$30 off During Our Annual Pro Sale. View Details »

Service Mesh with Istio and Kubernetes (Darkmira Tour PHP 2019)

Service Mesh with Istio and Kubernetes (Darkmira Tour PHP 2019)

Talk presented at the English Only Track on June 9th 2019 at Darkmira Tour PHP 2019 in Fortaleza, Ceara - Brazil. We covered some concepts, vantages and disadvantages comparing Micro-services and Monolith architectures. Then we showed Istio, what it is, how it works and its components. We made some demos showing microservices running on docker, then they running over a Kubernetes cluster and how the deployment and rollback works in high availability modes, and then we finished running the same stack with Istio and how to create routes, inject failures and make a canary deployment. The video of the demos and the code will be available soon.

Wellington F. Silva

June 09, 2019
Tweet

More Decks by Wellington F. Silva

Other Decks in Technology

Transcript

  1. Service Mesh with
    And
    Darkmira Tour PHP 2019

    View Slide

  2. Wellington F. Silva
    contato:
    @_wsilva
    nicks:
    wsilva, boina, tom, fisi*
    funções:
    pai, tec. telecom,
    programador, sysadmin,
    docker community leader,
    instrutor, escritor, zend
    certified engineer e docker
    certified associate
    * deprecation in favor of Well

    View Slide

  3. Agenda
    • Monolith vs Microservice
    • Communication between services
    • Containers
    • Kubernetes
    • Istio

    View Slide

  4. Monoliths

    View Slide

  5. Monolith
    • http://martinfowler.com/
    bliki/MonolithFirst.html

    View Slide

  6. Monolith
    • http://martinfowler.com/
    bliki/MonolithFirst.html
    • Start fast

    View Slide

  7. Monolith
    • http://martinfowler.com/
    bliki/MonolithFirst.html
    • Start fast
    • Low complexity on
    delivering software

    View Slide

  8. Monolith
    • http://martinfowler.com/
    bliki/MonolithFirst.html
    • Start fast
    • Low complexity on
    delivering software
    • Low cost in the beginning

    View Slide

  9. Monolith
    • The bigger the system the
    bigger the team

    View Slide

  10. Monolith
    • The bigger the system the
    bigger the team
    • Many people maintaining
    leads to natural split into
    teams

    View Slide

  11. Monolith
    • The bigger the system the
    bigger the team
    • Many people maintaining
    leads to natural split into
    teams
    • A small change can break
    the whole system

    View Slide

  12. “Adding manpower to
    a late software project
    makes it later”
    Frederick Brooks - The Mythical Man-Month

    View Slide

  13. Microservices

    View Slide

  14. Microservices

    View Slide

  15. –Wikipedia

    https://en.wikipedia.org/wiki/Microservices
    “Microservice is a software development
    technique, a variant of the service-oriented
    architecture (SOA) architectural style that
    structures an application as a collection of
    loosely coupled services.”

    View Slide

  16. Microservices
    • Independent and autonomous

    View Slide

  17. Microservices
    • Independent and autonomous
    • Scalability and Availability

    View Slide

  18. Microservices
    • Independent and autonomous
    • Scalability and Availability
    • Loosely coupled

    View Slide

  19. Microservices
    • Debug is hard

    View Slide

  20. Microservices
    • Debug is hard
    • Work on a service always paying attention to
    integration with other services

    View Slide

  21. Microservices
    • Debug is hard
    • Work on a service always paying attention to
    integration with other services
    • Huge network dependency

    View Slide

  22. Microservices
    • Debug is hard
    • Work on a service always paying attention to
    integration with other services
    • Huge network dependency
    • Orchestration complexity

    View Slide

  23. Microservices
    • Debug is hard
    • Work on a service always paying attention to
    integration with other services
    • Huge network dependency
    • Orchestration complexity
    • Service Discovery dependency

    View Slide

  24. –Sam Newman

    Building Microservices
    “The golden rule: can you make a
    change to a service and deploy it by
    itself without changing anything else?”

    View Slide

  25. Communication
    Between Services

    View Slide

  26. Communication
    Computer 1 Computer 2
    Networking Networking
    Service A Service B
    Circuit Breaker
    Service Discovery
    Circuit Breaker
    Service Discovery

    View Slide

  27. Communication
    Computer 1 Computer 2
    Networking Networking
    Service A Service B
    Library
    Circuit Breaker
    Service Discovery
    Library
    Circuit Breaker
    Service Discovery

    View Slide

  28. Communication
    Issues:
    • The need to change and adapt your application
    for it

    View Slide

  29. Communication
    Issues:
    • The need to change and adapt your application
    for it
    • Time spend to build integrations with this libs

    View Slide

  30. Communication
    Issues:
    • The need to change and adapt your application
    for it
    • Time spend to build integrations with this libs
    • It limits the amount of tools that can be used

    View Slide

  31. Communication
    Issues:
    • The need to change and adapt your application
    for it
    • Time spend to build integrations with this libs
    • It limits the amount of tools that can be used
    • Hard to maintain compatibility of tools and
    versions

    View Slide

  32. Communication
    Tools from Netflix OSS
    • Netflix Hystrix (circuit breaking / bulk heading)

    View Slide

  33. Communication
    Tools from Netflix OSS
    • Netflix Hystrix (circuit breaking / bulk heading)
    • Netflix Zuul (edge router)

    View Slide

  34. Communication
    Tools from Netflix OSS
    • Netflix Hystrix (circuit breaking / bulk heading)
    • Netflix Zuul (edge router)
    • Netflix Ribbon (client site service discovery /
    load balancer)

