SlideShare a Scribd company logo

Putting Microservices on a Diet: with Istio!

QAware GmbH, profile picture
QAware GmbH

The document presents insights on optimizing microservices using Istio, highlighting key design principles for cloud-native applications and the importance of microservice architecture. It discusses various components of Istio, such as sidecar proxies and traffic management, and provides examples of how to configure services within a service mesh. Additionally, it emphasizes the significance of diagnosability and monitoring in maintaining efficient microservice systems.

Software
Related topics:
cloud-nativeCloud Computing Insights
1 of 30
Downloaded 13 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
QAware 1 Putting Microservices on a diet: with Istio! Mario-Leander Reimer, QAware GmbH mario-leander.reimer@qaware.de
Mario-Leander Reimer Principal Software Architect, QAware GmbH Mail: mario-leander.reimer@qaware.de Twitter: @LeanderReimer Github: https://github.com/lreimer/ Slides: https://speakerdeck.com/lreimer/ 22.03.2019 2 Developer && Architect 20+ years of experience #CloudNativeNerd Open Source Enthusiast Speaker && Author
Fork me on Github. https://github.com/lreimer/microservice-diet-with-istio
4 https://imgur.com/gallery/LGAZEqu The Early Code Monkey The Monolith
loosely coupled stateless bounded contexts makeameme.org
Essential Cloud-native Design Principles. 6 Design for Distribution: Containers; microservices; API driven development. Design for Configuration: One image, multiple environments. Design for Resiliency: Fault-tolerant and self-healing. Design for Elasticity: Scales dynamically and reacts to stimuli. Design for Delivery: Short roundtrips and automated provisioning. Design for Performance: Responsive; concurrent; resource efficient. Design for Automation: Automated Dev & Ops tasks. Design for Diagnosability: Cluster-wide logs, metrics and traces. Design for Security: Secure Endpoints, API-Gateways, E2E-Encryption
7 Atomic Architecture
Atomic Microservice Blueprint. 8
Concrete Blueprint Incarnation with Spring Cloud Netflix. 9 Some Facts: 58 MB Uberjar 192 Dependencies 3 KB Classes
A polyglot microservice architecture suffers from severe library bloat and bad maintainability in the long run. 10 Microservices mit Java und Go Johannes Weigend, Rotunde, 15:00 – 15:40
Istio is like AOP, but for microservice communication.
Istio to the Rescue! 12
Pods are the smallest unit of compute in Kubernetes Labels are key/value pairs used to identify Kubernetes resources Replica Sets ensure that the desired number of pod replicas are running Deployments are an abstraction used to declare and update pods, RCs, … Services are an abstraction for a logical collection of pods providing DNS name Ingress routes traffic from outside the cluster to services and ports based on URL patterns and host Kubernetes Glossary. 13
GoF in the Cloud: Container Orchestration Patterns. 14http://blog.kubernetes.io/2015/06/the-distributed-system-toolkit-patterns.html 1. Sidecar Container: Extend container behaviour Log Extraction / Reformating (fluentd, logstash) Scheduling (cron, quartz) 2. Ambassador Container: Proxy communication TLS Tunnel (Stunnel, ghostunnel, Istio) Circuit Breaking (linkerd, Istio) Request Monitoring (linkerd, Istio) 3. Adapter Container: Provide a standardized interface Monitoring (Prometheus) Configuration (ConfigMaps, Secrets, …)
Conceptual Istio Architecture and Components. 15
16 Envoy: Sidecar proxy per microservice that handles inbound/outbound traffic within each Pod. Extended version of Envoy project. Gateway: Inbound gateway / ingress. Nothing more than a managed Envoy. Mixer: Policy / precondition checks and telemetry. Highly scalable. Envoy caches policy checks within the sidecar (level 1) and within envoy instances (level 2), buffers telemetry data locally and centrally, and can be run in multiple instances. Mixer includes a flexible plugin model. https://istio.io/blog/2017/mixer-spof-myth.html Pilot: Pilot converts high level routing rules that control traffic behavior into Envoy-specific configurations, and propagates them to the sidecars at runtime. Watches services and transforms this information in a canonical platform-agnostic model (abstracting away from k8s, Nomad, Consul etc). The envoy configuration is then derived from this canonical model. Exposes the Rules API to add traffic management rules. Citadel: CA for service-to-service authx and encryption. Certs are delivered as a secret volume mount. Workload identity is provided in SPIFFE format. https://istio.io/docs/concepts/security/mutual-tls.html
