SlideShare a Scribd company logo

Istio by Example (extended version)

QAware GmbH, profile picture
QAware GmbH

The document provides an overview of utilizing Istio for traffic management, security, observability, and resiliency in microservices architecture. It includes instructions for deploying Istio and a sample application, along with specific configurations for canary releases, access control, egress, and circuit breakers. Additionally, it details various observability tools like Prometheus, Grafana, and Jaeger that can be integrated with Istio.

Data & Analytics
Related topics:
Cloud Computing Insights
1 of 27
Downloaded 31 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Istio by Example (extended version)
Why? Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
Istio by Example (extended version)
Atomic Architecture Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
Istio by Example (extended version)
Istio by Example (extended version)
Library Bloat
Istio by Example (extended version)
Istio by Example (extended version)
Istio by Example (extended version)
Istio by Example (extended version)
Setting the sails with Istio Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
Features Traffic Management Resiliency Security Observability Request Routing Timeouts mTLS Metrics Load Balancing Circuit Breaker Access Control Logs Traffic Shifting Health Checks (active, passive) Workload Identity Traces Traffic Mirroring Retries RBAC Service Discovery Rate Limiting Ingress, Egress Delay & Fault Injection Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
Istio by Example (extended version)
Deploy Istio & Sample App curl -L https://git.io/getLatestIstio | sh - cd istio-* export PATH=$PWD/bin:$PATH # deploy istio with mTLS enabled by default kubectl apply -f install/kubernetes/istio-auth.yaml # ... lengthy copy & paste code to deploy sidecar auto-deployment # label default namespace to be auto-sidecarred kubectl label namespace default istio-injection=enabled # deploy and open sample application kubectl apply -f istio-*/samples/bookinfo/kube/bookinfo.yaml open http://localhost/productpage Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
Ingress apiVersion: extensions/v1beta1 kind: Ingress metadata: name: gateway annotations: kubernetes.io/ingress.class: "istio" spec: rules: - http: paths: - path: /productpage backend: serviceName: productpage servicePort: 9080 - path: /login backend: serviceName: productpage servicePort: 9080 - path: /logout backend: serviceName: productpage servicePort: 9080 - path: /api/v1/products.* backend: serviceName: productpage servicePort: 9080
Sample Application: BookInfo1 1 Istio BookInfo Sample (https://istio.io/docs/guides/bookinfo.html)
Deploy Observability Add-Ons #Prometheus kubectl apply -f istio-*/install/kubernetes/addons/prometheus.yaml kubectl expose deployment prometheus --name=prometheus-expose --port=9090 --target-port=9090 --type=LoadBalancer -n=istio-system #Grafana kubectl apply -f istio-*/install/kubernetes/addons/grafana.yaml kubectl expose deployment grafana --name=grafana-expose --port=3000 --target-port=3000 --type=LoadBalancer -n=istio-system #Jaeger kubectl apply -n istio-system -f https://raw.githubusercontent.com/jaegertracing/jaeger-kubernetes/ master/all-in-one/jaeger-all-in-one-template.yml kubectl expose deployment jaeger-deployment --name=jaeger-expose --port=16686 --target-port=16686 --type=LoadBalancer -n=istio-system #EFK kubectl apply -f logging-stack.yaml kubectl expose deployment kibana --name=kibana-expose --port=5601 --target-port=5601 --type=LoadBalancer -n=logging Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
Observe Services # Logs istioctl create -f fluentd-istio.yaml # Metrics istioctl create -f telemetry.yaml Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
Istio by Example (extended version)
Canary Releases: A/B Testing apiVersion: config.istio.io/v1alpha2 kind: RouteRule metadata: name: reviews-test-v2 spec: destination: name: reviews precedence: 2 match: request: headers: cookie: regex: "^(.*?;)?(user=jason)(;.*)?$" route: - labels: version: v2 istioctl create -f route-rule-reviews-test-v2.yaml Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
Canary Releases: Rolling Upgrade apiVersion: config.istio.io/v1alpha2 kind: RouteRule metadata: name: reviews-default spec: destination: name: reviews precedence: 1 route: - labels: version: v1 weight: 50 - labels: version: v3 weight: 50 istioctl create -f route-rule-reviews-50-v3.yaml Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
Canary Releases: Blue/Green apiVersion: config.istio.io/v1alpha2 kind: RouteRule metadata: name: reviews-default spec: destination: name: reviews precedence: 1 route: - labels: version: v3 weight: 100 istioctl replace -f route-rule-reviews-v3.yaml Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
Security: Access Control apiVersion: "config.istio.io/v1alpha2" kind: denier metadata: name: denyreviewsv3handler spec: status: code: 7 message: Not allowed --- apiVersion: "config.istio.io/v1alpha2" kind: checknothing metadata: name: denyreviewsv3request spec: --- apiVersion: "config.istio.io/v1alpha2" kind: rule metadata: name: denyreviewsv3 spec: match: source.labels["layer"]=="inner" && destination.labels["layer"] == "outer" actions: - handler: denyreviewsv3handler.denier instances: [ denyreviewsv3request.checknothing ] Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
Security: Egress apiVersion: networking.istio.io/v1alpha3 kind: ExternalService metadata: name: google-ext spec: hosts: - www.google.com ports: - number: 443 name: https protocol: http --- apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: google-ext spec: name: www.google.com trafficPolicy: tls: mode: SIMPLE # initiates HTTPS when talking to www.google.com Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
Resiliency: Circuit Breaker apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: httpbin spec: name: httpbin trafficPolicy: connectionPool: tcp: maxConnections: 100 http: http1MaxPendingRequests: 1 maxRequestsPerConnection: 1 outlierDetection: http: consecutiveErrors: 1 interval: 1s baseEjectionTime: 3m maxEjectionPercent: 100 Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
Istio by Example (extended version)

