Baruch Hirsch St., Bnei Brak 51202, Israel | www.selagroup.com December 27, 30-31, 2018 SELA DEVELOPER PRACTICE Ofir Makmal CTO | Sela Group Kubernetes and Istio A Service Mesh platform +
outsourcing company based in Israel with branches in Seattle, Pune (India), Toronto, Singapore, and Washington DC. With more than 500 global employees, SELA is a market leader in training and consulting services on Development Technologies, DevOps, BigData and Cloud Technologies, and partnered and is a reseller of Amazon Web Services, Microsoft Azure, and Google Cloud, with 24x7x365 support. SELA group also have in-house development center for projects ranging from IoT development, through server, web, mobile and desktop solutions, to Cloud and Ops. 2
and resilient • Container orchestration engine • Cluster management system • Mesos, Swarm, Rancher, _______ replacement • Microservices, CI/CD, Machine Learning platforms • Portable ‘cloud’ But, It’s NOT just another way to run containers... 3
over 83% of the companies that are using containers are using Kubernetes July 2018 It has a huge community: • ~36K Stars • ~1600 Contributors! • ~13K Forks • ~1000 Pending pull requests! 4
a Namespace, defining a Deployment to manage a ReplicaSet of Pods, exposing them as Services and Ingress, maybe mounting Persistent Volumes into their containers, injecting ConfigMaps and Secrets as environment variables. After deployment, we expect that Kubernetes will take care the rest. 7
structures an application as a collection of loosely coupled services. In a microservices architecture, services are fine-grained and the protocols are lightweight. The benefit of decomposing an application into different smaller services is that it improves modularity and makes the application easier to understand, develop, test, and more resilient to architecture erosion. It also parallelizes development by enabling small autonomous teams to develop, deploy and scale independently. […] Microservices-based architectures enable continuous delivery and deployment.’ * Wikipedia
it well • Simple! • Has clear domain boundaries and well-defined API’s • Standalone • Independent development • Independent deployment • Build and release is automatic • Testable • Loosely coupled
update services with zero-downtime? • How to A/B test the application? • How to handle network failures? • How to manage security between services? • How to handle timeouts? Retries? • How to rate limit? Add quotas? • Telemetry, Logging, Monitoring? • What about Polyglot? Different Stacks? • Legacy systems?
libraries for the following: • Eureka - Service Registry • Ribbon - Client Side Load Balancing • Hystrix - Circuit Breaker • Zipkin - Distributed Tracing • Prometheus - Monitoring • Grafana - Dashboards and Visualization • Nginx - API Gateway • Many of them requires complicated code in our API libraries
Microservices yourself is too hard • Service Meshes are taking care of all communication and policies needs between services and allows extensibility by middlewares • Istio, Linkerd, Conduit – are all different approaches to Service Mesh
Built for Kubernetes • But also supports – Nomad, Consul, and in the future will support Cloud Foundry and Mesos • A uniform way to connect, manage and secure Micro-services: • Advanced Load-Balancing for TCP, HTTP, gRPC, and Web Sockets • Rule-based Traffic Control • Advanced policies – ACL’s, Mutual-TLS, Rotating Certificates, Rate-limits, etc.. • Automatic metrics, logs, traces collection • IstioCtl – like KubeCtl, only for Istio (we can actually use KubeCtl most of the time)
platform specific capabilities • Provide cluster wide Rules Api for Routing • Propagate Policy and Configuration • Manages data plan • Data Plane • Service Discovery • Routing • Load Balancing • Authentication and Authorization • Health Checking • Observability
L4/L7 proxy • Battle-tested with great performance • Acts as the smart Data-Plane managed by Istio • Many built-in mechanism used by Istio • API Driven updates (without reload specs) • In recent versions being injected as a side-car
and support for alert’s manager • Fully customizable dashboards using Grafana • Service Graph • For Observability • Open Tracing • Vendor-neutral APIs and instrumentation for distributed tracing • Jaeger or Zipkin
(dev, test, prod) and multiple versions (vX, vY) at the same time while configuring sophisticated rules based-on Uri, Headers and more. • Implement Weight-based version routing • Allows A/B testing and Canary Deployments • Handle Ingress and Egress routing rules and gateways • Warm-up services with request mirroring • Load Balancing • Handle service-registration and service-discovery • Advanced Algorithms • Weighted round robin, Weighted least request, Ring-Hash, Maglev, Random, Orig-Destination • Zone-awareness, priorities and more
in the Service Mesh • Supports per-request configuration • Retries • Supports variable jitter between retries • Rate-limiting and Quotas • Connection limits, requests throttling • Circuit-Breaker • Help getting failed services back to shape after subsequent failures (fully configurable)
as an architecture • Istio introduces unparalleled support for the unique challenges that comes with Micro-services • Istio is vendor-agnostic, and supports both on-prem and cloud deployments • Istio is now stable for GA and considered production ready. • v0.8+ Includes major API changes (VirtualService, DestinationRule)
seladevelopermeetup
oracle4engineer
moriyuya
upsider_tech
kmiya84377
siromi
endohizumi
yusukeshimizu
minorun365
r3_yamauchi
rela1470
yokawasa
kota_yata
jlugia
lara
eitanlees
aki_iinuma
bluesmoon
brad_frost
jcasabona
kastner
62gerente
trallard
eileencodes
brettharned
![Back to basics ’Micro-services is a software development technique—[…] that](https://files.speakerdeck.com/presentations/58a6b574e46247bda0fcb1d52f2799f6/slide_8.jpg){kind=link}
