SlideShare a Scribd company logo
Istio Mesh
Jesse Butler Cloud Native Advocate, Oracle Cloud Infrastructure
Mofizur Rahman Developer Advocate, IBM
Managing Container
Deployments at Scale
About Us
Jesse Butler
• Oracle via Sun Microsystems
• Responsible for Docker on Solaris,
later on Oracle Linux
• Some work with Open Containers and
CNCF WGs
• Now a Cloud Native Advocate @
Oracle Cloud
@jlb13
2
Mofizur Rahman (Mofi)
• Developer Advocate @IBM
• Works on container and cloud native
technologies
• Favorite programming language is
golang.
@moficodes
Bookinfo
3
Manging Container Deployments at Scale
Monolithic Applications
5
Users
Application
Database
Monolithic Applications
6
Users
Application
Database
Microservices
• Microservices are the de facto
standard for cloud native software
• Microservices allow development
teams to deploy portable and scalable
applications
8
Microservices
9
Users
Cart Orders
Database
Cluster
Reports
Architecture
10
Source Code
11
https://github.com/istio/istio/tree/master/samples/bookinfo/src
Manging Container Deployments at Scale
Microservices
• Microservices can put a significant
burden on Ops and DevOps teams
13
Manging Container Deployments at Scale
DevOps, Mother of Invention
15
• Microservices
• CI / CD
• Cloud Adoption
• Containers
Docker
• Docker changed the way we build and
ship software
• Application and host are decoupled,
making application services portable
• Containers are an implementation
detail, but a critical one
16
Containerizing an APP
17
Dockerfile
18
FROM ruby:2.3-slim
COPY details.rb /opt/microservices/
ARG service_version
ENV SERVICE_VERSION ${service_version:-v1}
ARG enable_external_book_service
ENV ENABLE_EXTERNAL_BOOK_SERVICE ${enable_external_book_service:-false}
EXPOSE 9080
WORKDIR /opt/microservices
CMD ruby details.rb 9080
19
Manging Container Deployments at Scale
Docker Is a Start
But, once we abstract the host away by
using containers, we no longer have our
hands on an organized platform.
21
Who you Gonna call?
22
23
Kubernetes
Kubernetes provides abstractions for
deploying software in containers at scale
24
Kubernetes as a Platform
• Infrastructure resource abstraction
• Cluster software where one or more
masters control worker nodes
• Scheduler deploys work to the nodes
• Work is deployed in groups of containers
25
Kubernetize our App
26
apiVersion:v1
kind:Service
metadata:
name:details
labels:
app:details
service:details
spec:
ports:
-port:9080
name:http
selector:
app:details
apiVersion:extensions/v1beta1
kind:Deployment
metadata:
name:details-v1
labels:
app:details
version:v1
spec:
replicas:1
template:
metadata:
labels:
app:details
version:v1
spec:
containers:
- name:details
image:istio/examples-bookinfo-details-v1:1.10.1
imagePullPolicy:IfNotPresent
ports:
- containerPort:9080
Migration from the Old World…
27
Users
Application
Database
…to Cloud Native Kubernetes Hotness
• Microservices running in orchestrated
containers
• Everybody's happy
• What happens now?
28
Load
balancer
Service Service
Database
Service
Queue
…to Cloud Native Kubernetes Hotness
• Microservices running in orchestrated
containers
• Everybody's happy
• What happens now?
29
Load
balancer
Service
Service
Service Service
Service
Database
Service
Queue
Manging Container Deployments at Scale
31
Day Two
32
33
Table Stakes for Services at Cloud
Scale
• We require a method to simply and repeatably deploy software,
and simply and recoverably modify deployments
