Microservices Architectures (aka Distributed Architectures) are the new paradigm to develop and deploy applications in Cloud environments. These architectures resolve several problems and improve the new life cycle in DevOps teams, however new challenges should be resolved or managed. OpenShift Service Mesh (based in Istio, Kiali, Jaeger) allows us to manage this new paradigm easily without to change our current applications. These slides will introduce you in OpenShift Service Mesh as a new component on OpenShift to manage your microservices architectures. Carlos Vicens worked on it with me. Slides used during a coordinated meetup between three different groups in Madrid: - OpenShift Madrid Group: https://www.meetup.com/es/openshift_spain/events/258188248/ - Microservices Madrid Group: https://www.meetup.com/es-ES/Microservicios/events/258188068/ - Madrid Spring User Group: https://www.meetup.com/es/madrid-spring-user-group/events/258322835/

1. Managing
Microservices
with Istio on
OpenShift

2. oc whoami
$ oc whoami
rmarting, jromanmartin
$ oc describe user rmarting jromanmartin
Name: Jose Roman Martin Gil
Created: 43 years ago
Labels: father, husband, friend, runner, curious, red hatter,
developer (in any order)
Annotations: Principal Middleware Architect @ Red Hat
Identities:
mailto: rmarting@redhat.com
GitHub: https://github.com/rmarting
Twitter: https://twitter.com/jromanmartin
LinkedIn: https://www.linkedin.com/in/jromanmartin/

3. oc whoami
$ oc whoami
cvicens, _cvicens, carlosvicens
$ oc describe user cvicens
Name: Carlos Vicens Alonso
Created: 43 years ago
Labels: father, husband, red hatter, developer, tinkerer (in
any order)
Annotations: Senior Specialist Solution Architect @ Red Hat
Identities:
mailto: cvicensa@redhat.com
GitHub: https://github.com/cvicens
Twitter: https://twitter.com/_cvicens
LinkedIn: https://www.linkedin.com/in/carlosvicens/
Medium: https://medium.com/@carlos.vicens.alonso

4. Have you ever woken up at night feeling uneasy
and sweaty wondering if your app is a monolith?
… I have
True story
…any given night
_shy_developer

6. Now I’m a believer… I love microservices…
I hate monoliths…
What next? How do I move on?
True story
… same night, but later
Same _shy_developer, now converted

7. We’ll break something in a mesh...
We’ll walk you through a plausible route to find
the root cause of the problem
...the butler did it!
Sorry I couldn’t help it
Little spoiler!
(although we hate spoilers!)

8. MICROSERVICES ARCHITECTURE

9. Microservices Architecture
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Application Server
HTML Javascript Web
ServiceServiceService
Service Service Service
Data Access
Runtime
Service
Runtime
Service

10. Microservices Architecture
DISTRIBUTED
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Application Server
HTML Javascript Web
ServiceServiceService
Service Service Service
Data Access
Runtime
Service
Runtime
Service

11. Distributed Architecture
Service ServiceService
Service ServiceService
Service ServiceService

12. Eight Fallacies of Distributed Computing
1. The network is reliable
2. Latency is zero
3. Bandwidth is infinite
4. The network is secure
5. Topology doesn’t change
6. There is one administrator
7. Transport cost is zero
8. The network is homogeneous
Source: https://en.wikipedia.org/wiki/Fallacies_of_distributed_computing
Photo: Icon made by Freepik from www.flaticon.com

13. HOW TO DEAL WITH THE COMPLEXITY?

14. Deployment
Service
Container
INFRASTRUCTURE
Service
Container
Service
Container

15. Configuration
Spring Cloud
Config Server
Service
Config
Service
Config
Service
Config
INFRASTRUCTURE

16. Service Discovery
Service
Spring Cloud
Config Server
Netflix Eureka
Netflix Ribbon Config
Service
Config
Service
Config
Svc Discovery Svc Discovery Svc Discovery
INFRASTRUCTURE

17. Dynamic Routing
Spring Cloud
Config Server
Service
Netflix Eureka
Netflix Ribbon Config
Service
Config
Service
Config
Svc Discovery Svc Discovery Svc Discovery
Routing Routing Routing
Netflix Zuul
Server
INFRASTRUCTURE

