SlideShare a Scribd company logo

Istio Service Mesh for Developers and Platform Engineers

S
SaiLinnThu2

Istio Service Mesh for Developers and Platform Engineers (Presented at Singapore k8s user group 23-May-2023)

Technology
1 of 42
Download to read offline
Sai, Field Engineer @ Solo.io Istio Service Mesh For Developers & Platform Engineers
Home Lab BEFORE
Home Lab NOW
Business Drivers for Application Modernization Reduce Costs / Shift Capex to Opex Access to Innovation Increase flexibility and Capacity of Infrastructure Increase Velocity of Development Reduce Risk Monolithic Microservices
The Way We Build Applications Monolithic On-Prem Built on a VM+OS Large Teams Microservices Cloud Built on Kubernetes Agile Teams
Challenges with Microservices ● How to observe interactions among services? ● How to secure service to service communication? ● How to manage transient failures? ● How to control traffic?
Online Boutique Microservices Demo Source: https://github.com/GoogleCloudPlatform/microservices-demo
Application Networking Challenges ● Service discovery ● Load balancing ● Timeouts ● Retry / Budgets ● Circuit breaking ● Tracing, observability ● Secure transport ● Extension Challenges
Application Networking
Data Plane & Control Plane
Why Envoy for Service Mesh Data Plane ● Neutral Foundation (CNCF) ● Large, diverse, vibrant community ● Built ground up for dynamic services environment ● Dynamic configuration, driven by API ● Highly extensible ● L7 filters (HTTP/1, HTTP/2, gRPC, redis, mysql, Kafka, etc) ● Deep signals telemetry out of the box ● Versatile deployment options
Istio - Open Source Service Mesh 2017 Istio Launched Data Plane Enhancements 2019-20 7 New Community Releases 1000s Production Users ~ 1000 Community Contributors 2022 CNCF 2019-2022
Case Studies https://istio.io/latest/about/case-studies/
Istio Service Mesh Architecture
Istio Deployment (Sidecar Architecture)
Use Cases
Too Much TRUST!
Zero Trust Security
Secure Networking - Server Side TLS
Secure Networking - mTLS
Network Security in Kubernetes Default State !!! Desired State “Zero Trust Security”
DIY … Whoops ! ○ 81% of companies experienced a certificate-related outage in the past two years ○ 65% are concerned about the increased workload and risk of outages caused by shorter SSL/TLS certificate lifespans. ○ Human error was a major contributing factor in 95% of breaches
Istio to the Rescue !
Resiliency - There will be Failures Common Mitigations ● Waiting indefinitely is bad ● Trying again is good ● Degrade gracefully when services are overwhelmed
Timeout - Don’t wait Indefinitely
Retry - Trying Again is Good 👍
Circuit Breaker - Degrade gracefully
Observability - Insights for Competitive Advantage Building a Uniform Approach ● Understand traffic patterns ● Determine service health ● Anticipate outages ● Detect dangerous activity ● Audit access
Observability - Metrics and Access Logging [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default metrics
RECAP
Business Drivers for Adopting Istio
Life without ServiceMesh `vs` Life with ServiceMesh Business Logic Security Logic Traffic Management Logic Golden Metrics/ Observability Logic Resiliency Logic Managed by Developer - Multiple Tasks - Multiple Frameworks - Language Specific - Poor Dev Experience - 100s of Manual Steps Business Logic Security Logic Traffic Management Logic Golden Metrics/ Observability Logic Resiliency Logic Managed by Developer - Focus on Biz Logic - Developer Productivity Managed by ServiceMesh - Automated Workflow - Deploy Consistent Infrastructure Layer - Eliminate Language Specific Libraries - Consistent Security & Observability across LOBs Before Service Mesh After Service Mesh Microservice App Microservice App
Istio Deployment (Sidecar Architecture)
Istio Ambient Mesh (Sidecar-less Architecture) A recent, open source contribution to the Istio project, that defines a new sidecar-less data plane. Improve Performance Simplify Operations Cost Reduction https://istio.io/latest/blog/2022/introducing-ambient-mesh/
Istio Deployment (Sidecar-less Architecture)
Something to think about …
Something to think about …
● the Istio Ingress Gateway doesn’t provide the capabilities of an enterprise API gateway ● It’s complex to use and to manage, especially in a multi-cloud context ● mTLS across the clusters ● Lifecycle management for control planes and istio gateways ● Global Observability (centralized metrics and access logging) ● Long term support Something to think about …
Learn More …
Learn More … 10,000+ students have attended hands-on workshops 1,800+ engineers have achieved certifications NPS Score 75 https://academy.solo.io
Istio User Group SINGAPORE
Thanks for attending! @_hellosai_ sai.linnthu@solo.io https://www.linkedin.com/in/sailinnthu/ https://www.youtube.com/@SaiLinnThu Field Engineer - APAC @ Solo.io