More Related Content

PPTX
Istio a service mesh
Chandresh Pancholi
 
PDF
Introduction to Istio on Kubernetes
Jonh Wendell
 
PDF
Istio Service Mesh
Lew Tucker
 
PPTX
ISTIO Deep Dive
Yong Feng
 
PDF
Stop reinventing the wheel with Istio by Mete Atamel (Google)
Codemotion
 
PDF
Introduction to Istio Service Mesh
Georgios Andrianakis
 
PDF
Istio on Kubernetes
Daneyon Hansen
 
PPTX
Microservices With Istio Service Mesh
Natanael Fonseca
 
Istio a service mesh
Chandresh Pancholi
 
Introduction to Istio on Kubernetes
Jonh Wendell
 
Istio Service Mesh
Lew Tucker
 
ISTIO Deep Dive
Yong Feng
 
Stop reinventing the wheel with Istio by Mete Atamel (Google)
Codemotion
 
Introduction to Istio Service Mesh
Georgios Andrianakis
 
Istio on Kubernetes
Daneyon Hansen
 
Microservices With Istio Service Mesh
Natanael Fonseca
 

What's hot (20)

ODP
Istio
Arun prasath
 
PDF
Istio service mesh: past, present, future (TLV meetup)
elevran
 
PDF
The elegant way of implementing microservices with istio
Inho Kang
 
PPTX
Istio - A Service Mesh for Microservices as Scale
Ram Vennam
 
PDF
Istio : Service Mesh
Knoldus Inc.
 
PDF
Benchmarking Service Meshes - CNCF Networking WG
Lee Calcote
 
PDF
Istio: Using nginMesh as the service proxy
Lee Calcote
 
PDF
Securing Microservices with Istio
Daniel Berg
 
PDF
Managing traffic routing with istio and envoy workshop
Opsta
 
PDF
Managing Microservices With The Istio Service Mesh on Kubernetes
Iftach Schonbaum
 
PDF
Service Mesh on Kubernetes with Istio
Michelle Holley
 
PPTX
Service mesh
Arnab Mitra
 
PDF
From zero to hero with Kubernetes and Istio
Sergii Bishyr
 
PPTX
Microservices on kubernetes
Chandresh Pancholi
 
PDF
Istio Service Mesh
Luke Marsden
 
PDF
Managing microservices with Istio Service Mesh
Rafik HARABI
 
PDF
The service mesh: resilient communication for microservice applications
Outlyer
 
PPTX
O'Reilly 2017: "Introduction to Service Meshes"
Daniel Bryant
 
PDF
Demystifying Service Mesh
Mitchell Pronschinske
 
PPTX
istio: service mesh for all
Mandar Jog
 
Istio
Arun prasath
 
Istio service mesh: past, present, future (TLV meetup)
elevran
 
The elegant way of implementing microservices with istio
Inho Kang
 
Istio - A Service Mesh for Microservices as Scale
Ram Vennam
 
Istio : Service Mesh
Knoldus Inc.
 
