SlideShare a Scribd company logo

Application Rollout - Istio

M
Mandar Jog

The document discusses common DevOps challenges related to rolling out new versions of microservices and testing them. It introduces Istio as a solution for addressing these challenges through intelligent routing, resiliency features, traffic controls, telemetry collection, and other capabilities. Istio uses the Envoy proxy and control tools like Pilot and Mixer to provide features for reliable traffic management between services, such as advanced routing rules for canary releases, fault injection for testing resiliency, and policy enforcement across the mesh.

Engineering
1 of 23
Download to read offline
Reliable application roll out and operations with Istio Lin Sun, IBM @linsun_unc Mandar Jog, Google @mandarjog
Common DevOps Challenge 1 • How do I roll out a newer version of my microservice without down time? • How do I ensure traffic continue goes to the current version before the newer version is tested and ready?
Common DevOps Challenge 2 • How do I do A/B testing? • Release a new version to a subset of users in a precise way • I have launched B in the dark, but how can I keep B to myself or a small testing group?
Common DevOps Challenge 3 • How do I do canary testing? • I want to leverage crowdsourced testing. How do I test the new version to a subset of users? • How do I proceed to a full rollout after satisfactory testing of the new version?
Other Common DevOps Challenges • Things don’t always go correctly in production… How do I inject fault to my microservices to prepare myself? • Our team knows different languages and our services are written in different languages. • My services can only handle certain rate, how can I limit rate for some of my services? • I need to view what is going on with each of my services when crisis arises.
Introduce Istio http://istio.io
Intelligent Routing and Load Balancing http://istio.io
Resilience Across Languages and Platforms http://istio.io
http://istio.io Secure Access with Fleet Wide Policy Enforcement

http://istio.io In-Depth Telemetry and Reporting
Components of Istio • Envoy proxy, to mediate all inbound and outbound traffic for all services in the service mesh. Leverages Envoy features such as dynamic service discovery, load balancing, TLS termination, HTTP/2 & gRPC proxying, circuit breakers, health checks, staged rollouts with %- based traffic split, fault injection, and rich metrics.
 • Pilot: Programming envoys and responsible for service discovery, registration and load balancing
 • Istio-Security provides strong service-to-service and end-user authentication using mutual TLS, with built-in identity and credential management
 • Mixer is responsible for enforcing access control and usage policies across the service mesh and collecting telemetry data from the Envoy proxy and other services.
Our sidecar of choice
Putting it all together
Traffic Control // A simple traffic control rule destination: name: serviceB.example.cluster.local match:
   source: serviceA.example.cluster.local
 route:
 - labels:
     version: v1.5     env: us-prod   weight: 100 Challenge 1: How can I roll out new version without down time or changing code?
Traffic Steering // Content-based traffic steering rule destination: serviceB.example.cluster.local
 match:
   httpHeaders:
     user-agent:
       regex: ^(.*?;)?(iPhone)(;.*)?$
 precedence: 2
 route:
 - labels:
     version: v2 Challenge 2: How do I do A/B testing?
Traffic Splitting // A simple traffic splitting rule destination: serviceB.example.cluster.local match:
   source: serviceA.example.cluster.local
 route:
 - labels:
     version: v1.5     env: us-prod   weight: 90 - labels:
     version: v2.0-alpha     env: us-staging   weight: 10 Challenge 3: How do I do canary testing?
Resiliency // Circuit breakers destination: serviceB.example.cluster.local
 policy:
 - labels:
     version: v1
   circuitBreaker:
     simpleCb:
       maxConnections: 100
       httpMaxRequests: 1000
       httpMaxRequestsPerConnection: 10
       httpConsecutiveErrors: 7
       sleepWindow: 15m
       httpDetectionInterval: 5m Istio adds fault tolerance to your application without any changes to code Resilience features ❖ Timeouts ❖ Retries with timeout budget ❖ Circuit breakers ❖ Health checks ❖ AZ-aware load balancing w/ automatic failover ❖ Control connection pool size and request load
Resiliency Testing Systematic fault injection to identify weaknesses in failure recovery policies ❖ HTTP/gRPC error codes  ❖ Delay injection
Rate Limiting Istio protects your application from rogue actors by imposing ratelimits Rate limit ❖ Configurable limits with overrides ❖ Multiple rate limiting backends ❖ Conditional rate limiting Quotas: - name: requestcount.quota.istio-system maxAmount: 5000 validDuration: 1s overrides: - dimensions: destination: ratings source: reviews sourceVersion: v3 maxAmount: 1 validDuration: 1s - dimensions: destination: ratings maxAmount: 100 validDuration: 1s
Telemetry Monitoring & tracing should not be an afterthought in the infrastructure Goals ● Metrics without instrumenting apps ● Consistent metrics across fleet ● Trace flow of requests across services ● Portable across metric backend providers
Proposed Istio Deployment Controller
Istio Analytics
Demo +

