SlideShare a Scribd company logo

Application Rollout - Istio

M
Mandar Jog

The document discusses common DevOps challenges related to rolling out new versions of microservices and testing them. It introduces Istio as a solution for addressing these challenges through intelligent routing, resiliency features, traffic controls, telemetry collection, and other capabilities. Istio uses the Envoy proxy and control tools like Pilot and Mixer to provide features for reliable traffic management between services, such as advanced routing rules for canary releases, fault injection for testing resiliency, and policy enforcement across the mesh.

Engineering
1 of 23
Downloaded 20 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Reliable application roll out and operations with Istio Lin Sun, IBM @linsun_unc Mandar Jog, Google @mandarjog
Common DevOps Challenge 1 • How do I roll out a newer version of my microservice without down time? • How do I ensure traffic continue goes to the current version before the newer version is tested and ready?
Common DevOps Challenge 2 • How do I do A/B testing? • Release a new version to a subset of users in a precise way • I have launched B in the dark, but how can I keep B to myself or a small testing group?
Common DevOps Challenge 3 • How do I do canary testing? • I want to leverage crowdsourced testing. How do I test the new version to a subset of users? • How do I proceed to a full rollout after satisfactory testing of the new version?
Other Common DevOps Challenges • Things don’t always go correctly in production… How do I inject fault to my microservices to prepare myself? • Our team knows different languages and our services are written in different languages. • My services can only handle certain rate, how can I limit rate for some of my services? • I need to view what is going on with each of my services when crisis arises.
Introduce Istio http://istio.io
Intelligent Routing and Load Balancing http://istio.io
Resilience Across Languages and Platforms http://istio.io
http://istio.io Secure Access with Fleet Wide Policy Enforcement

http://istio.io In-Depth Telemetry and Reporting
Components of Istio • Envoy proxy, to mediate all inbound and outbound traffic for all services in the service mesh. Leverages Envoy features such as dynamic service discovery, load balancing, TLS termination, HTTP/2 & gRPC proxying, circuit breakers, health checks, staged rollouts with %- based traffic split, fault injection, and rich metrics.
 • Pilot: Programming envoys and responsible for service discovery, registration and load balancing
 • Istio-Security provides strong service-to-service and end-user authentication using mutual TLS, with built-in identity and credential management
 • Mixer is responsible for enforcing access control and usage policies across the service mesh and collecting telemetry data from the Envoy proxy and other services.
Our sidecar of choice
Putting it all together
Traffic Control // A simple traffic control rule destination: name: serviceB.example.cluster.local match:
   source: serviceA.example.cluster.local
 route:
 - labels:
     version: v1.5     env: us-prod   weight: 100 Challenge 1: How can I roll out new version without down time or changing code?
Traffic Steering // Content-based traffic steering rule destination: serviceB.example.cluster.local
 match:
   httpHeaders:
     user-agent:
       regex: ^(.*?;)?(iPhone)(;.*)?$
 precedence: 2
 route:
 - labels:
     version: v2 Challenge 2: How do I do A/B testing?
Traffic Splitting // A simple traffic splitting rule destination: serviceB.example.cluster.local match:
   source: serviceA.example.cluster.local
 route:
 - labels:
     version: v1.5     env: us-prod   weight: 90 - labels:
     version: v2.0-alpha     env: us-staging   weight: 10 Challenge 3: How do I do canary testing?
Resiliency // Circuit breakers destination: serviceB.example.cluster.local
 policy:
 - labels:
     version: v1
   circuitBreaker:
     simpleCb:
       maxConnections: 100
       httpMaxRequests: 1000
       httpMaxRequestsPerConnection: 10
       httpConsecutiveErrors: 7
       sleepWindow: 15m
       httpDetectionInterval: 5m Istio adds fault tolerance to your application without any changes to code Resilience features ❖ Timeouts ❖ Retries with timeout budget ❖ Circuit breakers ❖ Health checks ❖ AZ-aware load balancing w/ automatic failover ❖ Control connection pool size and request load
Resiliency Testing Systematic fault injection to identify weaknesses in failure recovery policies ❖ HTTP/gRPC error codes  ❖ Delay injection
Rate Limiting Istio protects your application from rogue actors by imposing ratelimits Rate limit ❖ Configurable limits with overrides ❖ Multiple rate limiting backends ❖ Conditional rate limiting Quotas: - name: requestcount.quota.istio-system maxAmount: 5000 validDuration: 1s overrides: - dimensions: destination: ratings source: reviews sourceVersion: v3 maxAmount: 1 validDuration: 1s - dimensions: destination: ratings maxAmount: 100 validDuration: 1s
Telemetry Monitoring & tracing should not be an afterthought in the infrastructure Goals ● Metrics without instrumenting apps ● Consistent metrics across fleet ● Trace flow of requests across services ● Portable across metric backend providers
Proposed Istio Deployment Controller
Istio Analytics
Demo +