Recommended

Gitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDGitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDHaggai Philip Zagury
 
CI:CD in Lightspeed with kubernetes and argo cd
CI:CD in Lightspeed with kubernetes and argo cdCI:CD in Lightspeed with kubernetes and argo cd
CI:CD in Lightspeed with kubernetes and argo cdBilly Yuen
 
GitOps with ArgoCD
GitOps with ArgoCDGitOps with ArgoCD
GitOps with ArgoCDCloudOps2005
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with KubernetesEastBanc Tachnologies
 
CD using ArgoCD(KnolX).pdf
CD using ArgoCD(KnolX).pdfCD using ArgoCD(KnolX).pdf
CD using ArgoCD(KnolX).pdfKnoldus Inc.
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsWeaveworks
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopBob Killen
 
Gitops: a new paradigm for software defined operations
Gitops: a new paradigm for software defined operationsGitops: a new paradigm for software defined operations
Gitops: a new paradigm for software defined operationsMariano Cunietti
 

Recommended

Gitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDGitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDHaggai Philip Zagury
 
CI:CD in Lightspeed with kubernetes and argo cd
CI:CD in Lightspeed with kubernetes and argo cdCI:CD in Lightspeed with kubernetes and argo cd
CI:CD in Lightspeed with kubernetes and argo cdBilly Yuen
 
GitOps with ArgoCD
GitOps with ArgoCDGitOps with ArgoCD
GitOps with ArgoCDCloudOps2005
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with KubernetesEastBanc Tachnologies
 
CD using ArgoCD(KnolX).pdf
CD using ArgoCD(KnolX).pdfCD using ArgoCD(KnolX).pdf
CD using ArgoCD(KnolX).pdfKnoldus Inc.
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsWeaveworks
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopBob Killen
 
Gitops: a new paradigm for software defined operations
Gitops: a new paradigm for software defined operationsGitops: a new paradigm for software defined operations
Gitops: a new paradigm for software defined operationsMariano Cunietti
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101Crevise Technologies
 
GitOps and ArgoCD
GitOps and ArgoCDGitOps and ArgoCD
GitOps and ArgoCDOmar Fathy
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDSunnyvale
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Megan O'Keefe
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioMichelle Holley
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways Kong Inc.
 
Kubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewKubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewBob Killen
 
Continuous Lifecycle London 2018 Event Keynote
Continuous Lifecycle London 2018 Event KeynoteContinuous Lifecycle London 2018 Event Keynote
Continuous Lifecycle London 2018 Event KeynoteWeaveworks
 
Kong
KongKong
KongTroublemaker Khunpech
 
GitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfGitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfssuser31375f
 
Azure DevOps Presentation
Azure DevOps PresentationAzure DevOps Presentation
Azure DevOps PresentationInCycleSoftware
 
Gitops: the kubernetes way
Gitops: the kubernetes wayGitops: the kubernetes way
Gitops: the kubernetes waysparkfabrik
 
Service mesh
Service meshService mesh
Service meshArnab Mitra
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introductionJason Vance
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRishabh Indoria
 
The journey to GitOps
The journey to GitOpsThe journey to GitOps
The journey to GitOpsNicola Baldi
 
Anthos
AnthosAnthos
AnthosMeena Sambamurthy
 
Platform engineering 101
Platform engineering 101Platform engineering 101
Platform engineering 101Sander Knape
 
WTF is GitOps and Why You Should Care?
WTF is GitOps and Why You Should Care?WTF is GitOps and Why You Should Care?
WTF is GitOps and Why You Should Care?Weaveworks
 
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Hello Cloud
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service MeshRafik HARABI
 

More Related Content

What's hot

GitOps and ArgoCD
GitOps and ArgoCDGitOps and ArgoCD
GitOps and ArgoCDOmar Fathy
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDSunnyvale
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Megan O'Keefe
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioMichelle Holley
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways Kong Inc.
 
Kubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewKubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewBob Killen
 
Continuous Lifecycle London 2018 Event Keynote
Continuous Lifecycle London 2018 Event KeynoteContinuous Lifecycle London 2018 Event Keynote
Continuous Lifecycle London 2018 Event KeynoteWeaveworks
 
GitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfGitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfssuser31375f
 
Azure DevOps Presentation
Azure DevOps PresentationAzure DevOps Presentation
Azure DevOps PresentationInCycleSoftware
 
Gitops: the kubernetes way
Gitops: the kubernetes wayGitops: the kubernetes way
Gitops: the kubernetes waysparkfabrik
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introductionJason Vance
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRishabh Indoria
 
