Bare Metal Cluster with Kubernetes, Istio and Metallb | Nguyen Phuong An, Nguyen Hai Truong
Download as PPTX, PDF0 likes1,061 views
This document outlines an agenda for the Viet OpenInfra Days 2019 event. The event will cover Kubernetes clustering, MetalLB for load balancing, and Istio service mesh. It will include demonstrations and hands-on activities. The presenters will provide overviews of Kubernetes architecture, how MetalLB implements load balancing, and how Istio uses the Envoy proxy and sidecars to manage and secure microservices communication.
Bare Metal Cluster with Kubernetes, Istio and Metallb | Nguyen Phuong An, Nguyen Hai Truong
- 1. Viet OpenInfra Days 2019 Nguyen Phuong An <annp.cs51@gmail.com> Nguyen Hai Truong <nguyenhaitruonghp@gmail.com> Bare metal cluster with Kubernetes, Istio & MetalLB
- 2. Viet OpenInfra Days 2019 Agenda Kubernetes - Cluster MetalLB - Load balancer Istio - Service Mesh Demo - Hands on 2
- 3. Viet OpenInfra Days 2019 Who are we? 💼 Software Engineers Fujitsu Vietnam 📝 Organizers of VietKubers <https://vietkubers.github.io> @truongnh92 @annp87 3
- 4. Viet OpenInfra Days 2019 Kubernetes - Cluster 4
- 5. Viet OpenInfra Days 2019 Kubernetes architecture 5
- 6. Viet OpenInfra Days 2019 Control Plane Control plane kube-apiserver controller-manager kube-scheduler kube-proxy etcd 6
- 7. Viet OpenInfra Days 2019 Node Cluster Nodes Containers pod pod kube-proxy Container Runtime kubelet System services Pod Network Namespace 10.244.0.0/16 Container Container Pod Network External volume 7
- 8. Viet OpenInfra Days 2019 Service discovery Service app=nginx env=prod Labels: app=nginx env=prod Labels: app=nginx env=prod Labels: app=mysql env=dev Labels: app=nginx env=prod Labels: app=nginx env=dev Labels: app=mysql env=prod 8
- 9. Viet OpenInfra Days 2019 MetalLB - Load balancer 9
- 10. Viet OpenInfra Days 2019 MetalLB (BGP mode) BGP Router Speaker kube-proxy pod Speaker kube-proxy pod VIP Node 1 192.168.205.11 Node 2 192.168.205.12 192.168.205.1 10
- 11. Viet OpenInfra Days 2019 Istio - Service Mesh 11
- 12. Viet OpenInfra Days 2019 Microservices Front-end Account Payment shipping Front-end service Account service Payment service Shipping service MONOLITHIC APPLICATION MICROSERVICES APPLICATION 12
- 13. Viet OpenInfra Days 2019 Advantages and Drawbacks of Microservices Advantages Drawbacks ● Smaller codebase ● Without depend on language programing ● CD will be easier ● Scalability ● Decentralized data ● Isolate failures ● Hard to keep track of microservices ● Complexity ● Routing microservices will need more work ● Consume more resources 13 Istio addresses some of the drawbacks in microservices
- 14. Viet OpenInfra Days 2019 Istio An open platform to connect, manage and secure microservices 14
- 15. Viet OpenInfra Days 2019 Sidecar on Kubernetes 15 Pod Container Service A Sidecar Container Pod Container Service C Sidecar Container Pod Container Service B Sidecar Container The sidecars intercepts all network traffic 15
- 16. Viet OpenInfra Days 2019 Envoy Pod Container Service A Sidecar Container Pod Container Service C Sidecar Container is the sidecar in Istio 16 Pod Container Service B Sidecar Container 16
- 17. Viet OpenInfra Days 2019 Envoy 17 An open source edge and service proxy, designed for cloud-native applications - L3/4 network filter - Advanced load balancing - Stats, metrics, tracing
- 18. Viet OpenInfra Days 2019 Istio high level architecture 18 Pilot Mixer Citadel Pod Container svcA Service A Pod Container svcB Service B Control Plane API Configure data to proxies TLS certs to proxy Policy checks telemetry
- 19. Viet OpenInfra Days 2019 How Istio works 19 Pilot Mixer Pod svcA Service A Control Plane API Pod Service B svcB Service A comes up Envoy is deployed alongside it Routing and configuration policy from Pilot
- 20. Viet OpenInfra Days 2019 How Istio works 20 Mixer Pod svcA Service A Control Plane API Pod Service B svcB Service A calls service B Envoy intercepts the call Envoy consults Pilot to know How/Where to route call to service B
- 21. Viet OpenInfra Days 2019 How Istio works 21 Mixer Pod svcA Service A Control Plane API Pod Service B svcB Envoy forwards request to appropriate instance of service B
- 22. Viet OpenInfra Days 2019 How Istio works 22 Mixer Pod svcA Service A Control Plane API Pod Service B svcB Server-side Envoy checks with Mixer to validate that call should be allowed
- 23. Viet OpenInfra Days 2019 How Istio works 23 Mixer Pod svcA Service A Control Plane API Pod Service B svcB Mixer checks with appropriate adaptors to verify that the call can proceed Policy engine Quota adaptor
- 24. Viet OpenInfra Days 2019 How Istio works 24 Mixer Pod svcA Service A Control Plane API Pod Service B svcB Server-side Envoy forwards requests to service B Service B processes the request and returns response
- 25. Viet OpenInfra Days 2019 How Istio works 25 Mixer Pod svcA Service A Control Plane API Pod Service B svcB Envoy forwards response to the caller Client-side Envoy forwards response to the original caller
- 26. Viet OpenInfra Days 2019 How Istio works 26 Mixer Pod svcA Service A Control Plane API Pod Service B svcB Envoy reports telemetry to Mixer, which in turn notifies appropriate plugins Logging plugin Monitoring plugin
- 27. Viet OpenInfra Days 2019 How Istio works 27 Mixer Pod svcA Service A Control Plane API Pod Service B svcB Client-side Envoy reports telemetry to Mixer (including client-perceived latency) Logging plugin Monitoring plugin
- 28. Viet OpenInfra Days 2019 Demo - Hands on https://github.com/vietkubers/k8s-istio-metallb-hands-on-lab 28
- 29. Viet OpenInfra Days 2019 References ● TBD 29
- 30. Viet OpenInfra Days 2019 30
Editor's Notes
- #13: Microservices là một loại kiến trúc mà phân tách ứng dụng thành nhiều services nhỏ thực hiện mỗi chức năng chuyên biệt. Các microservices sẽ được chứa trong các Containers. Containers đóng gói mọi thứ cần thiết để phần mềm có thể hoạt động như: mã nguồn, dependencies, thư viện, binaries,...