SlideShare uma empresa Scribd logo

21st Docker Switzerland Meetup - ISTIO

Niklaus Hirt
Niklaus Hirt

The document discusses Istio, an open source service mesh that provides traffic management, resilience, and security for microservices applications. It begins with an overview of microservices and common challenges in managing microservices applications. It then introduces Istio and its components that address these challenges, such as intelligent routing, policy enforcement, and telemetry collection. Specific Istio features like traffic control, splitting, and mirroring are demonstrated. Finally, it provides instructions for getting started with Istio and links for additional information.

Tecnologia
1 de 51
Baixar para ler offline
ISTIO NIKLAUS HIRT (DEVOPS / CLOUD ARCHITECT)
AGENDA 1. Microservices 2. Istio 3. Demo
MICROSERVICES ▸Decomposing an application into single function modules which are independently deployed and operated ▸Accelerate delivery by minimizing communication and coordination between people
ARCHITECTURE
THE TRADE OFF Improved delivery velocity in exchange for increased operational complexity Hailo microservices
MICROSERVICES ARE HARD ▸Applications aren’t running in green-field environments ▸Network layer is hard to manage ▸Tooling is nascent
CHALLENGES
COMMON DEVOPS CHALLENGE 1 ▸How do I roll out a newer version of my microservice without down time? ▸How do I ensure traffic continue to go to the current version before the newer version is tested and ready?
COMMON DEVOPS CHALLENGE 2 ▸How do I do canary testing? ▸I want to leverage crowdsourced testing. How do I test the new version with a subset of users? ▸How do I proceed to a full rollout after satisfactory testing of the new version?
COMMON DEVOPS CHALLENGE 3 ▸How do I do A/B testing? • Release a new version to a subset of users in a precise way ▸I have launched B in the dark, but how can I keep B to myself or a small testing group?
OTHER COMMON DEVOPS CHALLENGES 4. Things don’t always go correctly in production... How do I inject fault to my microservices to prepare myself? 5. My services can only handle certain rate, how can I limit rate for some of my services? 6. I need to view and monitor what is going on with each of my services when crisis arises. 7. How can I secure my services .
It’s doable, but…
It’s doable, but… Requires a lot of coding
Service Mesh Dedicated infrastructure layer to make service-to-service communication fast, safe and reliable
ISTIO A service mesh designed to connect, manage and secure micro services
ISTIO Launched in May 2017 by Google, Lyft and IBM A service mesh designed to connect, manage and secure micro services
ISTIO Open Source Launched in May 2017 by Google, Lyft and IBM A service mesh designed to connect, manage and secure micro services
ISTIO Open Source Zero Code Changes Launched in May 2017 by Google, Lyft and IBM A service mesh designed to connect, manage and secure micro services
FEATURES
INTELLIGENT ROUTING AND LOAD BALANCING ‣ Conduct traffic between services with dynamic route configuration ‣ A/B tests ‣ Canary releases ‣ Gradually upgrade versions Red/Black deployments
RESILIENCE ACROSS LANGUAGES AND PLATFORMS ‣ Increase reliability by shielding applications from flaky networks and cascading failures in adverse conditions
FLEET-WIDE POLICY ENFORCEMENT ‣ Apply organizational policy to the interaction between services ‣ Ensure access policies are enforced ‣ Make sure resources are fairly distributed among consumers.
IN-DEPTH TELEMETRY AND REPORTING ‣ Understand the dependencies between services, the nature and flow of traffic between them, and quickly identify issues with distributed tracing.
ARCHITECTURE
ARCHITECTURE
COMPONENTS OF ISTIO ‣ Envoy proxy, to mediate all inbound and outbound traffic for all services in the service mesh. ‣ Pilot Programming envoys and responsible for service discovery, registration and load balancing ‣ Citadel provides strong service-to-service and end-user authentication using mutual TLS, with built-in identity and credential management ‣ Mixer Responsible for enforcing access control and usage policies and collecting telemetry data
ISTIO ▸Operates at Layer 7 , which is the “service” or “RPC” layer of your network application ▸A rich set of attributes to base policy decisions on, so policies can be applied based on virtual host, URL, or other HTTP headers ▸Flexibility in processing ▸Allows it to be distributed ▸Istio Proxy is implemented inside the pod, as a Envoy sidecar container in the same network namespace
ISTIO – CUSTOM RESOURCE DEFINITIONS kind: Gateway metadata: name: helloworld-gateway spec: selector: istio: ingressgateway servers: - hosts: - '*' port: name: http number: 80 protocol: HTTP kind: DestinationRule metadata: name: helloworld-destination spec: host: helloworld subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 kind: VirtualService metadata: name: helloworld spec: hosts: - "*" gateways: - helloworld-gateway http: - match: - uri: exact: /hello route: - destination: host: helloworld subset: v1 weight: 90 - destination: host: helloworld subset: v2 weight: 10 POD HelloWorld version = v1 POD HelloWorld version = v2
TRAFFIC CONTROL CHALLENGE 1 ROLL OUT NEW VERSION WITHOUT DOWNTIME OR CHANGING CODE version: v2.0 env: us-prod version: v1.5 env: us-prod 100% 0% // A simple traffic control rule destination: serviceB.example.cluster.local match: source: serviceA.example.cluster.local route: - labels: version: v1.5 env: us-prod weight: 100
TRAFFIC CONTROL CHALLENGE 1 ROLL OUT NEW VERSION WITHOUT DOWNTIME OR CHANGING CODE version: v2.0 env: us-prod version: v1.5 env: us-prod 0% 0%100% // A simple traffic control rule destination: serviceB.example.cluster.local match: source: serviceA.example.cluster.local route: - labels: version: v2.0 env: us-prod weight: 100
TRAFFIC SPLITTING CHALLENGE 2 HOW TO DO CANARY TESTING version: v2.0-alpha env: us-staging version: v1.5 env: us-prod // A simple traffic splitting rule destination: serviceB.example.cluster.local match: source: serviceA.example.cluster.local route: - labels: version: v1.5 env: us-prod weight: 95 - labels: version: v2.0-alpha env: us-staging weight: 5
