Theses are the slides to my presentation at the DevFest Romania.

  1. 1. Service Meshes with Istio Randy N. Gupta SCARATEC IT-Consulting GmbH Google Developer Expert gupta@scaratec.com Twitter: @RandyGupta www.scaratec.com
  2. 2. Why Kubernetes?
  3. 3. Kubernetes is ● complicated ● only needed for high availability ● only needed for high traffic REALLY?
  4. 4. Microservice Architecture - Common Definition Microservice Architecture describes a way of designing software applications as suites of independently deployable services. … borrowed by Martin Fowler
  5. 5. Microservices Application
  6. 6. Let’s create Microservices … as JAR? On bare metal?
  7. 7. Microservice -> Docker Container
  8. 8. Where to deploy Docker?
  9. 9. Kubernetes
  10. 10. Kubernetes is (really) ● an API for an infrastructure ● has objects for infrastructure components like: ○ storage ○ services ○ load balancers ○ firewalls ○ routing ○ jobs (batch, cron) ○ secrets … and more ● hides complexity from us ● automates tedious tasks ● language independent ● provides high availability ● is scaleable ● provides monitoring and telemetry ● supports testing ● very good integration with jenkins … and more
  11. 11. Pods are the smallest deployable units of computing that can be created and managed in Kubernetes. Kubernetes Pods
  12. 12. deployment ● description of a desired state of a set of pods ● a controller takes maintains the state
  13. 13. What is istio?
  14. 14. istio is an implementation of a service mesh
  15. 15. Simplified separation of concern ● kubernetes focuses on computing and HA ● istio focuses on networking and traffic control
  16. 16. Key Features ● load balancing ● tracing (opentracing compatible) ● service-to-service authentication and authorisation ● circuit breaking ● canary testing
  17. 17. Demo
  18. 18. Rule based routing apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: reviews … spec: hosts: - reviews http: - match: - headers: end-user: exact: jason route: - destination: host: reviews subset: v2 - route: - destination: host: reviews subset: v1
  19. 19. Rule based routing
  20. 20. Supported Platforms ● kubernetes ● services deployed with consul or eureka ● other platforms like mesos and cloudfoundry planed
  21. 21. Anatomy of istio our motivation
  22. 22. Envoy sidecar ● all traffic is routed via envoy ● replaces ingress controllers ● (mutual) TLS termination ● service is firewalled via IPTABLES Service Envoy Pod
  23. 23. Pilot ● distributes rules to envoys ● provides an API ● abstracts envoy API
  24. 24. Mixer ● primary point of integration with other backends ● processes raw metadata from envoy ● provides request level data to (custom / 3rd party) adapter
  25. 25. Citadel ● Certificate Authority for mutual TLS
  26. 26. Mesh expansion / multicluster
  27. 27. Mesh expansion / Multicluster ● master / slave (cluster) setup ● one pilot for the whole mesh ● mixer can collect only information from the cluster runs in ● expansion via sidecar e.g. inside a VM
  28. 28. Kubernetes is ● complicated -> as complex as the required infrastructure ● only needed for high availability -> nope ● only needed for high traffic -> nope
  29. 29. Resources ● kubernetes.io ● istio.io
  30. 30. Service Meshes with Istio Randy N. Gupta SCARATEC IT-Consulting GmbH Google Developer Expert gupta@scaratec.com Twitter: @RandyGupta www.scaratec.com Thank you!!

