SlideShare a Scribd company logo

Why Is Istio That Shape?

Matt Turner
Matt Turner

In this session, Matt will look at Istio, a Service Mesh, but no prior knowledge of Istio or the space is needed. Istio is a “smart network” comprising traffic switches and controllers. It’s had about four different architectures over time, and we’ll look at what problem each solved, and the challenges that eventually led to it being changed. We’ll talk about how the different approaches each optimised performance, scalability, and redundancy. We’ll explore analogies between the shapes of Istio and common patterns - three-tier web apps, big network routers, etc - and how Istio’s lessons are broadly applicable.

Technology
1 of 66
Download to read offline
Why Is Istio That Shape? @mt165 Why Is Istio That Shape? Matt Turner Software Architecture Gathering, Virtual | November 2022 @mt165 | mt165.co.uk
Why Is Istio That Shape? @mt165 THE ENTERPRISE SERVICE MESH COMPANY
Why Is Istio That Shape? @mt165 Pop Quiz!
Why Is Istio That Shape? @mt165 Background Service Meshes and Istio
Why Is Istio That Shape? @mt165 Business Value ● Top Line ● Bottom Line ● Time to Market & Speed of Iteration ● Risk Reduction
Why Is Istio That Shape? @mt165 Break the Monolith
Why Is Istio That Shape? @mt165 Pod Pod Pod Break the Monolith Namespace A Namespace B Namespace C Namespace A Namespace B Namespace C
Why Is Istio That Shape? @mt165 But Don’t Just Distribute It!
Why Is Istio That Shape? @mt165 Technical Implications
Why Is Istio That Shape? @mt165
Why Is Istio That Shape? @mt165
Why Is Istio That Shape? @mt165
Why Is Istio That Shape? @mt165
Why Is Istio That Shape? @mt165
Why Is Istio That Shape? @mt165
Why Is Istio That Shape? @mt165 Service A Service B
Why Is Istio That Shape? @mt165 Lots of Options: In-process libraries and frameworks
Why Is Istio That Shape? @mt165 Polyglot environments
Why Is Istio That Shape? @mt165 Polyglot environments
Why Is Istio That Shape? @mt165 Take the Network Smarts out of the Process
Why Is Istio That Shape? @mt165 Add a Control Plane
Why Is Istio That Shape? @mt165 Istio “An open platform to connect, secure, control, and observe services.”
Why Is Istio That Shape? @mt165 What Shape is Istio?
Why Is Istio That Shape? @mt165 Istio 0.1 - 1.4
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B TLS certs to Envoys
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Config to Envoys Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Config to Envoys Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy k8s consul zk K8s API Server
Why Is Istio That Shape? @mt165 Have We Seen This Before?
Why Is Istio That Shape? @mt165 IP Router Architecture DATA PLANE CONTROL PLANE OSPF ARP BGP STP Router Information Base Forwarding Information Base Forwarding Engine
Why Is Istio That Shape? @mt165 IP Router Architecture DATA PLANE CONTROL PLANE OSPF ARP BGP STP Router Information Base Forwarding Information Base Forwarding Engine Latency Throughput Concurrency Availability
Why Is Istio That Shape? @mt165 IP Router Architecture DATA PLANE CONTROL PLANE OSPF ARP BGP STP PILOT ENVOY Router Information Base Forwarding Information Base Forwarding Engine
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Policy checks, Telemetry Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
Why Is Istio That Shape? @mt165 IP Router Architecture Interrupt Kernel module User process DATA PLANE CONTROL PLANE OSPF ARP BGP STP Router Information Base Forwarding Information Base
Why Is Istio That Shape? @mt165 IP Router Architecture DATA PLANE CONTROL PLANE OSPF ARP BGP STP PILOT MIXER ENVOY Interrupt Kernel module User process Router Information Base Forwarding Information Base