Recommended

Connecting All Abstractions with Istio
Connecting All Abstractions with IstioConnecting All Abstractions with Istio
Connecting All Abstractions with IstioVMware Tanzu
 
istio: service mesh for all
istio: service mesh for allistio: service mesh for all
istio: service mesh for allMandar Jog
 
The elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioThe elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioInho Kang
 
An Open-Source Platform to Connect, Manage, and Secure Microservices
An Open-Source Platform to Connect, Manage, and Secure MicroservicesAn Open-Source Platform to Connect, Manage, and Secure Microservices
An Open-Source Platform to Connect, Manage, and Secure MicroservicesDoiT International
 
Stop reinventing the wheel with Istio by Mete Atamel (Google)
Stop reinventing the wheel with Istio by Mete Atamel (Google)Stop reinventing the wheel with Istio by Mete Atamel (Google)
Stop reinventing the wheel with Istio by Mete Atamel (Google)Codemotion
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service MeshLuke Marsden
 
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, DatawireNYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, DatawireAmbassador Labs
 
Microservices with Spring
Microservices with SpringMicroservices with Spring
Microservices with SpringSoftware Infrastructure
 

Recommended

Connecting All Abstractions with Istio
Connecting All Abstractions with IstioConnecting All Abstractions with Istio
Connecting All Abstractions with IstioVMware Tanzu
 
istio: service mesh for all
istio: service mesh for allistio: service mesh for all
istio: service mesh for allMandar Jog
 
The elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioThe elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioInho Kang
 
An Open-Source Platform to Connect, Manage, and Secure Microservices
An Open-Source Platform to Connect, Manage, and Secure MicroservicesAn Open-Source Platform to Connect, Manage, and Secure Microservices
An Open-Source Platform to Connect, Manage, and Secure MicroservicesDoiT International
 
Stop reinventing the wheel with Istio by Mete Atamel (Google)
Stop reinventing the wheel with Istio by Mete Atamel (Google)Stop reinventing the wheel with Istio by Mete Atamel (Google)
Stop reinventing the wheel with Istio by Mete Atamel (Google)Codemotion
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service MeshLuke Marsden
 
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, DatawireNYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, DatawireAmbassador Labs
 
Microservices with Spring
Microservices with SpringMicroservices with Spring
Microservices with SpringSoftware Infrastructure
 
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...Daniel Oh
 
Service mesh with istio
Service mesh with istioService mesh with istio
Service mesh with istioWisnuPrabowo20
 
linkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service Meshlinkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service MeshDario Simonetti
 
Tech Talks Microservices
Tech Talks MicroservicesTech Talks Microservices
Tech Talks MicroservicesMauricio Ferreyra
 
Istio
Istio Istio
Istio Arun prasath
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdChristian Posta
 
Managing Microservices traffic using Istio
Managing Microservices traffic using IstioManaging Microservices traffic using Istio
Managing Microservices traffic using IstioArun prasath
 
Ambassador Kubernetes-Native API Gateway
Ambassador Kubernetes-Native API GatewayAmbassador Kubernetes-Native API Gateway
Ambassador Kubernetes-Native API GatewayAmbassador Labs
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service MeshRafik HARABI
 
Istio : Service Mesh
Istio : Service MeshIstio : Service Mesh
Istio : Service MeshKnoldus Inc.
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for MicroservicesNGINX, Inc.
 
