A service mesh is a dedicated infrastructure layer that manages communication between microservices, providing features such as traffic management, security, and observability. Istio is an open-source service mesh that is optimal for Kubernetes but has significant resource requirements and costs. Organizations like Shopify are exploring Istio for their deployments, but they encounter challenges such as cost and complexity.

1. Just what is a Service Mesh?
And if I get one, will it make everything OK?
@EltonStoneman | elton@docker.com | @DockerDublin

2. • Understanding the service mesh
• Using Istio with Kubernetes
• Evaluating service meshery

3. WHAT IS A SERVICE MESH?
It's the communication
between software components,
made into its own thing

4. web
api
database
• Address
• Timeout
• Retry
• Encryption
• Address
• Timeout
• Retry
• Encryption

5. microservices-demo

6. web
api
database
service-mesh
• Address
• Timeout
• Retry
• Encryption

7. web
api
database
service-mesh

8. SERVICE MESH FEATURES
• Traffic management
• Discovery, load-balancing, failure handling
• Security
• Encryption, authentication, authorization
• Observability
• Visualization, tracing, monitoring, logging

9. INTRODUCING ISTIO
• Open source, platform-agnostic*
• 0.1 in 2017, 1.0 in 2018
• Other service meshes are
available (Consul & Linkerd)

10. INTRODUCING ISTIO
• Optimal with Kubernetes
• Uses Envoy proxy
• So… best on Linux for now

11. * https://istio.io/docs/concepts/what-is-istio/

12. * https://istio.io/docs/concepts/what-is-istio/

13. * https://istio.io/docs/concepts/what-is-istio/

14. * https://istio.io/docs/concepts/what-is-istio/

15. YOUR SERVICE MESH IS NOT FREE
• Istio: ~2M LOC
• Envoy: ~250K
• Kubernetes: ~3.1M
• Docker: ~950K

16. YOUR SERVICE MESH IS NOT FREE
Here at Shopify, we’re working
on deploying Istio as our service
mesh. We’re doing quite well,
but are hitting a wall: Cost.
https://is.gd/ZqwILb

17. istio/istio

18. istio/istio

19. istio/istio

20. USING ISTIO
• Deploying on Kubernetes
• Automatic service registration
• Running apps with Istio

21. > demo

23. productpage
reviews
Virtual Service
Destination
Subset
Pod
Container

24. productpage
reviews
Virtual Service
Pod
Container
- route:
- destination:
host: reviews
subset: v2
weight: 50
Destination
Subset

25. TRAFFIC MANAGEMENT
• Runtime management
• Healthchecks, load-balancing, retries
• Quality control
• Personalized routing, fault injection
• Deployment
• A/B testing, staged rollouts

26. > demo

28. productpage
reviews
Mutual TLS
Secure naming
Identity/Authn/Authz
Certificate mgmt
Issue/Store/Rotate

29. > demo

31. productpage
reviews
Visualization
Distributed Tracing
Monitoring
Logging

32. > demo

34. SERVICE MESH ALTERNATIVES
• Traffic management
• DNS, feature toggles, libraries
• Security
• Platform, OSS integration
• Observability
• Prometheus, Grafana, Jaeger…

35. DO I NEED A SERVICE MESH?
• Service sprawl
• Release bottlenecks
• Snowflake implementations
• Cloud-native app pilot

36. THINK ABOUT THE COST
• Lock-in: tech & architecture
• Learning curve
• Environment drift
• Anti-DevOps

38. NEXT STEPS
• Istio by Docker Captain, Lee Calcote | layer5.io
• Docker learning path on Pluralsight | is.gd/O0fYmU
• Today’s demos | bit.ly/2WDHe7C
• ShipItCon | Dublin, September 6th 2019

39. THANK YOU :)
@EltonStoneman | elton@docker.com | @DockerDublin