• We require telemetry, observability, and diagnosability for our
software if we hope to run at cloud scale
34
Day 2 Solutions
• Ingress and Traffic Management
35
• Metrics and Analytics
• Tracing and Observability
• Identity and Security
Abstract Requirements
• Traffic Management
36
• Policy
• Security
• Observability
Hard Things are Hard
37
These are Hard Problems™, and
some software may address one of
them well.
Service mesh addresses them all.
38
What Is a Service Mesh?
• Infrastructure layer for controlling and
monitoring service-to-service traffic
• A data plane deployed alongside
application services, and a control
plane used to manage the mesh
39
Service Mesh
• Provides DevOps teams a stable and
extensible platform to monitor and
maintain deployed services
• For the most part, invisible to
development teams
40
Service Mesh
• This is not a new solution which solves all the
world’s problems, but a different way to apply
existing solutions
• Enables integration of existing (as well as future)
best-in-class solutions for All The Things
41
Let’s Talk About Istio
Istio a service mesh that allows us to connect,
secure, control and observe services at scale,
often requiring no service code modification
42
Istio Components
• Envoy
• Sidecar proxy
• Pilot
• Propagates rules to
sidecars
43
• Mixer
– Enforces access control,
collects telemetry data
• Citadel
– Service-to-service and
end-user AuthN and AuthZ
Istio Features
• Traffic Management
• Fine-grained control with rich routing rules, retries,
failovers, and fault injection
• Observability
• Automatic metrics, logs, and traces for all traffic within a
cluster, including cluster ingress and egress
44
Istio Features
• Security
• Strong identity-based AuthN and AuthZ layer, secure by
default for ingress, egress and service-to-service traffic
• Policy
• Extensible policy engine supporting access controls, rate
limits and quotas
45
Manging Container Deployments at Scale
Sidecar Proxy
47
Sidecar Proxy
48
Manging Container Deployments at Scale
Manging Container Deployments at Scale
Envoy
High performance proxy which
mediates inbound and outbound
traffic.
51
• Dynamic service discovery
• Load balancing
• TLS termination
• HTTP/2 and gRPC proxies
• Circuit breakers
• Health checks
• Split traffic
• Fault injection
• Rich metrics
Istio Architecture
52
Istio Architecture
53
Istio Architecture
54
Istio Architecture
55
Traffic Management
• Integrated Ingress and Egress
• Error handling, retries, circuit breaking
• Application knowledge can be leveraged
for intelligent routing
• Fault injection for end-to-end testing
56
DEMO
Telemetry
• Istio’s Mixer is stateless and does not manage
any persistent storage of its own
• Capable of accumulating a large amount of
transient ephemeral state
• Designed to be a highly reliable, goal is >
99.999% uptime for any individual instance
• Many adapters available: Prometheus, Cloud
providers, Datadog, Solarwinds…
58
Performance and Scalability
• Code level micro-benchmarks
• Synthetic end-to-end benchmarks across various
scenarios
• Realistic complex app end-to-end benchmarks
across various settings
• Automation to ensure performance doesn’t
regress
59
Security
• Traffic encryption to defend against the man-
in-the-middle attacks
• Mutual TLS and fine-grained access policies
to provide flexible access control
• Auditing tools to monitor all of it
60
So are you sold on Istio yet?
61
Istio is not the end game.
62
Thanks!

