Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Making Microservices Micro with Istio Service Mesh

Ray Tsang
November 09, 2017
Technology
4
6.1k

Making Microservices Micro with Istio Service Mesh

Presented at Devoxx Belgium 2017
Video: https://youtu.be/AGztKw580yQ
Microservices are here to stay. When applied properly, microservices techniques and culture ultimately help us continuously improve business at a faster pace than traditional architecture. However, microservices architecture itself can be complex to configure. All of a sudden, we are faced with the need for a service discovery server, how do we store service metadata, make decisions on whether to use client side load balancing or server side load balancing, deal with network resiliency, think how do we enforce service policies and audit, trace nested services calls.... The list goes on.

In this talk, Ray will introduce Istio, an open source service mesh framework created by Google, IBM, and Lyft. We'll see how the service mesh work, the technology behind it, and how it addresses aforementioned concerns.

Ray Tsang

November 09, 2017
Tweet

More Decks by Ray Tsang

See All by Ray Tsang
ServerlessTO - with Spring Boot and GCP
saturnism
0
58
Optimizing Java Applications for Serverless
saturnism
0
47
Principles of Developer Experience
saturnism
0
3.3k
Surviving Dependency Hell with Maven
saturnism
2
2.3k
Learnings from Implementing Microservices Architecture with Kubernetes
saturnism
0
3.8k
Best Practices to Spring (or Java) to Kubernetes Faster and Easier
saturnism
1
3.6k
Beyond Kubernetes - Knative, riff, and Spring Cloud Function
saturnism
9
3.2k
Spring on Google Cloud Platform
saturnism
8
2.9k
JHipster for Google Cloud Platform
saturnism
5
1.4k

Other Decks in Technology

See All in Technology
PHP"オレ"カンファレンスの告知
ysknsid25
0
360
疲弊しない!AWSセキュリティ統制の考え方 #devio_osakaday1
masahirokawahara
6
5.9k
2024/4/26 コンピュータ歴史博物館解説告知
toshi_atsumi
0
200
元インフラエンジニアに成る / Human Resources to Human Relations
bobtani
3
780
Databricksを活用してDELISH KITCHENのレシピレコメンドを開発した話
furu8
0
250
0→1開発における技術選定において一番大切なこと
bicstone
1
320
AIQ株式会社 エンジニア向け会社紹介資料
aiqlab
0
370
Autonomous Database Cloud 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
14
35k
Databricks:『生成AI World Cup』のご案内
databricksjapan
2
150
反実仮想機械学習とは何か
usaito
PRO
6
2k
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.5k
日本におけるデータエンジニアリングのこれまでとこれから
foursue
10
2.3k

Featured

See All Featured
Testing 201, or: Great Expectations
jmmastey
27
6.3k
Producing Creativity
orderedlist
PRO
336
39k
Pencils Down: Stop Designing & Start Developing
hursman
117
11k
YesSQL, Process and Tooling at Scale
rocio
163
13k
Mobile First: as difficult as doing things right
swwweet
216
8.6k
The Brand Is Dead. Long Live the Brand.
mthomps
48
28k
Build your cross-platform service in a week with App Engine
jlugia
225
17k
Automating Front-end Workflow
addyosmani
1355
200k
Why Our Code Smells
bkeepers
PRO
331
56k
StorybookのUI Testing Handbookを読んだ
zakiyama
11
4.6k
KATA
mclloyd
14
12k
[RailsConf 2023] Rails as a piece of cake
palkan
22
3.9k

Transcript

  1. with Istio Making Microservices Micro

  2. 2 @saturnism @googlecloud @istiomesh @kubernetesio Ray Tsang Developer Advocate Google

    Cloud Platform @saturnism | +RayTsang

  3. 3 @saturnism @googlecloud @istiomesh @kubernetesio Ray Tsang Developer Architect Traveler

    Photographer flickr.com/saturnism

  4. 4 @saturnism @googlecloud @istiomesh @kubernetesio Microservices? You probably heard a

    lot already! No theories here - just a how to solve problems

  5. 5 @saturnism @googlecloud @istiomesh @kubernetesio A B C D

  6. 6 @saturnism @googlecloud @istiomesh @kubernetesio A B C D

  7. 7 @saturnism @googlecloud @istiomesh @kubernetesio A B C D

  8. 8 @saturnism @googlecloud @istiomesh @kubernetesio So many instances… Deployment Resource