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...VMware Tanzu
 
Managing Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on KubernetesManaging Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on KubernetesIftach Schonbaum
 
Microservices with Spring Cloud and Netflix OSS
Microservices with Spring Cloud and Netflix OSSMicroservices with Spring Cloud and Netflix OSS
Microservices with Spring Cloud and Netflix OSSDenis Danov
 
Microservices on kubernetes
Microservices on kubernetesMicroservices on kubernetes
Microservices on kubernetesChandresh Pancholi
 
WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh? WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh? Anton Weiss
 
Asynchronous Microservices in nodejs
Asynchronous Microservices in nodejsAsynchronous Microservices in nodejs
Asynchronous Microservices in nodejsBruno Pedro
 
Securing Microservices with Istio
Securing Microservices with IstioSecuring Microservices with Istio
Securing Microservices with IstioDaniel Berg
 
Service Discovery with Consul
Service Discovery with ConsulService Discovery with Consul
Service Discovery with ConsulAli Demirsoy
 
Istio on Kubernetes
Istio on KubernetesIstio on Kubernetes
Istio on KubernetesDaneyon Hansen
 
21st Docker Switzerland Meetup - ISTIO
21st Docker Switzerland Meetup - ISTIO21st Docker Switzerland Meetup - ISTIO
21st Docker Switzerland Meetup - ISTIONiklaus Hirt
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Ram Vennam
 

More Related Content

What's hot

Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...Daniel Oh
 
Service mesh with istio
Service mesh with istioService mesh with istio
Service mesh with istioWisnuPrabowo20
 
linkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service Meshlinkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service MeshDario Simonetti
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdChristian Posta
 
Managing Microservices traffic using Istio
Managing Microservices traffic using IstioManaging Microservices traffic using Istio
Managing Microservices traffic using IstioArun prasath
 
Ambassador Kubernetes-Native API Gateway
Ambassador Kubernetes-Native API GatewayAmbassador Kubernetes-Native API Gateway
Ambassador Kubernetes-Native API GatewayAmbassador Labs
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service MeshRafik HARABI
 
Istio : Service Mesh
Istio : Service MeshIstio : Service Mesh
Istio : Service MeshKnoldus Inc.
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for MicroservicesNGINX, Inc.
 
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...VMware Tanzu
 
Managing Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on KubernetesManaging Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on KubernetesIftach Schonbaum
 
Microservices with Spring Cloud and Netflix OSS
Microservices with Spring Cloud and Netflix OSSMicroservices with Spring Cloud and Netflix OSS
Microservices with Spring Cloud and Netflix OSSDenis Danov
 
WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh? WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh? Anton Weiss
 
Asynchronous Microservices in nodejs
Asynchronous Microservices in nodejsAsynchronous Microservices in nodejs
Asynchronous Microservices in nodejsBruno Pedro
 
Securing Microservices with Istio
Securing Microservices with IstioSecuring Microservices with Istio
Securing Microservices with IstioDaniel Berg
 
Service Discovery with Consul
Service Discovery with ConsulService Discovery with Consul
Service Discovery with ConsulAli Demirsoy
 

What's hot (20)

Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
 
Service mesh with istio
Service mesh with istioService mesh with istio
Service mesh with istio
 
linkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service Meshlinkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service Mesh
 
Tech Talks Microservices
Tech Talks MicroservicesTech Talks Microservices
Tech Talks Microservices
 
Istio
Istio Istio
Istio
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
 
Managing Microservices traffic using Istio
Managing Microservices traffic using IstioManaging Microservices traffic using Istio
Managing Microservices traffic using Istio
 
Ambassador Kubernetes-Native API Gateway
Ambassador Kubernetes-Native API GatewayAmbassador Kubernetes-Native API Gateway
Ambassador Kubernetes-Native API Gateway
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service Mesh
 
Istio : Service Mesh
Istio : Service MeshIstio : Service Mesh
Istio : Service Mesh
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for Microservices
 
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
 
Managing Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on KubernetesManaging Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on Kubernetes
 
Microservices with Spring Cloud and Netflix OSS
Microservices with Spring Cloud and Netflix OSSMicroservices with Spring Cloud and Netflix OSS
Microservices with Spring Cloud and Netflix OSS
 
Microservices on kubernetes
Microservices on kubernetesMicroservices on kubernetes
Microservices on kubernetes
 
WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh? WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh?
 