More Related Content

What's hot

Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
Greater Noida Institute Of Technology
 
DEVNET-1117 Open Source DevCenter Launched within DevNet
DEVNET-1117	Open Source DevCenter Launched within DevNetDEVNET-1117	Open Source DevCenter Launched within DevNet
DEVNET-1117 Open Source DevCenter Launched within DevNet
Cisco DevNet
 
MicroService Architecture
MicroService ArchitectureMicroService Architecture
MicroService Architecture
Md. Hasan Basri (Angel)
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014
Cloudflare
 
Evaluating Streaming Data Solutions
Evaluating Streaming Data SolutionsEvaluating Streaming Data Solutions
Evaluating Streaming Data Solutions
Streamlio
 
Current State of Affairs – Cloud Computing - Indicthreads Cloud Computing Con...
Current State of Affairs – Cloud Computing - Indicthreads Cloud Computing Con...Current State of Affairs – Cloud Computing - Indicthreads Cloud Computing Con...
Current State of Affairs – Cloud Computing - Indicthreads Cloud Computing Con...
IndicThreads
 
DEVNET-1112 The DevNet Hackathon Awards
DEVNET-1112	The DevNet Hackathon AwardsDEVNET-1112	The DevNet Hackathon Awards
DEVNET-1112 The DevNet Hackathon Awards
Cisco DevNet
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Huy Vo
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014
Cloudflare
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architecture
Mohammad Dameer
 
2015 COSCUP SDN Workshop -- SDN Quick Start
2015 COSCUP SDN Workshop -- SDN Quick Start2015 COSCUP SDN Workshop -- SDN Quick Start
2015 COSCUP SDN Workshop -- SDN Quick Start
Yi Tseng
 
2nd sdn interest group session2 (121218)
2nd sdn interest group   session2 (121218)2nd sdn interest group   session2 (121218)
2nd sdn interest group session2 (121218)
NAIM Networks, Inc.
 
[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...
[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...
[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...
WSO2
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh Architectures
Mirantis
 
In search of the perfect IoT Stack - Scalable IoT Architectures with MQTT
In search of the perfect IoT Stack - Scalable IoT Architectures with MQTTIn search of the perfect IoT Stack - Scalable IoT Architectures with MQTT
In search of the perfect IoT Stack - Scalable IoT Architectures with MQTT
Dominik Obermaier
 
Effective Service Mesh to turbocharge Cloud Resiliency
Effective Service Mesh to turbocharge Cloud ResiliencyEffective Service Mesh to turbocharge Cloud Resiliency
Effective Service Mesh to turbocharge Cloud Resiliency
Liang Gang Yu
 
Introduction to SDN
Introduction to SDNIntroduction to SDN
Introduction to SDN
NetCraftsmen
 
Transforming monolith systems to microservices
Transforming monolith systems to microservicesTransforming monolith systems to microservices
Transforming monolith systems to microservices
Alon Yair
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice Architecture
Engin Yoeyen
 
Mastering Secrets Management in Rundeck
Mastering Secrets Management in RundeckMastering Secrets Management in Rundeck
Mastering Secrets Management in Rundeck
Rundeck
 

What's hot (20)

Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
DEVNET-1117 Open Source DevCenter Launched within DevNet
DEVNET-1117	Open Source DevCenter Launched within DevNetDEVNET-1117	Open Source DevCenter Launched within DevNet
DEVNET-1117 Open Source DevCenter Launched within DevNet
 
MicroService Architecture
MicroService ArchitectureMicroService Architecture
MicroService Architecture
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014
 
Evaluating Streaming Data Solutions
Evaluating Streaming Data SolutionsEvaluating Streaming Data Solutions
Evaluating Streaming Data Solutions
 
Current State of Affairs – Cloud Computing - Indicthreads Cloud Computing Con...
Current State of Affairs – Cloud Computing - Indicthreads Cloud Computing Con...Current State of Affairs – Cloud Computing - Indicthreads Cloud Computing Con...
Current State of Affairs – Cloud Computing - Indicthreads Cloud Computing Con...
 
DEVNET-1112 The DevNet Hackathon Awards
DEVNET-1112	The DevNet Hackathon AwardsDEVNET-1112	The DevNet Hackathon Awards
DEVNET-1112 The DevNet Hackathon Awards
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architecture
 
2015 COSCUP SDN Workshop -- SDN Quick Start
2015 COSCUP SDN Workshop -- SDN Quick Start2015 COSCUP SDN Workshop -- SDN Quick Start
2015 COSCUP SDN Workshop -- SDN Quick Start
 
