4. INSERT DESIGNATOR, IF NEEDED4
DISTRIBUTED SERVICES ARCHITECTURES
Fallacies of Distributed Computing
● The network is reliable.
● Latency is zero.
● Bandwidth is infinite.
● The network is secure.
● Topology doesn't change.
● There is one administrator.
● Transport cost is zero.
● The network is homogeneous.
wikipedia.org/wiki/Fallacies_of_distributed_computing
5. INSERT DESIGNATOR, IF NEEDED5
DISTRIBUTED SERVICES ARCHITECTURES
Applications must deal with
● Unpredictable failure modes
● End-to-end application correctness
● System degradation
● Topology changes
● Elastic/ephemeral/transient resources
A
E
B C
F G
D
H
I
Client
15. PODS WITH TWO CONTAINERS
Pod
Container
JVM
Service A
Side-car Container
Pod
Container
JVM
Service B
Side-car Container
Pod
Container
JVM
Service C
Side-car Container
● Service proxy
● C++. fast
● L3&4 network filter
● Service discovery
● Health checking
● Load balancing
● Stats, metrics, tracing
17. ISTIO - A ROBUST SERVICE MESH FOR
MICROSERVICES
Further Reading :
https://blog.openshift.com/red-hat-istio-launch/
https://istio.io/blog/istio-service-mesh-for-microservices.html
http://blog.christianposta.com/microservices/the-hardest-part-of-microservices-calling-your-services/
Key Features
● Intelligent routing and load balancing
● Fleet-wide, in-depth observability
● Resiliency across languages and platforms
● Fault injection
● Developer productivity
● Policy driven ops
● Circuit breaking, outlier detection
● Timeouts/retries
● Rate limiting
● Secure by default
● Incremental, unobtrusive adoptionImage from Christian Posta
*
* App-specific fallback logic belongs here
18. Istio Control Plane
ISTIO - A ROBUST SERVICE MESH FOR
MICROSERVICES
Istio Pilot Istio Mixer Istio Auth
Pod
Container
Service A
Envoy Proxy
Pod
Container
Service A
Envoy Proxy
Pod
Container
Service A
Envoy ProxyIstio Data
Plane
● service discovery
● load balancing
● TLS termination
● HTTP/2 & gRPC proxying,
● circuit breakers,
● health checks,
● staged rollouts fault injection
● rich metrics.
● access control
● usage policies
● telemetry
collection
● traffic mgmt
● discovery
● authentication
● policy enforcement
● Id & credentials
19. MICROSERVICES 3.0 - SERVICE MESH
Code Independent:
● Intelligent Routing and Load-Balancing
○ A/B Tests
○ Canary Releases
○ Dark Launches
● Distributed Tracing
● Circuit Breakers
● Fine grained Access Control
● Telemetry, metrics and Logs
● Fleet wide policy enforcement
Config Server
NETFLIX
Ribbon
Jaeger Istio
21. GOAL FOR LAB
In this lab you will learn:
● How to install Istio onto OpenShift Container Platform
● How to deploy apps with sidecar proxies
● How to generate and visualize deep metrics for apps
● How to alter routing dynamically
● How to inject faults for testing
● How to do rate limiting
● How Istio implements circuit breaking and distributed tracing
26. RESULT OF LAB
In this lab you learned:
● How to install Istio onto OpenShift Container Platform
● How to deploy apps with sidecar proxies
● How to generate and visualize deep metrics for apps
● How to alter routing dynamically
● How to inject faults for testing
● How to do rate limiting
● How Istio implements circuit breaking and distributed
tracing
● Use cases for service mesh
entire suites of frameworks were built to help developers address these resilience concerns (e.g. netflix oss)
entire suites of frameworks were built to help developers address these resilience concerns (e.g. netflix oss)
entire suites of frameworks so for every language/framework combination, you need...
service discovery
retries
timeouts
load balancing
bulk heading
circuit breaking
rate limiting
built to help developers address these resilience concerns (e.g. netflix oss)
adaptive routing
deadlines
back pressure
outlier detection
health checking
traffic shaping
request shadowing
edge/dmz routing
surgical / fine / per-request routing
A/B testing rollout
dark launches
fault injection
stats, metric collection
observability
entire suites of frameworks so for every language/framework combination, you need...