Asynchronous Microservices in nodejs
Asynchronous Microservices in nodejsAsynchronous Microservices in nodejs
Asynchronous Microservices in nodejs
 
Securing Microservices with Istio
Securing Microservices with IstioSecuring Microservices with Istio
Securing Microservices with Istio
 
Service Discovery with Consul
Service Discovery with ConsulService Discovery with Consul
Service Discovery with Consul
 
Istio on Kubernetes
Istio on KubernetesIstio on Kubernetes
Istio on Kubernetes
 

Similar to Application Rollout - Istio

21st Docker Switzerland Meetup - ISTIO
21st Docker Switzerland Meetup - ISTIO21st Docker Switzerland Meetup - ISTIO
21st Docker Switzerland Meetup - ISTIONiklaus Hirt
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Ram Vennam
 
Service Mesh Talk for CTO Forum
Service Mesh Talk for CTO ForumService Mesh Talk for CTO Forum
Service Mesh Talk for CTO ForumRick Hightower
 
Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)Rick Hightower
 
Using Service Discovery and Service Proxy
Using Service Discovery and Service ProxyUsing Service Discovery and Service Proxy
Using Service Discovery and Service ProxyIBM
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxPINGXIONG3
 
Debugging Microservices - QCON 2017
Debugging Microservices - QCON 2017Debugging Microservices - QCON 2017
Debugging Microservices - QCON 2017Idit Levine
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?NGINX, Inc.
 
Continuous Integration and Continuous Delivery to Facilitate Web Service Testing
Continuous Integration and Continuous Delivery to Facilitate Web Service TestingContinuous Integration and Continuous Delivery to Facilitate Web Service Testing
Continuous Integration and Continuous Delivery to Facilitate Web Service TestingCognizant
 
Ragha Deepika_Exp_4+
Ragha Deepika_Exp_4+Ragha Deepika_Exp_4+
Ragha Deepika_Exp_4+Ragha batchu
 
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...StreamNative
 
Agile integration: Decomposing the monolith
Agile integration: Decomposing the monolith Agile integration: Decomposing the monolith
Agile integration: Decomposing the monolith Judy Breedlove
 
RCS Service Monitoring - 1-to-1 Chat
RCS Service Monitoring - 1-to-1 ChatRCS Service Monitoring - 1-to-1 Chat
RCS Service Monitoring - 1-to-1 ChatJose Gonzalez
 
Testing Microservices
Testing MicroservicesTesting Microservices
Testing MicroservicesNagarro
 
Experitest & Cigniti Co-Webinar -
Experitest & Cigniti Co-Webinar -Experitest & Cigniti Co-Webinar -
Experitest & Cigniti Co-Webinar -Experitest
 
Experitest & Wipro Co-Webinar
Experitest & Wipro Co-Webinar Experitest & Wipro Co-Webinar
Experitest & Wipro Co-Webinar Experitest
 
Open Source Networking Days- Service Mesh
Open Source Networking Days- Service MeshOpen Source Networking Days- Service Mesh
Open Source Networking Days- Service MeshCloudOps2005
 

Similar to Application Rollout - Istio (20)

21st Docker Switzerland Meetup - ISTIO
21st Docker Switzerland Meetup - ISTIO21st Docker Switzerland Meetup - ISTIO
21st Docker Switzerland Meetup - ISTIO
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019
 
Service Mesh Talk for CTO Forum
Service Mesh Talk for CTO ForumService Mesh Talk for CTO Forum
Service Mesh Talk for CTO Forum
 
Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)
 
Using Service Discovery and Service Proxy
Using Service Discovery and Service ProxyUsing Service Discovery and Service Proxy
Using Service Discovery and Service Proxy
 
Microservice Powered Orchestration
Microservice Powered OrchestrationMicroservice Powered Orchestration
Microservice Powered Orchestration
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptx
 
Debugging Microservices - QCON 2017
Debugging Microservices - QCON 2017Debugging Microservices - QCON 2017
Debugging Microservices - QCON 2017
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?
 