2nd sdn interest group session2 (121218)
2nd sdn interest group   session2 (121218)2nd sdn interest group   session2 (121218)
2nd sdn interest group session2 (121218)
 
[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...
[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...
[WSO2Con EU 2017] How a Large Organization Weighted on a WSO2 Integration Pla...
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh Architectures
 
In search of the perfect IoT Stack - Scalable IoT Architectures with MQTT
In search of the perfect IoT Stack - Scalable IoT Architectures with MQTTIn search of the perfect IoT Stack - Scalable IoT Architectures with MQTT
In search of the perfect IoT Stack - Scalable IoT Architectures with MQTT
 
Effective Service Mesh to turbocharge Cloud Resiliency
Effective Service Mesh to turbocharge Cloud ResiliencyEffective Service Mesh to turbocharge Cloud Resiliency
Effective Service Mesh to turbocharge Cloud Resiliency
 
Introduction to SDN
Introduction to SDNIntroduction to SDN
Introduction to SDN
 
Transforming monolith systems to microservices
Transforming monolith systems to microservicesTransforming monolith systems to microservices
Transforming monolith systems to microservices
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice Architecture
 
Mastering Secrets Management in Rundeck
Mastering Secrets Management in RundeckMastering Secrets Management in Rundeck
Mastering Secrets Management in Rundeck
 

Similar to Manging Container Deployments at Scale

Istio as an enabler for migrating to microservices (edition 2022)
Istio as an enabler for migrating to microservices (edition 2022)Istio as an enabler for migrating to microservices (edition 2022)
Istio as an enabler for migrating to microservices (edition 2022)
Ahmed Misbah
 
Kubernetes Infra 2.0
Kubernetes Infra 2.0Kubernetes Infra 2.0
Kubernetes Infra 2.0
Deepak Sood
 
Immutable Service Delivery Shenzhen 2016
Immutable Service Delivery   Shenzhen 2016Immutable Service Delivery   Shenzhen 2016
Immutable Service Delivery Shenzhen 2016
John Willis
 
Migrating to Microservices Patterns and Technologies (edition 2023)
 Migrating to Microservices Patterns and Technologies (edition 2023) Migrating to Microservices Patterns and Technologies (edition 2023)
Migrating to Microservices Patterns and Technologies (edition 2023)
Ahmed Misbah
 
Serverless microservices
Serverless microservicesServerless microservices
Serverless microservices
Lalit Kale
 
Integration in the Cloud, by Rob Davies
Integration in the Cloud, by Rob DaviesIntegration in the Cloud, by Rob Davies
Integration in the Cloud, by Rob Davies
Judy Breedlove
 
Micro service session 1
Micro service   session 1Micro service   session 1
Micro service session 1
Amin Arab
 
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Lucas Jellema
 
Service mesh on Kubernetes - Istio 101
Service mesh on Kubernetes - Istio 101Service mesh on Kubernetes - Istio 101
Service mesh on Kubernetes - Istio 101
Huy Vo
 
Bol.com Tech lab September 2017 - Microservices in action at the Dutch Nation...
Bol.com Tech lab September 2017 - Microservices in action at the Dutch Nation...Bol.com Tech lab September 2017 - Microservices in action at the Dutch Nation...
Bol.com Tech lab September 2017 - Microservices in action at the Dutch Nation...
Bert Jan Schrijver
 
Newt global meetup microservices
Newt global meetup microservicesNewt global meetup microservices
Newt global meetup microservices
Venkatnadhan Thirunalai
 
Business and IT agility through DevOps and microservice architecture powered ...
Business and IT agility through DevOps and microservice architecture powered ...Business and IT agility through DevOps and microservice architecture powered ...
Business and IT agility through DevOps and microservice architecture powered ...
Lucas Jellema
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
MahmoudZidan41
 
gkkCloudtechnologyassociate(cta)day 1
gkkCloudtechnologyassociate(cta)day 1gkkCloudtechnologyassociate(cta)day 1
gkkCloudtechnologyassociate(cta)day 1
Anne Starr
 
