Unmeshing the service mesh

Editor's Notes

• #5: Multiple languages and frameworks (network library per language) Multiple protocols (HTTP/1, HTTP/2, gRPC, databases, caching, etc.) Implementation (retry, circuit breaking, rate limiting, timeouts, etc.) Observability (tracing, metrics & logging)
• #7: Service Mesh: Network of Microservices Connect – Traffic Management: Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection. Routing, circuit breaking, timeouts and retries. A/B Testing, Canary deployments & staged rollouts (percentage-based) Secure: Secure service-to-service communication in a cluster with strong identity-based authentication and authorization. Service to service mTLS encryption Control: A pluggable policy layer and configuration API supporting access controls, rate limits and quotas. Observe: Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress. Tracing (Jaeger), monitoring (Prometheus) and logging (Elasticsearch)
• #10: Envoy modifies the routing table of the service to only talk to local host and all the traffic is between Envoy side cars Features: Modern C++ Filters and extensions in L3 / L4 and L7 Built in service discovery and health checking (active and passive)
• #11: Admission controller: a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object, but after the request is authenticated and authorized Mutating: modify the object
• #12: Circuit breaking – Envoy reads the response to the http and can tell if it’s a good / bad response and stop sending traffic based on the response (passive health check)
• #13: The Envoy sidecar logically calls Mixer before each request to perform precondition checks, and after each request to report telemetry. The sidecar has local caching such that a large percentage of precondition checks can be performed from cache. Additionally, the sidecar buffers outgoing telemetry such that it only calls Mixer infrequently. Rate limit – did service A maxed its rate to talk to service B (more than 1000 requests per minutes, for example)
• #19: Using 2 admission webhooks: Mutating Validating kubectl api-versions | grep admissionregistration Init Container Sidecar container When Kubernetes invokes the webhook, the admissionregistration.k8s.io/v1beta1#MutatingWebhookConfiguration configuration is applied. The default configuration injects the sidecar into pods in any namespace with the istio-injection=enabled label. The istio-sidecar-injector configuration map specifies the configuration for the injected sidecar The istio-init container sets up the pod network traffic redirection to/from the Istio sidecar proxy
• #21: Notice that a VirtualService is tied to a specific Gateway and it defines a host that refers to the Kubernetes Service. (https://medium. /google-cloud/istio-routing-basics-14feab3c040e) A DestinationRule essentially maps labels to Istio subsets.
• #25: The App graph type aggregates all versions of an app into a single graph node. The following example shows a single reviews node representing the three versions of the reviews app The Versioned App graph type shows a node for each version of an app, but all versions of a particular app are grouped together. The following example shows the reviews group box that contains the three nodes that represents the three versions of the reviews app. The Workload graph type shows a node for each workload in your service mesh. This graph type does not require you to use the app and versionlabels so if you opt to not use those labels on your components, this is the graph type you will use. The Service graph type shows a node for each service in your mesh but excludes all apps and workloads from the graph.
• #27: https://istio.io/docs/tasks/telemetry/distributed-tracing/overview/ application needs to collect and propagate the following headers from the incoming request to any outgoing requests: x-request-id, x-b3-traceid, x-b3-spanid, x-b3-parentspanid, x-b3-sampled, x-b3-flags, x-ot-span-context
• #31: Observability: metrics, tracing, logging Control: routing rules, traffic management, circuit breaking Security: mtls