SlideShare a Scribd company logo

Istio Service Mesh for Developers and Platform Engineers

S
SaiLinnThu2

The document discusses the role of Istio as an open-source service mesh, emphasizing its benefits for application modernization, such as reducing costs and improving development speed. It addresses challenges associated with microservices, including security, traffic management, and observability, while highlighting the importance of zero trust security and resiliency strategies. Furthermore, it explains different architectures for deploying Istio, including sidecar and sidecar-less models, and their impact on performance and operational simplicity.

Technology
1 of 42
Downloaded 39 times
1
2
3
4
5
6
7
8
Most read
9
10
11
12
13
Most read
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Most read
33
34
35
36
37
38
39
40
41
42
Sai, Field Engineer @ Solo.io Istio Service Mesh For Developers & Platform Engineers
Home Lab BEFORE
Home Lab NOW
Business Drivers for Application Modernization Reduce Costs / Shift Capex to Opex Access to Innovation Increase flexibility and Capacity of Infrastructure Increase Velocity of Development Reduce Risk Monolithic Microservices
The Way We Build Applications Monolithic On-Prem Built on a VM+OS Large Teams Microservices Cloud Built on Kubernetes Agile Teams
Challenges with Microservices ● How to observe interactions among services? ● How to secure service to service communication? ● How to manage transient failures? ● How to control traffic?
Online Boutique Microservices Demo Source: https://github.com/GoogleCloudPlatform/microservices-demo
Application Networking Challenges ● Service discovery ● Load balancing ● Timeouts ● Retry / Budgets ● Circuit breaking ● Tracing, observability ● Secure transport ● Extension Challenges
Application Networking
Data Plane & Control Plane
Why Envoy for Service Mesh Data Plane ● Neutral Foundation (CNCF) ● Large, diverse, vibrant community ● Built ground up for dynamic services environment ● Dynamic configuration, driven by API ● Highly extensible ● L7 filters (HTTP/1, HTTP/2, gRPC, redis, mysql, Kafka, etc) ● Deep signals telemetry out of the box ● Versatile deployment options
Istio - Open Source Service Mesh 2017 Istio Launched Data Plane Enhancements 2019-20 7 New Community Releases 1000s Production Users ~ 1000 Community Contributors 2022 CNCF 2019-2022
Case Studies https://istio.io/latest/about/case-studies/
Istio Service Mesh Architecture
Istio Deployment (Sidecar Architecture)
Use Cases
Too Much TRUST!
Zero Trust Security
Secure Networking - Server Side TLS
Secure Networking - mTLS
Network Security in Kubernetes Default State !!! Desired State “Zero Trust Security”
DIY … Whoops ! ○ 81% of companies experienced a certificate-related outage in the past two years ○ 65% are concerned about the increased workload and risk of outages caused by shorter SSL/TLS certificate lifespans. ○ Human error was a major contributing factor in 95% of breaches
Istio to the Rescue !
Resiliency - There will be Failures Common Mitigations ● Waiting indefinitely is bad ● Trying again is good ● Degrade gracefully when services are overwhelmed
Timeout - Don’t wait Indefinitely
Retry - Trying Again is Good 👍
Circuit Breaker - Degrade gracefully
Observability - Insights for Competitive Advantage Building a Uniform Approach ● Understand traffic patterns ● Determine service health ● Anticipate outages ● Detect dangerous activity ● Audit access
Observability - Metrics and Access Logging [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default metrics
RECAP
Business Drivers for Adopting Istio
Life without ServiceMesh `vs` Life with ServiceMesh Business Logic Security Logic Traffic Management Logic Golden Metrics/ Observability Logic Resiliency Logic Managed by Developer - Multiple Tasks - Multiple Frameworks - Language Specific - Poor Dev Experience - 100s of Manual Steps Business Logic Security Logic Traffic Management Logic Golden Metrics/ Observability Logic Resiliency Logic Managed by Developer - Focus on Biz Logic - Developer Productivity Managed by ServiceMesh - Automated Workflow - Deploy Consistent Infrastructure Layer - Eliminate Language Specific Libraries - Consistent Security & Observability across LOBs Before Service Mesh After Service Mesh Microservice App Microservice App
Istio Deployment (Sidecar Architecture)
Istio Ambient Mesh (Sidecar-less Architecture) A recent, open source contribution to the Istio project, that defines a new sidecar-less data plane. Improve Performance Simplify Operations Cost Reduction https://istio.io/latest/blog/2022/introducing-ambient-mesh/
Istio Deployment (Sidecar-less Architecture)
Something to think about …
Something to think about …
● the Istio Ingress Gateway doesn’t provide the capabilities of an enterprise API gateway ● It’s complex to use and to manage, especially in a multi-cloud context ● mTLS across the clusters ● Lifecycle management for control planes and istio gateways ● Global Observability (centralized metrics and access logging) ● Long term support Something to think about …
Learn More …
Learn More … 10,000+ students have attended hands-on workshops 1,800+ engineers have achieved certifications NPS Score 75 https://academy.solo.io
Istio User Group SINGAPORE
Thanks for attending! @_hellosai_ sai.linnthu@solo.io https://www.linkedin.com/in/sailinnthu/ https://www.youtube.com/@SaiLinnThu Field Engineer - APAC @ Solo.io