Demo
Gateway configures a load balancer for HTTP/TCP traffic, enables ingress traffic into the service mesh Virtual Service defines the rules that control how requests for a service are routed within the service mesh Destination Rule configures the set of policies to be applied to a request after VirtualService routing has occurred ServiceVersion aka Subset allows to select a subset of pods based on labels Service Entry enables requests to services outside of the service mesh Istio Glossary. 18
apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: hello-istio-gateway spec: selector: # use istio default controller istio: ingressgateway servers: - port: number: 80 name: http protocol: HTTP hosts: - "hello-istio.cloud" Example Istio Gateway and VirtualService Definitions. 19 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: hello-istio spec: hosts: - "hello-istio.cloud" gateways: - hello-istio-gateway http: - match: - uri: exact: /api/hello route: - destination: host: hello-istio port: number: 8080 Exact URI Routing
Hello Istio Demo
Different release patterns can easily be applied. 21
Different release patterns can easily be applied. 22
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: hello-istio spec: hosts: - "hello-istio.cloud" gateways: - hello-istio-gateway http: - route: - destination: host: hello-istio subset: v1 weight: 70 - destination: host: hello-istio subset: v2 weight: 30 Examples for different routing configurations. 23 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: hello-istio spec: hosts: - "hello-istio.cloud" gateways: - hello-istio-gateway http: - match: - headers: user-agent: regex: ".*Chrome.*" route: - destination: host: hello-istio subset: v2 - route: - destination: host: hello-istio subset: v1 Weighted Traffic Routing Header basedTraffic Routing
Alphabet Demo
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: alphabet-service spec: hosts: - alphabet-service http: - fault: delay: fixedDelay: 2s percent: 50 abort: httpStatus: 500 percent: 50 route: - destination: host: alphabet-service subset: v1 Examples for fault injection and circuit breaker policy. 25 apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: alphabet-service spec: host: alphabet-service trafficPolicy: connectionPool: http: http1MaxPendingRequests: 1 maxRequestsPerConnection: 1 tcp: maxConnections: 1 outlierDetection: baseEjectionTime: 5.000s consecutiveErrors: 1 interval: 1.000s maxEjectionPercent: 100 subsets: - name: v1 labels: version: v1 Circuit Breaker Policy Fault Injection
Istio has built-in support for service mesh diagnosability. 26 Diagnosability Triangle Metrics LogsTracesService Graph
Not all Istio features are marked Stable yet, but Beta can already be used in Production. 27 Istio v1.0.6 is deemed production ready. Core: 3 Stable, 2 Deprecated, 5 Beta, 4 Alpha Traffic Management: 6 Stable, 4 Alpha Security and Policy Enforcement: 5 Stable, 2 Beta, 9 Alpha Telemetry: 6 Stable, 5 Beta The Service Mesh War has started. Linkerd and Conduit Consul Connect See https://istio.io/about/feature-stages/
QAware 28 Article by Emily Jiang, IBM https://www.eclipse.org/community/eclipse_newsletter/2018/september/MicroProfile_istio.php
QAware 29 Drop by our booth, have a chat and grab some swag! Bare Metal K8S Cluster - Cloud Native Java EE - Istio Service Mesh Demo - Diagnosability 5 Node Raspi Swarm - Cloud Native Go Demo
Mario-Leander Reimer mario-leander.reimer@qaware.de @LeanderReimer xing.com/companies/qawaregmbh linkedin.com/company/qaware-gmbh slideshare.net/qaware twitter.com/qaware youtube.com/qawaregmbh github.com/qaware

