This is a talk held at the CloudNative and Kubernetes Meetup Karlsruhe in August 2019. It introduces service meshed and their features in general and Istio specially.
2. 1&1 Mail & Media Development & Technology GmbH2
Speaker
29.08.19
Stephan Fudeus
§ Joined 1&1 in 2005
§ Long-term experience in building highly scalable multi-
tenant applications
§ Product Owner and Technology Lead for Kubernetes
Clusters of 1&1 Mail & Media
§ Twitter: @der_sfu
3. ¢ Motivation
¢ Service Mesh in general
¢ Istio
£ Beyond a single cluster
£ Configuration samples
£ Observability
£ Performance
1&1 Mail & Media Development & Technology GmbH3
Agenda
29.08.19
4. SOA & Microservices
29.08.194 1&1 Mail & Media Development & Technology GmbH
Source: https://www.redhat.com/de/topics/microservices/what-are-microservices
5. Advantages of Microservices
29.08.195 1&1 Mail & Media Development & Technology GmbH
§ Decoupling
§ Less local complexity
§ Faster development cycles
§ Focus on single purpose
§ Reusability
§ Scalability
§ …
6. Microservices
29.08.196 1&1 Mail & Media Development & Technology GmbH
Source: https://hackernoon.com/capture-and-forward-correlation-ids-through-different-lambda-event-sources-220c227c65f5
7. Networks in Container Platforms
29.08.197 1&1 Mail & Media Development & Technology GmbH
§ Physical network insufficient
§ Take care of basic routing and firewalling
§ Software Defined Networks
§ flexible
§ Usually „flat“ / „unstructured“ within a single cluster
§ Some infrastructural enhancements, e.g. network policies
§ Container Orchestrator functionalities
§ Rollout processes
§ Simple Request Routing / Load Balancing
8. Gap Between Network and Applications
29.08.198 1&1 Mail & Media Development & Technology GmbH
§ SDN offers basic functionality
§ Applications need further cross-cutting network functions
§ Encryption: TLS
§ Identification & Authentication: TLS client certificates
§ Loadbalancing, Routing (blue/green, canary, …)
§ Request Tracing (incl. Timing)
§ Monitoring
§ Rate limiting
§ Request mirroring, Retries
§ Circuit Breaking
§ Tests: e.g. fault injection
9. Solution so far
29.08.199 1&1 Mail & Media Development & Technology GmbH
§ Implementation as part of the application
§ language specific details
§ Inconsistent throughout the full landscape
§ High risk of errors
§ Re-inventing the wheel
§ Highly redundant
§ Use of frameworks
§ Still language-specific, thus incompatible
10. But ….
29.08.1910 1&1 Mail & Media Development & Technology GmbH
Service 1
Actual service
Ribbon
Hystrix
Metrics
Tracing
Service 2
Actual service
Ribbon
Hystrix
Metrics
Tracing
Service 3
Actual service
Ribbon
Hystrix
Metrics
Tracing
11. Solution: Service Mesh
29.08.1911 1&1 Mail & Media Development & Technology GmbH
§ Idea: Enhance functionality in an infrastructural component
§ Central implementation
§ Easier to maintain
§ Language agnostic
12. Control Plane
Data Plane
Service Mesh Architecture
29.08.1912 1&1 Mail & Media Development & Technology GmbH
Pod 1
Service A
Pod 2
Service B
Proxy Proxy
Configuration
Management
Policies &
Telemetry
Certificate
Management
14. Example: Istio
29.08.1914 1&1 Mail & Media Development & Technology GmbH
Control Plane
Data Plane
29.08.1914
Pod 1
Service A
Pod 2
Service B
Pilot Mixer Citadel
17. Mesh Expansion
29.08.1917 1&1 Mail & Media Development & Technology GmbH
Cluster A
Host A
Host B
Pod 1
Service A
App A
App A
Istio Control Plane
18. Multi Cluster
29.08.1918 1&1 Mail & Media Development & Technology GmbH
Cluster A
Pod 1
Service A
Istio Control Plane
Cluster B
Pod 2
Service B
Istio Control Plane
Root CA
Gateway
19. Configuration Objects
29.08.1919 1&1 Mail & Media Development & Technology GmbH
VirtualService DestinationRuleClient Pod
Destination
Pod
Relevant features
• Routing
• Timeouts
• Retries
• Fault injection
• Aborts
• Delays
• Mirroring
Relevant features
• Circuit breaking
• Routing
• Load balancing
27. Overhead
29.08.1927 1&1 Mail & Media Development & Technology GmbH
§ Official numbers
§ The Envoy proxy adds 8ms to the 90th percentile latency.
§ The Envoy proxy uses 0.6 vCPU and 50 MB memory per 1000 requests per second
going through the proxy.