    View Slide

  35. Communication
    Tools from Netflix OSS
    • Netflix Hystrix (circuit breaking / bulk heading)
    • Netflix Zuul (edge router)
    • Netflix Ribbon (client site service discovery /
    load balancer)
    • Netflix Eureka (service discovery registry)

    View Slide

  36. Communication
    Tools from Netflix OSS
    • Netflix Hystrix (circuit breaking / bulk heading)
    • Netflix Zuul (edge router)
    • Netflix Ribbon (client site service discovery /
    load balancer)
    • Netflix Eureka (service discovery registry)
    • Netflix Spectator / Atlas (metrics)

    View Slide

  37. How to solve this?

    View Slide

  38. 1 - Containers

    View Slide

  39. Containers
    Tool to virtualise at the Operation System level

    View Slide

  40. Containers
    Tool to virtualise at the Operation System level
    It IS NOT a Virtual Machine (Virtual environment -
    the magic of how was presented at the Docker
    workshop)

    View Slide

  41. Containers
    Tool to virtualise at the Operation System level
    It IS NOT a Virtual Machine (Virtual environment -
    the magic of how was presented at the Docker
    workshop)
    Whit VMs we can run Linux over Windows, vice-
    versa, and others.

    View Slide

  42. Containers
    Tool to virtualise at the Operation System level
    It IS NOT a Virtual Machine (Virtual environment -
    the magic of how was presented at the Docker
    workshop)
    Whit VMs we can run Linux over Windows, vice-
    versa, and others.
    With Containers you only run FreeBSD over
    FreeBSD, Linux over Linux, Windows over
    Windows.

    View Slide

  43. Demo?

    View Slide

  44. 2 - Kubernetes

    View Slide

  45. Kubernetes
    Tool to Orchestrate Containers in a cluster of
    machines

    View Slide

  46. Kubernetes
    Tool to Orchestrate Containers Processes in a
    cluster of machines
    Deploy of applications can be automated

    View Slide

  47. Kubernetes
    Tool to Orchestrate Containers Processes in a
    cluster of machines
    Deploy of applications can be automated
    Containers can be in any machine of the cluster

    View Slide

  48. Kubernetes
    Tool to Orchestrate Containers Processes in a
    cluster of machines
    Deploy of applications can be automated
    Containers can be in any machine of the cluster
    Optimizes the use of infrastructure resources

    View Slide

  49. Kubernetes
    Tool to Orchestrate Containers Processes in a
    cluster of machines
    Deploy of applications can be automated
    Containers can be in any machine of the cluster
    Optimizes the use of infrastructure resources
    Delivery easily self healing, high availability and
    scalability to apps and services

    View Slide

  50. Demo?

    View Slide

  51. 3 - Istio

    View Slide

  52. Istio
    Set of tools that together deliveries security,
    traffic management, observability, and other
    features between services.

    View Slide

  53. Istio
    Set of tools that together deliveries security,
    traffic management, observability, and other
    features between services.
    • Automatic load balancing for HTTP, gRPC,
    WebSocket, and TCP traffic.

    View Slide

  54. Istio
    Set of tools that together deliveries security,
    traffic management, observability, and other
    features between services.
    • Automatic load balancing for HTTP, gRPC,
    WebSocket, and TCP traffic.
    • Fine-grained control of traffic behavior with
    rich routing rules, retries, failovers, and fault
    injection.

    View Slide

  55. Istio
    Set of tools that together deliveries security, traffic
    management, observability, and other features
    between services.
    • Automatic load balancing for HTTP, gRPC,
    WebSocket, and TCP traffic.
    • Fine-grained control of traffic behavior with rich
    routing rules, retries, failovers, and fault injection.
    • A pluggable policy layer and configuration API
    supporting access controls, rate limits and
    quotas.

    View Slide

  56. Istio
    Set of tools that together deliveries security, traffic
    management, observability, and other features between
    services.
    • Automatic load balancing for HTTP, gRPC,
    WebSocket, and TCP traffic.
    • Fine-grained control of traffic behavior with rich
    routing rules, retries, failovers, and fault injection.
    • A pluggable policy layer and configuration API
    supporting access controls, rate limits and quotas.
    • Automatic metrics, logs, and traces for all traffic
    within a cluster, including cluster ingress and egress.

    View Slide

  57. Istio
    Set of tools that together deliveries security,
    traffic management, observability, and other
    features between services.
    • Secure service-to-service communication in a
    cluster with strong identity-based
    authentication and authorisation.

    View Slide

  58. How is Istio's magic?

    View Slide

  59. Envoy
    Is a sidecar proxy that sits side-by-side with the
    application and proxy it’s network
    communications.

    View Slide

  60. Mixer
    Is responsible for police control delivered by
    citadel to be enforced and also for telemetry

    View Slide

  61. Pilot
    Do service discovery for envoy sidecars, traffic
    management capabilities for routing like A/B
    tests, canary rollouts and resiliency like timeouts,
    retries, circuit breakers.

    View Slide

  62. Citadel
    Enable service to service authentication via keys
    and certificates, AKA istio-ca in previous
    versions.

    View Slide

  63. Galley
    It is responsible for insulating the rest of the Istio
    components from the details of obtaining user
    configuration from the underlying platform (e.g.
    Kubernetes).

    View Slide

  64. Istio’s control Plane

    View Slide

  65. View Slide

  66. Demo

    View Slide

  67. Obrigado!

    Slides: https://speakerdeck.com/wsilva

    View Slide