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Control Plane API Service A Service B Config to Envoys prom ES REPORT CHECK ACL Rate limit Mixer fat client Mixer fat client Citadel
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Config to Envoys TLS certs to Envoys Policy checks, Telemetry Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
Why Is Istio That Shape? @mt165 Why Isn’t Istio This Shape?
Why Is Istio That Shape? @mt165 Mixer Pros ● Recognisable mental mode ● Good availability ● Can horizontally scale ○ Load ○ High availability Cons ● Performance was never great ● Very few things need coördination between proxies
Why Is Istio That Shape? @mt165 µServices! Pros ● Decoupled deployments ● Isolated security contexts ● Isolated failure domains ● Individual scaling ● Multiple languages ● Clean mapping to individual teams/domains Cons ● Complex to debug ● Fiddly to deploy ● Inefficient ○ Message-passing ○ Missed shared cache opportunities
Why Is Istio That Shape? @mt165 µServices? Decoupled deployments ● No-one ever did
Why Is Istio That Shape? @mt165 µServices? Isolated security contexts ● Citadel is obviously a security component, but… ● Pilot can re-route all your requests ● Mixer can steal all your traffic ● …a breach in any one is as bad as the others
Why Is Istio That Shape? @mt165 µServices? Isolated failure domains ● Mixer is the only acutely critical service
Why Is Istio That Shape? @mt165 µServices? Individual scaling ● Resource usage was dominated by one component of service: Pilot’s XDS serving
Why Is Istio That Shape? @mt165 µServices? Multiple languages ● It’s all Go
Why Is Istio That Shape? @mt165 µServices? Clean mapping to individual teams/domains ● We’re good at writing monoliths ● µServices were never about this anyway
Why Is Istio That Shape? @mt165 Istio 1.5 - Date
Why Is Istio That Shape? @mt165 Pilot ● That thing I said about a compiler… ● It’s a nice mental model ● It wasn’t true
Why Is Istio That Shape? @mt165 Pilot Pilot K8s API Server Envoy Envoy Envoy Envoy k8s consul zk
Why Is Istio That Shape? @mt165 Pilot K8s API Server Envoy Envoy Envoy Envoy k8s consul zk
Why Is Istio That Shape? @mt165 Pilot K8s API Server Envoy Envoy Envoy Envoy k8s consul zk
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB istiod Control Plane API Service A Service B Config to Envoys TLS certs to Envoys Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy µServices
Why Is Istio That Shape? @mt165 Mixer ● Policy: implemented with (new) Envoy-native features
Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB istiod Control Plane API Service A Service B Config to Envoys TLS certs to Envoys Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy WASM WASM WASM WASM Telem etry
Why Is Istio That Shape? @mt165 Dataplane Topology - Host-Based Proxy #eBPF #sidecarless #nomesh
Why Is Istio That Shape? @mt165 Envoy Service A Service B WASM WASM host istiod Control Plane API
Why Is Istio That Shape? @mt165 CPU Usage Per Request Idle
Why Is Istio That Shape? @mt165 Memory Usage Per Service Config Overhead: programme
Why Is Istio That Shape? @mt165 Dataplane Topology - “Ambient Mesh”
Why Is Istio That Shape? @mt165 Ambient Mesh - zTunnel host host Service A Service B zTunnel zTunnel Service A
Why Is Istio That Shape? @mt165 Ambient Mesh - “Waypoint” Proxies host host Service A Service B zTunnel zTunnel Service A Envoy K8s ServiceAccount A Envoy K8s ServiceAccount B
Why Is Istio That Shape? @mt165 Thanks! Slides Videos Demo code mt165.co.uk Questions @mt165