TRAFFIC STEERNIG CHALLENGE 3 HOW TO DO A/B TESTING version: v2 version: v1 version: v2 version: v1 // Content-based traffic steering destination: serviceB.example.cluster.local match: httpHeaders: user-agent: regex: ^(.*?;)?(iPhone)(;.*)?$ precedence: 2 route: - labels: version: v2
TRAFFIC MIRRORING version: v2.0-alpha env: us-staging version: v1.5 env: us-prod100% 100% •Responses to any mirrored traffic is ignored; traffic is mirrored as “fire-and-forget” •You’ll need to have the 0-weighted route to hint to Istio to create the proper Envoy // A simple traffic splitting rule destination: serviceB.example.cluster.local match: source: serviceA.example.cluster.local route: - labels: version: v1.5 env: us-prod weight: 100 - labels: version: v2.0-alpha env: us-staging weight: 0 mirror: name: httpbin labels: version: v2.0-alpha env: us-staging CHALLENGE 4 THINGS DON’T ALWAYS GO CORRECTLY IN PRODUCTION...
RESILIENCY CHALLENGE 4 THINGS DON’T ALWAYS GO CORRECTLY IN PRODUCTION...
RESILIENCY CHALLENGE 4 THINGS DON’T ALWAYS GO CORRECTLY IN PRODUCTION...
RESILIENCY TESTING hosts: - ratings http: - fault: abort: percent: 10 httpStatus: 400 route: - destination: host: ratings subset: v1 hosts: - ratings http: - fault: delay: percent: 10 fixedDelay: 5s route: - destination: host: ratings subset: v1 CHALLENGE 4 HOW DO I INJECT FAULT TO MY MICROSERVICES TO PREPARE MYSELF?
RATE LIMITING CHALLENGE 5 HOW CAN I LIMIT RATE FOR SOME OF MY SERVICES?
TELEMETRY ‣ Monitoring & tracing should not be an afterthought in the infrastructure ‣ Goals ‣ Metrics without instrumenting apps ‣ Consistent metrics across fleet ‣ Trace flow of requests across services ‣ Portable across metric backend providers CHALLENGE 6 I NEED TO VIEW WHAT IS GOING ON WHEN CRISIS ARISES
SECURITY CHALLENGE 7 HOW CAN I SECURE MY SERVICES? ‣ Authentication ‣ Transport authentication, also known as service-to-service authentication ‣ Origin authentication, also known as end-user authentication ‣ Authorization ‣ Based on RBAC ‣ Namespace-level, service-level and method-level access control for services
USING ISTIO IN CONCERT WITH CALICO ▸ Policy operates at Layer 7 , which is the “service” or “RPC” layer of your network application. ▸ A rich set of attributes to base policy decisions on, so policies can be applied based on virtual host, URL, or other HTTP headers. ▸ Flexibility in processing. ▸ Allows it to be distributed ▸ Istio Proxy is implemented inside the pod, as a Envoy sidecar container in the same network namespace. ▸ Operates at Layer 3, which is the network layer ▸ Has the advantage of being universal (DNS, SQL, real-time streaming, …) ▸ Can extend beyond the service mesh (including to bare metal or VM endpoints not under the control of Kubernetes). ▸ Calico’s policy is enforced at the host node, outside the network namespace of the guest pods. ▸ Based on iptables, which are packet filters implemented in the standard Linux kernel, it is extremely fast.
USING ISTIO IN CONCERT WITH CALICO “RPC” — L7 Layer “Network” — L3-4 Userspace Implementation Kernel Pod Enforcement Point Node Ideal for applying policy in support of operational goals, like service routing, retries, circuit-breaking, etc Strengths Universal, highly efficient, and isolated from the pods, making it ideal for applying policy in support of security goals
ADDRESSING DEVOPS CHALLENGES # CHALLENGE ISTIO SOLUTION CHALLENGE 1 ROLL OUT NEW VERSION WITHOUT DOWNTIME OR CHANGING CODE TRAFFIC CONTROL CHALLENGE 2 HOW TO DO CANARY TESTING TRAFFIC SPLITTING CHALLENGE 3 HOW TO DO A/B TESTING TRAFFIC STEERNIG CHALLENGE 4 THINGS DON’T ALWAYS GO CORRECTLY IN PRODUCTION... TRAFFIC MIRRORING RESILIENCY RESILIENCY TESTING CHALLENGE5 HOW CAN I LIMIT RATE FOR SOME OF MY SERVICES? RATE LIMITING CHALLENGE 6 I NEED TO VIEW AND MONITOR WHAT IS GOING ON WHEN CRISIS ARISES TELEMETRY CHALLENGE 7 HOW CAN I SECURE MY SERVICES? AUTHENTICATION AUTHORIZATION CALICO
GETTING STARTED ‣ Go to https://istio.io/ ‣ Download ISTIO Release With Kubectl $ kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml $ kubectl apply -f install/kubernetes/istio-demo.yaml With HELM Templating $ kubectl create namespace istio-system $ helm template --name istio --namespace istio-system --set grafana.enabled=true --set servicegraph.enabled=true --set kiali.enabled=true > istio.yaml $ kubectl apply -f istio.yaml
GETTING STARTED ‣ IBMs ISTIO 101 Hands On ‣ Go to https://github.com/IBM/istio101
COMMUNITY PARTNERS ‣ Vmware ‣ RedHat ‣ Microsoft ‣ Tigera ‣ Cisco ‣ Pivotal ‣ Weave works ‣ Datawire ‣ Scytale (SPIFEE) ‣ And more…
USEFUL LINKS ‣ Web istio.io ‣ Twitter: @Istiomesh ‣ Istio 101: https://github.com/IBM/istio101 ‣ Traffic management using Istio: https://ibm.co/2F7xSnf ‣ Resiliency and fault-tolerance using Istio: https://bit.ly/2qStF2B ‣ Reliable application roll out and operations using Istio: https://bit.ly/2K9IRQX
SOME DOCS IBM Cloud Private for Dummies http://ibm.biz/BdZedY Cloud Adoption and Transformation Consultancy http://ibm.biz/BdYFCx The de facto guide to improving your enterprise with the cloud, created by distinguished members of our Solution Engineering team http://ibm.biz/playbook Deploying and Operating Production Applications on Kubernetes in Hybrid Cloud Environments http://ibm.biz/k8sintheenterprise
CONTACT ME Niklaus Hirt: nikh@ch.ibm.com
DEMO
DEMO – BOOKINFO APP The Bookinfo application is broken into four separate microservices: • productpage. The productpage microservice calls the details and reviews microservices to populate the page. • details. The details microservice contains book information. • reviews. The reviews microservice contains book reviews. It also calls the ratings microservice. • ratings. The ratings microservice contains book ranking information that accompanies a book review. There are 3 versions of the reviews microservice: • Version v1 doesn’t call the ratings service. • Version v2 calls the ratings service, and displays each rating as 1 to 5 black stars. • Version v3 calls the ratings service, and displays each rating as 1 to 5 red stars.
THANK YOU!

