Sail In The Cloud

Sail in the CloudAn Introduction to Istio

Alex Soto @alexsotob

@alexsotob2

Alex Soto

Red Hat Engineer

www.lordofthejars.com

@alexsotob

Who Am I?

@alexsotob3

https://www.manning.com/books/testing-java-microservices

@alexsotob4

@alexsotob5

Questions

@alexsotob6

Our IT World Morphs

@alexsotob7

@alexsotob8

Microservices Core Principles

MyService

Monitoring

Tracing

Discovery

API

Invocation

Resilience

Pipeline

Authentication

Logging Elasticity

@alexsotob9

Your Stack Matters

Server Hardware

Operating System

Application Server

your.war

Java Virtual Machine

Custom Configuration

Linux Kernel Version & Distribution

Java 1.7.0_67

Tomcat, Wildfly, Jetty

JDBC driver, JMS queue, users

@alexsotob10

DevOps Challenges for Multiple Containers▪ How to scale? ▪ How to avoid port conflicts? ▪ How to manage them on

multiple hosts? ▪ What happens if a host has

trouble? ▪ How to keep them running? ▪ How to update them? ▪ Where are my containers?

Node

Node Node

Node Node

Logger

Node

@alexsotob11

ssh docker run

ssh docker run

ssh docker run

@alexsotob12

@alexsotob13

▪ Greek for “Helmsman,” also the root of the word “Governor” (from latin: gubernator)

▪ Container orchestrator ▪ Supports multiple cloud and bare-metal

environments ▪ Inspired by Google’s experience with containers ▪ Open source, written in Go ▪ Manage applications, not machines

Meet Kubernetes

@alexsotob14

Kubernetes Cluster

Ops

Dev

Master

api

etcd

scheduler

controllers

Node

Node Node

Node Node

Logger

Node

@alexsotob15

Kubernetes Cluster

PodReplicationController/

DeploymentService Label

✓ 1+ containers ✓ Shared IP ✓ Shared storage volume ✓ Shared resources ✓ Shared lifecycle

✓ Ensures that a specified number of pod replicas are running at any one time

✓ Grouping of pods (acting as one) has stable virtual IP and DNS name

✓ Key/Value pairs associated with Kubernetes objects(env=production)

@alexsotob16

PodsA group of whales is commonly referred to as a pod and a pod usually consists a group of whales that have bonded together either because of biological reasons or through friendships developed between two or more whales.

In many cases a typical whale pod consists of anywhere from 2 to 30 whales or more.*

*http://www.whalefacts.org/what-is-a-group-of-whales-called/

@alexsotob

Deploy Something To Kubernetes

17

@alexsotob18

@alexsotob19

SCM(Git/Svn)

Master

API Server

Service Layer

VirtualPhysical Private Public

Persistent Storage

Node Node

Logger

Node

Node Node Node

Dev

Ops

CI/CD

Automation

Routing LayerRegistry

SDN Overlay Network

Controllers - Scheduler - Deployments - Services - Builds - Routes - DeploymentConfigs

Kubernetes

OpenShift - Builds - ImageStreams

@alexsotob20

DEMO

Demo1: https://www.youtube.com/watch?v=jTX-Lg73nXA

Demo2: https://www.youtube.com/watch?v=lj4NE0mcxFY

https://www.youtube.com/watch?v=jTX-Lg73nXA

https://www.youtube.com/watch?v=lj4NE0mcxFY

@alexsotob21

Lead Time

@alexsotob22

Blue-Green Deployments

Starts with a “git commit and git push”

Blue/Green Deployment

DEVELOPMENT QA STAGING PRODUCTION ROUTER USERS

BUILDSCM



BUILDSCM



BUILDSCM



BUILDSCM



BUILDSCM



SCM



SCM

@alexsotob30

Canary Release

Canary Deployment


SCM

Canary Deployment


SCM

Canary Deployment


SCM

Canary Deployment


SCM

Canary Deployment


SCM

Canary Deployment


SCM

Canary Deployment


SCM

Canary Deployment


SCM

Canary Deployment


SCM

Canary Deployment


SCM

@alexsotob41

Dark Launches

Dark Launches


SCM

INTERNAL USERS

Dark Launches


SCM

@alexsotob44

@alexsotob45

Microservices Core Principles

MyService

Monitoring

Tracing

Discovery

API

Invocation

Resilience

Pipeline

Authentication

Logging Elasticity

@alexsotob46

As we move to services architectures, we push the complexity to the space between our services

CHRISTIAN POSTA

@alexsotob47

NETFLIX Ribbon

Config Server

Java Microservices Platform circa 2016

@alexsotob48

Istio

Java Microservices Platform circa 2018

@alexsotob49

What If…

Service

Proxy

crosscutting concerns

network traffic

@alexsotob50

… more explicitly

Service A

Proxy

Proxy

Service B

Proxy

Service B

Proxy

@alexsotob51

@alexsotob52

▪ Service proxy ▪ Highly parallel, non-blocking ▪ L3/4 network filter ▪ Out of the box L7 filters ▪ HTTP 2, including gRPC ▪ Baked in service discovery/health checking ▪ Advanced load balancing ▪ stats, metrics, tracing ▪ dynamic configuration through xDS

Meet Envoy

@alexsotob53

In reality

Service

Service

Service

@alexsotob54

▪ Greek word for “sail” ▪ Fleet configuration ▪ Routing and Load-Balancing control ▪ Observability ▪ Chaos Testing ▪ Security Options

Istio To Rescue

@alexsotob55

Istio Control Plane

PodContainer

JVM

Service A

Envoy Side-car

PodContainer

JVM

Service B

Envoy Side-car

PodContainer

JVM

Service C

Envoy Side-car

HTTP1.1, HTTP2, gRPC, TCP w/TLS



Istio Pilot Istio Mixer Istio Auth

istioctl, API, config Quota, TelemetryRate Limiting, ACL

CA, SPIFFE

Istio Data Plane

@alexsotob

Running Istio

56

@alexsotob57

@alexsotob

Canary Release

58

@alexsotob

Blocking

59

@alexsotob

Fault Injection

60

@alexsotob61

DEMO

Demo1: https://www.youtube.com/watch?v=CSd91BoG-sc

https://www.youtube.com/watch?v=CSd91BoG-sc

@alexsotob62

@alexsotob63

@alexsotob64

Let’s Wind Down

@alexsotob65

“Change is the essential process of all of existence.”

—SPOCK

@alexsotob67

https://developers.redhat.com/

@alexsotob

[email protected]

mailto:[email protected]

Date post:	17-Mar-2018
Category:	Software
Upload:	alex-soto
View:	256 times
Download:	2 times

Sail In The Cloud

Software