Recommended

Running Resillient Workloads with Istio - OpenInfra Days 2019
Running Resillient Workloads with Istio - OpenInfra Days 2019Running Resillient Workloads with Istio - OpenInfra Days 2019
Running Resillient Workloads with Istio - OpenInfra Days 2019Matt Turner
 
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...Michael Man
 
Running Resillient Workloads with Istio - KubeCon China 2019
Running Resillient Workloads with Istio - KubeCon China 2019Running Resillient Workloads with Istio - KubeCon China 2019
Running Resillient Workloads with Istio - KubeCon China 2019Matt Turner
 
What is a Service Mesh and what can it do for your Microservices
What is a Service Mesh and what can it do for your MicroservicesWhat is a Service Mesh and what can it do for your Microservices
What is a Service Mesh and what can it do for your MicroservicesMatt Turner
 
Istio, The Packet's-Eye View - KubeCon NA 2018
Istio, The Packet's-Eye View - KubeCon NA 2018Istio, The Packet's-Eye View - KubeCon NA 2018
Istio, The Packet's-Eye View - KubeCon NA 2018Matt Turner
 
The Life of a Packet through Istio - DevExperience Romania, April 2019
The Life of a Packet through Istio - DevExperience Romania, April 2019The Life of a Packet through Istio - DevExperience Romania, April 2019
The Life of a Packet through Istio - DevExperience Romania, April 2019Matt Turner
 
Gateway APIs, Envoy Gateway, and API Gateways
Gateway APIs, Envoy Gateway, and API GatewaysGateway APIs, Envoy Gateway, and API Gateways
Gateway APIs, Envoy Gateway, and API GatewaysMatt Turner
 
Evolving big microservice architectures
Evolving big microservice architecturesEvolving big microservice architectures
Evolving big microservice architecturesNikolay Stoitsev
 

Recommended

Running Resillient Workloads with Istio - OpenInfra Days 2019
Running Resillient Workloads with Istio - OpenInfra Days 2019Running Resillient Workloads with Istio - OpenInfra Days 2019
Running Resillient Workloads with Istio - OpenInfra Days 2019Matt Turner
 
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...Michael Man
 
Running Resillient Workloads with Istio - KubeCon China 2019
Running Resillient Workloads with Istio - KubeCon China 2019Running Resillient Workloads with Istio - KubeCon China 2019
Running Resillient Workloads with Istio - KubeCon China 2019Matt Turner
 
What is a Service Mesh and what can it do for your Microservices
What is a Service Mesh and what can it do for your MicroservicesWhat is a Service Mesh and what can it do for your Microservices
What is a Service Mesh and what can it do for your MicroservicesMatt Turner
 
Istio, The Packet's-Eye View - KubeCon NA 2018
Istio, The Packet's-Eye View - KubeCon NA 2018Istio, The Packet's-Eye View - KubeCon NA 2018
Istio, The Packet's-Eye View - KubeCon NA 2018Matt Turner
 
The Life of a Packet through Istio - DevExperience Romania, April 2019
The Life of a Packet through Istio - DevExperience Romania, April 2019The Life of a Packet through Istio - DevExperience Romania, April 2019
The Life of a Packet through Istio - DevExperience Romania, April 2019Matt Turner
 
Gateway APIs, Envoy Gateway, and API Gateways
Gateway APIs, Envoy Gateway, and API GatewaysGateway APIs, Envoy Gateway, and API Gateways
Gateway APIs, Envoy Gateway, and API GatewaysMatt Turner
 
Evolving big microservice architectures
Evolving big microservice architecturesEvolving big microservice architectures
Evolving big microservice architecturesNikolay Stoitsev
 
Azure Microservices in Practice - Radu Vunvulea
Azure Microservices in Practice - Radu VunvuleaAzure Microservices in Practice - Radu Vunvulea
Azure Microservices in Practice - Radu VunvuleaITCamp
 
Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016
Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016
Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016Radu Vunvulea
 
Running Resilient Workloads on Istio
Running Resilient Workloads on IstioRunning Resilient Workloads on Istio
Running Resilient Workloads on IstioMatt Turner
 
The life of a packet through Istio - QCon London 2019
The life of a packet through Istio - QCon London 2019The life of a packet through Istio - QCon London 2019
The life of a packet through Istio - QCon London 2019Matt Turner
 
The next-gen Mahara
The next-gen MaharaThe next-gen Mahara
The next-gen MaharaKristina D.C. Hoeppner
 
Pivotal microservices spring_pcf_skillsmatter.pptx
Pivotal microservices spring_pcf_skillsmatter.pptxPivotal microservices spring_pcf_skillsmatter.pptx
Pivotal microservices spring_pcf_skillsmatter.pptxSufyaan Kazi
 