    Isolation & Utilization Resilliency Networking

  9. 9 @saturnism @googlecloud @istiomesh @kubernetesio apiVersion: extensions/v1beta1 kind: Deployment metadata:

    name: work-server-v1 ... spec: replicas: 2 template: ... spec: containers: - name: work-server image: saturnism/work-server-istio:v1

  10. 10 @saturnism @googlecloud @istiomesh @kubernetesio web browsers Scheduler kubectl web

    browsers scheduler Kubelet Kubelet Kubelet Kubelet Config file Kubernetes Master Container Image

  11. 11 @saturnism @googlecloud @istiomesh @kubernetesio Control Plane Cluster of machines

    as one Well-defined API & types Abstraction of infrastructure

  12. 12 @saturnism @googlecloud @istiomesh @kubernetesio Let's see it...

  13. 13 @saturnism @googlecloud @istiomesh @kubernetesio A B C D How?

  14. 14 @saturnism @googlecloud @istiomesh @kubernetesio Beyond Deployment Load Balancing Fault

    Tolerance Observability & Insight Monitoring & Tracing Circuit Breaking

  15. 15 @saturnism @googlecloud @istiomesh @kubernetesio Popular Open Source Tools Eureka

    - Service Registry Ribbon - Client Side LB Hystrix - Circuit Breaker Zipkin - Distributed Tracing Prometheus - Monitoring Grafana - Data Visualization

  16. 16 @saturnism @googlecloud @istiomesh @kubernetesio Eureka Service Registry Zuul API

    Gateway Zipkin Distributed Trace Prometheus Metrics Store Grafana Visualization Microservice A Ribbon Hystrix Tracer Metrics Archaius Centralized Config

  17. 17 @saturnism @googlecloud @istiomesh @kubernetesio Microservice A Ribbon Hystrix Tracer

    Metrics Microservice A Ribbon Hystrix Tracer Metrics Microservice A Ribbon Hystrix Tracer Metrics Microservice B Ribbon Hystrix Tracer Metrics Eureka Service Registry

  18. 18 @saturnism @googlecloud @istiomesh @kubernetesio This is easy when... Single

    stack Framework w/ Spring Boot

  19. 19 @saturnism @googlecloud @istiomesh @kubernetesio This becomes more difficult... Multiple

    stack Multiple frameworks Polyglot Legacy

  20. 20 @saturnism @googlecloud @istiomesh @kubernetesio At the end of the

    day... Let Microservice A talk to Microservice B!

  21. 21 @saturnism @googlecloud @istiomesh @kubernetesio As simple as... Making a

    HTTP request?

  22. 22 @saturnism @googlecloud @istiomesh @kubernetesio Enter Istio, a Service Mesh!

  23. 23 @saturnism @googlecloud @istiomesh @kubernetesio What Where When How A

    complete framework for connecting, securing, managing and monitoring services Secure and monitor traffic for microservices and legacy services An open platform with key contributions from Google, IBM, Lyft and others Multi-environment and multi-platform, but Kubernetes first

  24. 24 @saturnism @googlecloud @istiomesh @kubernetesio Control Plane Service to Service

    Communication Routing Rules Retries Circuit Breaker Performance Monitoring Tracing

  25. 25 @saturnism @googlecloud @istiomesh @kubernetesio Eureka Service Registry Zuul API

    Gateway Zipkin Distributed Trace Prometheus Metrics Store Grafana Visualization Microservice A Ribbon Hystrix Tracer Metrics Archaius Centralized Config

  26. 26 @saturnism @googlecloud @istiomesh @kubernetesio Eureka Service Registry Zuul API

    Gateway Zipkin Distributed Trace Prometheus Metrics Store Grafana Visualization Microservice A Ribbon Hystrix Tracer Metrics Archaius Centralized Config

  27. 27 @saturnism @googlecloud @istiomesh @kubernetesio Eureka Service Registry Zuul API

    Gateway Zipkin Distributed Trace Prometheus Metrics Store Grafana Visualization Microservice A Ribbon Hystrix Tracer Metrics Archaius Centralized Config

  28. 28 @saturnism @googlecloud @istiomesh @kubernetesio Microservice A Ribbon Hystrix Tracer

    Metrics Proxy Microservice A

  29. 29 @saturnism @googlecloud @istiomesh @kubernetesio A C++ based L4/L7 proxy

    Low memory footprint Battle-tested @ Lyft 100+ services 10,000+ VMs 2M req/s An awesome team willing to work with the community!