More Related Content

PDF
The Big Cloud native FaaS Lebowski
QAware GmbH
 
PPTX
More tips and tricks for running containers like a pro - Rancher Online MEetu...
Shannon Williams
 
PDF
Your Java Journey into the Serverless World
Kamesh Sampath
 
PPTX
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Shannon Williams
 
PDF
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud with...
VMware Tanzu
 
PDF
Spring Cloud Kubernetes - Spencer Gibb
VMware Tanzu
 
PDF
Let’s unbox Rancher 2.0 <v2.0.0>
LINE Corporation
 
PDF
Go for Operations
QAware GmbH
 
The Big Cloud native FaaS Lebowski
QAware GmbH
 
More tips and tricks for running containers like a pro - Rancher Online MEetu...
Shannon Williams
 
Your Java Journey into the Serverless World
Kamesh Sampath
 
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Shannon Williams
 
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud with...
VMware Tanzu
 
Spring Cloud Kubernetes - Spencer Gibb
VMware Tanzu
 
Let’s unbox Rancher 2.0 <v2.0.0>
LINE Corporation
 
Go for Operations
QAware GmbH
 

What's hot (20)

PDF
Rancher 2.0 Technical Deep Dive
LINE Corporation
 
PPTX
Introducing Kubernetes Clusters in Rancher - February 2016 Online Meetup
Shannon Williams
 
PPTX
Implementing Lightweight Kubernetes(K3s) on Raspberry Pi Stack - Sangam Biradar
sangam biradar
 
PPTX
Building a Scalable CI Platform using Docker, Drone and Rancher
Shannon Williams
 
PPTX
OpenShift: Devops Made Easy
Bent Terp
 
PDF
Drone CI
Thomas Boerger
 
PPTX
Java Day Kharkiv - Next-gen engineering with Docker and Kubernetes
Antons Kranga
 
PDF
kubernetes operators
Juraj Hantak
 
PPTX
Introducing Apache Mesos environments in Rancher - June 2016 Online Meetup
Shannon Williams
 
PPTX
Going Reactive with Java
Red Hat Developers
 
PDF
KUBEBOOT - SPRING BOOT DEPLOYMENT ON KUBERNETES
Alex Soto
 
PPTX
Devoxx - The Groovy Ecosystem
Andres Almiray
 
PDF
jbang: Unleash the power of Java for shell scripting
Red Hat Developers
 
PDF
Java EE with NetBeans on OpenShift
Markus Eisele
 
PPTX
Storage for containers and cloud-native deployments - Rancher Online Meetup -...
Shannon Williams
 
PDF
Observability
Diego Pacheco
 
PDF
Open Source in the Era of 5G
All Things Open
 
PPTX
Tips on solving E_TOO_MANY_THINGS_TO_LEARN with Kubernetes
Ben Hall
 
PDF
Gitlab Training with GIT and SourceTree
Teerapat Khunpech
 
PPTX
OpenWhisk
Juan Pablo Genovese
 
Rancher 2.0 Technical Deep Dive
LINE Corporation
 
Introducing Kubernetes Clusters in Rancher - February 2016 Online Meetup
Shannon Williams
 
Implementing Lightweight Kubernetes(K3s) on Raspberry Pi Stack - Sangam Biradar
sangam biradar
 
Building a Scalable CI Platform using Docker, Drone and Rancher
Shannon Williams
 
OpenShift: Devops Made Easy
Bent Terp
 
Drone CI
Thomas Boerger
 
Java Day Kharkiv - Next-gen engineering with Docker and Kubernetes
Antons Kranga
 
kubernetes operators
Juraj Hantak
 
Introducing Apache Mesos environments in Rancher - June 2016 Online Meetup
Shannon Williams
 