Benchmarking Service Meshes - CNCF Networking WG
Lee Calcote
 
Istio: Using nginMesh as the service proxy
Lee Calcote
 
Securing Microservices with Istio
Daniel Berg
 
Managing traffic routing with istio and envoy workshop
Opsta
 
Managing Microservices With The Istio Service Mesh on Kubernetes
Iftach Schonbaum
 
Service Mesh on Kubernetes with Istio
Michelle Holley
 
Service mesh
Arnab Mitra
 
From zero to hero with Kubernetes and Istio
Sergii Bishyr
 
Microservices on kubernetes
Chandresh Pancholi
 
Istio Service Mesh
Luke Marsden
 
Managing microservices with Istio Service Mesh
Rafik HARABI
 
The service mesh: resilient communication for microservice applications
Outlyer
 
O'Reilly 2017: "Introduction to Service Meshes"
Daniel Bryant
 
Demystifying Service Mesh
Mitchell Pronschinske
 
istio: service mesh for all
Mandar Jog
 
Ad

Similar to Istio by Example (extended version) (20)

PDF
Istio Playground
QAware GmbH
 
PDF
Ports, pods and proxies
LibbySchulze
 
PPTX
Istio canaries and kubernetes
Red Hat Developers
 
PDF
OSS Japan 2019 service mesh bridging Kubernetes and legacy
Steve Wong
 
PPTX
使用 Prometheus 監控 Kubernetes Cluster
inwin stack
 
PDF
Weave Your Microservices with Istio
All Things Open
 
PDF
All Things Open 2019 weave-services-istio
Lin Sun
 
PDF
Ato2019 weave-services-istio
Lin Sun
 
PDF
Serving models using KFServing
Theofilos Papapanagiotou
 
PDF
Kubernetes extensibility
Docker, Inc.
 
PDF
Swift Cloud Workshop - Swift Microservices
Chris Bailey
 
PDF
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...
Icinga
 
PDF
Lessons learned using GitOps
Edgaras Apšega
 
PDF
DCEU 18: Docker Container Networking
Docker, Inc.
 
PDF
How Zalando runs Kubernetes clusters at scale on AWS - AWS re:Invent
Henning Jacobs
 
PPTX
From 0 to 60 with kubernetes and istio
Joonathan Mägi
 
PDF
Istio Playground
QAware GmbH
 
PDF
給 RD 的 Kubernetes 初體驗 (EKS version)
William Yeh
 
PPTX
Kubernetes and Istio
Ketan Gote
 
PDF
GE Predix 新手入门 赵锴 物联网_IoT
Kai Zhao
 
Istio Playground
QAware GmbH
 
Ports, pods and proxies
LibbySchulze
 
Istio canaries and kubernetes
Red Hat Developers
 
OSS Japan 2019 service mesh bridging Kubernetes and legacy
Steve Wong
 
使用 Prometheus 監控 Kubernetes Cluster
inwin stack
 
Weave Your Microservices with Istio
All Things Open
 
All Things Open 2019 weave-services-istio
Lin Sun
 
Ato2019 weave-services-istio
Lin Sun
 
Serving models using KFServing
Theofilos Papapanagiotou
 
Kubernetes extensibility
Docker, Inc.
 
Swift Cloud Workshop - Swift Microservices
Chris Bailey
 
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...
Icinga
 
Lessons learned using GitOps
Edgaras Apšega
 
DCEU 18: Docker Container Networking
Docker, Inc.
 