Recomendados

Putting microservices on a diet with Istio
Putting microservices on a diet with IstioPutting microservices on a diet with Istio
Putting microservices on a diet with IstioQAware GmbH
 
Sailing into 2018 with Kubernetes and Istio
Sailing into 2018 with Kubernetes and IstioSailing into 2018 with Kubernetes and Istio
Sailing into 2018 with Kubernetes and IstioFernand Galiana
 
A sail in the cloud
A sail in the cloudA sail in the cloud
A sail in the cloudKamesh Sampath
 
Devops - Microservice and Kubernetes
Devops - Microservice and KubernetesDevops - Microservice and Kubernetes
Devops - Microservice and KubernetesNodeXperts
 
Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!Animesh Singh
 
Comprehensive container based service monitoring with kubernetes and istio
Comprehensive container based service monitoring with kubernetes and istioComprehensive container based service monitoring with kubernetes and istio
Comprehensive container based service monitoring with kubernetes and istioFred Moyer
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Ram Vennam
 
From zero to hero with Kubernetes and Istio
From zero to hero with Kubernetes and IstioFrom zero to hero with Kubernetes and Istio
From zero to hero with Kubernetes and IstioSergii Bishyr
 

Recomendados

Putting microservices on a diet with Istio
Putting microservices on a diet with IstioPutting microservices on a diet with Istio
Putting microservices on a diet with IstioQAware GmbH
 
Sailing into 2018 with Kubernetes and Istio
Sailing into 2018 with Kubernetes and IstioSailing into 2018 with Kubernetes and Istio
Sailing into 2018 with Kubernetes and IstioFernand Galiana
 
A sail in the cloud
A sail in the cloudA sail in the cloud
A sail in the cloudKamesh Sampath
 
Devops - Microservice and Kubernetes
Devops - Microservice and KubernetesDevops - Microservice and Kubernetes
Devops - Microservice and KubernetesNodeXperts
 
Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!Animesh Singh
 
Comprehensive container based service monitoring with kubernetes and istio
Comprehensive container based service monitoring with kubernetes and istioComprehensive container based service monitoring with kubernetes and istio
Comprehensive container based service monitoring with kubernetes and istioFred Moyer
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Ram Vennam
 
From zero to hero with Kubernetes and Istio
From zero to hero with Kubernetes and IstioFrom zero to hero with Kubernetes and Istio
From zero to hero with Kubernetes and IstioSergii Bishyr
 
An Open-Source Platform to Connect, Manage, and Secure Microservices
An Open-Source Platform to Connect, Manage, and Secure MicroservicesAn Open-Source Platform to Connect, Manage, and Secure Microservices
An Open-Source Platform to Connect, Manage, and Secure MicroservicesDoiT International
 
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ... The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...Josef Adersberger
 
Istio By Example (extended version)
Istio By Example (extended version)Istio By Example (extended version)
Istio By Example (extended version)Josef Adersberger
 
Istio presentation jhug
Istio presentation jhugIstio presentation jhug
Istio presentation jhugGeorgios Andrianakis
 
Spring Boot on Kubernetes/OpenShift
Spring Boot on Kubernetes/OpenShiftSpring Boot on Kubernetes/OpenShift
Spring Boot on Kubernetes/OpenShiftKamesh Sampath
 
From 0 to 60 with kubernetes and istio
From 0 to 60 with kubernetes and istioFrom 0 to 60 with kubernetes and istio
From 0 to 60 with kubernetes and istioJoonathan Mägi
 
KubeCon NA 2017: Ambassador and Envoy (Envoy Salon)
KubeCon NA 2017: Ambassador and Envoy (Envoy Salon)KubeCon NA 2017: Ambassador and Envoy (Envoy Salon)
KubeCon NA 2017: Ambassador and Envoy (Envoy Salon)Ambassador Labs
 
How to build an event-driven, polyglot serverless microservices framework on ...
How to build an event-driven, polyglot serverless microservices framework on ...How to build an event-driven, polyglot serverless microservices framework on ...
How to build an event-driven, polyglot serverless microservices framework on ...Animesh Singh
 