More Related Content

PPTX
Microservices With Istio Service Mesh
Natanael Fonseca
 
PDF
Istio : Service Mesh
Knoldus Inc.
 
DOCX
Low level design template (1)
anosha jamshed
 
PDF
AWS VPC by hellocloud.io
Hello Cloud
 
PPTX
Data Lakehouse Symposium | Day 4
Databricks
 
PPTX
Introduction to GItlab CICD Presentation.pptx
Knoldus Inc.
 
PPSX
Zero-Trust SASE DevSecOps
Araf Karsh Hamid
 
PDF
HelloCloud.io - Introduction to IaC & Terraform
Hello Cloud
 
Microservices With Istio Service Mesh
Natanael Fonseca
 
Istio : Service Mesh
Knoldus Inc.
 
Low level design template (1)
anosha jamshed
 
AWS VPC by hellocloud.io
Hello Cloud
 
Data Lakehouse Symposium | Day 4
Databricks
 
Introduction to GItlab CICD Presentation.pptx
Knoldus Inc.
 
Zero-Trust SASE DevSecOps
Araf Karsh Hamid
 
HelloCloud.io - Introduction to IaC & Terraform
Hello Cloud
 

What's hot (20)

PDF
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Edureka!
 
PDF
Introduction to kubernetes
Raffaele Di Fazio
 
PDF
Let's build Developer Portal with Backstage
Opsta
 
PDF
OpenTelemetry Introduction
DimitrisFinas1
 
PDF
Designing a complete ci cd pipeline using argo events, workflow and cd products
Julian Mazzitelli
 
PDF
Free GitOps Workshop + Intro to Kubernetes & GitOps
Weaveworks
 
PDF
Gitlab, GitOps & ArgoCD
Haggai Philip Zagury
 
PPSX
Service Mesh - Observability
Araf Karsh Hamid
 
PDF
Pave the Golden Path On Your Internal Platform
Mauricio (Salaboy) Salatino
 
PDF
Exploring the power of OpenTelemetry on Kubernetes
Red Hat Developers
 
PDF
Kubernetes Networking
CJ Cullen
 
PPTX
Envoy and Kafka
Adam Kotwasinski
 
PPTX
Open Closed Principle kata
Paul Blundell
 
PDF
Kubernetes - introduction
Sparkbit
 
PDF
Mule Common Logging & Error Handling Framework
Vijay Reddy
 
PDF
The Complete Guide to Service Mesh
Aspen Mesh
 
PPTX
Adopting OpenTelemetry
Vincent Behar
 
PDF
Introduction to Kubernetes Workshop
Bob Killen
 
PDF
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
SaiLinnThu2
 
PPTX
Best Practices in Implementing a Center for Enablement (C4E) within Your Orga...
MuleSoft
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Edureka!
 