Continuous Integration and Continuous Delivery to Facilitate Web Service Testing
Continuous Integration and Continuous Delivery to Facilitate Web Service TestingContinuous Integration and Continuous Delivery to Facilitate Web Service Testing
Continuous Integration and Continuous Delivery to Facilitate Web Service Testing
 
Ragha Deepika_Exp_4+
Ragha Deepika_Exp_4+Ragha Deepika_Exp_4+
Ragha Deepika_Exp_4+
 
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...
 
Agile integration: Decomposing the monolith
Agile integration: Decomposing the monolith Agile integration: Decomposing the monolith
Agile integration: Decomposing the monolith
 
RCS Service Monitoring - 1-to-1 Chat
RCS Service Monitoring - 1-to-1 ChatRCS Service Monitoring - 1-to-1 Chat
RCS Service Monitoring - 1-to-1 Chat
 
Testing Microservices
Testing MicroservicesTesting Microservices
Testing Microservices
 
Hello istio
Hello istioHello istio
Hello istio
 
Experitest & Cigniti Co-Webinar -
Experitest & Cigniti Co-Webinar -Experitest & Cigniti Co-Webinar -
Experitest & Cigniti Co-Webinar -
 
Experitest & Wipro Co-Webinar
Experitest & Wipro Co-Webinar Experitest & Wipro Co-Webinar
Experitest & Wipro Co-Webinar
 
Testing in Production (TiP)
Testing in Production (TiP)Testing in Production (TiP)
Testing in Production (TiP)
 
Open Source Networking Days- Service Mesh
Open Source Networking Days- Service MeshOpen Source Networking Days- Service Mesh
Open Source Networking Days- Service Mesh
 

Recently uploaded

Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 
Class 1 | NFPA 72 | Overview Fire Alarm System
Class 1 | NFPA 72 | Overview Fire Alarm SystemClass 1 | NFPA 72 | Overview Fire Alarm System
Class 1 | NFPA 72 | Overview Fire Alarm Systemirfanmechengr
 
computer application and construction management
computer application and construction managementcomputer application and construction management
computer application and construction managementMariconPadriquez1
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx959SahilShah
 
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncWhy does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncssuser2ae721
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catcherssdickerson1
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Vishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsVishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsSachinPawar510423
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...121011101441
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgUnit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgsaravananr517913
 
welding defects observed during the welding
welding defects observed during the weldingwelding defects observed during the welding
welding defects observed during the weldingMuhammadUzairLiaqat
 

Recently uploaded (20)

Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 
Class 1 | NFPA 72 | Overview Fire Alarm System
Class 1 | NFPA 72 | Overview Fire Alarm SystemClass 1 | NFPA 72 | Overview Fire Alarm System
Class 1 | NFPA 72 | Overview Fire Alarm System
 
computer application and construction management
computer application and construction managementcomputer application and construction management
computer application and construction management
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
 
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncWhy does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Vishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsVishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documents
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgUnit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
 
welding defects observed during the welding
welding defects observed during the weldingwelding defects observed during the welding
welding defects observed during the welding
 