How Zalando runs Kubernetes clusters at scale on AWS - AWS re:Invent
Henning Jacobs
 
From 0 to 60 with kubernetes and istio
Joonathan Mägi
 
Istio Playground
QAware GmbH
 
給 RD 的 Kubernetes 初體驗 (EKS version)
William Yeh
 
Kubernetes and Istio
Ketan Gote
 
GE Predix 新手入门 赵锴 物联网_IoT
Kai Zhao
 
Ad

More from QAware GmbH (20)

PDF
QAware_Mario-Leander_Reimer_Architecting and Building a K8s-based AI Platform...
QAware GmbH
 
PDF
Frontends mit Hilfe von KI entwickeln.pdf
QAware GmbH
 
PDF
Mit ChatGPT Dinosaurier besiegen - Möglichkeiten und Grenzen von LLM für die ...
QAware GmbH
 
PDF
50 Shades of K8s Autoscaling #JavaLand24.pdf
QAware GmbH
 
PDF
Make Agile Great - PM-Erfahrungen aus zwei virtuellen internationalen SAFe-Pr...
QAware GmbH
 
PPTX
Fully-managed Cloud-native Databases: The path to indefinite scale @ CNN Mainz
QAware GmbH
 
PDF
Down the Ivory Tower towards Agile Architecture
QAware GmbH
 
PDF
"Mixed" Scrum-Teams – Die richtige Mischung macht's!
QAware GmbH
 
PDF
Make Developers Fly: Principles for Platform Engineering
QAware GmbH
 
PDF
Der Tod der Testpyramide? – Frontend-Testing mit Playwright
QAware GmbH
 
PDF
Was kommt nach den SPAs
QAware GmbH
 
PDF
Cloud Migration mit KI: der Turbo
QAware GmbH
 
PDF
Migration von stark regulierten Anwendungen in die Cloud: Dem Teufel die See...
QAware GmbH
 
PDF
Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster
QAware GmbH
 
PDF
Endlich gute API Tests. Boldly Testing APIs Where No One Has Tested Before.
QAware GmbH
 
PDF
Kubernetes with Cilium in AWS - Experience Report!
QAware GmbH
 
PDF
50 Shades of K8s Autoscaling
QAware GmbH
 
PDF
Kontinuierliche Sicherheitstests für APIs mit Testkube und OWASP ZAP
QAware GmbH
 
PDF
Service Mesh Pain & Gain. Experiences from a client project.
QAware GmbH
 
PDF
50 Shades of K8s Autoscaling
QAware GmbH
 
QAware_Mario-Leander_Reimer_Architecting and Building a K8s-based AI Platform...
QAware GmbH
 
Frontends mit Hilfe von KI entwickeln.pdf
QAware GmbH
 
Mit ChatGPT Dinosaurier besiegen - Möglichkeiten und Grenzen von LLM für die ...
QAware GmbH
 
50 Shades of K8s Autoscaling #JavaLand24.pdf
QAware GmbH
 
Make Agile Great - PM-Erfahrungen aus zwei virtuellen internationalen SAFe-Pr...
QAware GmbH
 
Fully-managed Cloud-native Databases: The path to indefinite scale @ CNN Mainz
QAware GmbH
 
Down the Ivory Tower towards Agile Architecture
QAware GmbH
 
"Mixed" Scrum-Teams – Die richtige Mischung macht's!
QAware GmbH
 
Make Developers Fly: Principles for Platform Engineering
QAware GmbH
 
Der Tod der Testpyramide? – Frontend-Testing mit Playwright
QAware GmbH
 
Was kommt nach den SPAs
QAware GmbH
 
Cloud Migration mit KI: der Turbo
QAware GmbH
 
Migration von stark regulierten Anwendungen in die Cloud: Dem Teufel die See...
QAware GmbH
 
Aus blau wird grün! Ansätze und Technologien für nachhaltige Kubernetes-Cluster
QAware GmbH
 
Endlich gute API Tests. Boldly Testing APIs Where No One Has Tested Before.
QAware GmbH
 
Kubernetes with Cilium in AWS - Experience Report!
QAware GmbH
 
50 Shades of K8s Autoscaling
QAware GmbH
 
Kontinuierliche Sicherheitstests für APIs mit Testkube und OWASP ZAP
QAware GmbH
 
Service Mesh Pain & Gain. Experiences from a client project.
QAware GmbH
 
50 Shades of K8s Autoscaling
QAware GmbH
 

Recently uploaded (20)

PPTX
1_Introduction to advance data techniques.pptx
AshutoshDeshmukh33
 
PDF
Foundation of Data Science unit number two notes
sanguleumeshit
 
PPTX
Global journeys: estimating international migration
Office for National Statistics
 