Introduction to kubernetes
Raffaele Di Fazio
 
Let's build Developer Portal with Backstage
Opsta
 
OpenTelemetry Introduction
DimitrisFinas1
 
Designing a complete ci cd pipeline using argo events, workflow and cd products
Julian Mazzitelli
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Weaveworks
 
Gitlab, GitOps & ArgoCD
Haggai Philip Zagury
 
Service Mesh - Observability
Araf Karsh Hamid
 
Pave the Golden Path On Your Internal Platform
Mauricio (Salaboy) Salatino
 
Exploring the power of OpenTelemetry on Kubernetes
Red Hat Developers
 
Kubernetes Networking
CJ Cullen
 
Envoy and Kafka
Adam Kotwasinski
 
Open Closed Principle kata
Paul Blundell
 
Kubernetes - introduction
Sparkbit
 
Mule Common Logging & Error Handling Framework
Vijay Reddy
 
The Complete Guide to Service Mesh
Aspen Mesh
 
Adopting OpenTelemetry
Vincent Behar
 
Introduction to Kubernetes Workshop
Bob Killen
 
Istio Ambient Mesh in ACTION - Istio UG Singapore - 22June,2023
SaiLinnThu2
 
Best Practices in Implementing a Center for Enablement (C4E) within Your Orga...
MuleSoft
 
Ad

Similar to Istio Service Mesh for Developers and Platform Engineers (20)

PDF
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Hello Cloud
 
PDF
Managing microservices with Istio Service Mesh
Rafik HARABI
 
PDF
Oracle Open World 2018 - Cloud Lift Accelerator Suite
Ike Aniagoh
 
PDF
Istio Triangle Kubernetes Meetup Aug 2019
Ram Vennam
 
PDF
The Current And Future State Of Service Mesh
Ram Vennam
 
PDF
How we buit microservices
Ihor Harahatyi
 
PPTX
EXTENT-2016: Network Instrumentation Challenges and Solutions
Iosif Itkin
 
PDF
The Future of Service Mesh
All Things Open
 
PDF
Overview xs en
Sophie Morin
 
PPTX
SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...
Daniel Bryant
 
PPTX
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...
Daniel Bryant
 
PDF
Service Provider Architectures for Tomorrow by Chow Khay Kid
MyNOG
 
PDF
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
WSO2
 
PDF
Cloud APIs Overview Tucker
Infrastructure 2.0
 
PDF
Is your MQTT broker IoT ready?
Eurotech
 
PPTX
Empowering Uptime with a 24/7 Network Operations Center (NOC)
dikshanfc
 
PPTX
Cloudify: Open vCPE Design Concepts and Multi-Cloud Orchestration
Cloudify Community
 
PDF
Next Generation DDoS Services – can we do this with NFV? - CF Chui
MyNOG
 
PDF
Istio Service Mesh
Lew Tucker
 
PDF
App Simplified - Use a Mesh from Day 0.pdf
Ivan Porta
 
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Hello Cloud
 
Managing microservices with Istio Service Mesh
Rafik HARABI
 
Oracle Open World 2018 - Cloud Lift Accelerator Suite
Ike Aniagoh
 
Istio Triangle Kubernetes Meetup Aug 2019
Ram Vennam
 
The Current And Future State Of Service Mesh
Ram Vennam
 
How we buit microservices
Ihor Harahatyi
 
EXTENT-2016: Network Instrumentation Challenges and Solutions
Iosif Itkin
 
The Future of Service Mesh
All Things Open
 
Overview xs en
Sophie Morin
 
SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...
Daniel Bryant
 
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...
Daniel Bryant
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
MyNOG
 
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
WSO2
 
Cloud APIs Overview Tucker
Infrastructure 2.0
 
Is your MQTT broker IoT ready?
Eurotech
 
Empowering Uptime with a 24/7 Network Operations Center (NOC)
dikshanfc
 
Cloudify: Open vCPE Design Concepts and Multi-Cloud Orchestration
Cloudify Community
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
MyNOG
 
Istio Service Mesh
Lew Tucker
 
App Simplified - Use a Mesh from Day 0.pdf
Ivan Porta
 
Ad

Recently uploaded (20)

PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Approach and Philosophy of On baking technology
30anthuong17
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 