More Related Content

PPTX
Connecting All Abstractions with Istio
VMware Tanzu
 
PPTX
istio: service mesh for all
Mandar Jog
 
PDF
The elegant way of implementing microservices with istio
Inho Kang
 
PPTX
An Open-Source Platform to Connect, Manage, and Secure Microservices
DoiT International
 
PDF
Stop reinventing the wheel with Istio by Mete Atamel (Google)
Codemotion
 
PDF
Istio Service Mesh
Luke Marsden
 
PDF
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
Ambassador Labs
 
PDF
Microservices with Spring
Software Infrastructure
 
Connecting All Abstractions with Istio
VMware Tanzu
 
istio: service mesh for all
Mandar Jog
 
The elegant way of implementing microservices with istio
Inho Kang
 
An Open-Source Platform to Connect, Manage, and Secure Microservices
DoiT International
 
Stop reinventing the wheel with Istio by Mete Atamel (Google)
Codemotion
 
Istio Service Mesh
Luke Marsden
 
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
Ambassador Labs
 
Microservices with Spring
Software Infrastructure
 

What's hot (20)

PDF
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Daniel Oh
 
PDF
Service mesh with istio
WisnuPrabowo20
 
PPTX
linkerd: The Cloud Native Service Mesh
Dario Simonetti
 
PPTX
Tech Talks Microservices
Mauricio Ferreyra
 
ODP
Istio
Arun prasath
 
PPTX
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Christian Posta
 
PDF
Managing Microservices traffic using Istio
Arun prasath
 
PDF
Ambassador Kubernetes-Native API Gateway
Ambassador Labs
 
PDF
Managing microservices with Istio Service Mesh
Rafik HARABI
 
PDF
Istio : Service Mesh
Knoldus Inc.
 
PPTX
Using an API Gateway for Microservices
NGINX, Inc.
 
PPTX
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
VMware Tanzu
 
PDF
Managing Microservices With The Istio Service Mesh on Kubernetes
Iftach Schonbaum
 
PDF
Microservices with Spring Cloud and Netflix OSS
Denis Danov
 
PPTX
Microservices on kubernetes
Chandresh Pancholi
 
PDF
WTF Do We Need a Service Mesh?
Anton Weiss
 
PDF
Asynchronous Microservices in nodejs
Bruno Pedro
 
PDF
Securing Microservices with Istio
Daniel Berg
 
PPTX
Service Discovery with Consul
Ali Demirsoy
 
PDF
Istio on Kubernetes
Daneyon Hansen
 
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Daniel Oh
 
Service mesh with istio
WisnuPrabowo20
 
linkerd: The Cloud Native Service Mesh
Dario Simonetti
 
Tech Talks Microservices
Mauricio Ferreyra
 
Istio
Arun prasath
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Christian Posta
 
Managing Microservices traffic using Istio
Arun prasath
 
Ambassador Kubernetes-Native API Gateway
Ambassador Labs
 
Managing microservices with Istio Service Mesh
Rafik HARABI
 
Istio : Service Mesh
Knoldus Inc.
 
Using an API Gateway for Microservices
NGINX, Inc.
 
