Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup
Similar to MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup (20)
Recently uploaded
Recently uploaded (20)
MicroProfile as the Istio Programming Model | Virtual Eclipse Community Meetup
- 1. Istio’s Programming Model – Eclipse MicroProfile Emily Jiang – Liberty Architect for CDI and MicroProfile, IBM twitter: emilyfhjiang Heiko Rupp –Platform Architect for Middleware monitoring, Red Hat twitter: pilhuhn 1
- 2. What does MicroProfile do? • Vendor-neutral programming model, designed in the open, for Java microservices • Provide core capabilities for building fault tolerant, scalable microservices • Increasing the rate and pace of innovation beyond Java EE Invite developers to join the MicroProfile community and influence the future http://microprofile.io/
- 3. What is Service Mesh? A dedicated infrastructure layer to make service to service communication fast, safe and reliable
- 4. Why do we need Service Mesh?
- 5. What does ‘Service Mesh’ do? A network for services, not bytes Observability Resiliency Traffic Control Security Policy Enforcement
- 6. Istio A service mesh designed to connect, manage and secure your microservices
- 7. Istio - Putting it all together
- 8. What does MicroProfile do? • Vendor-neutral programming model, designed in the open, for Java microservices • Provide core capabilities for building fault tolerant, scalable, microservices • Increasing the rate and pace of innovation beyond Java EE Standardizing microservices in enterprise Java via the MicroProfile community Config Fault Tolerance Health Check Metrics Security (JWT) Open Tracing Open API Rest Client externalize configuration to improve portability build robust behavior to cope with unexpected failures ensure services are running and meeting SLAs understand the interactions between services while running provides role based access control (RBAC) for microservice endpoints Tracing the microservice s invocation chain Easily document microservcie APIs Simplify the creation of rest clients Invite developers to join the MicroProfile community and influence the future http://microprofile.io/
- 9. MicroProfile and Istio Capability Istio MicroProfile Routing Load balancing √ Config microservices specify config properties Inject config to microservices Health Check of Istio services Use k8s liveness and readiness probe Provide health status Metrics √ √ Distributed Tracing Display tracing correlation Auto-propagate 7 headers required by Istio API √ Security √ √ mTLS √ RBAC √ √
- 10. MicroProfile and Istio Capability Istio MicroProfile Routing Load balancing √ Fault Injection √ Fault Handling on http √ √ Timeout √ √ Retry √ √ CircuitBreaker √ √ Bulkhead (semaphore) √ √ Bulkhead (threadpool) √ Fallback √ Fault Handling on https √
- 11. MicroProfile Service Mesh working group Work in MicroProfile community Define the specification in microprofile-service-mesh (https://github.com/eclipse/microprofile-service-mesh) Sample microservices https://github.com/eclipse/microprofile-service-mesh-service-a/ https://github.com/eclipse/microprofile-service-mesh-service-b
- 12. Istio and MicroProfile - Putting it all together
- 14. MicroProfile Health Check /health livenessProbe: httpGet: path: "/health" port: 9080 initialDelaySeconds: 60 readinessProbe: httpGet: path: "/health/live" port: 9080 initialDelaySeconds: 5
- 15. MicroProfile Metrics Add more metrics
- 18. MicroProfile Open Tracing 7 http headers required by Istio propagated All JAX-RS requests traced
- 20. Fault Tolerance difference • Http request only (Retry,Timeout, CircuitBreaker), Connection pool (tcp and http) • Apply to all communications • Fine-grained to individual method
- 21. Fault Tolerance Conflict scenario Multiple microservices use http for communication
- 22. MicroProfile Fault Tolerance with Istio – current approach @Retry @Timeout @CircuitBreaker @Bulkhead @Fallback Retry Timeout CircuitBreaker Bulkhead MP_Fault_Tolerance_NonFallback_Enabled = false
- 23. Ecosystem to be – more complementary MP Config MP Config source
- 24. Demo Time
- 25. References • https://www.eclipse.org/community/eclipse_newsletter/2018/september/MicroProf ile_istio.php • https://medium.com/@pilhuhn/working-on-microprofile-service-mesh-istio-and- kiali-26d6c01b45cc • Code sample to demonstrate cloud-native microservices o https://github.com/eclipse/microprofile-service-mesh o https://github.com/eclipse/microprofile-service-mesh-service-a/ o https://github.com/eclipse/microprofile-service-mesh-service-b/ • http://microprofile.io • http://openliberty.io • https://thorntail.io/ 25
Editor's Notes
- See http://microprofile.io/ Graphic shows the community members for MicroProfile who are contributing to the technical direction and development of core capabilities that MicroProfile offers. These form the essential building blocks of microservices and are currently absent from the Java EE specification. By taking a community driven approach to their development, the broader Java developer community can increase the rate and pace of innovation, and prove the technology through the community prior to offering the capabilities to Oracle to standardizes as part of a future Java EE specification. As MicroProfile is an open source Eclipse project, multiple vendors provide implementations of the MicroProfile specification following the tradition of Java EE itself which provides a vendor neutral specification for enterprise application development. This helps optimize the portability of apps built using the MicroProfile specification and avoids vendor lock-in.