The journey to GitOps
The journey to GitOpsThe journey to GitOps
The journey to GitOpsNicola Baldi
 
Platform engineering 101
Platform engineering 101Platform engineering 101
Platform engineering 101Sander Knape
 
WTF is GitOps and Why You Should Care?
WTF is GitOps and Why You Should Care?WTF is GitOps and Why You Should Care?
WTF is GitOps and Why You Should Care?Weaveworks
 

What's hot (20)

Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
GitOps and ArgoCD
GitOps and ArgoCDGitOps and ArgoCD
GitOps and ArgoCD
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with Istio
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways
 
Kubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewKubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive Overview
 
Continuous Lifecycle London 2018 Event Keynote
Continuous Lifecycle London 2018 Event KeynoteContinuous Lifecycle London 2018 Event Keynote
Continuous Lifecycle London 2018 Event Keynote
 
Kong
KongKong
Kong
 
GitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfGitOps 101 Presentation.pdf
GitOps 101 Presentation.pdf
 
Azure DevOps Presentation
Azure DevOps PresentationAzure DevOps Presentation
Azure DevOps Presentation
 
Gitops: the kubernetes way
Gitops: the kubernetes wayGitops: the kubernetes way
Gitops: the kubernetes way
 
Service mesh
Service meshService mesh
Service mesh
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introduction
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
The journey to GitOps
The journey to GitOpsThe journey to GitOps
The journey to GitOps
 
Anthos
AnthosAnthos
Anthos
 
Platform engineering 101
Platform engineering 101Platform engineering 101
Platform engineering 101
 
WTF is GitOps and Why You Should Care?
WTF is GitOps and Why You Should Care?WTF is GitOps and Why You Should Care?
WTF is GitOps and Why You Should Care?
 

Similar to Istio Service Mesh for Developers and Platform Engineers

Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Hello Cloud
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service MeshRafik HARABI
 
Oracle Open World 2018 - Cloud Lift Accelerator Suite
Oracle Open World 2018 - Cloud Lift Accelerator SuiteOracle Open World 2018 - Cloud Lift Accelerator Suite
Oracle Open World 2018 - Cloud Lift Accelerator SuiteIke Aniagoh
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Ram Vennam
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service MeshRam Vennam
 
How we buit microservices
How we buit microservicesHow we buit microservices
How we buit microservicesIhor Harahatyi
 
EXTENT-2016: Network Instrumentation Challenges and Solutions
EXTENT-2016: Network Instrumentation Challenges and SolutionsEXTENT-2016: Network Instrumentation Challenges and Solutions
EXTENT-2016: Network Instrumentation Challenges and SolutionsIosif Itkin
 
The Future of Service Mesh
The Future of Service MeshThe Future of Service Mesh
The Future of Service MeshAll Things Open
 
SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...
SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...
SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...Daniel Bryant
 
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...Daniel Bryant
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidMyNOG
 
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...WSO2
 
Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?Eurotech
 
Cloudify: Open vCPE Design Concepts and Multi-Cloud Orchestration
Cloudify: Open vCPE Design Concepts and Multi-Cloud OrchestrationCloudify: Open vCPE Design Concepts and Multi-Cloud Orchestration
Cloudify: Open vCPE Design Concepts and Multi-Cloud OrchestrationCloudify Community
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiMyNOG
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service MeshLew Tucker
 
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...apidays
 

Similar to Istio Service Mesh for Developers and Platform Engineers (20)

Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service Mesh
 
Oracle Open World 2018 - Cloud Lift Accelerator Suite
Oracle Open World 2018 - Cloud Lift Accelerator SuiteOracle Open World 2018 - Cloud Lift Accelerator Suite
Oracle Open World 2018 - Cloud Lift Accelerator Suite
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
 
How we buit microservices
How we buit microservicesHow we buit microservices
How we buit microservices
 
EXTENT-2016: Network Instrumentation Challenges and Solutions
EXTENT-2016: Network Instrumentation Challenges and SolutionsEXTENT-2016: Network Instrumentation Challenges and Solutions
EXTENT-2016: Network Instrumentation Challenges and Solutions
 
The Future of Service Mesh
The Future of Service MeshThe Future of Service Mesh
The Future of Service Mesh
 
Overview xs en
Overview xs enOverview xs en
Overview xs en
 
SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...
SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...
SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...
 
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
 
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
 
Cloud APIs Overview Tucker
Cloud APIs Overview TuckerCloud APIs Overview Tucker
Cloud APIs Overview Tucker
 
Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?
 