18. Fault Tolerance
Spring Cloud
Config Server
Service
Netflix Eureka
Netflix Ribbon Config
Service
Config
Service
Config
Svc Discovery Svc Discovery Svc Discovery
Routing Routing Routing
Netflix Zuul
Server
Circuit Breaker Circuit Breaker Circuit Breaker
INFRASTRUCTURE

19. Tracing and Visibility
Spring Cloud
Config Server
Service
Netflix Eureka
Netflix Ribbon Config
Service
Config
Service
Config
Svc Discovery Svc Discovery Svc Discovery
Routing Routing Routing
Netflix Zuul
Server
Circuit Breaker Circuit Breaker Circuit Breaker
Tracing Tracing Tracing
ZipKin Server
INFRASTRUCTURE

20. Polyglot Applications
Existing Applications
What About …?

21. There should be a BETTER WAY
Mmm maybe ... addressing the complexity
WITHIN the infrastructure
Then?

22. SERVICE MESH
A Dedicated Network for Service-to-Service Communications

23. Microservices Evolution
Service
Config
Svc Discovery
Routing
Circuit Breaker
Tracing
Service
Platform
Container Platform
(+ Service Mesh)
...2014 2018

24. Microservices without Service Mesh
Container
JVM
service A
discovery
load-balancer
resiliency
metrics
tracing
app logic
ff
Container
JVM
service B
discovery
load-balancer
resiliency
metrics
tracing
app logic
Container
JVM
service C
discovery
load-balancer
resiliency
metrics
tracing
app logic

25. Service Mesh Architecture
POD
ENVOY
SERVICE
POD
ENVOY
SERVICE
POD
ENVOY
SERVICE
Pilot Mixer Citadel
Applies security,
route rules, policies
and reports traffic
telemetry at the pod
level
Jaeger

26. OpenShift Service Mesh
OBSERVABILITY
POLICY ENFORCEMENT
SERVICE IDENTITY
& SECURITY
TRAFFIC MANAGEMENT
DIST. TRANSACTION
MONITORING
SERVICE DEPENDENCY
ANALYSIS
ROOT CAUSE ANALYSIS
DISTRIBUTED CONTEXT
PROPAGATION
PERFORMANCE /
LATENCY OPTIMIZATION
DISTRIBUTED TRACING
CONFIGURATION
VALIDATION
METRICS COLLECTION
AND GRAPHS
SERVICE GRAPH
REPRESENTATION
SERVICE DISCOVERY &
HEALTH COMPUTATION
Istio JaegerKiali
MAISTRA (Kubernetes Operator)

27. Service Mesh Ecosystem
Observe Observe
Secure
ControlConnect
Jaeger
Prometheus
Grafana
Kiali
Istio

28. SERVICE MESH FEATURES

29. FAULT TOLERANCE

30. Circuit Breaker without Service Mesh
SERVICE
A
SERVICE
B
SERVICE
C
CB CB
coupled to the service code

31. Circuit Breaker with Service Mesh
POD
SERVICE
A
ENVOY
POD
SERVICE
B
ENVOY
POD
SERVICE
C
ENVOY
transparent to the services

32. Circuit Breaker with Service Mesh
POD
SERVICE
A
ENVOY
POD
SERVICE
B
ENVOY
POD
SERVICE
C
ENVOY
improved response time with global circuit status

33. Timeouts and Retries with Service Mesh
POD
SERVICE
A
ENVOY
POD
SERVICE
B
ENVOY
POD
SERVICE
C
ENVOY
configure timeouts and retries, transparent to the services
timeout: 10 sec
retry: 5
timeout: 15 sec
retry: 5

34. Rate Limits with Service Mesh
POD
SERVICE
A
ENVOY
POD
SERVICE
B
ENVOY
POD
SERVICE
C
ENVOY
limit invocation rates, transparent to the services
max 500
concurrent reqs
max 100
connections

35. DYNAMIC ROUTING

36. Dynamic Routing without Service Mesh
Gateway
Service
SERVICE
A
SERVICE
B:1
SERVICE
B:2
Netflix Zuul
Server
custom code to enable dynamic routing

37. Canary Deployment with Service Mesh
POD
SERVICE
A
ENVOY
POD
SERVICE
B:v2
ENVOY
POD
SERVICE
B:v1
ENVOY
50% traffic
50% traffic

38. Dark Launches with Service Mesh
POD
SERVICE
A
ENVOY
POD
SERVICE
B:v2
ENVOY
POD
SERVICE
B:v1
ENVOY
100% traffic
mirror traffic

