Sail in the CloudAn Introduction to Istio
Alex Soto @alexsotob
@alexsotob2
Alex Soto
Red Hat Engineer
www.lordofthejars.com
@alexsotob
Who Am I?
@alexsotob3
https://www.manning.com/books/testing-java-microservices
@alexsotob4
@alexsotob5
Questions
@alexsotob6
Our IT World Morphs
@alexsotob7
@alexsotob8
Microservices Core Principles
MyService
Monitoring
Tracing
Discovery
API
Invocation
Resilience
Pipeline
Authentication
Logging Elasticity
@alexsotob9
Your Stack Matters
Server Hardware
Operating System
Application Server
your.war
Java Virtual Machine
Custom Configuration
Linux Kernel Version & Distribution
Java 1.7.0_67
Tomcat, Wildfly, Jetty
JDBC driver, JMS queue, users
@alexsotob10
DevOps Challenges for Multiple Containers▪ How to scale? ▪ How to avoid port conflicts? ▪ How to manage them on
multiple hosts? ▪ What happens if a host has
trouble? ▪ How to keep them running? ▪ How to update them? ▪ Where are my containers?
Node
Node Node
Node Node
Logger
Node
@alexsotob11
ssh docker run
ssh docker run
ssh docker run
@alexsotob12
@alexsotob13
▪ Greek for “Helmsman,” also the root of the word “Governor” (from latin: gubernator)
▪ Container orchestrator ▪ Supports multiple cloud and bare-metal
environments ▪ Inspired by Google’s experience with containers ▪ Open source, written in Go ▪ Manage applications, not machines
Meet Kubernetes
@alexsotob14
Kubernetes Cluster
Ops
Dev
Master
api
etcd
scheduler
controllers
Node
Node Node
Node Node
Logger
Node
@alexsotob15
Kubernetes Cluster
PodReplicationController/
DeploymentService Label
✓ 1+ containers ✓ Shared IP ✓ Shared storage volume ✓ Shared resources ✓ Shared lifecycle
✓ Ensures that a specified number of pod replicas are running at any one time
✓ Grouping of pods (acting as one) has stable virtual IP and DNS name
✓ Key/Value pairs associated with Kubernetes objects(env=production)
@alexsotob16
PodsA group of whales is commonly referred to as a pod and a pod usually consists a group of whales that have bonded together either because of biological reasons or through friendships developed between two or more whales.
In many cases a typical whale pod consists of anywhere from 2 to 30 whales or more.*
*http://www.whalefacts.org/what-is-a-group-of-whales-called/
@alexsotob
Deploy Something To Kubernetes
17
@alexsotob18
@alexsotob19
SCM(Git/Svn)
Master
API Server
Service Layer
VirtualPhysical Private Public
Persistent Storage
Node Node
Logger
Node
Node Node Node
Dev
Ops
CI/CD
Automation
Routing LayerRegistry
SDN Overlay Network
Controllers - Scheduler - Deployments - Services - Builds - Routes - DeploymentConfigs
Kubernetes
OpenShift - Builds - ImageStreams
@alexsotob20
DEMO
Demo1: https://www.youtube.com/watch?v=jTX-Lg73nXA
Demo2: https://www.youtube.com/watch?v=lj4NE0mcxFY
@alexsotob21
Lead Time
@alexsotob22
Blue-Green Deployments
Starts with a “git commit and git push”
Blue/Green Deployment
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
BUILDSCM
Blue/Green Deployment
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
BUILDSCM
Blue/Green Deployment
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
BUILDSCM
Blue/Green Deployment
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
BUILDSCM
Blue/Green Deployment
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
BUILDSCM
Blue/Green Deployment
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Blue/Green Deployment
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
@alexsotob30
Canary Release
Canary Deployment
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
Canary Deployment
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
@alexsotob41
Dark Launches
Dark Launches
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
INTERNAL USERS
Dark Launches
DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS
SCM
@alexsotob44
@alexsotob45
Microservices Core Principles
MyService
Monitoring
Tracing
Discovery
API
Invocation
Resilience
Pipeline
Authentication
Logging Elasticity
@alexsotob46
As we move to services architectures, we push the complexity to the space between our services
CHRISTIAN POSTA
@alexsotob47
NETFLIX Ribbon
Config Server
Java Microservices Platform circa 2016
@alexsotob48
Istio
Java Microservices Platform circa 2018
@alexsotob49
What If…
Service
Proxy
crosscutting concerns
network traffic
@alexsotob50
… more explicitly
Service A
Proxy
Proxy
Service B
Proxy
Service B
Proxy
@alexsotob51
@alexsotob52
▪ Service proxy ▪ Highly parallel, non-blocking ▪ L3/4 network filter ▪ Out of the box L7 filters ▪ HTTP 2, including gRPC ▪ Baked in service discovery/health checking ▪ Advanced load balancing ▪ stats, metrics, tracing ▪ dynamic configuration through xDS
Meet Envoy
@alexsotob53
In reality
Service
Service
Service
@alexsotob54
▪ Greek word for “sail” ▪ Fleet configuration ▪ Routing and Load-Balancing control ▪ Observability ▪ Chaos Testing ▪ Security Options
Istio To Rescue
@alexsotob55
Istio Control Plane
PodContainer
JVM
Service A
Envoy Side-car
PodContainer
JVM
Service B
Envoy Side-car
PodContainer
JVM
Service C
Envoy Side-car
HTTP1.1, HTTP2, gRPC, TCP w/TLS
HTTP1.1, HTTP2, gRPC, TCP w/TLS
HTTP1.1, HTTP2, gRPC, TCP w/TLS
Istio Pilot Istio Mixer Istio Auth
istioctl, API, config Quota, TelemetryRate Limiting, ACL
CA, SPIFFE
Istio Data Plane
@alexsotob
Running Istio
56
@alexsotob57
@alexsotob
Canary Release
58
@alexsotob
Blocking
59
@alexsotob
Fault Injection
60
@alexsotob61
DEMO
Demo1: https://www.youtube.com/watch?v=CSd91BoG-sc
@alexsotob62
@alexsotob63
@alexsotob64
Let’s Wind Down
@alexsotob65
“Change is the essential process of all of existence.”
—SPOCK
@alexsotob67