Cloudify: Open vCPE Design Concepts and Multi-Cloud Orchestration
Cloudify: Open vCPE Design Concepts and Multi-Cloud OrchestrationCloudify: Open vCPE Design Concepts and Multi-Cloud Orchestration
Cloudify: Open vCPE Design Concepts and Multi-Cloud Orchestration
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service Mesh
 
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
 
Microservice Powered Orchestration
Microservice Powered OrchestrationMicroservice Powered Orchestration
Microservice Powered Orchestration
 

Recently uploaded

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

Istio Service Mesh for Developers and Platform Engineers

  • 1. Sai, Field Engineer @ Solo.io Istio Service Mesh For Developers & Platform Engineers
  • 4. Business Drivers for Application Modernization Reduce Costs / Shift Capex to Opex Access to Innovation Increase flexibility and Capacity of Infrastructure Increase Velocity of Development Reduce Risk Monolithic Microservices
  • 5. The Way We Build Applications Monolithic On-Prem Built on a VM+OS Large Teams Microservices Cloud Built on Kubernetes Agile Teams
  • 6. Challenges with Microservices ● How to observe interactions among services? ● How to secure service to service communication? ● How to manage transient failures? ● How to control traffic?
  • 7. Online Boutique Microservices Demo Source: https://github.com/GoogleCloudPlatform/microservices-demo
  • 8. Application Networking Challenges ● Service discovery ● Load balancing ● Timeouts ● Retry / Budgets ● Circuit breaking ● Tracing, observability ● Secure transport ● Extension Challenges
  • 10. Data Plane & Control Plane
  • 11. Why Envoy for Service Mesh Data Plane ● Neutral Foundation (CNCF) ● Large, diverse, vibrant community ● Built ground up for dynamic services environment ● Dynamic configuration, driven by API ● Highly extensible ● L7 filters (HTTP/1, HTTP/2, gRPC, redis, mysql, Kafka, etc) ● Deep signals telemetry out of the box ● Versatile deployment options
  • 12. Istio - Open Source Service Mesh 2017 Istio Launched Data Plane Enhancements 2019-20 7 New Community Releases 1000s Production Users ~ 1000 Community Contributors 2022 CNCF 2019-2022
  • 14. Istio Service Mesh Architecture
  • 15. Istio Deployment (Sidecar Architecture)
  • 19. Secure Networking - Server Side TLS
  • 21. Network Security in Kubernetes Default State !!! Desired State “Zero Trust Security”
  • 22. DIY … Whoops ! ○ 81% of companies experienced a certificate-related outage in the past two years ○ 65% are concerned about the increased workload and risk of outages caused by shorter SSL/TLS certificate lifespans. ○ Human error was a major contributing factor in 95% of breaches
  • 23. Istio to the Rescue !
  • 24. Resiliency - There will be Failures Common Mitigations ● Waiting indefinitely is bad ● Trying again is good ● Degrade gracefully when services are overwhelmed
  • 25. Timeout - Don’t wait Indefinitely
  • 26. Retry - Trying Again is Good 👍
  • 27. Circuit Breaker - Degrade gracefully
  • 28. Observability - Insights for Competitive Advantage Building a Uniform Approach ● Understand traffic patterns ● Determine service health ● Anticipate outages ● Detect dangerous activity ● Audit access
  • 29. Observability - Metrics and Access Logging [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default metrics
  • 30. RECAP
  • 31. Business Drivers for Adopting Istio
  • 32. Life without ServiceMesh `vs` Life with ServiceMesh Business Logic Security Logic Traffic Management Logic Golden Metrics/ Observability Logic Resiliency Logic Managed by Developer - Multiple Tasks - Multiple Frameworks - Language Specific - Poor Dev Experience - 100s of Manual Steps Business Logic Security Logic Traffic Management Logic Golden Metrics/ Observability Logic Resiliency Logic Managed by Developer - Focus on Biz Logic - Developer Productivity Managed by ServiceMesh - Automated Workflow - Deploy Consistent Infrastructure Layer - Eliminate Language Specific Libraries - Consistent Security & Observability across LOBs Before Service Mesh After Service Mesh Microservice App Microservice App
  • 33. Istio Deployment (Sidecar Architecture)
  • 34. Istio Ambient Mesh (Sidecar-less Architecture) A recent, open source contribution to the Istio project, that defines a new sidecar-less data plane. Improve Performance Simplify Operations Cost Reduction https://istio.io/latest/blog/2022/introducing-ambient-mesh/
  • 36. Something to think about …
  • 37. Something to think about …
  • 38. ● the Istio Ingress Gateway doesn’t provide the capabilities of an enterprise API gateway ● It’s complex to use and to manage, especially in a multi-cloud context ● mTLS across the clusters ● Lifecycle management for control planes and istio gateways ● Global Observability (centralized metrics and access logging) ● Long term support Something to think about …
  • 40. Learn More … 10,000+ students have attended hands-on workshops 1,800+ engineers have achieved certifications NPS Score 75 https://academy.solo.io