2. Ku·ber·ne·tes
Kubernetes can be many things… Its a scalable, self-healing and resilient
● Container orchestration engine
● Cluster management system
● Mesos, Swarm, Rancher, _______ replacement
● Microservices, CI/CD, Machine Learning platforms
● Portable ‘cloud’
But, It’s NOT just another way to run containers...
2
3. The Kubernetes Journey
Recent surveys from from CNCF shows that over 83% of the companies that
are using containers are using Kubernetes
July 2018
It has a huge community:
● ~36K Stars
● ~1600 Contributors!
● ~13K Forks
● ~1000 Pending pull requests!
3
6. Azure Kubernetes Service (AKS)
● Fully managed Kubernetes cluster
● Set up master and nodes
● One-Click scale and upgrade operations
● Built-in secured dashboard
● Support Block and CIFS volumes on Azure
● Support for GPU workloads
● Fully integrated with Azure Monitor and Log Analytics
Also, fully integrated with Azure DevOps
6
7. Azure DevOps
● Full-blown Git Repos
● Issues and Tasks boards
● Pipelines support
○ Thousands of steps extensions
● Build on Windows, Linux and Mac!
● Release on Windows, Linux and Mac!
● Manage test plans and load tests
● Built-in Private package managers
○ Private NPM, Nuget, Maven, Gradle, PIP
○ Similar to JFrog Artifactory, Nexus
● Managed from your Azure Account
7
10. And we all know how to run an application...
Creating a Namespace, defining a Deployment to manage a
ReplicaSet of Pods, exposing them as Services and Ingress, maybe
mounting Persistent Volumes into their containers, injecting
ConfigMaps and Secrets as environment variables.
After deployment, we expect that Kubernetes will take care the rest.
10
13. Back to basics
’Micro-services is a software development technique—[…] that
structures an application as a collection of loosely coupled services.
In a microservices architecture, services are fine-grained and the
protocols are lightweight. The benefit of decomposing an
application into different smaller services is that it improves
modularity and makes the application easier to understand,
develop, test, and more resilient to architecture erosion. It also
parallelizes development by enabling small autonomous teams to
develop, deploy and scale independently. […] Microservices-based
architectures enable continuous delivery and deployment.’
* Wikipedia
14. Micro-services 101
• Small – do one thing and do it well
• Simple!
• Has clear domain boundaries and well-defined API’s
• Standalone
• Independent development
• Independent deployment
• Build and release is automatic
• Testable
• Loosely coupled
15. With simplicity, comes complexity ®
• How to deploy or update services with zero-downtime?
• How to A/B test the application?
• How to handle network failures?
• How to manage security between services?
• How to handle timeouts? Retries?
• How to rate limit? Add quotas?
• Telemetry, Logging, Monitoring?
• What about Polyglot, Legacy systems?
• Different Tech Stacks
16. We used to do this ourself
• Integrating services and libraries for the following:
• Eureka - Service Registry
• Ribbon - Client Side Load Balancing
• Hystrix - Circuit Breaker
• Zipkin - Distributed Tracing
• Prometheus - Monitoring
• Grafana - Dashboards and Visualization
• Nginx - API Gateway
• Many of them requires complicated code in our API libraries
17. The rise of Service Mesh
• Managing a horde of Microservices yourself is too hard
• Service Meshes are taking care of all communication
and policies needs between services and allows
extensibility by middlewares
• Istio, Linkerd, Conduit – are all different approaches to
Service Mesh
18. Introducing Istio
• Initiative from Google, IBM and Lyft
• Built for Kubernetes
• But also supports – Nomad, Consul, and in the future will support Cloud
Foundry and Mesos
• A uniform way to connect, manage and secure Micro-services:
• Advanced Load-Balancing for TCP, HTTP, gRPC, and Web Sockets
• Rule-based Traffic Control
• Advanced policies – ACL’s, Mutual-TLS, Rotating Certificates, Rate-
limits, etc..
• Automatic metrics, logs, traces collection
• IstioCtl – like KubeCtl, only for Istio (we can actually use KubeCtl most
of the time)
19.
20. Control Plane vs Data Plane
• Control Plane
• Abstract platform specific capabilities
• Provide cluster wide Rules Api for Routing
• Propagate Policy and Configuration
• Manages data plan
• Data Plane
• Service Discovery
• Routing
• Load Balancing
• Authentication and Authorization
• Health Checking
• Observability
21. Envoy
• Originally built at Lyft
• Now a CNCF Graduate
• A C++ based L4/L7 proxy
• Battle-tested with great performance
• Acts as the smart Data-Plane managed by Istio
• Many built-in mechanism used by Istio
• API Driven updates (without hot-reload)
• In recent versions being injected as a side-car
22. Pilot – Discovery and Traffic management
• Manages the lifecycle of Envoy instances deployed across Istio
• Intelligent Router
• Handle timeouts, retries
• Implement Circuit-Breaker
• Allows A/B testing
• Sophisticated Deployments
23. Mixer
• Manages Access Control and Policies
• Extract request attributes
• Collects Telemetry and metrics
• Tracing & Metric backend can be changed at runtime (Prometheus, InfluxDB,
StackDriver, etc..)
Citadel
• Service-to-service authentication and Mutual TLS
• Supports RBAC (Role-Based Access Control) - like Kubernetes
• Automatically manages credentials and certificates
25. Built-in Addons
• Prometheus & Grafana
• Out-of-the-box cluster-wide metric-collection, and support for alert’s
manager
• Fully customizable dashboards using Grafana
• Service Graph
• For Observability
• Open Tracing
• Vendor-neutral APIs and instrumentation for distributed tracing
• Jaeger or Zipkin
30. Intelligent Routing Capabilities
• Request Routing
• Manage multiple environments (dev, test, prod) and multiple versions (vX, vY)
at the same time while configuring sophisticated rules based-on Uri, Headers
and more.
• Implement Weight-based version routing
• Allows A/B testing and Canary Deployments
• Handle Ingress and Egress routing rules and gateways
• Warm-up services with request mirroring
• Load Balancing
• Handle service-registration and service-discovery
• Advanced Algorithms
• Weighted round robin, Weighted least request, Ring-Hash, Maglev, Random, Orig-
Destination
• Zone-awareness, priorities and more
31. Failure Handling
• Timeouts and Deadlines
• Following request journey in the Service Mesh
• Supports per-request configuration
• Retries
• Supports variable jitter between retries
• Rate-limiting and Quotas
• Connection limits, requests throttling
• Circuit-Breaker
• Help getting failed services back to shape after subsequent failures (fully
configurable)
32. Fault Injection
• Allows to test the failure handling mechanism
• Enables granular Chaos testing (i.e Netflix’s Chaos Monkey)
• Introduce latency to specific services or users
• Inject statistical errors to requests
34. Recap
• Istio introduces unparalleled support for the unique challenges that
comes with Micro-services
• Istio is vendor-agnostic, and supports both on-prem and cloud
deployments
• Istio is now stable for GA and considered production ready.
• v0.8+ Includes major API changes (VirtualService, DestinationRule)