Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Managing microservices with istio on OpenShift - Meetup

Microservices Architectures (aka Distributed Architectures) are the new paradigm to develop and deploy applications in Cloud environments. These architectures resolve several problems and improve the new life cycle in DevOps teams, however new challenges should be resolved or managed.

OpenShift Service Mesh (based in Istio, Kiali, Jaeger) allows us to manage this new paradigm easily without to change our current applications.

These slides will introduce you in OpenShift Service Mesh as a new component on OpenShift to manage your microservices architectures. Carlos Vicens worked on it with me.

Slides used during a coordinated meetup between three different groups in Madrid:
- OpenShift Madrid Group: https://www.meetup.com/es/openshift_spain/events/258188248/
- Microservices Madrid Group: https://www.meetup.com/es-ES/Microservicios/events/258188068/
- Madrid Spring User Group: https://www.meetup.com/es/madrid-spring-user-group/events/258322835/

  • Login to see the comments

Managing microservices with istio on OpenShift - Meetup

  1. 1. Managing Microservices with Istio on OpenShift
  2. 2. oc whoami $ oc whoami rmarting, jromanmartin $ oc describe user rmarting jromanmartin Name: Jose Roman Martin Gil Created: 43 years ago Labels: father, husband, friend, runner, curious, red hatter, developer (in any order) Annotations: Principal Middleware Architect @ Red Hat Identities: mailto: rmarting@redhat.com GitHub: https://github.com/rmarting Twitter: https://twitter.com/jromanmartin LinkedIn: https://www.linkedin.com/in/jromanmartin/
  3. 3. oc whoami $ oc whoami cvicens, _cvicens, carlosvicens $ oc describe user cvicens Name: Carlos Vicens Alonso Created: 43 years ago Labels: father, husband, red hatter, developer, tinkerer (in any order) Annotations: Senior Specialist Solution Architect @ Red Hat Identities: mailto: cvicensa@redhat.com GitHub: https://github.com/cvicens Twitter: https://twitter.com/_cvicens LinkedIn: https://www.linkedin.com/in/carlosvicens/ Medium: https://medium.com/@carlos.vicens.alonso
  4. 4. Have you ever woken up at night feeling uneasy and sweaty wondering if your app is a monolith? … I have True story …any given night _shy_developer
  5. 5. Now I’m a believer… I love microservices… I hate monoliths… What next? How do I move on? True story … same night, but later Same _shy_developer, now converted
  6. 6. We’ll break something in a mesh... We’ll walk you through a plausible route to find the root cause of the problem ...the butler did it! Sorry I couldn’t help it Little spoiler! (although we hate spoilers!)
  7. 7. MICROSERVICES ARCHITECTURE
  8. 8. Microservices Architecture Runtime Service Runtime Service Runtime Service Runtime Service Runtime Service Runtime Service Runtime Service Application Server HTML Javascript Web ServiceServiceService Service Service Service Data Access Runtime Service Runtime Service
  9. 9. Microservices Architecture DISTRIBUTED Runtime Service Runtime Service Runtime Service Runtime Service Runtime Service Runtime Service Runtime Service Application Server HTML Javascript Web ServiceServiceService Service Service Service Data Access Runtime Service Runtime Service
  10. 10. Distributed Architecture Service ServiceService Service ServiceService Service ServiceService