Do You Need a Service Mesh? @ London Devops, January 2019
Do You Need a Service Mesh? @ London Devops, January 2019Do You Need a Service Mesh? @ London Devops, January 2019
Do You Need a Service Mesh? @ London Devops, January 2019Matt Turner
 
Testing your PowerShell code with Pester - Florin Loghiade
Testing your PowerShell code with Pester - Florin LoghiadeTesting your PowerShell code with Pester - Florin Loghiade
Testing your PowerShell code with Pester - Florin LoghiadeITCamp
 
Lessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric ArchitectureLessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric ArchitectureWSO2
 
Presenting: Mahara 15.04
Presenting: Mahara 15.04Presenting: Mahara 15.04
Presenting: Mahara 15.04Kristina D.C. Hoeppner
 
GenieATM useful usage
GenieATM useful usageGenieATM useful usage
GenieATM useful usageHirotaka Tajima
 
Agile Lab_BigData_Meetup
Agile Lab_BigData_MeetupAgile Lab_BigData_Meetup
Agile Lab_BigData_MeetupPaolo Platter
 
Massive Streaming Analytics with Spark Streaming
Massive Streaming Analytics with Spark StreamingMassive Streaming Analytics with Spark Streaming
Massive Streaming Analytics with Spark StreamingPaolo Platter
 
Sail In The Cloud
Sail In The CloudSail In The Cloud
Sail In The CloudAlex Soto
 
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...ITCamp
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...APNIC
 
Execution Plans in practice - how to make SQL Server queries faster - Damian ...
Execution Plans in practice - how to make SQL Server queries faster - Damian ...Execution Plans in practice - how to make SQL Server queries faster - Damian ...
Execution Plans in practice - how to make SQL Server queries faster - Damian ...ITCamp
 
Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019
Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019
Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019Codemotion
 
State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]Mikhail Asavkin
 
「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」
「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」
「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」Osaka University
 
The Life of a Packet through Istio III
The Life of a Packet through Istio IIIThe Life of a Packet through Istio III
The Life of a Packet through Istio IIIMatt Turner
 
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service MeshAutomated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service MeshMatt Turner
 

More Related Content

Similar to Why Is Istio That Shape?

Azure Microservices in Practice - Radu Vunvulea
Azure Microservices in Practice - Radu VunvuleaAzure Microservices in Practice - Radu Vunvulea
Azure Microservices in Practice - Radu VunvuleaITCamp
 
Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016
Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016
Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016Radu Vunvulea
 
Running Resilient Workloads on Istio
Running Resilient Workloads on IstioRunning Resilient Workloads on Istio
Running Resilient Workloads on IstioMatt Turner
 
The life of a packet through Istio - QCon London 2019
The life of a packet through Istio - QCon London 2019The life of a packet through Istio - QCon London 2019
The life of a packet through Istio - QCon London 2019Matt Turner
 
Pivotal microservices spring_pcf_skillsmatter.pptx
Pivotal microservices spring_pcf_skillsmatter.pptxPivotal microservices spring_pcf_skillsmatter.pptx
Pivotal microservices spring_pcf_skillsmatter.pptxSufyaan Kazi
 
Do You Need a Service Mesh? @ London Devops, January 2019
Do You Need a Service Mesh? @ London Devops, January 2019Do You Need a Service Mesh? @ London Devops, January 2019
Do You Need a Service Mesh? @ London Devops, January 2019Matt Turner
 
Testing your PowerShell code with Pester - Florin Loghiade
Testing your PowerShell code with Pester - Florin LoghiadeTesting your PowerShell code with Pester - Florin Loghiade
Testing your PowerShell code with Pester - Florin LoghiadeITCamp
 
Lessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric ArchitectureLessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric ArchitectureWSO2
 
Agile Lab_BigData_Meetup
Agile Lab_BigData_MeetupAgile Lab_BigData_Meetup
Agile Lab_BigData_MeetupPaolo Platter
 
Massive Streaming Analytics with Spark Streaming
Massive Streaming Analytics with Spark StreamingMassive Streaming Analytics with Spark Streaming
Massive Streaming Analytics with Spark StreamingPaolo Platter
 
