Transcription
Managing microservices withIstio Service MeshRafik Harabi, INNOVSQUARESRECon EMEA 2019
Quick survey before we start-Who are already using kubernetes?-Who are developing microservices ?-Who are using client library approach to implement microservices commonconcerns (Circuit Breaker, Retry.) ?-Who are using Istio or any other service mesh technology?
Moving to microservices network challengesNetwork ReliabilityFault tolerance and resiliencyMonitoring and Observability
Challenges deep-diveNetwork ReliabilityFault ToleranceMonitoringService have to handlethe network facts:Service have to be ableto handle outright failureand timeouts:We have to: Network latency /bandwidthTransport costTopology andadministration Avoid cascadingfailureRetriesCircuit breaking monitor thedeliveredmicroservices andtheir interactionsTrace requests andidentify potentialhotspots
The evolution of microservices frameworks: fromNetFlix OSS to Istio
NetFlix OSSIstioKubernetesfirst microservices patternsand libraries open-sourced2011Service meshWorkload ing CloudEnterprise microservice frameworkfor Java2018
Microservices challenges- N to N communications.1 software interconnectionChallenge 2and troubleshootingChallenge-ChallengeDistributedis hard. 3- Containers should stay thin and platform agnostic.- Upgrade of polyglot microservices is hard at scale.
Microservices building blocksConfiguration ServiceChallenge1Load Balancing / Intelligent RoutingChallenge 3Service Registry / DiscoveryAPI GatewayCircuit Breaker / RetryAuthentication & AuthorizationRate LimitingMonitoringEvent Driven Messaging (Async)Distributed tracingAuditLog Aggregation
Microservices building blocksChallenge 3Business ValueAPI GatewayConfiguration ServiceCircuit Breaker / RetryRate LimitingEvent Driven Messaging (Async)AuditService Registry / DiscoveryLoad Balancing / Intelligent RoutingAuthentication & AuthorizationDistributed tracingMonitoringLog Aggregation
Code oriented frameworksChallenge 3Service AService BBusiness logicBusiness logicCircuit BreakerCircuit BreakerRate limitingRate limitingTracingTracingMetricsMetrics
Code oriented patternFoundationBusiness ValuesChallenge 3Business ServiceConfiguration ServiceChallenge 1Load Balancing / Intelligent RoutingService Registry / DiscoveryAuthentication & AuthorizationAPI GatewayCircuit Breaker/RetryRate LimitingCommunicationMonitoring and ObservabilityMonitoringEvent Driven Messaging (Async)Distributed tracingLog AggregationAudit
Code oriented solutions limits-Language oriented.Error prone (implementation).Hard to upgrade each microservice when system grow.Add technical challenges and duties to development teams.Different teams in the same organization may have differentimplementations.Each team should maintien his implementation.Microservices challenges need to be solved uniformly
Desired state-Keep microservice concerns separate from the business logic.The network should be transparent to applications.Developers should focus on delivering business capabilities and notimplementing microservices common concerns.Microservices interconnection should be language agnostic.Easy to upgrade solution.
Service MeshDefinitionA service mesh is a dedicatedinfrastructure layer for handlingservice-to-service communication.It’s responsible for the reliabledelivery of requests through thecomplex topology of services thatcomprise a modern, cloud nativeapplication.buoyant.io
Service MeshThe designEach service will have its own proxyservice and all these proxy servicestogether form the “Service Mesh”.All the requests to and from eachservice will go through the meshproxies.Proxies are also known as sidecars.
Sidecar patternService to service communicationInjectedProxyProxyCircuit BreakerCircuit BreakerRate limitingRate limitingTracingMetricsNetwork concernsbecome transparentTracingMetricsService AService BBusiness logicBusiness logic
History of Istio-Envoy proxy (Istio data plane) created by Lyft and open-sourced in 2016.IBM and Google launch the project in May 2017.First major version released in July 2018.Current version: 1.3
Istio goalDevelop an open technology that provides a uniform way toconnect, secure, manage and monitor a network ofmicroservices regardless of the platform source or vendor.
SolutionIstio Promises Focus on business logic andspent less time with commonconcerns.No change in the service code.Central configurationmanagement.Easy to upgradeSecurity
Istio does:- Service discovery- Load Balancing & IntelligentRouting- Resiliency: Circuit Breaker &Retry- Rate Limiting- Authentication andAuthorization- Service to Service mTLS- Policy enforcement- Observability- Monitoring metrics- Distributed tracingIstio does not:-Event Driven AsynchronouscommunicationService Orchestration
Sidecar patternChallenge 3Business ValuesFoundationConfiguration ServiceBusiness ServiceChallenge 1Service Registry / DiscoveryBusiness ServiceAPI GatewayBusiness ServiceLoad Balancing / Intelligent RoutingAuthentication & AuthorizationCircuit Breaker/RetryRate LimitingCommunicationEvent Driven Messaging (Async)Monitoring and ObservabilityMonitoringDistributed tracingLog AggregationAudit
Service DiscoveryKubernetes provide service discovery, why do I need an extra one?Challenge 1Challenge 2Challenge 3Istio supports:--HTTP L7 filterHTTP L7 routing (based on http headers and cookies)First class HTTP/2gRPC supportFine-grained traffic splitting
Architecture
Challenge 1Challenge 2Challenge 3
Istio building blocks 1/2ComponentDescriptionPilotResponsible for service discovery and for configuring the Envoysidecar proxiesCitadelAutomated key and certificate managementMixerIstio-Policy: policy enforcementIstio-Telemetry: gather telemetry dataGalleyConfiguration ingestion for istio componentsIngress Gatewaymanage inbound connection to the service meshEgress Gatewaymanage outbound connection from the service meshSidecar injectorInside sidecar for enabled pods/namespaces
Istio building blocks 1/2ComponentDescriptionPrometheusMetrics collectionGrafanaMonitoring dashboardJaegerDistributed tracingKialiObservability dashboard
Challenge 1Challenge 2Challenge 3
https://www.istioworkshop.io/
Microservices challenges Challenge 1 Challenge 2 Challenge 3 - N to N communications. - Distributed software interconnection and troubleshooting is hard. - Containers should stay thin and platform agnostic. - Upgrade of polyglot microservices is hard at scale.
