youtu.be/AGztKw580yQ
Microservices are here to stay. When applied properly, microservices techniques and culture ultimately help us continuously improve business at a faster pace than traditional architecture. However, microservices architecture itself can be complex to configure. All of a sudden, we are faced with the need for a service discovery server, how do we store service metadata, make decisions on whether to use client side load balancing or server side load balancing, deal with network resiliency, think how do we enforce service policies and audit, trace nested services calls.... The list goes on.

In this talk, Ray will introduce Istio, an open source service mesh framework created by Google, IBM, and Lyft. We'll see how the service mesh work, the technology behind it, and how it addresses aforementioned concerns.

Ray Tsang

November 09, 2017
Tweet

More Decks by Ray Tsang

See All by Ray Tsang
ServerlessTO - with Spring Boot and GCP
saturnism
0
52
Optimizing Java Applications for Serverless
saturnism
0
29
Principles of Developer Experience
saturnism
0
3.2k
Surviving Dependency Hell with Maven
saturnism
2
2.2k
Learnings from Implementing Microservices Architecture with Kubernetes
saturnism
0
3.7k
Best Practices to Spring (or Java) to Kubernetes Faster and Easier
saturnism
1
3.5k
Beyond Kubernetes - Knative, riff, and Spring Cloud Function
saturnism
9
3.2k
Spring on Google Cloud Platform
saturnism
8
2.8k
JHipster for Google Cloud Platform
saturnism
5
1.3k

Other Decks in Technology

See All in Technology
2023/09/14 Fin-JAWS #32 「SIEM on Amazon OpenSearch Serviceを1年運用してわかったこと」
junjikoide
1
190
Airplay
elcuervo
0
120
How to test GraphQL API using Postman
yokawasa
0
310
「挑戦しなければ障害は生まれない」 社内ポストモーテム共有会について
sheep_san_white
0
360
クラウドだからできた 地方主導のJAWS DevOps
matsuihidetoshi
2
160
Introduction to mcl-wasm
herumi
1
280
アジャイルな組織を作るために開発チーム作成ガイドを書いた話 / Scrum Fest Mikawa 2023
ama_ch
3
1.4k
レイヤードアーキテクチャにおける 例外との向き合い方
yukihiromori
0
1.2k
TypeScript ⼩ネタとか
sansantech
PRO
0
290
生成AIと著作権 〜生成AIによって生じる著作権関連の課題と対処
line_developers
PRO
1
460
Jetpack Glanceではじめる Material 3のColor
mochico
0
530
Learning from performance improvements on GraphQL Ruby
mtsmfm
1
320

Featured

See All Featured
Atom: Resistance is Futile
akmur
257
24k
Building a Scalable Design System with Sketch
lauravandoore
453
31k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
239
20k
Scaling GitHub
holman
455
140k
A designer walks into a library…
pauljervisheath
199
17k
It's Worth the Effort
3n
179
27k
Navigating Team Friction
lara
177
12k
Thoughts on Productivity
jonyablonski
55
3k
Docker and Python
trallard
31
2.3k
How to train your dragon (web standard)
notwaldorf
70
4.7k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
112
17k
The Web Native Designer (August 2011)
paulrobertlloyd
78
2.6k

Transcript

  1. with Istio
    Making Microservices Micro

    View Slide

  2. 2
    @saturnism @googlecloud @istiomesh @kubernetesio
    Ray Tsang
    Developer Advocate
    Google Cloud Platform
    @saturnism | +RayTsang

    View Slide

  3. 3
    @saturnism @googlecloud @istiomesh @kubernetesio
    Ray Tsang
    Developer
    Architect
    Traveler
    Photographer
    flickr.com/saturnism

    View Slide

  4. 4
    @saturnism @googlecloud @istiomesh @kubernetesio
    Microservices?
    You probably heard a lot already!
    No theories here - just a how to solve problems

    View Slide

  5. 5
    @saturnism @googlecloud @istiomesh @kubernetesio
    A B
    C D

    View Slide

  6. 6
    @saturnism @googlecloud @istiomesh @kubernetesio
    A B
    C
    D

    View Slide

  7. 7
    @saturnism @googlecloud @istiomesh @kubernetesio
    A B
    C
    D

    View Slide

  8. 8
    @saturnism @googlecloud @istiomesh @kubernetesio
    So many instances…
    Deployment
    Resource Isolation & Utilization
    Resilliency
    Networking

    View Slide

  9. 9
    @saturnism @googlecloud @istiomesh @kubernetesio
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
    name: work-server-v1
    ...
    spec:
    replicas: 2
    template:
    ...
    spec:
    containers:
    - name: work-server
    image: saturnism/work-server-istio:v1

    View Slide

  10. 10
    @saturnism @googlecloud @istiomesh @kubernetesio
    web browsers
    Scheduler
    kubectl web browsers
    scheduler
    Kubelet Kubelet Kubelet Kubelet
    Config
    file
    Kubernetes Master
    Container
    Image

    View Slide

  11. 11
    @saturnism @googlecloud @istiomesh @kubernetesio
    Control Plane
    Cluster of machines as one
    Well-defined API & types
    Abstraction of infrastructure

    View Slide

  12. 12
    @saturnism @googlecloud @istiomesh @kubernetesio
    Let's see it...