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
VMware Tanzu
 
Managing Microservices With The Istio Service Mesh on Kubernetes
Iftach Schonbaum
 
Microservices with Spring Cloud and Netflix OSS
Denis Danov
 
Microservices on kubernetes
Chandresh Pancholi
 
WTF Do We Need a Service Mesh?
Anton Weiss
 
Asynchronous Microservices in nodejs
Bruno Pedro
 
Securing Microservices with Istio
Daniel Berg
 
Service Discovery with Consul
Ali Demirsoy
 
Istio on Kubernetes
Daneyon Hansen
 
Ad

Similar to Application Rollout - Istio (20)

PDF
21st Docker Switzerland Meetup - ISTIO
Niklaus Hirt
 
PDF
Istio Triangle Kubernetes Meetup Aug 2019
Ram Vennam
 
PDF
Service Mesh Talk for CTO Forum
Rick Hightower
 
PPTX
Service Mesh CTO Forum (Draft 3)
Rick Hightower
 
PPT
Using Service Discovery and Service Proxy
IBM
 
PDF
Microservice Powered Orchestration
Open Networking Summit
 
PPTX
Do I Need A Service Mesh.pptx
PINGXIONG3
 
PPTX
Debugging Microservices - QCON 2017
Idit Levine
 
PPTX
Do You Need A Service Mesh?
NGINX, Inc.
 
PDF
Continuous Integration and Continuous Delivery to Facilitate Web Service Testing
Cognizant
 
DOC
Ragha Deepika_Exp_4+
Ragha batchu
 
PDF
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...
StreamNative
 
PDF
Agile integration: Decomposing the monolith
Judy Breedlove
 
PDF
RCS Service Monitoring - 1-to-1 Chat
Jose Gonzalez
 
PDF
Testing Microservices
Nagarro
 
PDF
Hello istio
Jooho Lee
 
PDF
Experitest & Cigniti Co-Webinar -
Experitest
 
PDF
Experitest & Wipro Co-Webinar
Experitest
 
PDF
Testing in Production (TiP)
Giragadurai Vallirajan
 
PDF
Open Source Networking Days- Service Mesh
CloudOps2005
 
21st Docker Switzerland Meetup - ISTIO
Niklaus Hirt
 
Istio Triangle Kubernetes Meetup Aug 2019
Ram Vennam
 
Service Mesh Talk for CTO Forum
Rick Hightower
 
Service Mesh CTO Forum (Draft 3)
Rick Hightower
 
Using Service Discovery and Service Proxy
IBM
 
Microservice Powered Orchestration
Open Networking Summit
 
Do I Need A Service Mesh.pptx
PINGXIONG3
 
Debugging Microservices - QCON 2017
Idit Levine
 
Do You Need A Service Mesh?
NGINX, Inc.
 
Continuous Integration and Continuous Delivery to Facilitate Web Service Testing
Cognizant
 
Ragha Deepika_Exp_4+
Ragha batchu
 
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...
StreamNative
 
Agile integration: Decomposing the monolith
Judy Breedlove
 
RCS Service Monitoring - 1-to-1 Chat
Jose Gonzalez
 
Testing Microservices
Nagarro
 
Hello istio
Jooho Lee
 
Experitest & Cigniti Co-Webinar -
Experitest
 
Experitest & Wipro Co-Webinar
Experitest
 
Testing in Production (TiP)
Giragadurai Vallirajan
 
Open Source Networking Days- Service Mesh
CloudOps2005
 
Ad

Recently uploaded (20)

PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
PDF
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
PPTX
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
PDF
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PDF
PPT on Performance Review to get promotions
prashant593122
 
PPTX
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PPTX
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
PPTX
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
PPT
CRASH COURSE IN ALTERNATIVE PLUMBING CLASS
rene militante
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PPTX
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
PDF
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PDF
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PPT on Performance Review to get promotions
prashant593122
 
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
CRASH COURSE IN ALTERNATIVE PLUMBING CLASS
rene militante
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
Project quality management in manufacturing
BarMusaTetik
 

