Istio 101
Istio 101
Meetup event by
Kubernetes & Openshift India Community
https://www.meetup.com/kubernetes-openshift-India-Meetup/events/263328152/
=================
Challenge with microservice
- Service Discovery
- Load Balancing
- Monitoring and Observability
- Network resiliency
- Latency
- Security
- ACL
Istio has evolved.
When people realized the challenges with micro services, Netflix OSS has developed following tools
Hystrix: Circuit Breaking
Zuul: Edge Router
Ribbon: Service Discovery, LB
Eureka: Service Registry
Brave / Zipkin: Tracing
Spectator / Atlas : Metrics
=================
Few analogy between Open Shift and Kubernetes.
IstioAuth module is not Citadel
================= We had interesting question about Mirroing / Shadowing the incoming request. How even a new TCP session will be created?
Add
- name: tcpdump
image: corfr/tcpdump
command:
- /bin/sleep
- infinity
at Deployment.yaml
under spec: containers:
https://developers.redhat.com/blog/2019/02/27/sidecars-analyze-debug-network-traffic-kubernetes-pod/
=================
Cross cluster federation is also present at Istio, in case if the application is deployed on two different clusters hosted by two different cloud service provider.
Envoy proxy is light weight, efficient and very powerful. It has lots of configuration options. One should avoid play around with them, at beginner stage.
=================
Istio can be installed using Helm chart. Another option is to use Maistra Istio-operator. It is wrapper around Helm chart.
=================
Redhat offers Istio as "OpenShift Service Mesh"
=================
Reference :
https://github.com/redhat-developer-demos/istio-tutorial
https://redhat-developer-demos.github.io/istio-tutorial/istio-tutorial/1.1.x/index.html
https://developers.redhat.com/topics/service-mesh/
For cartoons : http://turnoff.us
Books
=================
Meetup event by
Kubernetes & Openshift India Community
https://www.meetup.com/kubernetes-openshift-India-Meetup/events/263328152/
=================
Challenge with microservice
- Service Discovery
- Load Balancing
- Monitoring and Observability
- Network resiliency
- Latency
- Security
- ACL
Istio : Connect, Manage, Secure microservices.
Istio has rich policy driven ops IFTTT
Istio has rich policy driven ops IFTTT
Istio has evolved.
When people realized the challenges with micro services, Netflix OSS has developed following tools
Hystrix: Circuit Breaking
Zuul: Edge Router
Ribbon: Service Discovery, LB
Eureka: Service Registry
Brave / Zipkin: Tracing
Spectator / Atlas : Metrics
However they are specific to Java. Addition code was added existing Java application code.
In case of Istio, side car proxy container is added to each pod. The existing application code is not modified. Istio can be used for application developed in any language and polyglot applications.
Early version of Istio was not optimized. Industry was skeptical and reluctant to adopt Istio. For each request, Envoy Sidecar proxy contacts Mixer module for policy check. After the request is processed, it updates the metrics to Mixer. Later on Caching was added. The early adopters of Istio, themselves contribute back to Istio. Lately many many performance optimization happened in Istio. Now more and more micro service based applications are using Istio.
Istio : Production deployment
Success : eBay, IBM
Failure : BigBasket https://tech.bigbasket.com/bigbaskets-experience-with-istio/
Success : eBay, IBM
Failure : BigBasket https://tech.bigbasket.com/bigbaskets-experience-with-istio/
Few analogy between Open Shift and Kubernetes.
* project = namespace
* oc = kubectl
* oc expose service = ingress in k8s
=================
Side Car proxy can be injected by two ways
Side Car proxy can be injected by two ways
1. mannual injection with istioctl command
2. automatic injection: by annotation for mutation webhook
=================
istioctl modules talks with istio's control plane component by name Pilot
=================istioctl modules talks with istio's control plane component by name Pilot
IstioAuth module is not Citadel
================= We had interesting question about Mirroing / Shadowing the incoming request. How even a new TCP session will be created?
Add
- name: tcpdump
image: corfr/tcpdump
command:
- /bin/sleep
- infinity
at Deployment.yaml
under spec: containers:
https://developers.redhat.com/blog/2019/02/27/sidecars-analyze-debug-network-traffic-kubernetes-pod/
=================
Cross cluster federation is also present at Istio, in case if the application is deployed on two different clusters hosted by two different cloud service provider.
=================
There are set of istio-ctl commands for debugging the application deployment. I found this URL : https://istio.io/docs/ops/component-debugging/
=================Envoy proxy is light weight, efficient and very powerful. It has lots of configuration options. One should avoid play around with them, at beginner stage.
=================
Istio can be installed using Helm chart. Another option is to use Maistra Istio-operator. It is wrapper around Helm chart.
=================
Redhat offers Istio as "OpenShift Service Mesh"
=================
Reference :
https://github.com/redhat-developer-demos/istio-tutorial
https://redhat-developer-demos.github.io/istio-tutorial/istio-tutorial/1.1.x/index.html
https://developers.redhat.com/topics/service-mesh/
For cartoons : http://turnoff.us
Books
- Introducing Istio Service Mesh MicroServices
- Migrating from monolithic to microservice databases
- Designing Distributed Systems : Chapter 2 about side car proxy
=================
Disclaimer : This blog is just my note from an event, that I attended. It is not verbatim of any speech. This blog may not indicate the exact expression/opinion of speakers of the event, due to my possible mistake in taking note. Any corrections/suggestions are welcome.
0 comments:
Post a Comment