From the Docker Dublin MeetUp, June 2019. Talking about service meshes – Linkerd and Istio in particular. It’s a technical session so there are lots of demos, but it’s grounded in the practical question – do you really need a service mesh, and is it worth the cost? You’ll learn what a service mesh can do, and how it helps to cut a lot of infrastructure concerns from your code.

1. Just what is a Service Mesh?
And if I get one, will it make everything OK?
@EltonStoneman | elton@docker.com | @DockerDublin

2. • Understanding the service mesh
• Using Istio with Kubernetes
• Evaluating service meshery

3. WHAT IS A SERVICE MESH?
It's the communication
between software components,
made into its own thing

4. web
api
database
• Address
• Timeout
• Retry
• Encryption
• Address
• Timeout
• Retry
• Encryption

5. microservices-demo

6. web
api
database
service-mesh
• Address
• Timeout
• Retry
• Encryption

7. web
api
database
service-mesh

8. SERVICE MESH FEATURES
• Traffic management
• Discovery, load-balancing, failure handling
• Security
• Encryption, authentication, authorization
• Observability
• Visualization, tracing, monitoring, logging

9. INTRODUCING ISTIO
• Open source, platform-agnostic*
• 0.1 in 2017, 1.0 in 2018
• Other service meshes are
available (Consul & Linkerd)

10. INTRODUCING ISTIO
• Optimal with Kubernetes
• Uses Envoy proxy
• So… best on Linux for now

11. * https://istio.io/docs/concepts/what-is-istio/

12. * https://istio.io/docs/concepts/what-is-istio/

13. * https://istio.io/docs/concepts/what-is-istio/

14. * https://istio.io/docs/concepts/what-is-istio/

15. YOUR SERVICE MESH IS NOT FREE
• Istio: ~2M LOC
• Envoy: ~250K
• Kubernetes: ~3.1M
• Docker: ~950K

16. YOUR SERVICE MESH IS NOT FREE
Here at Shopify, we’re working
on deploying Istio as our service
mesh. We’re doing quite well,
but are hitting a wall: Cost.
https://is.gd/ZqwILb

17. istio/istio

18. istio/istio

19. istio/istio

20. USING ISTIO
• Deploying on Kubernetes
• Automatic service registration
• Running apps with Istio

21. > demo

23. productpage
reviews
Virtual Service
Destination
Subset
Pod
Container

24. productpage
reviews
Virtual Service
Pod
Container
- route:
- destination:
host: reviews
subset: v2
weight: 50
Destination
Subset

25. TRAFFIC MANAGEMENT
• Runtime management
• Healthchecks, load-balancing, retries
• Quality control
• Personalized routing, fault injection
• Deployment
• A/B testing, staged rollouts

26. > demo

28. productpage
reviews
Mutual TLS
Secure naming
Identity/Authn/Authz
Certificate mgmt
Issue/Store/Rotate

29. > demo

31. productpage
reviews
Visualization
Distributed Tracing
Monitoring
Logging

32. > demo

34. SERVICE MESH ALTERNATIVES
• Traffic management
• DNS, feature toggles, libraries
• Security
• Platform, OSS integration
• Observability
• Prometheus, Grafana, Jaeger…

35. DO I NEED A SERVICE MESH?
• Service sprawl
• Release bottlenecks
• Snowflake implementations
• Cloud-native app pilot

36. THINK ABOUT THE COST
• Lock-in: tech & architecture
• Learning curve
• Environment drift
• Anti-DevOps

38. NEXT STEPS
• Istio by Docker Captain, Lee Calcote | layer5.io
• Docker learning path on Pluralsight | is.gd/O0fYmU
• Today’s demos | bit.ly/2WDHe7C
• ShipItCon | Dublin, September 6th 2019

39. THANK YOU :)
@EltonStoneman | elton@docker.com | @DockerDublin