PPTX
The THESIS FINAL-DEFENSE-PRESENTATION.pptx
hshakobe3
 
PPTX
mbdjdhjjodule 5-1 rhfhhfjtjjhafbrhfnfbbfnb
CHINTU5000
 
PDF
.pdf is not working space design for the following data for the following dat...
jerinjoy242
 
PPTX
Introduction to Firewall Analytics - Interfirewall and Transfirewall.pptx
kuthubussaman1
 
PPTX
Supervised vs unsupervised machine learning algorithms
agarwal18harsh08
 
PPTX
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
 
PPT
Reliability_Chapter_ presentation 1221.5784
abobaker13
 
PDF
Introduction to Business Data Analytics.
jamalmumthaj
 
PDF
Galatica Smart Energy Infrastructure Startup Pitch Deck
Shahzaib Ajmal
 
PPTX
Introduction to Knowledge Engineering Part 1
busyprogrammersguide
 
PPTX
Introduction to Basics of Ethical Hacking and Penetration Testing -Unit No. 1...
AshutoshDeshmukh33
 
PDF
Lecture1 pattern recognition............
ZafriFarid
 
PPTX
Data_Analytics_and_PowerBI_Presentation.pptx
ZubyrAhmed
 
PPT
Chapter 3 METAL JOINING.pptnnnnnnnnnnnnn
JanakiRaman206018
 
PPT
Quality review (1)_presentation of this 21
abobaker13
 
PDF
Mega Projects Data Mega Projects Data
saidsalah8181
 
PPTX
Computer network topology notes for revision
BatoolRawat
 
1_Introduction to advance data techniques.pptx
AshutoshDeshmukh33
 
Foundation of Data Science unit number two notes
sanguleumeshit
 
Global journeys: estimating international migration
Office for National Statistics
 
The THESIS FINAL-DEFENSE-PRESENTATION.pptx
hshakobe3
 
mbdjdhjjodule 5-1 rhfhhfjtjjhafbrhfnfbbfnb
CHINTU5000
 
.pdf is not working space design for the following data for the following dat...
jerinjoy242
 
Introduction to Firewall Analytics - Interfirewall and Transfirewall.pptx
kuthubussaman1
 
Supervised vs unsupervised machine learning algorithms
agarwal18harsh08
 
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
 
Reliability_Chapter_ presentation 1221.5784
abobaker13
 
Introduction to Business Data Analytics.
jamalmumthaj
 
Galatica Smart Energy Infrastructure Startup Pitch Deck
Shahzaib Ajmal
 
Introduction to Knowledge Engineering Part 1
busyprogrammersguide
 
Introduction to Basics of Ethical Hacking and Penetration Testing -Unit No. 1...
AshutoshDeshmukh33
 
Lecture1 pattern recognition............
ZafriFarid
 
Data_Analytics_and_PowerBI_Presentation.pptx
ZubyrAhmed
 
Chapter 3 METAL JOINING.pptnnnnnnnnnnnnn
JanakiRaman206018
 
Quality review (1)_presentation of this 21
abobaker13
 
Mega Projects Data Mega Projects Data
saidsalah8181
 
Computer network topology notes for revision
BatoolRawat
 

Istio by Example (extended version)