Introductorytocomputing
IntroductorytocomputingIntroductorytocomputing
Introductorytocomputing
Anne Starr
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptx
PINGXIONG3
 
Cloudtechnologyassociatepart 1
Cloudtechnologyassociatepart 1Cloudtechnologyassociatepart 1
Cloudtechnologyassociatepart 1
Anne Starr
 
Exploring microservices in a Microsoft landscape
Exploring microservices in a Microsoft landscapeExploring microservices in a Microsoft landscape
Exploring microservices in a Microsoft landscape
Alex Thissen
 
Integration in the Cloud
Integration in the CloudIntegration in the Cloud
Integration in the Cloud
Rob Davies
 
DCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to MicroservicesDCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to Microservices
Docker, Inc.
 

Similar to Manging Container Deployments at Scale (20)

Istio as an enabler for migrating to microservices (edition 2022)
Istio as an enabler for migrating to microservices (edition 2022)Istio as an enabler for migrating to microservices (edition 2022)
Istio as an enabler for migrating to microservices (edition 2022)
 
Kubernetes Infra 2.0
Kubernetes Infra 2.0Kubernetes Infra 2.0
Kubernetes Infra 2.0
 
Immutable Service Delivery Shenzhen 2016
Immutable Service Delivery   Shenzhen 2016Immutable Service Delivery   Shenzhen 2016
Immutable Service Delivery Shenzhen 2016
 
Migrating to Microservices Patterns and Technologies (edition 2023)
 Migrating to Microservices Patterns and Technologies (edition 2023) Migrating to Microservices Patterns and Technologies (edition 2023)
Migrating to Microservices Patterns and Technologies (edition 2023)
 
Serverless microservices
Serverless microservicesServerless microservices
Serverless microservices
 
Integration in the Cloud, by Rob Davies
Integration in the Cloud, by Rob DaviesIntegration in the Cloud, by Rob Davies
Integration in the Cloud, by Rob Davies
 
Micro service session 1
Micro service   session 1Micro service   session 1
Micro service session 1
 
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
 
Service mesh on Kubernetes - Istio 101
Service mesh on Kubernetes - Istio 101Service mesh on Kubernetes - Istio 101
Service mesh on Kubernetes - Istio 101
 
Bol.com Tech lab September 2017 - Microservices in action at the Dutch Nation...
Bol.com Tech lab September 2017 - Microservices in action at the Dutch Nation...Bol.com Tech lab September 2017 - Microservices in action at the Dutch Nation...
Bol.com Tech lab September 2017 - Microservices in action at the Dutch Nation...
 
Newt global meetup microservices
Newt global meetup microservicesNewt global meetup microservices
Newt global meetup microservices
 
Business and IT agility through DevOps and microservice architecture powered ...
Business and IT agility through DevOps and microservice architecture powered ...Business and IT agility through DevOps and microservice architecture powered ...
Business and IT agility through DevOps and microservice architecture powered ...
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
gkkCloudtechnologyassociate(cta)day 1
gkkCloudtechnologyassociate(cta)day 1gkkCloudtechnologyassociate(cta)day 1
gkkCloudtechnologyassociate(cta)day 1
 
Introductorytocomputing
IntroductorytocomputingIntroductorytocomputing
Introductorytocomputing
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptx
 
Cloudtechnologyassociatepart 1
Cloudtechnologyassociatepart 1Cloudtechnologyassociatepart 1
Cloudtechnologyassociatepart 1
 
Exploring microservices in a Microsoft landscape
Exploring microservices in a Microsoft landscapeExploring microservices in a Microsoft landscape
Exploring microservices in a Microsoft landscape
 
Integration in the Cloud
Integration in the CloudIntegration in the Cloud
Integration in the Cloud
 
DCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to MicroservicesDCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to Microservices
 

