ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdf
Get Started Service Mesh with Kubernetes and Istio
1. Get Started Service Mesh
with Kubernetes and Istio
by Larry Cai
Open Big Data Architecture
by Rockie Yang
Jun 27th Thursday 6:00PM
Hammarby Kaj 10D, Stockholm
2. Profile
— An open source, collaboration & Agile evangelist.
Software practice pioneering, aims to discover the best suitable
methods and tools to improve the efficiency of software
development.
— Competence
— CI & Automation & Cloud
— Lead the technical changes
— Agile, CI, Git, docker
Linkedin: https://www.linkedin.com/in/larrycaiyu/
Materials and all demos
https://gitlab.com/larrycai/istio-meetup
3. Agenda
• Docker, Kubernetes and Microservice ..
• What are Istio and service mesh/sidecar
• Demo (use istio for canary deployment)
• Summary
img: https://en.wikipedia.org/wiki/Rolf_Steinhausen
4. • Size: VM 1G -> Docker 100M
• Speed (start time): VM 1 min -> Docker
1 sec
• …
What is docker?
— Package SW inside container and deliver & deploy
into cloud
— Docker (container) is similar to VM, cloud
technology
6. What is Service/Microservices
• Microservices or microservice architecture, is an approach to application
development in which a large application is built as a suite of modular
components or services.
Microservices
7. What can support services better in kubernetes
• One pod contains one container?
• When do we use one pod to have several containers
• How can I just focus on service?
• Log, monitor, traffic flow …
• Are there any layer/framework to simplify …
A service mesh is a dedicated infrastructure layer for making service-to-
service communication safe, fast, and reliable.
Istio is one service mesh framework
8. What is Istio
• Istio : an open source service mesh designed to make it easier to connect, manage and
secure traffic between, and obtain telemetry about microservices running in
containers.
• logically split into a data plane and a control plane
• Sidecar is injected into pod with real service
source
https://glasnostic.com/blog/kubernetes-service-mesh-what-is-istio
https://istio.io/blog/2019/data-plane-setup/
https://en.wikipedia.org/wiki/Rolf_Steinhausen
Data traffic
1 Pod has 2 containers (service + sidecar)
9. • http://meet.up portal (web application) v1, planned to deploy to v2
• The docker images for v1, v2 are ready in advance
• larrycai/istio-meetup:v1
• larrycai/istio-meetup:v2
Use case: Service deployment using istio
10. Canary deployment with strategy
• Canary deployment choose sample sets to deploy and gain more
validation/feedback to continue
• Sample sets strategy example
• User type based: Normal user vs, VIP
• Geography based: Kista -> Sweden -> EU ..
• ….
• Monitor strategy
• Use k8s grafana/prometheus
• AI connected
• Istio service mesh
More in youtube: https://www.youtube.com/watch?v=uxiTzwjf7Eg
11. • http://meet.up portal (web application) v1, planned to deploy to v2
• The docker image for v1, v2 are ready in advance, plan to do canary deployment using istio
• Deployment strategy (simulated in simple):
• Only Firefox browser will access v2
• Other browsers still access v1
Use case: Service deployment using istio
12. Demo steps in high-level
• Install istio packages into existing k8s environment (all needed service)
• Use traditional way to deploy v1 and access it
• Use istio way to deploy v1 and access it
• Canary deploy the v2
• Complete the deployment (switch all traffic to v2)
• Monitor in istio platform (kiali/Grafana)
13. Demo environment
• Minikube/Virtualbox @ Windows 10
• All the tools (helm, kubectl, istio are installed inside VM)
• Codes are shared from Windows to VM
• Port forwarding to access the internal port (VPN issue)
• MobaXterm
• Version
• Istio 1.1.6
• Kubernetes 1.14.0
• Minikube 1.0.0
Materials and all demos
https://gitlab.com/larrycai/istio-meetup
14. Install Istio
• Install istio binary directly from https://github.com/istio/istio/releases
• $ curl -L -O https://github.com/istio/istio/releases/download/1.1.6/istio-1.1.6-linux.tar.gz
$ gunzip < istio-1.1.6-linux.tar.gz | tar xvf - # windows minikube doesn't have gnu tar with -z
$ sudo cp istio-1.1.6/bin/istioctl /usr/bin # or other folder in your path
• $ kubectl apply -f install/kubernetes/istio-demo.yaml
namespace/istio-system created
• $ kubectl get svc -n istio-system
..
grafana ClusterIP 10.110.242.119 <none> 3000/TCP
istio-citadel ClusterIP 10.107.79.4 <none> 8060/TCP,15014/TCP
istio-egressgateway ClusterIP 10.106.150.99 <none> 80/TCP,443/TCP,15443/TCP
istio-galley ClusterIP 10.96.7.103 <none> 443/TCP,15014/TCP,9901/TCP
istio-pilot ClusterIP 10.111.223.158 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP
istio-policy ClusterIP 10.99.92.37 <none> 9091/TCP,15004/TCP,15014/TCP
...
istio-ingressgateway LoadBalancer 10.108.74.19 <pending> 15020:30551/TCP,80:31380/TCP,..
...
kiali ClusterIP 10.111.53.120 <none> 20001/TCP
• The components in istio can be customized
15. Install meet.up web app v1
• Simple deployment and expose as nodeport for testing
• $ kubectl apply -f istio/meetup-v1.yaml
$ kubectl apply -f istio/meetup-nodeport.yaml
16. Demo steps in high-level
• Install istio packages into existing k8s environment (all needed service)
• Use traditional way to deploy v1 and access it
• Use istio way to deploy v1 and access it
• Canary deploy the v2
• Complete the deployment (switch all traffic to v2)
• Monitor in istio platform (kiali/Grafana)
17. Using istio way to install service
• Inject the istio sidecar into original deployment
• Orig: kubectl create -f istio/meetup-v1.yaml
• New: kubectl create -f <(istioctl kube-inject -f istio/meetup-v1.yaml)
• Create DestinationRule, Gateway for virtualservice
• $ kubectl apply -f istio/meetup-destination-v1.yaml
$ kubectl apply -f istio/meetup-gateway.yaml
$ kubectl apply -f istio/meetup-service-all-v1.yaml
Old traffic flow
Istio traffic flow
18. Canary deployment
• Deploy v2 version and route traffic from Firefox to v2
• Both v1,v2 service are deployed
•
$ kubectl apply -f <(istioctl kube-inject -f istio/meetup-v2.yaml)
$ kubectl apply -f istio/meetup-destination-all.yaml
$ kubectl apply -f istio/meetup-service-firefox-v2.yaml
19. What happens and benefit
• Istio let service to focus on the business, leave the common things to the
framework
• Traffic control, Load balance, authentication, Monitoring
• No/Less extra coding inside original service
Sidecar (injected)
Original service
(stay in same pod)
20. Summary
• Docker/kubernetes provides flexible deployment for your services
• Istio (one of the nice tool in k8s) makes it easy to create a network of
deployed services with load balancing, service-to-service authentication,
monitoring, and more, with few or no code changes in service code.
• More features or tools (like istio) will come out in kubernetes
• Using Service Mesh will be much more simple for end-user
21. Profile
— An open source, collaboration & Agile evangelist.
Software practice pioneering, aims to discover the best suitable
methods and tools to improve the efficiency of software
development.
— Competence
— CI & Automation & Cloud
— Lead the technical changes
— Agile, CI, Git, docker
Linkedin: https://www.linkedin.com/in/larrycaiyu/
Materials and all demos
https://gitlab.com/larrycai/istio-meetup