Making Microservices Micro with Istio Service Mesh

Transcript

1. with Istio Making Microservices Micro

2. 2 @saturnism @googlecloud @istiomesh @kubernetesio Ray Tsang Developer Advocate Google

   Cloud Platform @saturnism | +RayTsang

3. 3 @saturnism @googlecloud @istiomesh @kubernetesio Ray Tsang Developer Architect Traveler

   Photographer flickr.com/saturnism

4. 4 @saturnism @googlecloud @istiomesh @kubernetesio Microservices? You probably heard a

   lot already! No theories here - just a how to solve problems

5. 5 @saturnism @googlecloud @istiomesh @kubernetesio A B C D

6. 6 @saturnism @googlecloud @istiomesh @kubernetesio A B C D

7. 7 @saturnism @googlecloud @istiomesh @kubernetesio A B C D

8. 8 @saturnism @googlecloud @istiomesh @kubernetesio So many instances… Deployment Resource

   Isolation & Utilization Resilliency Networking

9. 9 @saturnism @googlecloud @istiomesh @kubernetesio apiVersion: extensions/v1beta1 kind: Deployment metadata:

   name: work-server-v1 ... spec: replicas: 2 template: ... spec: containers: - name: work-server image: saturnism/work-server-istio:v1

10. 10 @saturnism @googlecloud @istiomesh @kubernetesio web browsers Scheduler kubectl web

    browsers scheduler Kubelet Kubelet Kubelet Kubelet Config file Kubernetes Master Container Image

11. 11 @saturnism @googlecloud @istiomesh @kubernetesio Control Plane Cluster of machines

    as one Well-defined API & types Abstraction of infrastructure

12. 12 @saturnism @googlecloud @istiomesh @kubernetesio Let's see it...

13. 13 @saturnism @googlecloud @istiomesh @kubernetesio A B C D How?

14. 14 @saturnism @googlecloud @istiomesh @kubernetesio Beyond Deployment Load Balancing Fault

    Tolerance Observability & Insight Monitoring & Tracing Circuit Breaking

15. 15 @saturnism @googlecloud @istiomesh @kubernetesio Popular Open Source Tools Eureka

    - Service Registry Ribbon - Client Side LB Hystrix - Circuit Breaker Zipkin - Distributed Tracing Prometheus - Monitoring Grafana - Data Visualization

16. 16 @saturnism @googlecloud @istiomesh @kubernetesio Eureka Service Registry Zuul API

    Gateway Zipkin Distributed Trace Prometheus Metrics Store Grafana Visualization Microservice A Ribbon Hystrix Tracer Metrics Archaius Centralized Config

17. 17 @saturnism @googlecloud @istiomesh @kubernetesio Microservice A Ribbon Hystrix Tracer

    Metrics Microservice A Ribbon Hystrix Tracer Metrics Microservice A Ribbon Hystrix Tracer Metrics Microservice B Ribbon Hystrix Tracer Metrics Eureka Service Registry

18. 18 @saturnism @googlecloud @istiomesh @kubernetesio This is easy when... Single

    stack Framework w/ Spring Boot

19. 19 @saturnism @googlecloud @istiomesh @kubernetesio This becomes more difficult... Multiple

    stack Multiple frameworks Polyglot Legacy

20. 20 @saturnism @googlecloud @istiomesh @kubernetesio At the end of the

    day... Let Microservice A talk to Microservice B!

21. 21 @saturnism @googlecloud @istiomesh @kubernetesio As simple as... Making a

    HTTP request?

22. 22 @saturnism @googlecloud @istiomesh @kubernetesio Enter Istio, a Service Mesh!

23. 23 @saturnism @googlecloud @istiomesh @kubernetesio What Where When How A

    complete framework for connecting, securing, managing and monitoring services Secure and monitor traffic for microservices and legacy services An open platform with key contributions from Google, IBM, Lyft and others Multi-environment and multi-platform, but Kubernetes first

24. 24 @saturnism @googlecloud @istiomesh @kubernetesio Control Plane Service to Service

    Communication Routing Rules Retries Circuit Breaker Performance Monitoring Tracing

25. 25 @saturnism @googlecloud @istiomesh @kubernetesio Eureka Service Registry Zuul API

    Gateway Zipkin Distributed Trace Prometheus Metrics Store Grafana Visualization Microservice A Ribbon Hystrix Tracer Metrics Archaius Centralized Config

26. 26 @saturnism @googlecloud @istiomesh @kubernetesio Eureka Service Registry Zuul API

    Gateway Zipkin Distributed Trace Prometheus Metrics Store Grafana Visualization Microservice A Ribbon Hystrix Tracer Metrics Archaius Centralized Config