39. SERVICE SECURITY

40. Secure Communication without Service Mesh
SERVICE
A
SERVICE
B
SERVICE
C
TLS TLS TLS TLS
coupled to the service code

41. Secure Communication with Service Mesh
POD
SERVICE
A
ENVOY
POD
SERVICE
B
ENVOY
POD
SERVICE
C
ENVOY
mutual TLS authentication, transparent to the services
TLS TLS

42. Control Service Access with Service Mesh
POD
SERVICE
A
ENVOY
POD
SERVICE
B
ENVOY
POD
SERVICE
C
ENVOY
control the service access flow, transparent to the services

43. CHAOS ENGINEERING

44. Chaos Engineering without Service Mesh
SERVICE
A
SERVICE
B
SERVICE
C
Netflix
Chaos Monkeys
Netflix
Spinnaker
random
termination

45. Chaos Engineering with Service Mesh
POD
SERVICE
A
ENVOY
POD
SERVICE
B
ENVOY
POD
SERVICE
C
ENVOY
inject delays, transparent to the services
10 sec delay
in 10% of requests

46. Chaos Engineering with Service Mesh
inject protocol-specific errors, transparent to the services
POD
SERVICE
A
ENVOY
POD
SERVICE
B
ENVOY
POD
SERVICE
C
ENVOY
HTTP 400
in 5% of requests

47. DISTRIBUTED TRACING

48. Distributed Tracing without Service Mesh
SERVICE
A
SERVICE
B
SERVICE
C
Spring Sleuth
ZipKin
Spring Sleuth
ZipKin
Spring Sleuth
ZipKin
code to enable dynamic tracing

49. Distributed Tracing with Service Mesh
POD
SERVICE
A
ENVOY
POD
SERVICE
B
ENVOY
POD
SERVICE
C
ENVOY
discovers service relationships and process times,
transparent to the services
SERVICE A SERVICE B SERVICE C
210 ms 720 ms
930 ms

50. OBSERVABILITY

51. Metrics
Envoymesh
Mixer
Check(attributes) Report([ ]attributes)
Operator
Supplied
Config
Prometheus
Grafana
Backends
GUIs
Adapters
OthersKiali
Requests
Responses● Mixer collects metrics
from Envoy
● Adapters in the Mixer
normalize and forward
to monitoring backends
● Metrics backend can be
swapped at runtime

52. KIALI

53. What are my microservices doing?
Service graph with dynamic traffic visualization

54. … And Why?
Services view focus on Istio configuration
Validation of Istio objects.

55. Tracing with Jaeger
Jaeger UI integrated into Kiali for 360º observability view

56. The network is reliable. Circuit Breaking and Load Balancing
Latency is zero. Timeouts and Retries
Bandwidth is infinite Rating and Limiting
The network is secure Mutual TLS
Topology doesn't change Service Discovery
There is one administrator Role Based Access Control
Transport cost is zero gRPC and Protobuf
The network is homogeneous. Dynamic Routing - A/B, Canary
Then?

57. NO ANIMALS were harmed during the making of this demo
NO CODE was changed either… almost :-)
DEMO TIME!

58. 1. Coolstore works properly
2. Break Catalog (2 pods, 1 down)
3. Notice (Kiali, Grafana, Jaeger)
4. Find the root cause
5. Fix → retry policy (2 pods, 1 down, avoid the one down!)
Demo explained...
2. New version Inventory
3. Distribute load
4. Break inventory (2 versions, 1 version down)
5. Notice (Kiali, Grafana, Jaeger)
6. Find …
7. Fix → circuit breaker (avoid damaged version)

59. TAKEWAY

60. Distributed Services Platform
ANY
INFRASTRUCTURE
OpenShift Container Platform
(Enterprise Kubernetes)
Amazon Web Services Microsoft Azure Google CloudOpenStackDatacenterLaptop
OpenShift Service Mesh
(Istio + Kiali + Jaeger)
ANY
APPLICATION
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
try it at http://learn.openshift.com

61. Get Started!
● https://istio.io/docs/
● https://maistra.io/
● https://www.kiali.io/
● https://github.com/redhat-developer-demos/istio-tutorial
● https://github.com/rmarting/service-mesh-meetup (This Demo)

62. Questions?

63. Thank you!