Going Reactive with Java
Red Hat Developers
 
KUBEBOOT - SPRING BOOT DEPLOYMENT ON KUBERNETES
Alex Soto
 
Devoxx - The Groovy Ecosystem
Andres Almiray
 
jbang: Unleash the power of Java for shell scripting
Red Hat Developers
 
Java EE with NetBeans on OpenShift
Markus Eisele
 
Storage for containers and cloud-native deployments - Rancher Online Meetup -...
Shannon Williams
 
Observability
Diego Pacheco
 
Open Source in the Era of 5G
All Things Open
 
Tips on solving E_TOO_MANY_THINGS_TO_LEARN with Kubernetes
Ben Hall
 
Gitlab Training with GIT and SourceTree
Teerapat Khunpech
 
OpenWhisk
Juan Pablo Genovese
 
Ad

Similar to Putting Microservices on a Diet: with Istio! (20)

PDF
Putting microservices on a diet with Istio
QAware GmbH
 
PDF
Putting microservices on a diet with istio
QAware GmbH
 
PDF
Managing Microservices With The Istio Service Mesh on Kubernetes
Iftach Schonbaum
 
PDF
Istio Triangle Kubernetes Meetup Aug 2019
Ram Vennam
 
PDF
21st Docker Switzerland Meetup - ISTIO
Niklaus Hirt
 
PPTX
Istio a service mesh
Chandresh Pancholi
 
PDF
Introduction to istio
Andrea Monacchi
 
PDF
Managing microservices with Istio Service Mesh
Rafik HARABI
 
PPTX
ISTIO Deep Dive
Yong Feng
 
PPTX
Microservices With Istio Service Mesh
Natanael Fonseca
 
PDF
Service Mesh For Beginner
Mien Dinh
 
PPTX
Service Meshes with Istio
RandyGupta
 
PPTX
Kubernetes And Istio and Azure AKS DevOps
Ofir Makmal
 
PPTX
Javantura v6 - Istio Service Mesh - The magic between your microservices - Ma...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
PDF
Introduction-to-Service-Mesh-with-Istio-and-Kiali-OSS-Japan-July-2019.pdf
TinaCondrache1
 
PDF
Introduction-to-Service-Mesh-with-Istio-and-Kiali-OSS-Japan-July-2019.pdf
ALVAROEMMANUELSOCOPP
 
PPTX
Building a scalable microservice architecture with envoy, kubernetes and istio
SAMIR BEHARA
 
PDF
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
CodeOps Technologies LLP
 
PDF
Istio and Kubernetes Relationship
Knoldus Inc.
 
PPTX
Istio Mesh – Managing Container Deployments at Scale
Mofizur Rahman
 
Putting microservices on a diet with Istio
QAware GmbH
 
Putting microservices on a diet with istio
QAware GmbH
 
Managing Microservices With The Istio Service Mesh on Kubernetes
Iftach Schonbaum
 
Istio Triangle Kubernetes Meetup Aug 2019
Ram Vennam
 
21st Docker Switzerland Meetup - ISTIO
Niklaus Hirt
 
Istio a service mesh
Chandresh Pancholi
 
Introduction to istio
Andrea Monacchi
 
Managing microservices with Istio Service Mesh
Rafik HARABI
 
ISTIO Deep Dive
Yong Feng
 
Microservices With Istio Service Mesh
Natanael Fonseca
 
Service Mesh For Beginner
Mien Dinh
 
Service Meshes with Istio
RandyGupta
 
Kubernetes And Istio and Azure AKS DevOps
Ofir Makmal
 
Javantura v6 - Istio Service Mesh - The magic between your microservices - Ma...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Introduction-to-Service-Mesh-with-Istio-and-Kiali-OSS-Japan-July-2019.pdf
TinaCondrache1
 
Introduction-to-Service-Mesh-with-Istio-and-Kiali-OSS-Japan-July-2019.pdf
ALVAROEMMANUELSOCOPP
 
Building a scalable microservice architecture with envoy, kubernetes and istio
SAMIR BEHARA
 
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
CodeOps Technologies LLP
 
Istio and Kubernetes Relationship
Knoldus Inc.
 