service discovery
retries
timeouts
load balancing
bulk heading
circuit breaking
rate limiting
built to help developers address these resilience concerns (e.g. netflix oss)
adaptive routing
deadlines
back pressure
outlier detection
health checking
traffic shaping
request shadowing
edge/dmz routing
surgical / fine / per-request routing
A/B testing rollout
dark launches
fault injection
stats, metric collection
observability
Earlier this year Google, IBM and Lyft announced the Istio project, which aims to make it easier to develop and connect AND manage our complex and distributed microservices applications. First generation microservices were mainly A DIY effort - you had to do a lot of defensive programming in the app itself. Istio basically delivers on the “microservices 2.0” idea of minimizing requirements on developers for dealing with the distributed nature of their apps.
In this diagram from Christian Posta, chief architect for cloud app dev at red hat, you can roughly see how this translates to apps - it pushes the real magic behind distributed apps like routing, rate limiting or circuit breaking into lower networking layers, out of reach and out of control of app developers. It also means that the service mesh benefits all applications running on it, regardless of programming language and communication protocol - think databases or IoT binary streaming apps.
To give you an idea of what this looks like, here’s a rough diagram of the components at play. Istio creates a cross-cutting platform-level service mesh to address common microservices architecture concerns, and there are a lot of them: communication, load balancing, traffic routing, metrics, quotas, authentication, rate limiting, circuit breakers, timeouts, automatic retries, and on and on.. Things that developers and operations have to deal with today. It does this by injecting we are called side car proxies for each service, acting as a frontend to the service and managing traffic to it according to policy. As services come and go, their presence, absence, or general health are tracked by The control plane components and traffic is shaped accordingly.
Red Hat customers and the greater OpenShift and Kubernetes communities will benefit from this platform level support for microservice architectures, so stay tuned as we work to bring a developer preview of this technology by Red Hat Summit in May and then later on in the year fully integrate it into OpenShift and the RHOAR getting started experience.
To give you an idea of what this looks like, here’s a rough diagram of the components at play. Istio creates a cross-cutting platform-level service mesh to address common microservices architecture concerns, and there are a lot of them: communication, load balancing, traffic routing, metrics, quotas, authentication, rate limiting, circuit breakers, timeouts, automatic retries, and on and on.. Things that developers and operations have to deal with today. It does this by injecting we are called side car proxies for each service, acting as a frontend to the service and managing traffic to it according to policy. As services come and go, their presence, absence, or general health are tracked by The control plane components and traffic is shaped accordingly.
Red Hat customers and the greater OpenShift and Kubernetes communities will benefit from this platform level support for microservice architectures, so stay tuned as we work to bring a developer preview of this technology by Red Hat Summit in May and then later on in the year fully integrate it into OpenShift and the RHOAR getting started experience.
To give you an idea of what this looks like, here’s a rough diagram of the components at play. Istio creates a cross-cutting platform-level service mesh to address common microservices architecture concerns, and there are a lot of them: communication, load balancing, traffic routing, metrics, quotas, authentication, rate limiting, circuit breakers, timeouts, automatic retries, and on and on.. Things that developers and operations have to deal with today. It does this by injecting we are called side car proxies for each service, acting as a frontend to the service and managing traffic to it according to policy. As services come and go, their presence, absence, or general health are tracked by The control plane components and traffic is shaped accordingly.
Red Hat customers and the greater OpenShift and Kubernetes communities will benefit from this platform level support for microservice architectures, so stay tuned as we work to bring a developer preview of this technology by Red Hat Summit in May and then later on in the year fully integrate it into OpenShift and the RHOAR getting started experience.
To give you an idea of what this looks like, here’s a rough diagram of the components at play. Istio creates a cross-cutting platform-level service mesh to address common microservices architecture concerns, and there are a lot of them: communication, load balancing, traffic routing, metrics, quotas, authentication, rate limiting, circuit breakers, timeouts, automatic retries, and on and on.. Things that developers and operations have to deal with today. It does this by injecting we are called side car proxies for each service, acting as a frontend to the service and managing traffic to it according to policy. As services come and go, their presence, absence, or general health are tracked by The control plane components and traffic is shaped accordingly.
Red Hat customers and the greater OpenShift and Kubernetes communities will benefit from this platform level support for microservice architectures, so stay tuned as we work to bring a developer preview of this technology by Red Hat Summit in May and then later on in the year fully integrate it into OpenShift and the RHOAR getting started experience.