Istio Service Mesh for Developers and Platform Engineers

  • 1. Sai, Field Engineer @ Solo.io Istio Service Mesh For Developers & Platform Engineers
  • 4. Business Drivers for Application Modernization Reduce Costs / Shift Capex to Opex Access to Innovation Increase flexibility and Capacity of Infrastructure Increase Velocity of Development Reduce Risk Monolithic Microservices
  • 5. The Way We Build Applications Monolithic On-Prem Built on a VM+OS Large Teams Microservices Cloud Built on Kubernetes Agile Teams
  • 6. Challenges with Microservices ● How to observe interactions among services? ● How to secure service to service communication? ● How to manage transient failures? ● How to control traffic?
  • 7. Online Boutique Microservices Demo Source: https://github.com/GoogleCloudPlatform/microservices-demo
  • 8. Application Networking Challenges ● Service discovery ● Load balancing ● Timeouts ● Retry / Budgets ● Circuit breaking ● Tracing, observability ● Secure transport ● Extension Challenges
  • 10. Data Plane & Control Plane
  • 11. Why Envoy for Service Mesh Data Plane ● Neutral Foundation (CNCF) ● Large, diverse, vibrant community ● Built ground up for dynamic services environment ● Dynamic configuration, driven by API ● Highly extensible ● L7 filters (HTTP/1, HTTP/2, gRPC, redis, mysql, Kafka, etc) ● Deep signals telemetry out of the box ● Versatile deployment options
  • 12. Istio - Open Source Service Mesh 2017 Istio Launched Data Plane Enhancements 2019-20 7 New Community Releases 1000s Production Users ~ 1000 Community Contributors 2022 CNCF 2019-2022
  • 14. Istio Service Mesh Architecture
  • 15. Istio Deployment (Sidecar Architecture)
  • 19. Secure Networking - Server Side TLS
  • 21. Network Security in Kubernetes Default State !!! Desired State “Zero Trust Security”
  • 22. DIY … Whoops ! ○ 81% of companies experienced a certificate-related outage in the past two years ○ 65% are concerned about the increased workload and risk of outages caused by shorter SSL/TLS certificate lifespans. ○ Human error was a major contributing factor in 95% of breaches
  • 23. Istio to the Rescue !
  • 24. Resiliency - There will be Failures Common Mitigations ● Waiting indefinitely is bad ● Trying again is good ● Degrade gracefully when services are overwhelmed
  • 25. Timeout - Don’t wait Indefinitely
  • 26. Retry - Trying Again is Good 👍
  • 27. Circuit Breaker - Degrade gracefully
  • 28. Observability - Insights for Competitive Advantage Building a Uniform Approach ● Understand traffic patterns ● Determine service health ● Anticipate outages ● Detect dangerous activity ● Audit access
  • 29. Observability - Metrics and Access Logging [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default metrics
  • 30. RECAP
  • 31. Business Drivers for Adopting Istio
  • 32. Life without ServiceMesh `vs` Life with ServiceMesh Business Logic Security Logic Traffic Management Logic Golden Metrics/ Observability Logic Resiliency Logic Managed by Developer - Multiple Tasks - Multiple Frameworks - Language Specific - Poor Dev Experience - 100s of Manual Steps Business Logic Security Logic Traffic Management Logic Golden Metrics/ Observability Logic Resiliency Logic Managed by Developer - Focus on Biz Logic - Developer Productivity Managed by ServiceMesh - Automated Workflow - Deploy Consistent Infrastructure Layer - Eliminate Language Specific Libraries - Consistent Security & Observability across LOBs Before Service Mesh After Service Mesh Microservice App Microservice App
  • 33. Istio Deployment (Sidecar Architecture)
  • 34. Istio Ambient Mesh (Sidecar-less Architecture) A recent, open source contribution to the Istio project, that defines a new sidecar-less data plane. Improve Performance Simplify Operations Cost Reduction https://istio.io/latest/blog/2022/introducing-ambient-mesh/
  • 36. Something to think about …
  • 37. Something to think about …
  • 38. ● the Istio Ingress Gateway doesn’t provide the capabilities of an enterprise API gateway ● It’s complex to use and to manage, especially in a multi-cloud context ● mTLS across the clusters ● Lifecycle management for control planes and istio gateways ● Global Observability (centralized metrics and access logging) ● Long term support Something to think about …
  • 40. Learn More … 10,000+ students have attended hands-on workshops 1,800+ engineers have achieved certifications NPS Score 75 https://academy.solo.io