  30. 30 @saturnism @googlecloud @istiomesh @kubernetesio Dynamic service discovery Load balancing

    TLS termination HTTP/2 gRPC proxying Circuit breakers Health checks Traffic split Fault injection ...

  31. 31 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice

    B Istio Pilot Configure proxies Kubernetes

  32. 32 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice

    B Service calls http://service-b/

  33. 33 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice

    B Service calls http://service-b/ Service Mesh transparently intercepts request, forwards to local proxy

  34. 34 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice

    B Service calls http://service-b/ Service Mesh transparently intercepts request, forwards to local proxy Proxy has a list of destinations, load balances the request to a destination proxy

  35. 35 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice

    B Service calls http://service-b/ Service Mesh transparently intercepts request, forwards to local proxy Proxy has a list of destinations, load balances the request to a destination proxy If allowed, destination proxy forwards the request to Service B instance

  36. 36 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice

    B Service calls http://service-b/ Service Mesh transparently intercepts request, forwards to local proxy Proxy has a list of destinations, load balances the request to a destination proxy Destination proxy checks with a mixer to enforce policy, quota, ACL, etc Service B response goes back to the caller

  37. 37 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice

    B Service calls http://service-b/ Service Mesh transparently intercepts request, forwards to local proxy Proxy has a list of destinations, load balances the request to a destination proxy Destination proxy checks with a mixer to enforce policy, quota, ACL, etc If allowed, destination proxy forwards the request to Service B instance Service B response goes back to the caller

  38. 38 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice

    B Through the Proxy - Traffic Control - enforce routing rules & policies - Resiliency - Circuit Breaker, Retries - Monitoring - Record metrics - Observability - Record traces - Security - Mutual TLS! Encryption

  39. 39 @saturnism @googlecloud @istiomesh @kubernetesio Platform Services Proxy Microservice A

    Proxy Microservice B Zipkin Prometheus Grafana Istio Mixer

  40. 40 @saturnism @googlecloud @istiomesh @kubernetesio or Cloud Platform Services Proxy

    Microservice A Proxy Microservice B ... BlueMix Google Cloud Istio Mixer

  41. 41 @saturnism @googlecloud @istiomesh @kubernetesio Let's see it...

  42. 42 @saturnism @googlecloud @istiomesh @kubernetesio Pod Istio Proxy Service A

    Istio CA istio:*.myorg.com SAN: “Istio:foo.prod.myorg.com” - Service account: foo - Namespace: prod Service B Istio Proxy Pod SAN: “Istio:bar.prod.myorg.com” - Service account: bar - Namespace: prod istio:*.myorg.com istio:*.myorg.com Issue & mount as k8s secrets Orchestrate Key & Certificate: - Generation - Deployment - Rotation - Revocation

  43. 43 @saturnism @googlecloud @istiomesh @kubernetesio Visibility Resiliency & Efficiency Traffic

    Control Security Policy Enforcement

  44. 44 @saturnism @googlecloud @istiomesh @kubernetesio • 0.1: a single Kubernetes

    namespace • 0.2 (just launched): a single Kubernetes cluster and external VMs • 0.3 (by end of year): production readiness within a single cluster • 1.0: (2018): complete mesh across all environments

  45. 45 @saturnism @googlecloud @istiomesh @kubernetesio • Install Kubernetes (v1.7+ for

    Initializers) ◦ Google Container Engine Alpha clusters • istio.io quickstart • Helm chart ◦ helm install incubator/istio • Take a lab! Getting started

  46. 46 @saturnism @googlecloud @istiomesh @kubernetesio 46 Learn more on istio.io

    Let us know on [email protected] Examples on github.com/saturnism/istio-by-example-java Try our Code Labs g.co/codelabs/cloud! Thank you!