  11. 11. Eight Fallacies of Distributed Computing 1. The network is reliable 2. Latency is zero 3. Bandwidth is infinite 4. The network is secure 5. Topology doesn’t change 6. There is one administrator 7. Transport cost is zero 8. The network is homogeneous Source: https://en.wikipedia.org/wiki/Fallacies_of_distributed_computing Photo: Icon made by Freepik from www.flaticon.com
  12. 12. HOW TO DEAL WITH THE COMPLEXITY?
  13. 13. Deployment Service Container INFRASTRUCTURE Service Container Service Container
  14. 14. Configuration Spring Cloud Config Server Service Config Service Config Service Config INFRASTRUCTURE
  15. 15. Service Discovery Service Spring Cloud Config Server Netflix Eureka Netflix Ribbon Config Service Config Service Config Svc Discovery Svc Discovery Svc Discovery INFRASTRUCTURE
  16. 16. Dynamic Routing Spring Cloud Config Server Service Netflix Eureka Netflix Ribbon Config Service Config Service Config Svc Discovery Svc Discovery Svc Discovery Routing Routing Routing Netflix Zuul Server INFRASTRUCTURE
  17. 17. Fault Tolerance Spring Cloud Config Server Service Netflix Eureka Netflix Ribbon Config Service Config Service Config Svc Discovery Svc Discovery Svc Discovery Routing Routing Routing Netflix Zuul Server Circuit Breaker Circuit Breaker Circuit Breaker INFRASTRUCTURE
  18. 18. Tracing and Visibility Spring Cloud Config Server Service Netflix Eureka Netflix Ribbon Config Service Config Service Config Svc Discovery Svc Discovery Svc Discovery Routing Routing Routing Netflix Zuul Server Circuit Breaker Circuit Breaker Circuit Breaker Tracing Tracing Tracing ZipKin Server INFRASTRUCTURE
  19. 19. Polyglot Applications Existing Applications What About …?
  20. 20. There should be a BETTER WAY Mmm maybe ... addressing the complexity WITHIN the infrastructure Then?
  21. 21. SERVICE MESH A Dedicated Network for Service-to-Service Communications
  22. 22. Microservices Evolution Service Config Svc Discovery Routing Circuit Breaker Tracing Service Platform Container Platform (+ Service Mesh) ...2014 2018
  23. 23. Microservices without Service Mesh Container JVM service A discovery load-balancer resiliency metrics tracing app logic ff Container JVM service B discovery load-balancer resiliency metrics tracing app logic Container JVM service C discovery load-balancer resiliency metrics tracing app logic
  24. 24. Service Mesh Architecture POD ENVOY SERVICE POD ENVOY SERVICE POD ENVOY SERVICE Pilot Mixer Citadel Applies security, route rules, policies and reports traffic telemetry at the pod level Jaeger
  25. 25. OpenShift Service Mesh OBSERVABILITY POLICY ENFORCEMENT SERVICE IDENTITY & SECURITY TRAFFIC MANAGEMENT DIST. TRANSACTION MONITORING SERVICE DEPENDENCY ANALYSIS ROOT CAUSE ANALYSIS DISTRIBUTED CONTEXT PROPAGATION PERFORMANCE / LATENCY OPTIMIZATION DISTRIBUTED TRACING CONFIGURATION VALIDATION METRICS COLLECTION AND GRAPHS SERVICE GRAPH REPRESENTATION SERVICE DISCOVERY & HEALTH COMPUTATION Istio JaegerKiali MAISTRA (Kubernetes Operator)
  26. 26. Service Mesh Ecosystem Observe Observe Secure ControlConnect Jaeger Prometheus Grafana Kiali Istio
  27. 27. SERVICE MESH FEATURES
  28. 28. FAULT TOLERANCE
  29. 29. Circuit Breaker without Service Mesh SERVICE A SERVICE B SERVICE C CB CB coupled to the service code
  30. 30. Circuit Breaker with Service Mesh POD SERVICE A ENVOY POD SERVICE B ENVOY POD SERVICE C ENVOY transparent to the services
  31. 31. Circuit Breaker with Service Mesh POD SERVICE A ENVOY POD SERVICE B ENVOY POD SERVICE C ENVOY improved response time with global circuit status
  32. 32. Timeouts and Retries with Service Mesh POD SERVICE A ENVOY POD SERVICE B ENVOY POD SERVICE C ENVOY configure timeouts and retries, transparent to the services timeout: 10 sec retry: 5 timeout: 15 sec retry: 5
