An introduction to Istio
bit.ly/sail-into-cloud
Sail smoothly in the Cloud
I am a Developer
● Active Open Source Contributor○ Knative○ Minishift○ Eclipse Che○ fabric8 Platform https://fabric8.io/
● Creator vert.x-maven-plugin → https://vmp.fabric8.io/
kameshsampath
Kamesh Sampath Director of Developer Experience at Red Hat
@kamesh_sampath
Demo: bit.ly/msa-instructionsSlides: bit.ly/microservicesdeepdive Video Training: bit.ly/microservicesvideo
bit.ly/reactivemicroservicesbookbit.ly/javamicroservicesbook
@kamesh_sampath
bit.ly/istio-book
bit.ly/mono2microdb
Kubernetes for Java Developers
The microservice architectural style is an approach to developing a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms, often an HTTP resource API.
These services are built around business capabilities and independently deployable by fully automated deployment machinery. There is a bare minimum of centralized management of these services, which may be written in different programming languages and use different data storage technologies.
Martin Fowler
What is a microservice ?
@kamesh_sampath
ContinuousIntegration
via XP1999
AWS EC22006
DropWizardMay 2011
AgileManifesto
Feb2001
NETFLIX to AWS
2010
RibbonMarch 2012
HystrixMarch 2012
EurekaJuly 2012
MicroservicesAssess
ThoughtworksRadar
March 2012
Spring BootSept 2013
MicroservicesDefined
ThoughtworksFowler, LewisMarch 2014
KubernetesJune 2014
Java EE62009
DevOps2009
DockerMarch2013
Short History of Microservices
@kamesh_sampath
OSJVM
Service C
Microservices == Distributed Computing
@kamesh_sampath
OSJVM
Service B
OSJVM
Service A
Distributed Computing == Network of Services
@kamesh_sampath
MyService
Tracing
API
Discovery
Invocation
Resilience
Pipeline
Authentication
Logging Elasticity
Monitoring
Microservices'ilities
@kamesh_sampath
MyService
Tracing
API
Discovery
Invocation
Resilience
Pipeline
Authentication
Logging Elasticity
Monitoring
Microservices'ilities
@kamesh_sampath
Java Microservices Platform circa 2014-
Config Server
NETFLIX Ribbon
@kamesh_sampath
DevOps Challenges for Multiple Containers▪ How to scale?▪ How to avoid port conflicts?▪ How to manage them on
multiple hosts?▪ What happens if a host has
trouble?▪ How to keep them running?▪ How to update them?▪ Where are my containers?
Node
Node Node
Node Node
Logger
Node
@kamesh_sampath
@kamesh_sampath
MyService
Monitoring
Tracing
API
Discovery
Invocation
Resilience
Pipeline
Authentication
Logging Elasticity
Microservices'ilities + Kubernetes
@kamesh_sampath
MyService
Monitoring
Tracing
API
Discovery
Invocation
Resilience
Pipeline
Authentication
Logging Elasticity
Microservices'ilities + OpenShift
@kamesh_sampath
Better Spring Boot Microservices Platform circa 2016
Config Server
NETFLIX Ribbon
@kamesh_sampath
Better Spring Boot Microservices Platform circa 2017
Config Server
NETFLIX Ribbon
@kamesh_sampath
● Discovery ● Distributed Tracing ● Circuit Breakers● Metrics and Monitoring● Operational Requirements
○ A/B Testing○ Canary Release○ Rate Limiting○Access Policies
Microservice(Yes) Pain Points
@kamesh_sampath
Istio - Sail(Kubernetes - Helmsman or ship’s pilot)
@kamesh_sampath
MyService
Monitoring
Tracing
API
Discovery
Invocation
Resilience
Pipeline
Authentication
Logging Elasticity
Microservices'ilities + Istio
@kamesh_sampath
Better Spring Boot Microservices Platform circa 2018
Config Server
NETFLIX Ribbon
@kamesh_sampath
A service mesh is a dedicated infrastructure layer for handling service-to-service communication. It’s responsible for the reliable delivery of requests through the complex topology of services that comprise a modern, cloud native application. In practice, the service mesh is typically implemented as an array of lightweight network proxies that are deployed alongside application code, without the application needing to be aware.
