Service Mesh with Istio and Kubernetes (Darkmira Tour PHP 2019)

Transcript

1. Service Mesh with And Darkmira Tour PHP 2019

2. Wellington F. Silva contato: @_wsilva nicks: wsilva, boina, tom, fisi*

   funções: pai, tec. telecom, programador, sysadmin, docker community leader, instrutor, escritor, zend certified engineer e docker certified associate * deprecation in favor of Well

3. Agenda • Monolith vs Microservice • Communication between services •

   Containers • Kubernetes • Istio

4. Monoliths

5. Monolith • http://martinfowler.com/ bliki/MonolithFirst.html

6. Monolith • http://martinfowler.com/ bliki/MonolithFirst.html • Start fast

7. Monolith • http://martinfowler.com/ bliki/MonolithFirst.html • Start fast • Low complexity

   on delivering software

8. Monolith • http://martinfowler.com/ bliki/MonolithFirst.html • Start fast • Low complexity

   on delivering software • Low cost in the beginning

9. Monolith • The bigger the system the bigger the team

10. Monolith • The bigger the system the bigger the team

    • Many people maintaining leads to natural split into teams

11. Monolith • The bigger the system the bigger the team

    • Many people maintaining leads to natural split into teams • A small change can break the whole system

12. “Adding manpower to a late software project makes it later”

    Frederick Brooks - The Mythical Man-Month

13. Microservices

14. Microservices

15. –Wikipedia
 https://en.wikipedia.org/wiki/Microservices “Microservice is a software development technique, a variant

    of the service-oriented architecture (SOA) architectural style that structures an application as a collection of loosely coupled services.”

16. Microservices • Independent and autonomous

17. Microservices • Independent and autonomous • Scalability and Availability

18. Microservices • Independent and autonomous • Scalability and Availability •

    Loosely coupled

19. Microservices • Debug is hard

20. Microservices • Debug is hard • Work on a service

    always paying attention to integration with other services

21. Microservices • Debug is hard • Work on a service

    always paying attention to integration with other services • Huge network dependency

22. Microservices • Debug is hard • Work on a service

    always paying attention to integration with other services • Huge network dependency • Orchestration complexity

23. Microservices • Debug is hard • Work on a service

    always paying attention to integration with other services • Huge network dependency • Orchestration complexity • Service Discovery dependency

24. –Sam Newman
 Building Microservices “The golden rule: can you make

    a change to a service and deploy it by itself without changing anything else?”

25. Communication Between Services

26. Communication Computer 1 Computer 2 Networking Networking Service A Service

    B Circuit Breaker Service Discovery Circuit Breaker Service Discovery

27. Communication Computer 1 Computer 2 Networking Networking Service A Service

    B Library Circuit Breaker Service Discovery Library Circuit Breaker Service Discovery

28. Communication Issues: • The need to change and adapt your

    application for it

29. Communication Issues: • The need to change and adapt your

    application for it • Time spend to build integrations with this libs

30. Communication Issues: • The need to change and adapt your

    application for it • Time spend to build integrations with this libs • It limits the amount of tools that can be used

31. Communication Issues: • The need to change and adapt your

    application for it • Time spend to build integrations with this libs • It limits the amount of tools that can be used • Hard to maintain compatibility of tools and versions

32. Communication Tools from Netflix OSS • Netflix Hystrix (circuit breaking

    / bulk heading)

33. Communication Tools from Netflix OSS • Netflix Hystrix (circuit breaking

    / bulk heading) • Netflix Zuul (edge router)

34. Communication Tools from Netflix OSS • Netflix Hystrix (circuit breaking

    / bulk heading) • Netflix Zuul (edge router) • Netflix Ribbon (client site service discovery / load balancer)

35. Communication Tools from Netflix OSS • Netflix Hystrix (circuit breaking

    / bulk heading) • Netflix Zuul (edge router) • Netflix Ribbon (client site service discovery / load balancer) • Netflix Eureka (service discovery registry)

36. Communication Tools from Netflix OSS • Netflix Hystrix (circuit breaking

    / bulk heading) • Netflix Zuul (edge router) • Netflix Ribbon (client site service discovery / load balancer) • Netflix Eureka (service discovery registry) • Netflix Spectator / Atlas (metrics)

37. How to solve this?

38. 1 - Containers

39. Containers Tool to virtualise at the Operation System level

40. Containers Tool to virtualise at the Operation System level It

    IS NOT a Virtual Machine (Virtual environment - the magic of how was presented at the Docker workshop)

41. Containers Tool to virtualise at the Operation System level It

    IS NOT a Virtual Machine (Virtual environment - the magic of how was presented at the Docker workshop) Whit VMs we can run Linux over Windows, vice- versa, and others.

42. Containers Tool to virtualise at the Operation System level It

    IS NOT a Virtual Machine (Virtual environment - the magic of how was presented at the Docker workshop) Whit VMs we can run Linux over Windows, vice- versa, and others. With Containers you only run FreeBSD over FreeBSD, Linux over Linux, Windows over Windows.

43. Demo?

44. 2 - Kubernetes

45. Kubernetes Tool to Orchestrate Containers in a cluster of machines

46. Kubernetes Tool to Orchestrate Containers Processes in a cluster of

    machines Deploy of applications can be automated

47. Kubernetes Tool to Orchestrate Containers Processes in a cluster of

    machines Deploy of applications can be automated Containers can be in any machine of the cluster

48. Kubernetes Tool to Orchestrate Containers Processes in a cluster of

    machines Deploy of applications can be automated Containers can be in any machine of the cluster Optimizes the use of infrastructure resources

49. Kubernetes Tool to Orchestrate Containers Processes in a cluster of

    machines Deploy of applications can be automated Containers can be in any machine of the cluster Optimizes the use of infrastructure resources Delivery easily self healing, high availability and scalability to apps and services

50. Demo?

51. 3 - Istio

52. Istio Set of tools that together deliveries security, traffic management,

    observability, and other features between services.

53. Istio Set of tools that together deliveries security, traffic management,

    observability, and other features between services. • Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic.

54. Istio Set of tools that together deliveries security, traffic management,

    observability, and other features between services. • Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic. • Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection.

55. Istio Set of tools that together deliveries security, traffic management,

    observability, and other features between services. • Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic. • Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection. • A pluggable policy layer and configuration API supporting access controls, rate limits and quotas.

56. Istio Set of tools that together deliveries security, traffic management,

    observability, and other features between services. • Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic. • Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection. • A pluggable policy layer and configuration API supporting access controls, rate limits and quotas. • Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress.

57. Istio Set of tools that together deliveries security, traffic management,

    observability, and other features between services. • Secure service-to-service communication in a cluster with strong identity-based authentication and authorisation.

58. How is Istio's magic?

59. Envoy Is a sidecar proxy that sits side-by-side with the

    application and proxy it’s network communications.

60. Mixer Is responsible for police control delivered by citadel to

    be enforced and also for telemetry

61. Pilot Do service discovery for envoy sidecars, traffic management capabilities

    for routing like A/B tests, canary rollouts and resiliency like timeouts, retries, circuit breakers.

62. Citadel Enable service to service authentication via keys and certificates,

    AKA istio-ca in previous versions.

63. Galley It is responsible for insulating the rest of the

    Istio components from the details of obtaining user configuration from the underlying platform (e.g. Kubernetes).

64. Istio’s control Plane

65. None

66. Demo

67. Obrigado!
 Slides: https://speakerdeck.com/wsilva