Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Service Mesh with Istio and Kubernetes (Darkmira Tour PHP 2019)

Service Mesh with Istio and Kubernetes (Darkmira Tour PHP 2019)

Talk presented at the English Only Track on June 9th 2019 at Darkmira Tour PHP 2019 in Fortaleza, Ceara - Brazil. We covered some concepts, vantages and disadvantages comparing Micro-services and Monolith architectures. Then we showed Istio, what it is, how it works and its components. We made some demos showing microservices running on docker, then they running over a Kubernetes cluster and how the deployment and rollback works in high availability modes, and then we finished running the same stack with Istio and how to create routes, inject failures and make a canary deployment. The video of the demos and the code will be available soon.

280fecb4f048de5ecf36bec281609ea4?s=128

Wellington F. Silva

June 09, 2019
Tweet

Transcript

  1. Service Mesh with And Darkmira Tour PHP 2019

  2. Wellington F. Silva contato: @_wsilva nicks: wsilva, boina, tom, fisi*

    funções: pai, tec. telecom, programador, sysadmin, docker community leader, instrutor, escritor, zend certified engineer e docker certified associate * deprecation in favor of Well
  3. Agenda • Monolith vs Microservice • Communication between services •

    Containers • Kubernetes • Istio
  4. Monoliths

  5. Monolith • http://martinfowler.com/ bliki/MonolithFirst.html

  6. Monolith • http://martinfowler.com/ bliki/MonolithFirst.html • Start fast

  7. Monolith • http://martinfowler.com/ bliki/MonolithFirst.html • Start fast • Low complexity

    on delivering software
  8. Monolith • http://martinfowler.com/ bliki/MonolithFirst.html • Start fast • Low complexity

    on delivering software • Low cost in the beginning
  9. Monolith • The bigger the system the bigger the team

  10. Monolith • The bigger the system the bigger the team

    • Many people maintaining leads to natural split into teams
  11. Monolith • The bigger the system the bigger the team

    • Many people maintaining leads to natural split into teams • A small change can break the whole system
  12. “Adding manpower to a late software project makes it later”

    Frederick Brooks - The Mythical Man-Month
  13. Microservices

  14. Microservices

  15. –Wikipedia
 https://en.wikipedia.org/wiki/Microservices “Microservice is a software development technique, a variant

    of the service-oriented architecture (SOA) architectural style that structures an application as a collection of loosely coupled services.”
  16. Microservices • Independent and autonomous

  17. Microservices • Independent and autonomous • Scalability and Availability

  18. Microservices • Independent and autonomous • Scalability and Availability •

    Loosely coupled
  19. Microservices • Debug is hard

  20. Microservices • Debug is hard • Work on a service

    always paying attention to integration with other services
  21. Microservices • Debug is hard • Work on a service

    always paying attention to integration with other services • Huge network dependency
  22. Microservices • Debug is hard • Work on a service

    always paying attention to integration with other services • Huge network dependency • Orchestration complexity
  23. Microservices • Debug is hard • Work on a service

    always paying attention to integration with other services • Huge network dependency • Orchestration complexity • Service Discovery dependency
  24. –Sam Newman
 Building Microservices “The golden rule: can you make

    a change to a service and deploy it by itself without changing anything else?”
  25. Communication Between Services

  26. Communication Computer 1 Computer 2 Networking Networking Service A Service

    B Circuit Breaker Service Discovery Circuit Breaker Service Discovery
  27. Communication Computer 1 Computer 2 Networking Networking Service A Service

    B Library Circuit Breaker Service Discovery Library Circuit Breaker Service Discovery
  28. Communication Issues: • The need to change and adapt your

    application for it
  29. Communication Issues: • The need to change and adapt your

    application for it • Time spend to build integrations with this libs
  30. Communication Issues: • The need to change and adapt your

    application for it • Time spend to build integrations with this libs • It limits the amount of tools that can be used
  31. Communication Issues: • The need to change and adapt your

    application for it • Time spend to build integrations with this libs • It limits the amount of tools that can be used • Hard to maintain compatibility of tools and versions
  32. Communication Tools from Netflix OSS • Netflix Hystrix (circuit breaking

    / bulk heading)
  33. Communication Tools from Netflix OSS • Netflix Hystrix (circuit breaking