  • 2. Why? Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
  • 4. Atomic Architecture Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
  • 12. Setting the sails with Istio Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
  • 13. Features Traffic Management Resiliency Security Observability Request Routing Timeouts mTLS Metrics Load Balancing Circuit Breaker Access Control Logs Traffic Shifting Health Checks (active, passive) Workload Identity Traces Traffic Mirroring Retries RBAC Service Discovery Rate Limiting Ingress, Egress Delay & Fault Injection Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
  • 15. Deploy Istio & Sample App curl -L https://git.io/getLatestIstio | sh - cd istio-* export PATH=$PWD/bin:$PATH # deploy istio with mTLS enabled by default kubectl apply -f install/kubernetes/istio-auth.yaml # ... lengthy copy & paste code to deploy sidecar auto-deployment # label default namespace to be auto-sidecarred kubectl label namespace default istio-injection=enabled # deploy and open sample application kubectl apply -f istio-*/samples/bookinfo/kube/bookinfo.yaml open http://localhost/productpage Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
  • 16. Ingress apiVersion: extensions/v1beta1 kind: Ingress metadata: name: gateway annotations: kubernetes.io/ingress.class: "istio" spec: rules: - http: paths: - path: /productpage backend: serviceName: productpage servicePort: 9080 - path: /login backend: serviceName: productpage servicePort: 9080 - path: /logout backend: serviceName: productpage servicePort: 9080 - path: /api/v1/products.* backend: serviceName: productpage servicePort: 9080
  • 17. Sample Application: BookInfo1 1 Istio BookInfo Sample (https://istio.io/docs/guides/bookinfo.html)
  • 18. Deploy Observability Add-Ons #Prometheus kubectl apply -f istio-*/install/kubernetes/addons/prometheus.yaml kubectl expose deployment prometheus --name=prometheus-expose --port=9090 --target-port=9090 --type=LoadBalancer -n=istio-system #Grafana kubectl apply -f istio-*/install/kubernetes/addons/grafana.yaml kubectl expose deployment grafana --name=grafana-expose --port=3000 --target-port=3000 --type=LoadBalancer -n=istio-system #Jaeger kubectl apply -n istio-system -f https://raw.githubusercontent.com/jaegertracing/jaeger-kubernetes/ master/all-in-one/jaeger-all-in-one-template.yml kubectl expose deployment jaeger-deployment --name=jaeger-expose --port=16686 --target-port=16686 --type=LoadBalancer -n=istio-system #EFK kubectl apply -f logging-stack.yaml kubectl expose deployment kibana --name=kibana-expose --port=5601 --target-port=5601 --type=LoadBalancer -n=logging Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
  • 19. Observe Services # Logs istioctl create -f fluentd-istio.yaml # Metrics istioctl create -f telemetry.yaml Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
  • 21. Canary Releases: A/B Testing apiVersion: config.istio.io/v1alpha2 kind: RouteRule metadata: name: reviews-test-v2 spec: destination: name: reviews precedence: 2 match: request: headers: cookie: regex: "^(.*?;)?(user=jason)(;.*)?$" route: - labels: version: v2 istioctl create -f route-rule-reviews-test-v2.yaml Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
  • 22. Canary Releases: Rolling Upgrade apiVersion: config.istio.io/v1alpha2 kind: RouteRule metadata: name: reviews-default spec: destination: name: reviews precedence: 1 route: - labels: version: v1 weight: 50 - labels: version: v3 weight: 50 istioctl create -f route-rule-reviews-50-v3.yaml Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
  • 23. Canary Releases: Blue/Green apiVersion: config.istio.io/v1alpha2 kind: RouteRule metadata: name: reviews-default spec: destination: name: reviews precedence: 1 route: - labels: version: v3 weight: 100 istioctl replace -f route-rule-reviews-v3.yaml Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
  • 24. Security: Access Control apiVersion: "config.istio.io/v1alpha2" kind: denier metadata: name: denyreviewsv3handler spec: status: code: 7 message: Not allowed --- apiVersion: "config.istio.io/v1alpha2" kind: checknothing metadata: name: denyreviewsv3request spec: --- apiVersion: "config.istio.io/v1alpha2" kind: rule metadata: name: denyreviewsv3 spec: match: source.labels["layer"]=="inner" && destination.labels["layer"] == "outer" actions: - handler: denyreviewsv3handler.denier instances: [ denyreviewsv3request.checknothing ] Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
  • 25. Security: Egress apiVersion: networking.istio.io/v1alpha3 kind: ExternalService metadata: name: google-ext spec: hosts: - www.google.com ports: - number: 443 name: https protocol: http --- apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: google-ext spec: name: www.google.com trafficPolicy: tls: mode: SIMPLE # initiates HTTPS when talking to www.google.com Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018
  • 26. Resiliency: Circuit Breaker apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: httpbin spec: name: httpbin trafficPolicy: connectionPool: tcp: maxConnections: 100 http: http1MaxPendingRequests: 1 maxRequestsPerConnection: 1 outlierDetection: http: consecutiveErrors: 1 interval: 1s baseEjectionTime: 3m maxEjectionPercent: 100 Istio by Example, @adersberger, KubeCon & CloudNativeCon EU 2018