    View Slide

  13. 13
    @saturnism @googlecloud @istiomesh @kubernetesio
    A B
    C
    D
    How?

    View Slide

  14. 14
    @saturnism @googlecloud @istiomesh @kubernetesio
    Beyond Deployment
    Load Balancing
    Fault Tolerance
    Observability & Insight
    Monitoring & Tracing
    Circuit Breaking

    View Slide

  15. 15
    @saturnism @googlecloud @istiomesh @kubernetesio
    Popular Open Source Tools
    Eureka - Service Registry
    Ribbon - Client Side LB
    Hystrix - Circuit Breaker
    Zipkin - Distributed Tracing
    Prometheus - Monitoring
    Grafana - Data Visualization

    View Slide

  16. 16
    @saturnism @googlecloud @istiomesh @kubernetesio
    Eureka
    Service Registry
    Zuul
    API Gateway
    Zipkin
    Distributed Trace
    Prometheus
    Metrics Store
    Grafana
    Visualization
    Microservice A
    Ribbon
    Hystrix
    Tracer
    Metrics
    Archaius
    Centralized Config

    View Slide

  17. 17
    @saturnism @googlecloud @istiomesh @kubernetesio
    Microservice A
    Ribbon
    Hystrix
    Tracer
    Metrics
    Microservice A
    Ribbon
    Hystrix
    Tracer
    Metrics
    Microservice A
    Ribbon
    Hystrix
    Tracer
    Metrics
    Microservice B
    Ribbon
    Hystrix
    Tracer
    Metrics
    Eureka
    Service Registry

    View Slide

  18. 18
    @saturnism @googlecloud @istiomesh @kubernetesio
    This is easy when...
    Single stack
    Framework w/ Spring Boot

    View Slide

  19. 19
    @saturnism @googlecloud @istiomesh @kubernetesio
    This becomes more difficult...
    Multiple stack
    Multiple frameworks
    Polyglot
    Legacy

    View Slide

  20. 20
    @saturnism @googlecloud @istiomesh @kubernetesio
    At the end of the day...
    Let Microservice A talk to Microservice B!

    View Slide

  21. 21
    @saturnism @googlecloud @istiomesh @kubernetesio
    As simple as...
    Making a HTTP request?

    View Slide

  22. 22
    @saturnism @googlecloud @istiomesh @kubernetesio
    Enter Istio, a Service Mesh!

    View Slide

  23. 23
    @saturnism @googlecloud @istiomesh @kubernetesio
    What Where When How
    A complete framework for connecting, securing,
    managing and monitoring services
    Secure and monitor traffic for microservices and
    legacy services
    An open platform with key contributions from
    Google, IBM, Lyft and others
    Multi-environment and multi-platform, but
    Kubernetes first

    View Slide

  24. 24
    @saturnism @googlecloud @istiomesh @kubernetesio
    Control Plane
    Service to Service Communication
    Routing Rules
    Retries
    Circuit Breaker
    Performance Monitoring
    Tracing

    View Slide

  25. 25
    @saturnism @googlecloud @istiomesh @kubernetesio
    Eureka
    Service Registry
    Zuul
    API Gateway
    Zipkin
    Distributed Trace
    Prometheus
    Metrics Store
    Grafana
    Visualization
    Microservice A
    Ribbon
    Hystrix
    Tracer
    Metrics
    Archaius
    Centralized Config

    View Slide

  26. 26
    @saturnism @googlecloud @istiomesh @kubernetesio
    Eureka
    Service Registry
    Zuul
    API Gateway
    Zipkin
    Distributed Trace
    Prometheus
    Metrics Store
    Grafana
    Visualization
    Microservice A
    Ribbon
    Hystrix
    Tracer
    Metrics
    Archaius
    Centralized Config

    View Slide

  27. 27
    @saturnism @googlecloud @istiomesh @kubernetesio
    Eureka
    Service Registry
    Zuul
    API Gateway
    Zipkin
    Distributed Trace
    Prometheus
    Metrics Store
    Grafana
    Visualization
    Microservice A
    Ribbon
    Hystrix
    Tracer
    Metrics
    Archaius
    Centralized Config

    View Slide

  28. 28
    @saturnism @googlecloud @istiomesh @kubernetesio
    Microservice A
    Ribbon
    Hystrix
    Tracer
    Metrics Proxy
    Microservice A

    View Slide

  29. 29
    @saturnism @googlecloud @istiomesh @kubernetesio
    A C++ based L4/L7 proxy
    Low memory footprint
    Battle-tested @ Lyft
    100+ services
    10,000+ VMs
    2M req/s
    An awesome team willing to work with the
    community!

    View Slide

  30. 30
    @saturnism @googlecloud @istiomesh @kubernetesio
    Dynamic service discovery
    Load balancing
    TLS termination
    HTTP/2
    gRPC proxying
    Circuit breakers
    Health checks
    Traffic split
    Fault injection
    ...