    / bulk heading) • Netflix Zuul (edge router)
  34. Communication Tools from Netflix OSS • Netflix Hystrix (circuit breaking

    / bulk heading) • Netflix Zuul (edge router) • Netflix Ribbon (client site service discovery / load balancer)
  35. Communication Tools from Netflix OSS • Netflix Hystrix (circuit breaking

    / bulk heading) • Netflix Zuul (edge router) • Netflix Ribbon (client site service discovery / load balancer) • Netflix Eureka (service discovery registry)
  36. Communication Tools from Netflix OSS • Netflix Hystrix (circuit breaking

    / bulk heading) • Netflix Zuul (edge router) • Netflix Ribbon (client site service discovery / load balancer) • Netflix Eureka (service discovery registry) • Netflix Spectator / Atlas (metrics)
  37. How to solve this?

  38. 1 - Containers

  39. Containers Tool to virtualise at the Operation System level

  40. Containers Tool to virtualise at the Operation System level It

    IS NOT a Virtual Machine (Virtual environment - the magic of how was presented at the Docker workshop)
  41. Containers Tool to virtualise at the Operation System level It

    IS NOT a Virtual Machine (Virtual environment - the magic of how was presented at the Docker workshop) Whit VMs we can run Linux over Windows, vice- versa, and others.
  42. Containers Tool to virtualise at the Operation System level It

    IS NOT a Virtual Machine (Virtual environment - the magic of how was presented at the Docker workshop) Whit VMs we can run Linux over Windows, vice- versa, and others. With Containers you only run FreeBSD over FreeBSD, Linux over Linux, Windows over Windows.
  43. Demo?

  44. 2 - Kubernetes

  45. Kubernetes Tool to Orchestrate Containers in a cluster of machines

  46. Kubernetes Tool to Orchestrate Containers Processes in a cluster of

    machines Deploy of applications can be automated
  47. Kubernetes Tool to Orchestrate Containers Processes in a cluster of

    machines Deploy of applications can be automated Containers can be in any machine of the cluster
  48. Kubernetes Tool to Orchestrate Containers Processes in a cluster of

    machines Deploy of applications can be automated Containers can be in any machine of the cluster Optimizes the use of infrastructure resources
  49. Kubernetes Tool to Orchestrate Containers Processes in a cluster of

    machines Deploy of applications can be automated Containers can be in any machine of the cluster Optimizes the use of infrastructure resources Delivery easily self healing, high availability and scalability to apps and services
  50. Demo?

  51. 3 - Istio

  52. Istio Set of tools that together deliveries security, traffic management,

    observability, and other features between services.
  53. Istio Set of tools that together deliveries security, traffic management,

    observability, and other features between services. • Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic.
  54. Istio Set of tools that together deliveries security, traffic management,

    observability, and other features between services. • Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic. • Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection.
  55. Istio Set of tools that together deliveries security, traffic management,

    observability, and other features between services. • Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic. • Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection. • A pluggable policy layer and configuration API supporting access controls, rate limits and quotas.
  56. Istio Set of tools that together deliveries security, traffic management,

    observability, and other features between services. • Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic. • Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection. • A pluggable policy layer and configuration API supporting access controls, rate limits and quotas. • Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress.
  57. Istio Set of tools that together deliveries security, traffic management,

    observability, and other features between services. • Secure service-to-service communication in a cluster with strong identity-based authentication and authorisation.
  58. How is Istio's magic?

  59. Envoy Is a sidecar proxy that sits side-by-side with the

    application and proxy it’s network communications.
  60. Mixer Is responsible for police control delivered by citadel to

    be enforced and also for telemetry
  61. Pilot Do service discovery for envoy sidecars, traffic management capabilities

    for routing like A/B tests, canary rollouts and resiliency like timeouts, retries, circuit breakers.
  62. Citadel Enable service to service authentication via keys and certificates,

    AKA istio-ca in previous versions.
  63. Galley It is responsible for insulating the rest of the

    Istio components from the details of obtaining user configuration from the underlying platform (e.g. Kubernetes).
  64. Istio’s control Plane

  65. None
  66. Demo

  67. Obrigado!
 Slides: https://speakerdeck.com/wsilva