Kubernetes Multi-cluster without Federation - Kubecon EU 2018
Kubernetes Multi-cluster without Federation - Kubecon EU 2018Kubernetes Multi-cluster without Federation - Kubecon EU 2018
Kubernetes Multi-cluster without Federation - Kubecon EU 2018Rob Szumski
 
Istio canaries and kubernetes
Istio canaries and kubernetesIstio canaries and kubernetes
Istio canaries and kubernetesRed Hat Developers
 
Mastering Microservices with Kong (CodeMotion 2019)
Mastering Microservices with Kong (CodeMotion 2019)Mastering Microservices with Kong (CodeMotion 2019)
Mastering Microservices with Kong (CodeMotion 2019)Maarten Mulders
 
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...Daniel Bryant
 
A microservice architecture based on golang
A microservice architecture based on golangA microservice architecture based on golang
A microservice architecture based on golangGianfranco Reppucci
 
Zero-downtime deployment of Micro-services with Kubernetes
Zero-downtime deployment of Micro-services with KubernetesZero-downtime deployment of Micro-services with Kubernetes
Zero-downtime deployment of Micro-services with KubernetesWojciech Barczyński
 
Microservices and Best Practices
Microservices and Best Practices Microservices and Best Practices
Microservices and Best Practices Weaveworks
 
Spring Cloud Into Production
Spring Cloud Into ProductionSpring Cloud Into Production
Spring Cloud Into ProductionTodd Miller
 
Ofir Makmal - Intro To Kubernetes Operators - Google Cloud Summit 2018 Tel Aviv
Ofir Makmal - Intro To Kubernetes Operators - Google Cloud Summit 2018 Tel AvivOfir Makmal - Intro To Kubernetes Operators - Google Cloud Summit 2018 Tel Aviv
Ofir Makmal - Intro To Kubernetes Operators - Google Cloud Summit 2018 Tel AvivOfir Makmal
 
2017 Microservices Practitioner Virtual Summit: The Mechanics of Deploying En...
2017 Microservices Practitioner Virtual Summit: The Mechanics of Deploying En...2017 Microservices Practitioner Virtual Summit: The Mechanics of Deploying En...
2017 Microservices Practitioner Virtual Summit: The Mechanics of Deploying En...Ambassador Labs
 
Containerizing a REST API and Deploying to Kubernetes
Containerizing a REST API and Deploying to KubernetesContainerizing a REST API and Deploying to Kubernetes
Containerizing a REST API and Deploying to KubernetesAshley Roach
 
在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed Kubernetes在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed KubernetesLINE Corporation
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
 
Developing reliable applications with .net core and AKS
Developing reliable applications with .net core and AKSDeveloping reliable applications with .net core and AKS
Developing reliable applications with .net core and AKSAlessandro Melchiori
 

Mais conteúdo relacionado

Mais procurados

An Open-Source Platform to Connect, Manage, and Secure Microservices
An Open-Source Platform to Connect, Manage, and Secure MicroservicesAn Open-Source Platform to Connect, Manage, and Secure Microservices
An Open-Source Platform to Connect, Manage, and Secure MicroservicesDoiT International
 
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ... The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...Josef Adersberger
 
Istio By Example (extended version)
Istio By Example (extended version)Istio By Example (extended version)
Istio By Example (extended version)Josef Adersberger
 
Spring Boot on Kubernetes/OpenShift
Spring Boot on Kubernetes/OpenShiftSpring Boot on Kubernetes/OpenShift
Spring Boot on Kubernetes/OpenShiftKamesh Sampath
 
From 0 to 60 with kubernetes and istio
From 0 to 60 with kubernetes and istioFrom 0 to 60 with kubernetes and istio
From 0 to 60 with kubernetes and istioJoonathan Mägi
 
KubeCon NA 2017: Ambassador and Envoy (Envoy Salon)
KubeCon NA 2017: Ambassador and Envoy (Envoy Salon)KubeCon NA 2017: Ambassador and Envoy (Envoy Salon)
KubeCon NA 2017: Ambassador and Envoy (Envoy Salon)Ambassador Labs
 
How to build an event-driven, polyglot serverless microservices framework on ...
How to build an event-driven, polyglot serverless microservices framework on ...How to build an event-driven, polyglot serverless microservices framework on ...
How to build an event-driven, polyglot serverless microservices framework on ...Animesh Singh
 
Kubernetes Multi-cluster without Federation - Kubecon EU 2018
Kubernetes Multi-cluster without Federation - Kubecon EU 2018Kubernetes Multi-cluster without Federation - Kubecon EU 2018
Kubernetes Multi-cluster without Federation - Kubecon EU 2018Rob Szumski
 
Mastering Microservices with Kong (CodeMotion 2019)
Mastering Microservices with Kong (CodeMotion 2019)Mastering Microservices with Kong (CodeMotion 2019)
Mastering Microservices with Kong (CodeMotion 2019)Maarten Mulders
 
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...Daniel Bryant
 
A microservice architecture based on golang
A microservice architecture based on golangA microservice architecture based on golang
A microservice architecture based on golangGianfranco Reppucci
 
Zero-downtime deployment of Micro-services with Kubernetes
Zero-downtime deployment of Micro-services with KubernetesZero-downtime deployment of Micro-services with Kubernetes
Zero-downtime deployment of Micro-services with KubernetesWojciech Barczyński
 
Microservices and Best Practices
Microservices and Best Practices Microservices and Best Practices
Microservices and Best Practices Weaveworks
 
Spring Cloud Into Production
Spring Cloud Into ProductionSpring Cloud Into Production
Spring Cloud Into ProductionTodd Miller
 
