Istio 101


Istio 101 
Meetup event by
Kubernetes & Openshift India Community
https://www.meetup.com/kubernetes-openshift-India-Meetup/events/263328152/

=================

Challenge with microservice

- Service Discovery
- Load Balancing 
- Monitoring and Observability
- Network resiliency
- Latency
- Security
- ACL



Istio : Connect, Manage, Secure microservices. 
Istio has rich policy driven ops IFTTT

Istio has evolved. 
When people realized the challenges with micro services, Netflix OSS has developed following tools

Hystrix: Circuit Breaking
Zuul: Edge Router
Ribbon: Service Discovery, LB
Eureka: Service Registry
Brave / Zipkin: Tracing

Spectator / Atlas : Metrics

However they are specific to Java. Addition code was added existing Java application code. 

In case of Istio, side car proxy container is added to each pod. The existing application code is not modified. Istio can be used for application developed in any language and polyglot applications. 

Early version of Istio was not optimized. Industry was skeptical and reluctant to adopt Istio. For each request, Envoy Sidecar proxy contacts Mixer module for policy check. After the request is processed, it updates the metrics to Mixer. Later on Caching was added. The early adopters of Istio, themselves contribute back to Istio. Lately many many performance optimization happened in Istio. Now more and more micro service based applications are using Istio. 

Istio : Production deployment

Success : eBay, IBM
Failure : BigBasket https://tech.bigbasket.com/bigbaskets-experience-with-istio/

=================
Few analogy between Open Shift and Kubernetes. 
* project = namespace
* oc = kubectl
* oc expose service = ingress in k8s
=================
Side Car proxy can be injected by two ways
1. mannual injection with istioctl command
2. automatic injection: by annotation for mutation webhook
=================
istioctl modules talks with istio's control plane component by name Pilot
=================
IstioAuth module is not Citadel
================= We had interesting question about Mirroing / Shadowing the incoming request. How even a new TCP session will be created? 
Add

- name: tcpdump
   image: corfr/tcpdump
   command:
     - /bin/sleep
     - infinity
 
at Deployment.yaml
under spec: containers:

https://developers.redhat.com/blog/2019/02/27/sidecars-analyze-debug-network-traffic-kubernetes-pod/
=================
Cross cluster federation is also present at Istio, in case if the application is deployed on two different clusters hosted by two different cloud service provider. 
=================
There are set of istio-ctl commands for debugging the application deployment. I found this URL : https://istio.io/docs/ops/component-debugging/
=================
Envoy proxy is light weight, efficient and very powerful. It has lots of configuration options. One should avoid play around with them, at beginner stage. 
=================
Istio can be installed using Helm chart. Another option is to use Maistra Istio-operator. It is wrapper around Helm chart. 
=================
Redhat offers Istio as "OpenShift Service Mesh"
=================

Reference
https://github.com/redhat-developer-demos/istio-tutorial
https://redhat-developer-demos.github.io/istio-tutorial/istio-tutorial/1.1.x/index.html
https://developers.redhat.com/topics/service-mesh/
For cartoons : http://turnoff.us

Books

Slide Deck : https://docs.google.com/presentation/d/1H5T5C1YO6vRK_qd2VMWYAo7Gfp689p0-OcKaGxwt0RQ/edit#slide=id.g2c3a548945_0_385
=================

Disclaimer : This blog is just my note from an event, that I attended. It is not verbatim of any speech. This blog may not indicate the exact expression/opinion of speakers of the event, due to my possible mistake in taking note. Any corrections/suggestions are welcome. 

0 comments:

Post a Comment