In the session, we will go through the inner workings of Service mesh and Istio and its relationship with Kubernetes. In addition, we will understand how Istio makes many complex processes in Kubernetes easier.
2. Lack of etiquette and manners is a huge turn off.
KnolX Etiquettes
Punctuality
Respect Knolx session timings, you
are requested not to join sessions
after a 5 minutes threshold post
the session start time.
Feedback
Make sure to submit a constructive
feedback for all sessions as it is
very helpful for the presenter.
Silent Mode
Keep your mobile devices in silent
mode, feel free to move out of
session in case you need to attend
an urgent call.
Avoid Disturbance
Avoid unwanted chit chat during
the session.
4. Microservices Architecture
● Microservices architecture is an approach in which a single application is composed of many
loosely coupled and independently deployable smaller services.
● What’s need of Microservice architecture?
Challenges in Monolithic Architecture
★ Strong Coupling between different modules causing anti-
patterns in communicating between different modules.
★ Difficulties in Scaling.
★ Problem in one module can cause the whole application to
crash.
★ Difficult to move to a new framework or technology
5. Challenges of Micro services
architecture
● Service Discovery
● Retries
● failures and downtime detection
● Service upgradation
● Securing communication
6. Service Mesh
● A service mesh is a configurable, low-latency infrastructure layer designed to handle a high volume of
network-based inter process communication among application infrastructure services using application
programming interfaces (APIs).
● Features of Service Mesh
○ Traffic management: Dynamic service discovery,Routing,Traffic shadowing and traffic splitting.
○ Security: Traffic encryption by mutual TLS (MTLS), Authentication through certificate validation, Authorisation through
access policies and network segmentation.
○ Observability: Distributed tracing, access logs.
○ Here Sidecar acts as proxy in each pod.
○ It is a dedicated infrastructure layer built right into an app.
7. Istio
● Istio is an extensible open-source service mesh developed by IBM, Google, and Lyft.
● Istio can layer transparently onto a distributed application and provide all the
benefits of a service mesh like traffic management, security, and observability.
● Istio is platform-independent and designed to run in a variety of environments.
● Istio also enables sophisticated DevOps techniques such as canary deployments,
circuit breakers, fault injection, and more.
8. Architecture of Istio
● Istio architecture is divided into a data plane and a control plane.
○ Data plane: Data plane composed of a set of intelligent proxies (Envoy) deployed as sidecars.These
proxies are responsible for mediation and control network communication between microservices.
○ Control plane: It manages and configures the proxies to route traffic.
9. Istio’s Core Components
● Envoy
○ Envoy proxies interact with data plane traffic.
○ It deployed as sidecars to services, logically augmenting the services.
○ Through this sidecar deployment istio apply policy decision and transmit data.
○ Provide information about the behaviour of the entire mesh.
● Istiod
○ Istod provides service discovery, configuration and certificate management.
○ converts high level routing rules into Envoy-specific configurations.
○ Enables strong service-to-service and end-user authentication with built-in identity and credential
management.
10. Istio working
● Traffic Management
❖Istio traffic management API provides us control of the traffic in the service mesh.
❖Manage traffic through objects such as Virtual services, Gateway & Destination rule.
❖It add traffic configurations to Istio through these api.
❖API resources can be define using Kubernetes custom resource definitions (CRDs).
❖Helps in performing deployment patterns like Blue Green or Canary deployment.
11. ● SecurityManagement
❖Istio secures a service mesh by provisioning strong identities to every service.
❖Istio agents running alongside every Envoy proxy work with Istiod to automate key
and certificate rotation.
❖Istio facilitates two types of authentication — Peer authentication and Request
authentication.
12. ● Observability
❖Generates detailed telemetry like metrics, distributed traces, and access logs for
all service communication.
❖Istio generates a rich set of proxy-level metrics, service-oriented metrics, and
control plane metrics.
❖Istio supports a number of tracing backends like Zipkin, Jaeger, Lightstep, and
Datadog.