Ofir Makmal - Intro To Kubernetes Operators - Google Cloud Summit 2018 Tel Aviv
Ofir Makmal - Intro To Kubernetes Operators - Google Cloud Summit 2018 Tel AvivOfir Makmal - Intro To Kubernetes Operators - Google Cloud Summit 2018 Tel Aviv
Ofir Makmal - Intro To Kubernetes Operators - Google Cloud Summit 2018 Tel AvivOfir Makmal
 
2017 Microservices Practitioner Virtual Summit: The Mechanics of Deploying En...
2017 Microservices Practitioner Virtual Summit: The Mechanics of Deploying En...2017 Microservices Practitioner Virtual Summit: The Mechanics of Deploying En...
2017 Microservices Practitioner Virtual Summit: The Mechanics of Deploying En...Ambassador Labs
 
Containerizing a REST API and Deploying to Kubernetes
Containerizing a REST API and Deploying to KubernetesContainerizing a REST API and Deploying to Kubernetes
Containerizing a REST API and Deploying to KubernetesAshley Roach
 
在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed Kubernetes在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed KubernetesLINE Corporation
 

Mais procurados (20)

An Open-Source Platform to Connect, Manage, and Secure Microservices
An Open-Source Platform to Connect, Manage, and Secure MicroservicesAn Open-Source Platform to Connect, Manage, and Secure Microservices
An Open-Source Platform to Connect, Manage, and Secure Microservices
 
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ... The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
 
Istio By Example (extended version)
Istio By Example (extended version)Istio By Example (extended version)
Istio By Example (extended version)
 
Istio presentation jhug
Istio presentation jhugIstio presentation jhug
Istio presentation jhug
 
Spring Boot on Kubernetes/OpenShift
Spring Boot on Kubernetes/OpenShiftSpring Boot on Kubernetes/OpenShift
Spring Boot on Kubernetes/OpenShift
 
From 0 to 60 with kubernetes and istio
From 0 to 60 with kubernetes and istioFrom 0 to 60 with kubernetes and istio
From 0 to 60 with kubernetes and istio
 
KubeCon NA 2017: Ambassador and Envoy (Envoy Salon)
KubeCon NA 2017: Ambassador and Envoy (Envoy Salon)KubeCon NA 2017: Ambassador and Envoy (Envoy Salon)
KubeCon NA 2017: Ambassador and Envoy (Envoy Salon)
 
How to build an event-driven, polyglot serverless microservices framework on ...
How to build an event-driven, polyglot serverless microservices framework on ...How to build an event-driven, polyglot serverless microservices framework on ...
How to build an event-driven, polyglot serverless microservices framework on ...
 
Kubernetes Multi-cluster without Federation - Kubecon EU 2018
Kubernetes Multi-cluster without Federation - Kubecon EU 2018Kubernetes Multi-cluster without Federation - Kubecon EU 2018
Kubernetes Multi-cluster without Federation - Kubecon EU 2018
 
Istio canaries and kubernetes
Istio canaries and kubernetesIstio canaries and kubernetes
Istio canaries and kubernetes
 
Mastering Microservices with Kong (CodeMotion 2019)
Mastering Microservices with Kong (CodeMotion 2019)Mastering Microservices with Kong (CodeMotion 2019)
Mastering Microservices with Kong (CodeMotion 2019)
 
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
 
A microservice architecture based on golang
A microservice architecture based on golangA microservice architecture based on golang
A microservice architecture based on golang
 
Zero-downtime deployment of Micro-services with Kubernetes
Zero-downtime deployment of Micro-services with KubernetesZero-downtime deployment of Micro-services with Kubernetes
Zero-downtime deployment of Micro-services with Kubernetes
 
Microservices and Best Practices
Microservices and Best Practices Microservices and Best Practices
Microservices and Best Practices
 
Spring Cloud Into Production
Spring Cloud Into ProductionSpring Cloud Into Production
Spring Cloud Into Production
 
Ofir Makmal - Intro To Kubernetes Operators - Google Cloud Summit 2018 Tel Aviv
Ofir Makmal - Intro To Kubernetes Operators - Google Cloud Summit 2018 Tel AvivOfir Makmal - Intro To Kubernetes Operators - Google Cloud Summit 2018 Tel Aviv
Ofir Makmal - Intro To Kubernetes Operators - Google Cloud Summit 2018 Tel Aviv
 
2017 Microservices Practitioner Virtual Summit: The Mechanics of Deploying En...
2017 Microservices Practitioner Virtual Summit: The Mechanics of Deploying En...2017 Microservices Practitioner Virtual Summit: The Mechanics of Deploying En...
2017 Microservices Practitioner Virtual Summit: The Mechanics of Deploying En...
 
Containerizing a REST API and Deploying to Kubernetes
Containerizing a REST API and Deploying to KubernetesContainerizing a REST API and Deploying to Kubernetes
Containerizing a REST API and Deploying to Kubernetes
 
在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed Kubernetes在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed Kubernetes
 

Semelhante a 21st Docker Switzerland Meetup - ISTIO

5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
 
Developing reliable applications with .net core and AKS
Developing reliable applications with .net core and AKSDeveloping reliable applications with .net core and AKS
Developing reliable applications with .net core and AKSAlessandro Melchiori
 
Service mesh from linkerd to conduit (cloud native taiwan meetup)
Service mesh from linkerd to conduit (cloud native taiwan meetup)Service mesh from linkerd to conduit (cloud native taiwan meetup)
Service mesh from linkerd to conduit (cloud native taiwan meetup)Chia-Chun Shih
 
Developing reliable applications with .net core and AKS
Developing reliable applications with .net core and AKSDeveloping reliable applications with .net core and AKS
Developing reliable applications with .net core and AKSAlessandro Melchiori
 
Introduction to Istio Service Mesh
Introduction to Istio Service MeshIntroduction to Istio Service Mesh
Introduction to Istio Service MeshGeorgios Andrianakis
 
Openshift serverless Solution
Openshift serverless SolutionOpenshift serverless Solution
Openshift serverless SolutionRyan ZhangCheng
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?NGINX, Inc.
 