Application Rollout - Istio

  • 1. Reliable application roll out and operations with Istio Lin Sun, IBM @linsun_unc Mandar Jog, Google @mandarjog
  • 2. Common DevOps Challenge 1 • How do I roll out a newer version of my microservice without down time? • How do I ensure traffic continue goes to the current version before the newer version is tested and ready?
  • 3. Common DevOps Challenge 2 • How do I do A/B testing? • Release a new version to a subset of users in a precise way • I have launched B in the dark, but how can I keep B to myself or a small testing group?
  • 4. Common DevOps Challenge 3 • How do I do canary testing? • I want to leverage crowdsourced testing. How do I test the new version to a subset of users? • How do I proceed to a full rollout after satisfactory testing of the new version?
  • 5. Other Common DevOps Challenges • Things don’t always go correctly in production… How do I inject fault to my microservices to prepare myself? • Our team knows different languages and our services are written in different languages. • My services can only handle certain rate, how can I limit rate for some of my services? • I need to view what is going on with each of my services when crisis arises.
  • 7. Intelligent Routing and Load Balancing http://istio.io
  • 8. Resilience Across Languages and Platforms http://istio.io
  • 9. http://istio.io Secure Access with Fleet Wide Policy Enforcement

  • 11. Components of Istio • Envoy proxy, to mediate all inbound and outbound traffic for all services in the service mesh. Leverages Envoy features such as dynamic service discovery, load balancing, TLS termination, HTTP/2 & gRPC proxying, circuit breakers, health checks, staged rollouts with %- based traffic split, fault injection, and rich metrics.
 • Pilot: Programming envoys and responsible for service discovery, registration and load balancing
 • Istio-Security provides strong service-to-service and end-user authentication using mutual TLS, with built-in identity and credential management
 • Mixer is responsible for enforcing access control and usage policies across the service mesh and collecting telemetry data from the Envoy proxy and other services.
  • 12. Our sidecar of choice
  • 13. Putting it all together
  • 14. Traffic Control // A simple traffic control rule destination: name: serviceB.example.cluster.local match:
   source: serviceA.example.cluster.local
 route:
 - labels:
     version: v1.5     env: us-prod   weight: 100 Challenge 1: How can I roll out new version without down time or changing code?
  • 15. Traffic Steering // Content-based traffic steering rule destination: serviceB.example.cluster.local
 match:
   httpHeaders:
     user-agent:
       regex: ^(.*?;)?(iPhone)(;.*)?$
 precedence: 2
 route:
 - labels:
     version: v2 Challenge 2: How do I do A/B testing?
  • 16. Traffic Splitting // A simple traffic splitting rule destination: serviceB.example.cluster.local match:
   source: serviceA.example.cluster.local
 route:
 - labels:
     version: v1.5     env: us-prod   weight: 90 - labels:
     version: v2.0-alpha     env: us-staging   weight: 10 Challenge 3: How do I do canary testing?
  • 17. Resiliency // Circuit breakers destination: serviceB.example.cluster.local
 policy:
 - labels:
     version: v1
   circuitBreaker:
     simpleCb:
       maxConnections: 100
       httpMaxRequests: 1000
       httpMaxRequestsPerConnection: 10
       httpConsecutiveErrors: 7
       sleepWindow: 15m
       httpDetectionInterval: 5m Istio adds fault tolerance to your application without any changes to code Resilience features ❖ Timeouts ❖ Retries with timeout budget ❖ Circuit breakers ❖ Health checks ❖ AZ-aware load balancing w/ automatic failover ❖ Control connection pool size and request load
  • 18. Resiliency Testing Systematic fault injection to identify weaknesses in failure recovery policies ❖ HTTP/gRPC error codes  ❖ Delay injection
  • 19. Rate Limiting Istio protects your application from rogue actors by imposing ratelimits Rate limit ❖ Configurable limits with overrides ❖ Multiple rate limiting backends ❖ Conditional rate limiting Quotas: - name: requestcount.quota.istio-system maxAmount: 5000 validDuration: 1s overrides: - dimensions: destination: ratings source: reviews sourceVersion: v3 maxAmount: 1 validDuration: 1s - dimensions: destination: ratings maxAmount: 100 validDuration: 1s
  • 20. Telemetry Monitoring & tracing should not be an afterthought in the infrastructure Goals ● Metrics without instrumenting apps ● Consistent metrics across fleet ● Trace flow of requests across services ● Portable across metric backend providers