More from Mofizur Rahman

The what, why and how of knative
The what, why and how of knativeThe what, why and how of knative
The what, why and how of knative
Mofizur Rahman
 
The what, why and how of knative
The what, why and how of knativeThe what, why and how of knative
The what, why and how of knative
Mofizur Rahman
 
Early enterprise architecture
Early enterprise architectureEarly enterprise architecture
Early enterprise architecture
Mofizur Rahman
 
Kubernetes and microservices powering modern consumer banking
Kubernetes and microservices powering modern consumer bankingKubernetes and microservices powering modern consumer banking
Kubernetes and microservices powering modern consumer banking
Mofizur Rahman
 
Watson Studio : ML Made Simple
Watson Studio : ML Made SimpleWatson Studio : ML Made Simple
Watson Studio : ML Made Simple
Mofizur Rahman
 
Enterprise Blockchain Developer Experience
Enterprise Blockchain Developer ExperienceEnterprise Blockchain Developer Experience
Enterprise Blockchain Developer Experience
Mofizur Rahman
 
Mofizur-Rahman-Resume
Mofizur-Rahman-ResumeMofizur-Rahman-Resume
Mofizur-Rahman-Resume
Mofizur Rahman
 

More from Mofizur Rahman (7)

The what, why and how of knative
The what, why and how of knativeThe what, why and how of knative
The what, why and how of knative
 
The what, why and how of knative
The what, why and how of knativeThe what, why and how of knative
The what, why and how of knative
 
Early enterprise architecture
Early enterprise architectureEarly enterprise architecture
Early enterprise architecture
 
Kubernetes and microservices powering modern consumer banking
Kubernetes and microservices powering modern consumer bankingKubernetes and microservices powering modern consumer banking
Kubernetes and microservices powering modern consumer banking
 
Watson Studio : ML Made Simple
Watson Studio : ML Made SimpleWatson Studio : ML Made Simple
Watson Studio : ML Made Simple
 
Enterprise Blockchain Developer Experience
Enterprise Blockchain Developer ExperienceEnterprise Blockchain Developer Experience
Enterprise Blockchain Developer Experience
 
Mofizur-Rahman-Resume
Mofizur-Rahman-ResumeMofizur-Rahman-Resume
Mofizur-Rahman-Resume
 

Recently uploaded

Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
bellared2
 
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
Priyanka Aash
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
alexjohnson7307
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
sunilverma7884
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Nicolás Lopéz
 
Zaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdfZaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdf
AmandaCheung15
 
Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10
ankush9927
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
BrainSell Technologies
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
SAI KAILASH R
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
BrainSell Technologies
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Muhammad Ali
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
Priyanka Aash
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
bhumivarma35300
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
Priyanka Aash
 
Semantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software DevelopmentSemantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software Development
Baishakhi Ray
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
Safe Software
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
Ivanti
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
Matthias Neugebauer
 
Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17
Bhajan Mehta
 

Recently uploaded (20)

Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
 
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
 
Zaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdfZaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdf
 
Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
 
Semantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software DevelopmentSemantic-Aware Code Model: Elevating the Future of Software Development
Semantic-Aware Code Model: Elevating the Future of Software Development
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
 
Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17
 

Manging Container Deployments at Scale

Editor's Notes

  1. MR - Lets talk about why we are really here today. Bookinfo app. This is the next best thing after sliced bread. -> next
  2. MR – So Jesse, should we build a nice little monolith for our app? I mean it will be the easiest to build. JB – But what if we have to change and scale the app differently for different functionality. And who are we kidding. This app will be so big, soon we will have to hire a full team to manage this.
  3. MR – That makes sense. In a monolith all the apps will talk to same db and any change will mean we change the whole deployment. JB – Also adding new features is not always easy. More over you are kind of stuck to the same language stack. I know Java and Ruby. But you probably want to write the app with something you feel more comfortable with. MR – Right tool for the job amirite.
  4. Audience check
  5. JB – Lets build this app using microservices instead. You can write your application based on functionality. We can then Connect it all up using http protocol.
  6. MR – That makes sense. We decouple our functionalities so we can build and grow our applications individually. Nothing looks different from the point of view of our user. But makes it much easier to make a change or improvement with out breaking the entire application.
  7. JB – I took the liberty to design out the application while you were talking. We will have 4 microservices. MR – Why do we have 3 different reviews app. JB – Well our intensive market research shows some people may not like the stars at the review. Others has issues with the color of the stars. So we will experiment with the different colors for now.
  8. MR – Btw, we open sourced this code for all to take and learn from
  9. MR – So we are done. App is written. We just get these to run. And JB – Not so fast. We actually have to go through dev ops first.
  10. MR – We have our application now. But since they are all independently developed and deployable. Devops is a whole another issue. JB – I ran the code in my computer and it worked. But bob from ops team said something is wrong with the deployment. MR – BUT DID you tell him though. JB – Tell him what?
  11. Microservices – iterative development, rapid release, super fact pivot and time to market CI / CD - if you’re going to release fast, you need a system to keep up with it Cloud adoption - while not strictly required, at this point… yeah. Containers. - just as with microservice architecture and ci / cd – this was a good fit for the methodology these technologies became prolific and ubiquitous because they were needed by the methodology, we did not adapt the methodology to fit the tech
  12. JB – We can now dockerize our app in a container that has all the dependency it needs to run our application. Any place that has a docker engine now can run the app the same way for the most part. MR – Docker changed the game in many way. While not a new technology. My Linux diehards know the tech to isolate namespace in linux have been around forever. But docker lets us use easy apis and tooling to makes this process much more streamlined.
  13. MR – So jesse, I dockerized all our microservices. JB – How does one dockerize and APP.
  14. MR – Using this artifacts called dockerfiles of course. I can define everything I need to run my app. And docker builds it for me. Then I can push these of to a registry. JB – Hah, too slow. I already did.
  15. JB – All we have to do now. Is run these docker images. MR – Nice. You know what this means?
  16. MR – So our app is ready. Lets run it. JB - Well one container went down. No big deal. I can spin up more. MR – Wait more stuff is going down. And I cant really check why. Spin up more. JB – I don’t know whats happening. Its all on fire. MR – we really need to have a way to manage this containers. I wish there was a way that the platform could handle auto recovery from failure and scaling.
  17. JB – There might just be a way.
  18. MR – Kubernetes to the rescue.
  19. JB - Kubernetes provides abstractions for deploying software in containers at scale Again, out of necessity - containers were everywhere, and various orchestration options arose. Mesos, Docker Swarm, others… Kubernetes won
  20. IMR - nfrastrcture resources are abstracted in a cluster of worker nodes, and the cluster has a scheduler which deploys work to those nodes So, everything we need… JB – I know we have spent countless hours in making our app dockerized. How do we now get it to run on kubernetes.
  21. MR – Its not that bad. We kubernetize our app (you heard it here first folks, I am trying to get this word trending, some one tweet #kubernetize ) JB – I see you are using the image we built and pushed up earlier. MR – Yeah and we are opening up the same port for communication. JB – <Talks about deployment> MR - <Talks about service>
  22. JB - so now rather than a monolithic application, running in bespoke compute environments
  23. JB - this is day one. (-> next)