What is a service mesh ?
NETWORK
Circuit Breaker
Discovery
Tracing
Circuit Breaker
Discovery
Tracing
Service A Service B
Proxy Proxy
Machine A (Monolith)
Machine B
@kamesh_sampath
https://www.cncf.io/blog/2017/04/26/service-mesh-critical-component-cloud-native-stack/
Java Only
Adds a lot of libraries to YOUR code
What's Wrong with Netflix OSS?
@kamesh_sampath
Microservices embedding Capabilities
ContainerJVM
Service BDiscovery
Load-balancerResiliency
MetricsTracing
ContainerJVM
Service ADiscovery
Load-balancerResiliency
MetricsTracing
ContainerJVM
Service CDiscovery
Load-balancerResiliency
MetricsTracing
Before Istio
@kamesh_sampath
Microservices externalizing Capabilities
PodContainer
JVMService A
Sidecar Container
PodContainer
JVMService C
Sidecar Container
PodContainer
JVMService B
Sidecar Container
After Istio
@kamesh_sampath
SideCars
git-sync ngnix
● Two or more containers deployed to same pod
● Share ○ same namespace○ same Pod IP○ Shared lifecycle
● Used to enhance the containers
Composite Container Application
Source: http://blog.kubernetes.io/2015/06/the-distributed-system-toolkit-patterns.html
Pod
web-sources(Volume)
@kamesh_sampath
Kubernetes, Istio, Envoy
PodContainer
JVMService A
Sidecar Container
PodContainer
JVMService C
Sidecar Container
PodContainer
JVMService B
Sidecar Container
@kamesh_sampath
PodContainer
JVM
Service A
Envoy Side-car
PodContainer
JVM
Service B
Envoy Side-car
PodContainer
JVM
Service C
Envoy Side-car
HTTP1.1, HTTP2, gRPC, TCP w/TLS
HTTP1.1, HTTP2, gRPC, TCP w/TLS
HTTP1.1, HTTP2, gRPC, TCP w/TLS
Istio Pilot Istio Mixer Istio Auth
istioctl, API, config Quota, TelemetryRate Limiting, ACL
CA, SPIFFE
@kamesh_sampath
Istio Control Plane
Next Generation Microservices - Service Mesh
Code Independent (Polyglot)
• Intelligent Routing and Load-Balancing• A/B Tests• Smarter Canary Releases
• Chaos: Fault Injection• Resilience: Circuit Breakers• Observability: Metrics and Tracing• Fleet wide policy enforcement
@kamesh_sampath
Canary release is a technique to reduce the risk of introducing a new software version in production by slowly rolling out the change to a small subset of users before rolling it out to the entire infrastructure and making it available to everybody.
Source: https://martinfowler.com/bliki/CanaryRelease.html
Microservice Architecture - PrinciplesCanary Release
@kamesh_sampath
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
@kamesh_sampath
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
@kamesh_sampath
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
@kamesh_sampath
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
@kamesh_sampath
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
@kamesh_sampath
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
@kamesh_sampath
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
@kamesh_sampath
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
@kamesh_sampath
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
@kamesh_sampath
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
@kamesh_sampath
Customer
Preferences
Recommendations v1
Recommendations v2
75%
25%
90%
10%
100%
100%
Demo
Demo: bit.ly/msa-instructionsSlides: bit.ly/microservicesdeepdive Video Training: bit.ly/microservicesvideo
bit.ly/reactivemicroservicesbookbit.ly/javamicroservicesbook
@kamesh_sampath
bit.ly/istio-book
bit.ly/mono2microdb
Kubernetes for Java Developers
▪ Minishift ▪ https://istio.io ▪ bit.ly/sail-into-cloud
○ Demo sources https://github.com/workspace7/kubeboot
▪ https://kiali.io/ ▪ Istio Tutorials
○bit.ly/istio-tutorial ○learn.openshift.com/servicemesh
Summary @kamesh_sampath