27. 27 @saturnism @googlecloud @istiomesh @kubernetesio Eureka Service Registry Zuul API

    Gateway Zipkin Distributed Trace Prometheus Metrics Store Grafana Visualization Microservice A Ribbon Hystrix Tracer Metrics Archaius Centralized Config

28. 28 @saturnism @googlecloud @istiomesh @kubernetesio Microservice A Ribbon Hystrix Tracer

    Metrics Proxy Microservice A

29. 29 @saturnism @googlecloud @istiomesh @kubernetesio A C++ based L4/L7 proxy

    Low memory footprint Battle-tested @ Lyft 100+ services 10,000+ VMs 2M req/s An awesome team willing to work with the community!

30. 30 @saturnism @googlecloud @istiomesh @kubernetesio Dynamic service discovery Load balancing

    TLS termination HTTP/2 gRPC proxying Circuit breakers Health checks Traffic split Fault injection ...

31. 31 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice

    B Istio Pilot Configure proxies Kubernetes

32. 32 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice

    B Service calls http://service-b/

33. 33 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice

    B Service calls http://service-b/ Service Mesh transparently intercepts request, forwards to local proxy

34. 34 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice

    B Service calls http://service-b/ Service Mesh transparently intercepts request, forwards to local proxy Proxy has a list of destinations, load balances the request to a destination proxy

35. 35 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice

    B Service calls http://service-b/ Service Mesh transparently intercepts request, forwards to local proxy Proxy has a list of destinations, load balances the request to a destination proxy If allowed, destination proxy forwards the request to Service B instance

36. 36 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice

    B Service calls http://service-b/ Service Mesh transparently intercepts request, forwards to local proxy Proxy has a list of destinations, load balances the request to a destination proxy Destination proxy checks with a mixer to enforce policy, quota, ACL, etc Service B response goes back to the caller

37. 37 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice

    B Service calls http://service-b/ Service Mesh transparently intercepts request, forwards to local proxy Proxy has a list of destinations, load balances the request to a destination proxy Destination proxy checks with a mixer to enforce policy, quota, ACL, etc If allowed, destination proxy forwards the request to Service B instance Service B response goes back to the caller

38. 38 @saturnism @googlecloud @istiomesh @kubernetesio Proxy Microservice A Proxy Microservice

    B Through the Proxy - Traffic Control - enforce routing rules & policies - Resiliency - Circuit Breaker, Retries - Monitoring - Record metrics - Observability - Record traces - Security - Mutual TLS! Encryption

39. 39 @saturnism @googlecloud @istiomesh @kubernetesio Platform Services Proxy Microservice A

    Proxy Microservice B Zipkin Prometheus Grafana Istio Mixer

40. 40 @saturnism @googlecloud @istiomesh @kubernetesio or Cloud Platform Services Proxy

    Microservice A Proxy Microservice B ... BlueMix Google Cloud Istio Mixer

41. 41 @saturnism @googlecloud @istiomesh @kubernetesio Let's see it...

42. 42 @saturnism @googlecloud @istiomesh @kubernetesio Pod Istio Proxy Service A

    Istio CA istio:*.myorg.com SAN: “Istio:foo.prod.myorg.com” - Service account: foo - Namespace: prod Service B Istio Proxy Pod SAN: “Istio:bar.prod.myorg.com” - Service account: bar - Namespace: prod istio:*.myorg.com istio:*.myorg.com Issue & mount as k8s secrets Orchestrate Key & Certificate: - Generation - Deployment - Rotation - Revocation

43. 43 @saturnism @googlecloud @istiomesh @kubernetesio Visibility Resiliency & Efficiency Traffic

    Control Security Policy Enforcement

44. 44 @saturnism @googlecloud @istiomesh @kubernetesio • 0.1: a single Kubernetes

    namespace • 0.2 (just launched): a single Kubernetes cluster and external VMs • 0.3 (by end of year): production readiness within a single cluster • 1.0: (2018): complete mesh across all environments

45. 45 @saturnism @googlecloud @istiomesh @kubernetesio • Install Kubernetes (v1.7+ for

    Initializers) ◦ Google Container Engine Alpha clusters • istio.io quickstart • Helm chart ◦ helm install incubator/istio • Take a lab! Getting started

46. 46 @saturnism @googlecloud @istiomesh @kubernetesio 46 Learn more on istio.io

    Let us know on istio-users@googlegroups.com Examples on github.com/saturnism/istio-by-example-java Try our Code Labs g.co/codelabs/cloud! Thank you!