Sail In The Cloud
Sail In The CloudSail In The Cloud
Sail In The CloudAlex Soto
 
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...ITCamp
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...APNIC
 
Execution Plans in practice - how to make SQL Server queries faster - Damian ...
Execution Plans in practice - how to make SQL Server queries faster - Damian ...Execution Plans in practice - how to make SQL Server queries faster - Damian ...
Execution Plans in practice - how to make SQL Server queries faster - Damian ...ITCamp
 
Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019
Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019
Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019Codemotion
 
State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]Mikhail Asavkin
 
「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」
「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」
「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」Osaka University
 

Similar to Why Is Istio That Shape? (20)

Azure Microservices in Practice - Radu Vunvulea
Azure Microservices in Practice - Radu VunvuleaAzure Microservices in Practice - Radu Vunvulea
Azure Microservices in Practice - Radu Vunvulea
 
Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016
Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016
Azure Microservices in Practice, Radu Vunvulea, ITCamp 2016
 
Running Resilient Workloads on Istio
Running Resilient Workloads on IstioRunning Resilient Workloads on Istio
Running Resilient Workloads on Istio
 
The life of a packet through Istio - QCon London 2019
The life of a packet through Istio - QCon London 2019The life of a packet through Istio - QCon London 2019
The life of a packet through Istio - QCon London 2019
 
The next-gen Mahara
The next-gen MaharaThe next-gen Mahara
The next-gen Mahara
 
Pivotal microservices spring_pcf_skillsmatter.pptx
Pivotal microservices spring_pcf_skillsmatter.pptxPivotal microservices spring_pcf_skillsmatter.pptx
Pivotal microservices spring_pcf_skillsmatter.pptx
 
Do You Need a Service Mesh? @ London Devops, January 2019
Do You Need a Service Mesh? @ London Devops, January 2019Do You Need a Service Mesh? @ London Devops, January 2019
Do You Need a Service Mesh? @ London Devops, January 2019
 
Testing your PowerShell code with Pester - Florin Loghiade
Testing your PowerShell code with Pester - Florin LoghiadeTesting your PowerShell code with Pester - Florin Loghiade
Testing your PowerShell code with Pester - Florin Loghiade
 
Lessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric ArchitectureLessons from the Trenches: Building an API-Centric Architecture
Lessons from the Trenches: Building an API-Centric Architecture
 
Presenting: Mahara 15.04
Presenting: Mahara 15.04Presenting: Mahara 15.04
Presenting: Mahara 15.04
 
GenieATM useful usage
GenieATM useful usageGenieATM useful usage
GenieATM useful usage
 
Agile Lab_BigData_Meetup
Agile Lab_BigData_MeetupAgile Lab_BigData_Meetup
Agile Lab_BigData_Meetup
 
Massive Streaming Analytics with Spark Streaming
Massive Streaming Analytics with Spark StreamingMassive Streaming Analytics with Spark Streaming
Massive Streaming Analytics with Spark Streaming
 
Sail In The Cloud
Sail In The CloudSail In The Cloud
Sail In The Cloud
 
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
 
Execution Plans in practice - how to make SQL Server queries faster - Damian ...
Execution Plans in practice - how to make SQL Server queries faster - Damian ...Execution Plans in practice - how to make SQL Server queries faster - Damian ...
Execution Plans in practice - how to make SQL Server queries faster - Damian ...
 
Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019
Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019
Horacio Gonzalez - Monitoring OVH - Codemotion Amsterdam 2019
 
State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]State management with GraphQL [Angular Minsk, Online, 13.06.20]
State management with GraphQL [Angular Minsk, Online, 13.06.20]
 
「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」
「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」
「機械翻訳の現在と未来:機械翻訳が新たに生み出すサービスは何か?」
 

More from Matt Turner

The Life of a Packet through Istio III
The Life of a Packet through Istio IIIThe Life of a Packet through Istio III
The Life of a Packet through Istio IIIMatt Turner
 