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 

Application Rollout - Istio

  • 1. Reliable application roll out and operations with Istio Lin Sun, IBM @linsun_unc Mandar Jog, Google @mandarjog
  • 2. Common DevOps Challenge 1 • How do I roll out a newer version of my microservice without down time? • How do I ensure traffic continue goes to the current version before the newer version is tested and ready?
  • 3. Common DevOps Challenge 2 • How do I do A/B testing? • Release a new version to a subset of users in a precise way • I have launched B in the dark, but how can I keep B to myself or a small testing group?
  • 4. Common DevOps Challenge 3 • How do I do canary testing? • I want to leverage crowdsourced testing. How do I test the new version to a subset of users? • How do I proceed to a full rollout after satisfactory testing of the new version?
  • 5. Other Common DevOps Challenges • Things don’t always go correctly in production… How do I inject fault to my microservices to prepare myself? • Our team knows different languages and our services are written in different languages. • My services can only handle certain rate, how can I limit rate for some of my services? • I need to view what is going on with each of my services when crisis arises.
  • 7. Intelligent Routing and Load Balancing http://istio.io
  • 8. Resilience Across Languages and Platforms http://istio.io
  • 9. http://istio.io Secure Access with Fleet Wide Policy Enforcement

  • 11. Components of Istio • Envoy proxy, to mediate all inbound and outbound traffic for all services in the service mesh. Leverages Envoy features such as dynamic service discovery, load balancing, TLS termination, HTTP/2 & gRPC proxying, circuit breakers, health checks, staged rollouts with %- based traffic split, fault injection, and rich metrics.
 • Pilot: Programming envoys and responsible for service discovery, registration and load balancing
 • Istio-Security provides strong service-to-service and end-user authentication using mutual TLS, with built-in identity and credential management
 • Mixer is responsible for enforcing access control and usage policies across the service mesh and collecting telemetry data from the Envoy proxy and other services.
  • 12. Our sidecar of choice
  • 13. Putting it all together
  • 14. Traffic Control // A simple traffic control rule destination: name: serviceB.example.cluster.local match:
   source: serviceA.example.cluster.local
 route:
 - labels:
     version: v1.5     env: us-prod   weight: 100 Challenge 1: How can I roll out new version without down time or changing code?
  • 15. Traffic Steering // Content-based traffic steering rule destination: serviceB.example.cluster.local
 match:
   httpHeaders:
     user-agent:
       regex: ^(.*?;)?(iPhone)(;.*)?$
 precedence: 2
 route:
 - labels:
     version: v2 Challenge 2: How do I do A/B testing?
  • 16. Traffic Splitting // A simple traffic splitting rule destination: serviceB.example.cluster.local match:
   source: serviceA.example.cluster.local
 route:
 - labels:
     version: v1.5     env: us-prod   weight: 90 - labels:
     version: v2.0-alpha     env: us-staging   weight: 10 Challenge 3: How do I do canary testing?
  • 17. Resiliency // Circuit breakers destination: serviceB.example.cluster.local
 policy:
 - labels:
     version: v1
   circuitBreaker:
     simpleCb:
       maxConnections: 100
       httpMaxRequests: 1000
       httpMaxRequestsPerConnection: 10
       httpConsecutiveErrors: 7
       sleepWindow: 15m
       httpDetectionInterval: 5m Istio adds fault tolerance to your application without any changes to code Resilience features ❖ Timeouts ❖ Retries with timeout budget ❖ Circuit breakers ❖ Health checks ❖ AZ-aware load balancing w/ automatic failover ❖ Control connection pool size and request load
  • 18. Resiliency Testing Systematic fault injection to identify weaknesses in failure recovery policies ❖ HTTP/gRPC error codes  ❖ Delay injection
  • 19. Rate Limiting Istio protects your application from rogue actors by imposing ratelimits Rate limit ❖ Configurable limits with overrides ❖ Multiple rate limiting backends ❖ Conditional rate limiting Quotas: - name: requestcount.quota.istio-system maxAmount: 5000 validDuration: 1s overrides: - dimensions: destination: ratings source: reviews sourceVersion: v3 maxAmount: 1 validDuration: 1s - dimensions: destination: ratings maxAmount: 100 validDuration: 1s
  • 20. Telemetry Monitoring & tracing should not be an afterthought in the infrastructure Goals ● Metrics without instrumenting apps ● Consistent metrics across fleet ● Trace flow of requests across services ● Portable across metric backend providers