Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Istio: Will a Service Mesh become the new Serv...

Frank Munz
October 25, 2018
Technology
1
3.8k

Istio: Will a Service Mesh become the new Service Bus?

Hey. There is a good recording of this presentation if you care:
https://www.youtube.com/watch?v=fDmJf9kWFws

Let’s face it: Kubernetes is the new platform for a modern microservices-based application architecture. However, until now it has been less clear how certain core requirements such as security/policy enforcement, traffic routing, in-depth telemetry, and reporting can be implemented for microservices. This presentation will get you up to date with Istio and Envoy and explain how it compares to the enterprise service bus you have been using for a decade. It includes live demos of Istio core concepts that will give you, as a developer, a head start.

Examples on AWS EKS managed Kubernetes service.
Keywords: Istio / Envoy / Enterprise Service Bus / AWS EKS / Kubernetes / Jaeger / Grafana / Prometheus

Link to presentation:
https://www.youtube.com/watch?v=fDmJf9kWFws

Frank Munz

October 25, 2018
Tweet

More Decks by Frank Munz

See All by Frank Munz
FROM SUPERNOVAS TO LLMS - STREAMING DATA PIPELINES
fmunz
1
52
Generative AI for Data Platforms - Databricks Data Intelligence Platform
fmunz
0
49
The Serverless, Real-Time Data Lakehouse in Action
fmunz
0
80
Sharing Streaming Data with Delta Sharing - Kafka Conference
fmunz
0
90
Streaming Data on the Lakehouse (Devoxx Conference ATH)
fmunz
0
260
The Data Lakehouse
fmunz
1
360
Sharing Huge Amounts of Live Data with Delta Sharing
fmunz
0
200
Slice_DAIS_Español_ONLINE.pdf
fmunz
0
130
Slice & DAIS - Summit Highlights from Data and AI Summit 2021 (former Apache Spark Summit)
fmunz
0
370

Other Decks in Technology

See All in Technology
一休.comレストランにおけるRustの活用
kymmt90
3
590
フルカイテン株式会社 採用資料
fullkaiten
0
36k
チームを主語にしてみる / Making "Team" the Subject
ar_tama
4
310
WINTICKETアプリで実現した高可用性と高速リリースを支えるエコシステム / winticket-eco-system
cyberagentdevelopers
PRO
1
190
APIテスト自動化の勘所
yokawasa
7
4.2k
オーティファイ会社紹介資料 / Autify Company Deck
autifyhq
9
120k
急成長中のWINTICKETにおける品質と開発スピードと向き合ったQA戦略と今後の展望 / winticket-autify
cyberagentdevelopers
PRO
1
160
スプリントゴールにチームの状態も設定する背景とその効果 / Team state in sprint goals why and impact
kakehashi
2
100
事業者間調整の行間を読む 調整の具体事例
sugiim
0
1.5k
グローバル展開を見据えたサービスにおける機械翻訳プラクティス / dp-ai-translating
cyberagentdevelopers
PRO
1
150
2024-10-30-reInventStandby_StudyGroup_Intro
shinichirokawano
1
640
大規模データ基盤チームのオンプレTiDB運用への挑戦 / dpu-tidb
cyberagentdevelopers
PRO
1
110

Featured

See All Featured
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
355
29k
The Art of Programming - Codeland 2020
erikaheidi
51
13k
Making Projects Easy
brettharned
115
5.9k
The Cost Of JavaScript in 2023
addyosmani
45
6.6k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
The Invisible Side of Design
smashingmag
297
50k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
Bash Introduction
62gerente
608
210k
GraphQLとの向き合い方2022年版
quramy
43
13k
GitHub's CSS Performance
jonrohan
1030
460k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
9
680

Transcript

  1. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Dr. Frank Munz Technical Evangelist, AWS @frankmunz Istio Will a Service Mesh become the new Service Bus?

  2. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. About me • Software Architect / DevOps Engineer • Technical Evangelist @ AWS • Published an AWS book (some years ago) • Containers, serverless and a sprinkle of ML & big / fast data @frankmunz

  3. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. 8 Years Back in Time: Enterprise Service Bus + SOA ESB = Service Virtualization Layer • Configuration driven • Reduces complexity #cx: squared -> linear with ESB • VETO pattern = Validate, Enrich, Transform, Operate

  4. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Enterprise Service Bus (ESB) Cross cutting concerns such as loose coupling, location transparency, throttling, monitoring, security, audit trails, etc.