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service MeshAutomated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service MeshMatt Turner
 
apiserver-Only "Clusters" for fun and profit
apiserver-Only "Clusters" for fun and profitapiserver-Only "Clusters" for fun and profit
apiserver-Only "Clusters" for fun and profitMatt Turner
 
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenarios
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenariosIstio + SPIRE for cross-domain traffic trust in hybrid-cloud scenarios
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenariosMatt Turner
 
Dynamically Testing Individual Microservice Releases In Production
Dynamically Testing Individual Microservice Releases In Production Dynamically Testing Individual Microservice Releases In Production
Dynamically Testing Individual Microservice Releases In ProductionMatt Turner
 
The Life of a Packet III - Service Mesh London
The Life of a Packet III - Service Mesh LondonThe Life of a Packet III - Service Mesh London
The Life of a Packet III - Service Mesh LondonMatt Turner
 
Cloud-Native Progressive Delivery
Cloud-Native Progressive DeliveryCloud-Native Progressive Delivery
Cloud-Native Progressive DeliveryMatt Turner
 
An Introduction to Bazel
An Introduction to BazelAn Introduction to Bazel
An Introduction to BazelMatt Turner
 
Networks, Linux, Containers, Pods
Networks, Linux, Containers, PodsNetworks, Linux, Containers, Pods
Networks, Linux, Containers, PodsMatt Turner
 
Debugging an RBAC Problem in Istio
Debugging an RBAC Problem in IstioDebugging an RBAC Problem in Istio
Debugging an RBAC Problem in IstioMatt Turner
 
Software Networking and Interfaces on Linux
Software Networking and Interfaces on LinuxSoftware Networking and Interfaces on Linux
Software Networking and Interfaces on LinuxMatt Turner
 
The life of a packet through Istio
The life of a packet through IstioThe life of a packet through Istio
The life of a packet through IstioMatt Turner
 
Istio - The life of a packet
Istio - The life of a packetIstio - The life of a packet
Istio - The life of a packetMatt Turner
 
An Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem DevelopmentAn Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem DevelopmentMatt Turner
 

More from Matt Turner (16)

The Life of a Packet through Istio III
The Life of a Packet through Istio IIIThe Life of a Packet through Istio III
The Life of a Packet through Istio III
 
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service MeshAutomated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
 
apiserver-Only "Clusters" for fun and profit
apiserver-Only "Clusters" for fun and profitapiserver-Only "Clusters" for fun and profit
apiserver-Only "Clusters" for fun and profit
 
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenarios
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenariosIstio + SPIRE for cross-domain traffic trust in hybrid-cloud scenarios
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenarios
 
Dynamically Testing Individual Microservice Releases In Production
Dynamically Testing Individual Microservice Releases In Production Dynamically Testing Individual Microservice Releases In Production
Dynamically Testing Individual Microservice Releases In Production
 
The Life of a Packet III - Service Mesh London
The Life of a Packet III - Service Mesh LondonThe Life of a Packet III - Service Mesh London
The Life of a Packet III - Service Mesh London
 
Cloud-Native Progressive Delivery
Cloud-Native Progressive DeliveryCloud-Native Progressive Delivery
Cloud-Native Progressive Delivery
 
An Introduction to Bazel
An Introduction to BazelAn Introduction to Bazel
An Introduction to Bazel
 
Networks, Linux, Containers, Pods
Networks, Linux, Containers, PodsNetworks, Linux, Containers, Pods
Networks, Linux, Containers, Pods
 
Debugging an RBAC Problem in Istio
Debugging an RBAC Problem in IstioDebugging an RBAC Problem in Istio
Debugging an RBAC Problem in Istio
 
Software Networking and Interfaces on Linux
Software Networking and Interfaces on LinuxSoftware Networking and Interfaces on Linux
Software Networking and Interfaces on Linux
 
The life of a packet through Istio
The life of a packet through IstioThe life of a packet through Istio
The life of a packet through Istio
 
Bash is Testing
Bash is TestingBash is Testing
Bash is Testing
 
Istio - The life of a packet
Istio - The life of a packetIstio - The life of a packet
Istio - The life of a packet
 
Fluency
FluencyFluency
Fluency
 
An Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem DevelopmentAn Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem Development
 

Recently uploaded

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Recently uploaded (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

Why Is Istio That Shape?