Application Rollout - Istio
Application Rollout - Istio Application Rollout - Istio
Application Rollout - Istio Mandar Jog
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPOlivia LaMar
 
Presentación Laboratorio NFV de Telefónica de Antonio Elizondo
Presentación Laboratorio NFV de Telefónica de Antonio ElizondoPresentación Laboratorio NFV de Telefónica de Antonio Elizondo
Presentación Laboratorio NFV de Telefónica de Antonio Elizondovideos
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service MeshRam Vennam
 
Executive Briefing: The Why, What, and Where of Containers
Executive Briefing: The Why, What, and Where of ContainersExecutive Briefing: The Why, What, and Where of Containers
Executive Briefing: The Why, What, and Where of ContainersNVISIA
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsSanjeev Rampal
 
DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and moreInternet Society
 
Migrate a on-prem platform to the public cloud with Java - SpringBoot and PCF
Migrate a on-prem platform to the public cloud with Java - SpringBoot and PCFMigrate a on-prem platform to the public cloud with Java - SpringBoot and PCF
Migrate a on-prem platform to the public cloud with Java - SpringBoot and PCFRoy Braam
 
Full stack development best practice and toolset
Full stack development best practice and toolsetFull stack development best practice and toolset
Full stack development best practice and toolsetReid Lai
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service MeshLew Tucker
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrailnvirters
 

Semelhante a 21st Docker Switzerland Meetup - ISTIO (20)

5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
 
Developing reliable applications with .net core and AKS
Developing reliable applications with .net core and AKSDeveloping reliable applications with .net core and AKS
Developing reliable applications with .net core and AKS
 
Service mesh from linkerd to conduit (cloud native taiwan meetup)
Service mesh from linkerd to conduit (cloud native taiwan meetup)Service mesh from linkerd to conduit (cloud native taiwan meetup)
Service mesh from linkerd to conduit (cloud native taiwan meetup)
 
Developing reliable applications with .net core and AKS
Developing reliable applications with .net core and AKSDeveloping reliable applications with .net core and AKS
Developing reliable applications with .net core and AKS
 
Introduction to Istio Service Mesh
Introduction to Istio Service MeshIntroduction to Istio Service Mesh
Introduction to Istio Service Mesh
 
Openshift serverless Solution
Openshift serverless SolutionOpenshift serverless Solution
Openshift serverless Solution
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?
 
Application Rollout - Istio
Application Rollout - Istio Application Rollout - Istio
Application Rollout - Istio
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
 
Unlocking the Cloud Operating Model
Unlocking the Cloud Operating ModelUnlocking the Cloud Operating Model
Unlocking the Cloud Operating Model
 
Twelve Factor App
Twelve Factor AppTwelve Factor App
Twelve Factor App
 
Presentación Laboratorio NFV de Telefónica de Antonio Elizondo
Presentación Laboratorio NFV de Telefónica de Antonio ElizondoPresentación Laboratorio NFV de Telefónica de Antonio Elizondo
Presentación Laboratorio NFV de Telefónica de Antonio Elizondo
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
 
Executive Briefing: The Why, What, and Where of Containers
Executive Briefing: The Why, What, and Where of ContainersExecutive Briefing: The Why, What, and Where of Containers
Executive Briefing: The Why, What, and Where of Containers
 
Openstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMsOpenstack Summit: Networking and policies across Containers and VMs
Openstack Summit: Networking and policies across Containers and VMs
 
DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and more
 
Migrate a on-prem platform to the public cloud with Java - SpringBoot and PCF
Migrate a on-prem platform to the public cloud with Java - SpringBoot and PCFMigrate a on-prem platform to the public cloud with Java - SpringBoot and PCF
Migrate a on-prem platform to the public cloud with Java - SpringBoot and PCF
 
Full stack development best practice and toolset
Full stack development best practice and toolsetFull stack development best practice and toolset
Full stack development best practice and toolset
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service Mesh
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrail
 