  5. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Splitting the Monolith – A. Cockroft @ AWS https://youtu.be/aBcG57Gw9k0

  6. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Enterprise SW Modernization -> Microservices Building Blocks / Technical Architecture • Containers • Serverless • AWS Lambda • Other cloud services • Do NOT stuff everything into a container! • AWS API Gateway, Kinesis, Aurora, EKS, ECS, etc. -> Container / K8s will not make other services redundant

  7. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Challenges of Containers at Scale • More transient • More distributed and complex • Networking • Scheduling / Resource Management • Not virtualized, but isolated: containers share Linux kernel -> Tooling and orchestration required

  8. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Open source container management platform Helps you run containers at scale Gives you primitives for building modern applications What is Kubernetes (K8s)?

  9. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. “Run Kubernetes for me.”

  10. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Availability Zone 1 Availability Zone 2 Availability Zone 3 Kubectl EKS Architecture

  11. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. EKS is Kubernetes Certified + Heptio IAM Authenticator (open sourced) VPC Networking (open sourced)

  12. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Kubernetes Ressources (incomplete list) Ressource Pod Basic K8s unit, co-located containers Namespace Non-overlapping group of ressources Replica Set Keeps pod replicas running Service Exposes pod at single stable IP Deployment Rolling update of pods Ingress Expose service with static IP to external client Admission Controller Run code after API request, e.g. inject sidecar

  13. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. OSS Hystrix: code changes required Service Mesh: decentral, language agnostic https://www.infoq.com/articles/microservices-post-kubernetes Shift in Infrastructure Logic ESB: clustered monolith

  14. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Istio Service Mesh • Connect, secure, and observe services • Shift in where functionality is located • Istio control plane • Data plane = set of all proxies • Envoy proxy as sidecar in K8s pod • Automatic / manual injection of proxy

  15. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Istio Service Mesh with Envoy Proxy Add a 5s delay to 10% of all requests

  16. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Envoy Proxy • Level 7 proxy • HTTP, HTTP/2, gRPC, AWS Dynamo DB, MongoDB • C++11 code base , only 8 MB (statically linked) • No language or framework dependencies • No code changes

  17. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Service Mesh Cross cutting concerns such as retries, timeouts, circuit breaking, fault injection, client-side load balancing, service discovery, security, metrics-collection, A/B deployments, and traffic mirroring/ routing

  18. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Service Mesh But Docker / Kubernetes can do rolling updates! Yes, but Istio sparates traffic flow from replica deployment

  19. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. A bath tub full of cold water? 1pod 25% deployment … or just wetten your feet? Istio 3% traffic

  20. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved.

  21. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Install Istio with Helm $ helm install --wait --name istio \ --namespace istio-system \ install/kubernetes/helm/istio \ --set grafana.enabled=true \ --set tracing.enabled=true \ --set servicegraph.enabled=true $ # K8s label turn on automatic sidecar injection $ kubectl label namespace default istioinjection=enabled

  22. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. DEMO ?

  23. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Jaeger

  24. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Grafana

  25. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Servicegraph

  26. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Customers

  27. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Snap @AWS Summit in New York 2018 https://youtu.be/mCVdcz01Z-g?t=2052

  28. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Summary • Architect wisely. Consider containers, serverless, and cloud services • Running K8s is hard, use a managed K8s service like AWS EKS • Service Meshes like Istio complement K8s • AWS EKS is unforked, upstream K8s. You can install open-source Istio with Envoy as a helm chart

  29. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Summary Envoy Proxy • CNCF incubator project • Implements cross-cutting concerns (many of which were implemented by ESB) • Auto sidecar injection with AWS EKS • Ties into Jaeger, Grafana, other CNCF projects

  30. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. References Ø Introduction to modern network load balancing and proxying https://blog.envoyproxy.io/introduction-to-modern-network-load-balancing-and-proxying- a57f6ff80236 Ø InfoQ: Microservices in a Post-Kubernetes Era https://www.infoq.com/articles/microservices-post-kubernetes Ø Getting Started with Istio on Amazon EKS https://aws.amazon.com/blogs/opensource/getting-started-istio-eks/ Ø EKS Workshop (K8s, Helm, CI/CD, Grafana, Kabana) https://eksworkshop.com/introduction/ Ø Istio Book https://www.manning.com/books/istio-in-action Ø AWS EKS Documentation https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html

  31. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Dr. Frank Munz Technical Evangelist, AWS Thank you! @frankmunz