  • 1. Why Is Istio That Shape? @mt165 Why Is Istio That Shape? Matt Turner Software Architecture Gathering, Virtual | November 2022 @mt165 | mt165.co.uk
  • 2. Why Is Istio That Shape? @mt165 THE ENTERPRISE SERVICE MESH COMPANY
  • 3. Why Is Istio That Shape? @mt165 Pop Quiz!
  • 4. Why Is Istio That Shape? @mt165 Background Service Meshes and Istio
  • 5. Why Is Istio That Shape? @mt165 Business Value ● Top Line ● Bottom Line ● Time to Market & Speed of Iteration ● Risk Reduction
  • 6. Why Is Istio That Shape? @mt165 Break the Monolith
  • 7. Why Is Istio That Shape? @mt165 Pod Pod Pod Break the Monolith Namespace A Namespace B Namespace C Namespace A Namespace B Namespace C
  • 8. Why Is Istio That Shape? @mt165 But Don’t Just Distribute It!
  • 9. Why Is Istio That Shape? @mt165 Technical Implications
  • 10. Why Is Istio That Shape? @mt165
  • 11. Why Is Istio That Shape? @mt165
  • 12. Why Is Istio That Shape? @mt165
  • 13. Why Is Istio That Shape? @mt165
  • 14. Why Is Istio That Shape? @mt165
  • 15. Why Is Istio That Shape? @mt165
  • 16. Why Is Istio That Shape? @mt165 Service A Service B
  • 17. Why Is Istio That Shape? @mt165 Lots of Options: In-process libraries and frameworks
  • 18. Why Is Istio That Shape? @mt165 Polyglot environments
  • 19. Why Is Istio That Shape? @mt165 Polyglot environments
  • 20. Why Is Istio That Shape? @mt165 Take the Network Smarts out of the Process
  • 21. Why Is Istio That Shape? @mt165 Add a Control Plane
  • 22. Why Is Istio That Shape? @mt165 Istio “An open platform to connect, secure, control, and observe services.”
  • 23. Why Is Istio That Shape? @mt165 What Shape is Istio?
  • 24. Why Is Istio That Shape? @mt165 Istio 0.1 - 1.4
  • 25. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
  • 26. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
  • 27. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
  • 28. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B
  • 29. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B
  • 30. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B TLS certs to Envoys
  • 31. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Config to Envoys Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
  • 32. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Config to Envoys Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy k8s consul zk K8s API Server
  • 33. Why Is Istio That Shape? @mt165 Have We Seen This Before?
  • 34. Why Is Istio That Shape? @mt165 IP Router Architecture DATA PLANE CONTROL PLANE OSPF ARP BGP STP Router Information Base Forwarding Information Base Forwarding Engine
  • 35. Why Is Istio That Shape? @mt165 IP Router Architecture DATA PLANE CONTROL PLANE OSPF ARP BGP STP Router Information Base Forwarding Information Base Forwarding Engine Latency Throughput Concurrency Availability
  • 36. Why Is Istio That Shape? @mt165 IP Router Architecture DATA PLANE CONTROL PLANE OSPF ARP BGP STP PILOT ENVOY Router Information Base Forwarding Information Base Forwarding Engine
  • 37. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Policy checks, Telemetry Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
  • 38. Why Is Istio That Shape? @mt165 IP Router Architecture Interrupt Kernel module User process DATA PLANE CONTROL PLANE OSPF ARP BGP STP Router Information Base Forwarding Information Base
  • 39. Why Is Istio That Shape? @mt165 IP Router Architecture DATA PLANE CONTROL PLANE OSPF ARP BGP STP PILOT MIXER ENVOY Interrupt Kernel module User process Router Information Base Forwarding Information Base
  • 40. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Control Plane API Service A Service B Config to Envoys prom ES REPORT CHECK ACL Rate limit Mixer fat client Mixer fat client Citadel