- If we were to reimagine the network that connects our microservices, what would we want out of it? Think of the kernel’s TCP/IP stack today. Do we care where in the planet an IP address is or how to route to it? No How about discovering MAC address associated with the IP or the next hop router? Nope. Do we care about packet loss or congestion control? Heck no. Essentially, the kernel provides a reliable communication fabric at Layer 4. It frees you from having to deal with discovery, failure recovery, flow control, and a host of other issues that you may not even be aware of. Isn’t this a nice property to have at the services layer, that is, layer-7? We seem to be having some similar issues: discovery, resiliency, routing, etc. and other issues specific such as load balancing, monitoring, policy enforcement, authentication and authorization, etc.
- Service mesh data plane: Touches every packet/request in the system. Responsible for service discovery, health checking, routing, load balancing, authentication/authorization, and observability. Service mesh control plane: Provides policy and configuration for all of the running data planes in the mesh. Does not touch any packets/requests in the system. The control plane turns all of the data planes into a distributed system. Our service mesh is built using Envoy sidecars. If you look at the big picture, its very similar to a SDN (software defined networking). The sidecars on the data plane carry traffic. Traffic is transparently intercepted using iptable rules in the pod namespace. The Istio control plane takes care of managing and configuring the data plane. The Pilot is responsible for providing service discovery to envoys and managing their configuration as well. The mixer handles policy enforcement, while Istio-auth takes care of authentication and authorization. We’ll talk about the mixer and Istio-auth later.
- See http://microprofile.io/ Graphic shows the community members for MicroProfile who are contributing to the technical direction and development of core capabilities that MicroProfile offers. These form the essential building blocks of microservices and are currently absent from the Java EE specification. By taking a community driven approach to their development, the broader Java developer community can increase the rate and pace of innovation, and prove the technology through the community prior to offering the capabilities to Oracle to standardizes as part of a future Java EE specification. As MicroProfile is an open source Eclipse project, multiple vendors provide implementations of the MicroProfile specification following the tradition of Java EE itself which provides a vendor neutral specification for enterprise application development. This helps optimize the portability of apps built using the MicroProfile specification and avoids vendor lock-in.
- Service mesh data plane: Touches every packet/request in the system. Responsible for service discovery, health checking, routing, load balancing, authentication/authorization, and observability. Service mesh control plane: Provides policy and configuration for all of the running data planes in the mesh. Does not touch any packets/requests in the system. The control plane turns all of the data planes into a distributed system. Our service mesh is built using Envoy sidecars. If you look at the big picture, its very similar to a SDN (software defined networking). The sidecars on the data plane carry traffic. Traffic is transparently intercepted using iptable rules in the pod namespace. The Istio control plane takes care of managing and configuring the data plane. The Pilot is responsible for providing service discovery to envoys and managing their configuration as well. The mixer handles policy enforcement, while Istio-auth takes care of authentication and authorization. We’ll talk about the mixer and Istio-auth later.
- MicroProfile Fault Tolerance offers Retry, Timeout, Bulkhead, CircuitBreaker, Fallback Istio offers Failure handling: Timeout, retries, limits on number of concurrent connections, circuit breakers Istio can not offer fallback Microservices need both of them sometimes How to set up a ecosystem of MicroProfile Fault Tolerance with Istio Use MicroProfile Fault Tolerance without Istio’s Fault Handling Use Istio’s Fault Handling with MicroProfile Fault Tolerance fallback MicroProfile Fault Tolerance is configurable and flexible The Fault Tolerance policies except fallback can be switched off via a configuration property called MP_Fault_Tolerance_NonFallback_Enabled with the value of false. Unique feature from MicroProfile Fault Tolerance where other Fault Tolerance third party libraries cannot offer easily
- MicroProfile FT triggers plugin to generate Istio config rules. For http invocation, set MP_Fault_Tolerance_NonFallback_Enabled to false Istio config rules will be automatically treated as a config source understood by MicroProfile config. Any value change in the file will be able to feed back to the application. For http traffic, Istio manages all FT except Retry where MP FT will provide For other traffic, Istio pretends it manages it but it is not capable. Devops can config the rules by changing the parameters. All the changes will be translated to FT properties and then MP FT obeys the order. For Devops, it is seemless.