    View Slide

  31. 31
    @saturnism @googlecloud @istiomesh @kubernetesio
    Proxy
    Microservice A
    Proxy
    Microservice B
    Istio Pilot
    Configure proxies
    Kubernetes

    View Slide

  32. 32
    @saturnism @googlecloud @istiomesh @kubernetesio
    Proxy
    Microservice A
    Proxy
    Microservice B
    Service calls http://service-b/

    View Slide

  33. 33
    @saturnism @googlecloud @istiomesh @kubernetesio
    Proxy
    Microservice A
    Proxy
    Microservice B
    Service calls http://service-b/
    Service Mesh transparently intercepts request, forwards to local proxy

    View Slide

  34. 34
    @saturnism @googlecloud @istiomesh @kubernetesio
    Proxy
    Microservice A
    Proxy
    Microservice B
    Service calls http://service-b/
    Service Mesh transparently intercepts request, forwards to local proxy
    Proxy has a list of destinations, load balances the request to a destination proxy

    View Slide

  35. 35
    @saturnism @googlecloud @istiomesh @kubernetesio
    Proxy
    Microservice A
    Proxy
    Microservice B
    Service calls http://service-b/
    Service Mesh transparently intercepts request, forwards to local proxy
    Proxy has a list of destinations, load balances the request to a destination proxy
    If allowed, destination proxy forwards the request to Service B instance

    View Slide

  36. 36
    @saturnism @googlecloud @istiomesh @kubernetesio
    Proxy
    Microservice A
    Proxy
    Microservice B
    Service calls http://service-b/
    Service Mesh transparently intercepts request, forwards to local proxy
    Proxy has a list of destinations, load balances the request to a destination proxy
    Destination proxy checks with a mixer to enforce policy, quota, ACL, etc
    Service B response goes back to the caller

    View Slide

  37. 37
    @saturnism @googlecloud @istiomesh @kubernetesio
    Proxy
    Microservice A
    Proxy
    Microservice B
    Service calls http://service-b/
    Service Mesh transparently intercepts request, forwards to local proxy
    Proxy has a list of destinations, load balances the request to a destination proxy
    Destination proxy checks with a mixer to enforce policy, quota, ACL, etc
    If allowed, destination proxy forwards the request to Service B instance
    Service B response goes back to the caller

    View Slide

  38. 38
    @saturnism @googlecloud @istiomesh @kubernetesio
    Proxy
    Microservice A
    Proxy
    Microservice B
    Through the Proxy
    - Traffic Control - enforce routing rules & policies
    - Resiliency - Circuit Breaker, Retries
    - Monitoring - Record metrics
    - Observability - Record traces
    - Security - Mutual TLS! Encryption

    View Slide

  39. 39
    @saturnism @googlecloud @istiomesh @kubernetesio
    Platform Services
    Proxy
    Microservice A
    Proxy
    Microservice B
    Zipkin
    Prometheus
    Grafana
    Istio Mixer

    View Slide

  40. 40
    @saturnism @googlecloud @istiomesh @kubernetesio
    or Cloud Platform Services
    Proxy
    Microservice A
    Proxy
    Microservice B
    ...
    BlueMix
    Google Cloud
    Istio Mixer

    View Slide

  41. 41
    @saturnism @googlecloud @istiomesh @kubernetesio
    Let's see it...

    View Slide

  42. 42
    @saturnism @googlecloud @istiomesh @kubernetesio
    Pod
    Istio Proxy
    Service A
    Istio CA
    istio:*.myorg.com
    SAN: “Istio:foo.prod.myorg.com”
    - Service account: foo
    - Namespace: prod
    Service B
    Istio Proxy
    Pod
    SAN: “Istio:bar.prod.myorg.com”
    - Service account: bar
    - Namespace: prod
    istio:*.myorg.com
    istio:*.myorg.com
    Issue & mount as k8s secrets
    Orchestrate Key & Certificate:
    - Generation
    - Deployment
    - Rotation
    - Revocation

    View Slide

  43. 43
    @saturnism @googlecloud @istiomesh @kubernetesio
    Visibility
    Resiliency & Efficiency
    Traffic Control
    Security
    Policy Enforcement

    View Slide

  44. 44
    @saturnism @googlecloud @istiomesh @kubernetesio
    ● 0.1: a single Kubernetes namespace
    ● 0.2 (just launched): a single Kubernetes
    cluster and external VMs
    ● 0.3 (by end of year): production readiness
    within a single cluster
    ● 1.0: (2018): complete mesh across all
    environments

    View Slide

  45. 45
    @saturnism @googlecloud @istiomesh @kubernetesio
    ● Install Kubernetes (v1.7+ for Initializers)
    ○ Google Container Engine Alpha clusters
    ● istio.io quickstart
    ● Helm chart
    ○ helm install incubator/istio
    ● Take a lab!
    Getting started

    View Slide

  46. 46
    @saturnism @googlecloud @istiomesh @kubernetesio 46
    Learn more on istio.io
    Let us know on [email protected]
    Examples on github.com/saturnism/istio-by-example-java
    Try our Code Labs g.co/codelabs/cloud!
    Thank you!

    View Slide