  • 41. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB Pilot Mixer Citadel Control Plane API Service A Service B Config to Envoys TLS certs to Envoys Policy checks, Telemetry Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy
  • 42. Why Is Istio That Shape? @mt165 Why Isn’t Istio This Shape?
  • 43. Why Is Istio That Shape? @mt165 Mixer Pros ● Recognisable mental mode ● Good availability ● Can horizontally scale ○ Load ○ High availability Cons ● Performance was never great ● Very few things need coördination between proxies
  • 44. Why Is Istio That Shape? @mt165 µServices! Pros ● Decoupled deployments ● Isolated security contexts ● Isolated failure domains ● Individual scaling ● Multiple languages ● Clean mapping to individual teams/domains Cons ● Complex to debug ● Fiddly to deploy ● Inefficient ○ Message-passing ○ Missed shared cache opportunities
  • 45. Why Is Istio That Shape? @mt165 µServices? Decoupled deployments ● No-one ever did
  • 46. Why Is Istio That Shape? @mt165 µServices? Isolated security contexts ● Citadel is obviously a security component, but… ● Pilot can re-route all your requests ● Mixer can steal all your traffic ● …a breach in any one is as bad as the others
  • 47. Why Is Istio That Shape? @mt165 µServices? Isolated failure domains ● Mixer is the only acutely critical service
  • 48. Why Is Istio That Shape? @mt165 µServices? Individual scaling ● Resource usage was dominated by one component of service: Pilot’s XDS serving
  • 49. Why Is Istio That Shape? @mt165 µServices? Multiple languages ● It’s all Go
  • 50. Why Is Istio That Shape? @mt165 µServices? Clean mapping to individual teams/domains ● We’re good at writing monoliths ● µServices were never about this anyway
  • 51. Why Is Istio That Shape? @mt165 Istio 1.5 - Date
  • 52. Why Is Istio That Shape? @mt165 Pilot ● That thing I said about a compiler… ● It’s a nice mental model ● It wasn’t true
  • 53. Why Is Istio That Shape? @mt165 Pilot Pilot K8s API Server Envoy Envoy Envoy Envoy k8s consul zk
  • 54. Why Is Istio That Shape? @mt165 Pilot K8s API Server Envoy Envoy Envoy Envoy k8s consul zk
  • 55. Why Is Istio That Shape? @mt165 Pilot K8s API Server Envoy Envoy Envoy Envoy k8s consul zk
  • 56. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB istiod Control Plane API Service A Service B Config to Envoys TLS certs to Envoys Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy µServices
  • 57. Why Is Istio That Shape? @mt165 Mixer ● Policy: implemented with (new) Envoy-native features
  • 58. Why Is Istio That Shape? @mt165 Envoy SvcA Envoy SvcB istiod Control Plane API Service A Service B Config to Envoys TLS certs to Envoys Envoy Envoy Envoy Envoy Ingress Egress Envoy Envoy Envoy Envoy WASM WASM WASM WASM Telem etry
  • 59. Why Is Istio That Shape? @mt165 Dataplane Topology - Host-Based Proxy #eBPF #sidecarless #nomesh
  • 60. Why Is Istio That Shape? @mt165 Envoy Service A Service B WASM WASM host istiod Control Plane API
  • 61. Why Is Istio That Shape? @mt165 CPU Usage Per Request Idle
  • 62. Why Is Istio That Shape? @mt165 Memory Usage Per Service Config Overhead: programme
  • 63. Why Is Istio That Shape? @mt165 Dataplane Topology - “Ambient Mesh”
  • 64. Why Is Istio That Shape? @mt165 Ambient Mesh - zTunnel host host Service A Service B zTunnel zTunnel Service A
  • 65. Why Is Istio That Shape? @mt165 Ambient Mesh - “Waypoint” Proxies host host Service A Service B zTunnel zTunnel Service A Envoy K8s ServiceAccount A Envoy K8s ServiceAccount B
  • 66. Why Is Istio That Shape? @mt165 Thanks! Slides Videos Demo code mt165.co.uk Questions @mt165