Istio Mesh – Managing Container Deployments at Scale
Mofizur Rahman
 
Ad

More from QAware GmbH (20)

PDF
QAware_Mario-Leander_Reimer_Architecting and Building a K8s-based AI Platform...
QAware GmbH
 
PDF
Frontends mit Hilfe von KI entwickeln.pdf
QAware GmbH
 
PDF
Mit ChatGPT Dinosaurier besiegen - Möglichkeiten und Grenzen von LLM für die ...
QAware GmbH
 
PDF
50 Shades of K8s Autoscaling #JavaLand24.pdf
QAware GmbH
 
PDF
Make Agile Great - PM-Erfahrungen aus zwei virtuellen internationalen SAFe-Pr...
QAware GmbH
 
PPTX
Fully-managed Cloud-native Databases: The path to indefinite scale @ CNN Mainz
QAware GmbH
 
PDF
Down the Ivory Tower towards Agile Architecture
QAware GmbH
 
PDF
"Mixed" Scrum-Teams – Die richtige Mischung macht's!
QAware GmbH
 
PDF
Make Developers Fly: Principles for Platform Engineering
QAware GmbH
 
PDF
Der Tod der Testpyramide? – Frontend-Testing mit Playwright
QAware GmbH
 
PDF
Was kommt nach den SPAs
QAware GmbH
 
PDF
Cloud Migration mit KI: der Turbo
QAware GmbH
 
PDF
Migration von stark regulierten Anwendungen in die Cloud: Dem Teufel die See...
QAware GmbH
 
PDF
Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster
QAware GmbH
 
PDF
Endlich gute API Tests. Boldly Testing APIs Where No One Has Tested Before.
QAware GmbH
 
PDF
Kubernetes with Cilium in AWS - Experience Report!
QAware GmbH
 
PDF
50 Shades of K8s Autoscaling
QAware GmbH
 
PDF
Kontinuierliche Sicherheitstests für APIs mit Testkube und OWASP ZAP
QAware GmbH
 
PDF
Service Mesh Pain & Gain. Experiences from a client project.
QAware GmbH
 
PDF
50 Shades of K8s Autoscaling
QAware GmbH
 
QAware_Mario-Leander_Reimer_Architecting and Building a K8s-based AI Platform...
QAware GmbH
 
Frontends mit Hilfe von KI entwickeln.pdf
QAware GmbH
 
Mit ChatGPT Dinosaurier besiegen - Möglichkeiten und Grenzen von LLM für die ...
QAware GmbH
 
50 Shades of K8s Autoscaling #JavaLand24.pdf
QAware GmbH
 
Make Agile Great - PM-Erfahrungen aus zwei virtuellen internationalen SAFe-Pr...
QAware GmbH
 
Fully-managed Cloud-native Databases: The path to indefinite scale @ CNN Mainz
QAware GmbH
 
Down the Ivory Tower towards Agile Architecture
QAware GmbH
 
"Mixed" Scrum-Teams – Die richtige Mischung macht's!
QAware GmbH
 
Make Developers Fly: Principles for Platform Engineering
QAware GmbH
 
Der Tod der Testpyramide? – Frontend-Testing mit Playwright
QAware GmbH
 
Was kommt nach den SPAs
QAware GmbH
 
Cloud Migration mit KI: der Turbo
QAware GmbH
 
Migration von stark regulierten Anwendungen in die Cloud: Dem Teufel die See...
QAware GmbH
 
Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster
QAware GmbH
 
Endlich gute API Tests. Boldly Testing APIs Where No One Has Tested Before.
QAware GmbH
 
Kubernetes with Cilium in AWS - Experience Report!
QAware GmbH
 
50 Shades of K8s Autoscaling
QAware GmbH
 
Kontinuierliche Sicherheitstests für APIs mit Testkube und OWASP ZAP
QAware GmbH
 
Service Mesh Pain & Gain. Experiences from a client project.
QAware GmbH
 
50 Shades of K8s Autoscaling
QAware GmbH
 

Recently uploaded (20)

PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PDF
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PPTX
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PPTX
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
System and Network Administration Chapter 2
jaramharo
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 

Putting Microservices on a Diet: with Istio!