Último

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 

Último (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

21st Docker Switzerland Meetup - ISTIO

  • 1. ISTIO NIKLAUS HIRT (DEVOPS / CLOUD ARCHITECT)
  • 3. MICROSERVICES ▸Decomposing an application into single function modules which are independently deployed and operated ▸Accelerate delivery by minimizing communication and coordination between people
  • 5. THE TRADE OFF Improved delivery velocity in exchange for increased operational complexity Hailo microservices
  • 6. MICROSERVICES ARE HARD ▸Applications aren’t running in green-field environments ▸Network layer is hard to manage ▸Tooling is nascent
  • 8. COMMON DEVOPS CHALLENGE 1 ▸How do I roll out a newer version of my microservice without down time? ▸How do I ensure traffic continue to go to the current version before the newer version is tested and ready?
  • 9. COMMON DEVOPS CHALLENGE 2 ▸How do I do canary testing? ▸I want to leverage crowdsourced testing. How do I test the new version with a subset of users? ▸How do I proceed to a full rollout after satisfactory testing of the new version?
  • 10. COMMON DEVOPS CHALLENGE 3 ▸How do I do A/B testing? • Release a new version to a subset of users in a precise way ▸I have launched B in the dark, but how can I keep B to myself or a small testing group?
  • 11. OTHER COMMON DEVOPS CHALLENGES 4. Things don’t always go correctly in production... How do I inject fault to my microservices to prepare myself? 5. My services can only handle certain rate, how can I limit rate for some of my services? 6. I need to view and monitor what is going on with each of my services when crisis arises. 7. How can I secure my services .
  • 14. Service Mesh Dedicated infrastructure layer to make service-to-service communication fast, safe and reliable
  • 15. ISTIO A service mesh designed to connect, manage and secure micro services
  • 16. ISTIO Launched in May 2017 by Google, Lyft and IBM A service mesh designed to connect, manage and secure micro services
  • 17. ISTIO Open Source Launched in May 2017 by Google, Lyft and IBM A service mesh designed to connect, manage and secure micro services
  • 18. ISTIO Open Source Zero Code Changes Launched in May 2017 by Google, Lyft and IBM A service mesh designed to connect, manage and secure micro services
  • 20. INTELLIGENT ROUTING AND LOAD BALANCING ‣ Conduct traffic between services with dynamic route configuration ‣ A/B tests ‣ Canary releases ‣ Gradually upgrade versions Red/Black deployments
  • 21. RESILIENCE ACROSS LANGUAGES AND PLATFORMS ‣ Increase reliability by shielding applications from flaky networks and cascading failures in adverse conditions
  • 22. FLEET-WIDE POLICY ENFORCEMENT ‣ Apply organizational policy to the interaction between services ‣ Ensure access policies are enforced ‣ Make sure resources are fairly distributed among consumers.
  • 23. IN-DEPTH TELEMETRY AND REPORTING ‣ Understand the dependencies between services, the nature and flow of traffic between them, and quickly identify issues with distributed tracing.
  • 26. COMPONENTS OF ISTIO ‣ Envoy proxy, to mediate all inbound and outbound traffic for all services in the service mesh. ‣ Pilot Programming envoys and responsible for service discovery, registration and load balancing ‣ Citadel provides strong service-to-service and end-user authentication using mutual TLS, with built-in identity and credential management ‣ Mixer Responsible for enforcing access control and usage policies and collecting telemetry data
  • 27. ISTIO ▸Operates at Layer 7 , which is the “service” or “RPC” layer of your network application ▸A rich set of attributes to base policy decisions on, so policies can be applied based on virtual host, URL, or other HTTP headers ▸Flexibility in processing ▸Allows it to be distributed ▸Istio Proxy is implemented inside the pod, as a Envoy sidecar container in the same network namespace
  • 28. ISTIO – CUSTOM RESOURCE DEFINITIONS kind: Gateway metadata: name: helloworld-gateway spec: selector: istio: ingressgateway servers: - hosts: - '*' port: name: http number: 80 protocol: HTTP kind: DestinationRule metadata: name: helloworld-destination spec: host: helloworld subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 kind: VirtualService metadata: name: helloworld spec: hosts: - "*" gateways: - helloworld-gateway http: - match: - uri: exact: /hello route: - destination: host: helloworld subset: v1 weight: 90 - destination: host: helloworld subset: v2 weight: 10 POD HelloWorld version = v1 POD HelloWorld version = v2
  • 29. TRAFFIC CONTROL CHALLENGE 1 ROLL OUT NEW VERSION WITHOUT DOWNTIME OR CHANGING CODE version: v2.0 env: us-prod version: v1.5 env: us-prod 100% 0% // A simple traffic control rule destination: serviceB.example.cluster.local match: source: serviceA.example.cluster.local route: - labels: version: v1.5 env: us-prod weight: 100
  • 30. TRAFFIC CONTROL CHALLENGE 1 ROLL OUT NEW VERSION WITHOUT DOWNTIME OR CHANGING CODE version: v2.0 env: us-prod version: v1.5 env: us-prod 0% 0%100% // A simple traffic control rule destination: serviceB.example.cluster.local match: source: serviceA.example.cluster.local route: - labels: version: v2.0 env: us-prod weight: 100
  • 31. TRAFFIC SPLITTING CHALLENGE 2 HOW TO DO CANARY TESTING version: v2.0-alpha env: us-staging version: v1.5 env: us-prod // A simple traffic splitting rule destination: serviceB.example.cluster.local match: source: serviceA.example.cluster.local route: - labels: version: v1.5 env: us-prod weight: 95 - labels: version: v2.0-alpha env: us-staging weight: 5
  • 32. TRAFFIC STEERNIG CHALLENGE 3 HOW TO DO A/B TESTING version: v2 version: v1 version: v2 version: v1 // Content-based traffic steering destination: serviceB.example.cluster.local match: httpHeaders: user-agent: regex: ^(.*?;)?(iPhone)(;.*)?$ precedence: 2 route: - labels: version: v2