  24. JB - what do we pick up on day two? or put another way, what happens when we succeed, and our prototyped happy path software needs to scale? JB – But in either way, our app is running, and we are ready to do anything. MR – You know what this mean.
  25. JB – But wait, did not kelcey warn against this. MR – IDK Jesse our way seems pretty solid. Lets see where it goes.
  26. JB – App is running great. We getting some traffic, but Kubernetes has autoscaling. MR – Yeah. And we don’t have time debugging a failed instance. Also kubernetes just spins up a new copy so we cant even look at the logs. JB – More stuff is going down. Why is that one service taking forever to respond. Wait that’s returning 500 now? MR – Wait didn’t we just have something like this with our docker setup.
  27. JB – I don’t know Mofi. I think we just need to live with this. MR – Maybe there is something more out there.
  28. MR – Back to the drawing board with this one. We need a way to simply and repeatably deploy, and simply and recoverably modify. Kubernetes has our backs there. JB - We need to re-establish telemetry, observability, and diagnosibility as table stakes for computing at scale. Here, we need to bring some stuff to the party. I want to benefit of microservices with the observability of a monolith.
  29. MR – No worries. ingress and traffic managemnet, we can use nginx for that. JB - tracing and observabilty, No sweat, open tracing to the rescue. MR - metrics and analytics. Prometheus all day. JB –I know we are forgetting something. Uhh. Wait security. We never thought about security. I think we can use vault for that.
  30. MR – so it kind of sounds like what we want is something that gives us these things. MR – These looks pretty hard to get.
  31. JB – Hard things are hard mofi. JB - …
  32. MR – Well I know, we will use a service mesh. I it in a talk once. JB – Whats with you and throwing around big words randomly like that?
  33. MR - The term service mesh is used to describe the network of microservices that make up such applications and the interactions between them. 
  34. JB - A service mesh is an ideal component in a DevOps environment, as it provides operators with a stable and extensible platform for all of the work needed to maintain and improve the platform, while it remains completely invisible to developers
  35. MR - Service Mesh This is not a new solution which solves all the world's problems It allows for integration of all existing (and future) best in class solutions for All the Things JB - First time I’ve used that gif unsarcastically So, how does it do that? For that…
  36. MR - Istio a service mesh that allows us to connect, secure, control and observe services at scale, often requiring no service source code modification
  37. Envoy we’ve talked about this, the proxy pilot converts high level routing rules that control traffic behavior into Envoy-specific configurations, and propagates them to the sidecars at runtime Mixer Mixer enforces access control and usage policies across the service mesh, and collects telemetry data from the Envoy proxy and other services citadel provides strong service-to-service and end-user authentication with built-in identity and credential management.
  38. JB - fine-grained traffic control with rich routing rules, retries, failovers, and fault injection Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress
  39. MR - security - a strong identity-based authentication and authorization layer which is secure by default for ingress, egress and service-to-service traffic policy - layered over all of this is a pluggable policy engine supporting access controls, rate limits and quotas JB - typically we get all of this with little to no application code changes MR – I don’t believe you.
  40. MR – Yeah I am with skeptical kid on this one. How would that even work?
  41. What does this look like: two services talking to each other – HTTP GET, simple
  42. JB - IP Tables rules are automated to intercept all service traffic and reroute to proxy MR - The proxy has rules and policies to follow, and after considering policy, routing rules, etc, it forwards the traffic to the appropriate service Let’s talk about that little proxy box
  43. MR – So Jesse things this is the work of the Hackermant
  44. JB – and mofi things this is just magic
  45. MR – But in reality this is all done at the envoy level. JB - Definitely could be its own talk, and there are many out there to check out. Envoy is a good example of Istio surfacing other features of a best-in-class component through its mesh .
  46. Ok so, back to this
  47. HTTP HTTP/2 supported, gRPC, or anything over TCP… with or w/o mTLs
  48. pilot managing the proxies Mixer handling enfocement and telemtrey pickup citadel authN authZ
  49. Differentiate API gateway – primaritly north-south, vs service mesh east-west Istio has gateway’s which provide ingress for the mesh Betyond that, a lot of day-to-day becomes really simple – canary, traffic mixing for blue/green, AB testing
  50. We get most of this for free
  51. More on testing Integrated benchmarking virtually free, making it incredibly easy to catch version-to-version regression
  52. And all of this is safe out of the box, secure by default in depth with multiple components