  • 1. QAware 1 Putting Microservices on a diet: with Istio! Mario-Leander Reimer, QAware GmbH mario-leander.reimer@qaware.de
  • 2. Mario-Leander Reimer Principal Software Architect, QAware GmbH Mail: mario-leander.reimer@qaware.de Twitter: @LeanderReimer Github: https://github.com/lreimer/ Slides: https://speakerdeck.com/lreimer/ 22.03.2019 2 Developer && Architect 20+ years of experience #CloudNativeNerd Open Source Enthusiast Speaker && Author
  • 3. Fork me on Github. https://github.com/lreimer/microservice-diet-with-istio
  • 5. loosely coupled stateless bounded contexts makeameme.org
  • 6. Essential Cloud-native Design Principles. 6 Design for Distribution: Containers; microservices; API driven development. Design for Configuration: One image, multiple environments. Design for Resiliency: Fault-tolerant and self-healing. Design for Elasticity: Scales dynamically and reacts to stimuli. Design for Delivery: Short roundtrips and automated provisioning. Design for Performance: Responsive; concurrent; resource efficient. Design for Automation: Automated Dev & Ops tasks. Design for Diagnosability: Cluster-wide logs, metrics and traces. Design for Security: Secure Endpoints, API-Gateways, E2E-Encryption
  • 9. Concrete Blueprint Incarnation with Spring Cloud Netflix. 9 Some Facts: 58 MB Uberjar 192 Dependencies 3 KB Classes
  • 10. A polyglot microservice architecture suffers from severe library bloat and bad maintainability in the long run. 10 Microservices mit Java und Go Johannes Weigend, Rotunde, 15:00 – 15:40
  • 11. Istio is like AOP, but for microservice communication.
  • 12. Istio to the Rescue! 12
  • 13. Pods are the smallest unit of compute in Kubernetes Labels are key/value pairs used to identify Kubernetes resources Replica Sets ensure that the desired number of pod replicas are running Deployments are an abstraction used to declare and update pods, RCs, … Services are an abstraction for a logical collection of pods providing DNS name Ingress routes traffic from outside the cluster to services and ports based on URL patterns and host Kubernetes Glossary. 13
  • 14. GoF in the Cloud: Container Orchestration Patterns. 14http://blog.kubernetes.io/2015/06/the-distributed-system-toolkit-patterns.html 1. Sidecar Container: Extend container behaviour Log Extraction / Reformating (fluentd, logstash) Scheduling (cron, quartz) 2. Ambassador Container: Proxy communication TLS Tunnel (Stunnel, ghostunnel, Istio) Circuit Breaking (linkerd, Istio) Request Monitoring (linkerd, Istio) 3. Adapter Container: Provide a standardized interface Monitoring (Prometheus) Configuration (ConfigMaps, Secrets, …)
  • 15. Conceptual Istio Architecture and Components. 15
  • 16. 16 Envoy: Sidecar proxy per microservice that handles inbound/outbound traffic within each Pod. Extended version of Envoy project. Gateway: Inbound gateway / ingress. Nothing more than a managed Envoy. Mixer: Policy / precondition checks and telemetry. Highly scalable. Envoy caches policy checks within the sidecar (level 1) and within envoy instances (level 2), buffers telemetry data locally and centrally, and can be run in multiple instances. Mixer includes a flexible plugin model. https://istio.io/blog/2017/mixer-spof-myth.html Pilot: Pilot converts high level routing rules that control traffic behavior into Envoy-specific configurations, and propagates them to the sidecars at runtime. Watches services and transforms this information in a canonical platform-agnostic model (abstracting away from k8s, Nomad, Consul etc). The envoy configuration is then derived from this canonical model. Exposes the Rules API to add traffic management rules. Citadel: CA for service-to-service authx and encryption. Certs are delivered as a secret volume mount. Workload identity is provided in SPIFFE format. https://istio.io/docs/concepts/security/mutual-tls.html