  • 33. TRAFFIC MIRRORING version: v2.0-alpha env: us-staging version: v1.5 env: us-prod100% 100% •Responses to any mirrored traffic is ignored; traffic is mirrored as “fire-and-forget” •You’ll need to have the 0-weighted route to hint to Istio to create the proper Envoy // A simple traffic splitting rule destination: serviceB.example.cluster.local match: source: serviceA.example.cluster.local route: - labels: version: v1.5 env: us-prod weight: 100 - labels: version: v2.0-alpha env: us-staging weight: 0 mirror: name: httpbin labels: version: v2.0-alpha env: us-staging CHALLENGE 4 THINGS DON’T ALWAYS GO CORRECTLY IN PRODUCTION...
  • 34. RESILIENCY CHALLENGE 4 THINGS DON’T ALWAYS GO CORRECTLY IN PRODUCTION...
  • 35. RESILIENCY CHALLENGE 4 THINGS DON’T ALWAYS GO CORRECTLY IN PRODUCTION...
  • 36. RESILIENCY TESTING hosts: - ratings http: - fault: abort: percent: 10 httpStatus: 400 route: - destination: host: ratings subset: v1 hosts: - ratings http: - fault: delay: percent: 10 fixedDelay: 5s route: - destination: host: ratings subset: v1 CHALLENGE 4 HOW DO I INJECT FAULT TO MY MICROSERVICES TO PREPARE MYSELF?
  • 37. RATE LIMITING CHALLENGE 5 HOW CAN I LIMIT RATE FOR SOME OF MY SERVICES?
  • 38. TELEMETRY ‣ Monitoring & tracing should not be an afterthought in the infrastructure ‣ Goals ‣ Metrics without instrumenting apps ‣ Consistent metrics across fleet ‣ Trace flow of requests across services ‣ Portable across metric backend providers CHALLENGE 6 I NEED TO VIEW WHAT IS GOING ON WHEN CRISIS ARISES
  • 39. SECURITY CHALLENGE 7 HOW CAN I SECURE MY SERVICES? ‣ Authentication ‣ Transport authentication, also known as service-to-service authentication ‣ Origin authentication, also known as end-user authentication ‣ Authorization ‣ Based on RBAC ‣ Namespace-level, service-level and method-level access control for services
  • 40. USING ISTIO IN CONCERT WITH CALICO ▸ Policy operates at Layer 7 , which is the “service” or “RPC” layer of your network application. ▸ A rich set of attributes to base policy decisions on, so policies can be applied based on virtual host, URL, or other HTTP headers. ▸ Flexibility in processing. ▸ Allows it to be distributed ▸ Istio Proxy is implemented inside the pod, as a Envoy sidecar container in the same network namespace. ▸ Operates at Layer 3, which is the network layer ▸ Has the advantage of being universal (DNS, SQL, real-time streaming, …) ▸ Can extend beyond the service mesh (including to bare metal or VM endpoints not under the control of Kubernetes). ▸ Calico’s policy is enforced at the host node, outside the network namespace of the guest pods. ▸ Based on iptables, which are packet filters implemented in the standard Linux kernel, it is extremely fast.
  • 41. USING ISTIO IN CONCERT WITH CALICO “RPC” — L7 Layer “Network” — L3-4 Userspace Implementation Kernel Pod Enforcement Point Node Ideal for applying policy in support of operational goals, like service routing, retries, circuit-breaking, etc Strengths Universal, highly efficient, and isolated from the pods, making it ideal for applying policy in support of security goals
  • 42. ADDRESSING DEVOPS CHALLENGES # CHALLENGE ISTIO SOLUTION CHALLENGE 1 ROLL OUT NEW VERSION WITHOUT DOWNTIME OR CHANGING CODE TRAFFIC CONTROL CHALLENGE 2 HOW TO DO CANARY TESTING TRAFFIC SPLITTING CHALLENGE 3 HOW TO DO A/B TESTING TRAFFIC STEERNIG CHALLENGE 4 THINGS DON’T ALWAYS GO CORRECTLY IN PRODUCTION... TRAFFIC MIRRORING RESILIENCY RESILIENCY TESTING CHALLENGE5 HOW CAN I LIMIT RATE FOR SOME OF MY SERVICES? RATE LIMITING CHALLENGE 6 I NEED TO VIEW AND MONITOR WHAT IS GOING ON WHEN CRISIS ARISES TELEMETRY CHALLENGE 7 HOW CAN I SECURE MY SERVICES? AUTHENTICATION AUTHORIZATION CALICO
  • 43. GETTING STARTED ‣ Go to https://istio.io/ ‣ Download ISTIO Release With Kubectl $ kubectl apply -f install/kubernetes/helm/istio/templates/crds.yaml $ kubectl apply -f install/kubernetes/istio-demo.yaml With HELM Templating $ kubectl create namespace istio-system $ helm template --name istio --namespace istio-system --set grafana.enabled=true --set servicegraph.enabled=true --set kiali.enabled=true > istio.yaml $ kubectl apply -f istio.yaml
  • 44. GETTING STARTED ‣ IBMs ISTIO 101 Hands On ‣ Go to https://github.com/IBM/istio101
  • 45. COMMUNITY PARTNERS ‣ Vmware ‣ RedHat ‣ Microsoft ‣ Tigera ‣ Cisco ‣ Pivotal ‣ Weave works ‣ Datawire ‣ Scytale (SPIFEE) ‣ And more…
  • 46. USEFUL LINKS ‣ Web istio.io ‣ Twitter: @Istiomesh ‣ Istio 101: https://github.com/IBM/istio101 ‣ Traffic management using Istio: https://ibm.co/2F7xSnf ‣ Resiliency and fault-tolerance using Istio: https://bit.ly/2qStF2B ‣ Reliable application roll out and operations using Istio: https://bit.ly/2K9IRQX
  • 47. SOME DOCS IBM Cloud Private for Dummies http://ibm.biz/BdZedY Cloud Adoption and Transformation Consultancy http://ibm.biz/BdYFCx The de facto guide to improving your enterprise with the cloud, created by distinguished members of our Solution Engineering team http://ibm.biz/playbook Deploying and Operating Production Applications on Kubernetes in Hybrid Cloud Environments http://ibm.biz/k8sintheenterprise
  • 48. CONTACT ME Niklaus Hirt: nikh@ch.ibm.com
  • 49. DEMO
  • 50. DEMO – BOOKINFO APP The Bookinfo application is broken into four separate microservices: • productpage. The productpage microservice calls the details and reviews microservices to populate the page. • details. The details microservice contains book information. • reviews. The reviews microservice contains book reviews. It also calls the ratings microservice. • ratings. The ratings microservice contains book ranking information that accompanies a book review. There are 3 versions of the reviews microservice: • Version v1 doesn’t call the ratings service. • Version v2 calls the ratings service, and displays each rating as 1 to 5 black stars. • Version v3 calls the ratings service, and displays each rating as 1 to 5 red stars.