Istio: solving challenges of hybrid cloud
5 likes898 views
This document discusses Istio, an open-source service mesh that connects, secures, and manages microservices. Istio solves challenges of running hybrid cloud deployments by providing service communication and routing, observability through metric collection, and security through features like mTLS and workload identity. The document outlines Istio's capabilities and provides an architecture for running Istio across Kubernetes and virtual machine environments. A demo is presented to illustrate Istio's capabilities in hybrid deployments.
Istio: solving challenges of hybrid cloud
- 1. ISTIO: SOLVING CHALLENGES OF HYBRID CLOUD Zack Butcher (@ZackButcher) - Stealth Startup Christian Posta (@christianposta) - Red Hat 8 May, 2018
- 2. About Us Christian Posta @christianposta Chief Architect - Red Hat Zack Butcher @ZackButcher Founding Engineer - Stealth Startup
- 3. KUBERNETES IS BEST PLACE TO RUN CONTAINERS WORKLOADS ● Place containers on hosts ● Declarative deployment models ● Scaling, autoscaling ● Health checking ● Rudimentary service discovery and load balancing
- 4. INTERESTING THINGS HAPPEN WHEN SERVICES TRY TO COMMUNICATE
- 5. THINGS WE MUST SOLVE FOR BECAUSE “DISTRIBUTED SYSTEMS” ● Service discovery ● Retries ● Timeouts ● Load balancing ● Rate Limiting ● Circuit Breaking ● Security ● Zone aware balancing ● Outlier detection ● Traffic shaping ● Request mirroring ● Fault Inject ● Distributed tracing ● Logging ● Metrics collection ● Dark launches ● Per-request routing ● Edge routing
- 6. LET’S SOLVE THOSE HORIZONTAL CONCERNS OUT OF THE APPLICATION
- 7. LET’S SOLVE THOSE HORIZONTAL CONCERNS OUT OF THE APPLICATION
- 8. LET’S SOLVE THOSE HORIZONTAL CONCERNS OUT OF THE APPLICATION
- 9. FOUNDATIONS OF A SERVICE MESH
- 10. WHAT IS A SERVICE MESH A service mesh is decentralized application-networking infrastructure between your services that provides resilience, security, observability, and routing control.
- 11. ISTIO IS AN OPEN-SOURCE SERVICE MESH TO CONNECT, SECURE, AND MANAGE YOUR SERVICES
- 12. ● Fine grained traffic control/routing ● Service resilience ● Secure communication ● Policy enforcement ● Telemetry collection ISTIO GIVES YOU
- 14. DOES EVERYTHING RUN IN THE MESH?
- 19. CHALLENGES OF RUNNING HYBRID DEPLOYMENT ENVIRONMENTS
- 20. ● Resilience ● Organizational policy enforcement ● Monitoring / Observability ● Security ● Workload identity ● Routing / networking OPERATING THIS ENVIRONMENT IS HARD
- 21. ISTIO CAN HELP IN HYBRID DEPLOYMENT ENVIRONMENTS
- 22. SERVICE COMMUNICATION AND ROUTING ● Workloads shouldn’t have to know about topology (and topology changes) ● Federate service-discovery registries ● Routing through well-established ingress/egress points ● Fine-grained control for operators to shift/shape traffic
- 23. OBSERVABILITY / METRIC COLLECTION ● Understanding what’s happening across entire domain ● Single pane of glass for application-level networking metrics ● Consistent metric collection via istio proxies ● QPS, 500s, Circuit breaking events, Pxx latencies, etc
- 24. SECURITY / IDENTITY ● Securing all traffic inter-cluster with mTLS ● Consistent identity for workloads across clusters ● Leverages SPIFEE (Secure Production Identity For Everyone) ● Foundations for zero-trust networking
- 26. KUBERNETES TO VM MESH EXPANSION
- 27. K8S to K8S SINGLE CONTROL PLANE
- 28. K8S to K8S MULTIPLE CONTROL PLANE
- 29. DEMO
- 30. Part One
- 31. Part Two
- 32. Part Three
- 33. Demo time - Reach out for questions! Website: http://istio.io Twitter: @IstioMesh GitHub: https://github.com/istio/istio/ Community: https://istio.io/community.html Demo: https://github.com/ZackButcher/hybrid-demo
- 34. Christian Posta @christianposta Chief Architect - Red Hat Zack Butcher @ZackButcher Founding Engineer - Stealth Startup Demo time - Reach out for questions!