  • 17. Demo
  • 18. Gateway configures a load balancer for HTTP/TCP traffic, enables ingress traffic into the service mesh Virtual Service defines the rules that control how requests for a service are routed within the service mesh Destination Rule configures the set of policies to be applied to a request after VirtualService routing has occurred ServiceVersion aka Subset allows to select a subset of pods based on labels Service Entry enables requests to services outside of the service mesh Istio Glossary. 18
  • 19. apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: hello-istio-gateway spec: selector: # use istio default controller istio: ingressgateway servers: - port: number: 80 name: http protocol: HTTP hosts: - "hello-istio.cloud" Example Istio Gateway and VirtualService Definitions. 19 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: hello-istio spec: hosts: - "hello-istio.cloud" gateways: - hello-istio-gateway http: - match: - uri: exact: /api/hello route: - destination: host: hello-istio port: number: 8080 Exact URI Routing
  • 21. Different release patterns can easily be applied. 21
  • 22. Different release patterns can easily be applied. 22
  • 23. apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: hello-istio spec: hosts: - "hello-istio.cloud" gateways: - hello-istio-gateway http: - route: - destination: host: hello-istio subset: v1 weight: 70 - destination: host: hello-istio subset: v2 weight: 30 Examples for different routing configurations. 23 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: hello-istio spec: hosts: - "hello-istio.cloud" gateways: - hello-istio-gateway http: - match: - headers: user-agent: regex: ".*Chrome.*" route: - destination: host: hello-istio subset: v2 - route: - destination: host: hello-istio subset: v1 Weighted Traffic Routing Header basedTraffic Routing
  • 25. apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: alphabet-service spec: hosts: - alphabet-service http: - fault: delay: fixedDelay: 2s percent: 50 abort: httpStatus: 500 percent: 50 route: - destination: host: alphabet-service subset: v1 Examples for fault injection and circuit breaker policy. 25 apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: alphabet-service spec: host: alphabet-service trafficPolicy: connectionPool: http: http1MaxPendingRequests: 1 maxRequestsPerConnection: 1 tcp: maxConnections: 1 outlierDetection: baseEjectionTime: 5.000s consecutiveErrors: 1 interval: 1.000s maxEjectionPercent: 100 subsets: - name: v1 labels: version: v1 Circuit Breaker Policy Fault Injection
  • 26. Istio has built-in support for service mesh diagnosability. 26 Diagnosability Triangle Metrics LogsTracesService Graph
  • 27. Not all Istio features are marked Stable yet, but Beta can already be used in Production. 27 Istio v1.0.6 is deemed production ready. Core: 3 Stable, 2 Deprecated, 5 Beta, 4 Alpha Traffic Management: 6 Stable, 4 Alpha Security and Policy Enforcement: 5 Stable, 2 Beta, 9 Alpha Telemetry: 6 Stable, 5 Beta The Service Mesh War has started. Linkerd and Conduit Consul Connect See https://istio.io/about/feature-stages/
  • 28. QAware 28 Article by Emily Jiang, IBM https://www.eclipse.org/community/eclipse_newsletter/2018/september/MicroProfile_istio.php
  • 29. QAware 29 Drop by our booth, have a chat and grab some swag! Bare Metal K8S Cluster - Cloud Native Java EE - Istio Service Mesh Demo - Diagnosability 5 Node Raspi Swarm - Cloud Native Go Demo