  33. 33. Rate Limits with Service Mesh POD SERVICE A ENVOY POD SERVICE B ENVOY POD SERVICE C ENVOY limit invocation rates, transparent to the services max 500 concurrent reqs max 100 connections
  34. 34. DYNAMIC ROUTING
  35. 35. Dynamic Routing without Service Mesh Gateway Service SERVICE A SERVICE B:1 SERVICE B:2 Netflix Zuul Server custom code to enable dynamic routing
  36. 36. Canary Deployment with Service Mesh POD SERVICE A ENVOY POD SERVICE B:v2 ENVOY POD SERVICE B:v1 ENVOY 50% traffic 50% traffic
  37. 37. Dark Launches with Service Mesh POD SERVICE A ENVOY POD SERVICE B:v2 ENVOY POD SERVICE B:v1 ENVOY 100% traffic mirror traffic
  38. 38. SERVICE SECURITY
  39. 39. Secure Communication without Service Mesh SERVICE A SERVICE B SERVICE C TLS TLS TLS TLS coupled to the service code
  40. 40. Secure Communication with Service Mesh POD SERVICE A ENVOY POD SERVICE B ENVOY POD SERVICE C ENVOY mutual TLS authentication, transparent to the services TLS TLS
  41. 41. Control Service Access with Service Mesh POD SERVICE A ENVOY POD SERVICE B ENVOY POD SERVICE C ENVOY control the service access flow, transparent to the services
  42. 42. CHAOS ENGINEERING
  43. 43. Chaos Engineering without Service Mesh SERVICE A SERVICE B SERVICE C Netflix Chaos Monkeys Netflix Spinnaker random termination
  44. 44. Chaos Engineering with Service Mesh POD SERVICE A ENVOY POD SERVICE B ENVOY POD SERVICE C ENVOY inject delays, transparent to the services 10 sec delay in 10% of requests
  45. 45. Chaos Engineering with Service Mesh inject protocol-specific errors, transparent to the services POD SERVICE A ENVOY POD SERVICE B ENVOY POD SERVICE C ENVOY HTTP 400 in 5% of requests
  46. 46. DISTRIBUTED TRACING
  47. 47. Distributed Tracing without Service Mesh SERVICE A SERVICE B SERVICE C Spring Sleuth ZipKin Spring Sleuth ZipKin Spring Sleuth ZipKin code to enable dynamic tracing
  48. 48. Distributed Tracing with Service Mesh POD SERVICE A ENVOY POD SERVICE B ENVOY POD SERVICE C ENVOY discovers service relationships and process times, transparent to the services SERVICE A SERVICE B SERVICE C 210 ms 720 ms 930 ms
  49. 49. OBSERVABILITY
  50. 50. Metrics Envoymesh Mixer Check(attributes) Report([ ]attributes) Operator Supplied Config Prometheus Grafana Backends GUIs Adapters OthersKiali Requests Responses● Mixer collects metrics from Envoy ● Adapters in the Mixer normalize and forward to monitoring backends ● Metrics backend can be swapped at runtime
  51. 51. KIALI
  52. 52. What are my microservices doing? Service graph with dynamic traffic visualization
  53. 53. … And Why? Services view focus on Istio configuration Validation of Istio objects.
  54. 54. Tracing with Jaeger Jaeger UI integrated into Kiali for 360º observability view
  55. 55. The network is reliable. Circuit Breaking and Load Balancing Latency is zero. Timeouts and Retries Bandwidth is infinite Rating and Limiting The network is secure Mutual TLS Topology doesn't change Service Discovery There is one administrator Role Based Access Control Transport cost is zero gRPC and Protobuf The network is homogeneous. Dynamic Routing - A/B, Canary Then?
  56. 56. NO ANIMALS were harmed during the making of this demo NO CODE was changed either… almost :-) DEMO TIME!
  57. 57. 1. Coolstore works properly 2. Break Catalog (2 pods, 1 down) 3. Notice (Kiali, Grafana, Jaeger) 4. Find the root cause 5. Fix → retry policy (2 pods, 1 down, avoid the one down!) Demo explained... 2. New version Inventory 3. Distribute load 4. Break inventory (2 versions, 1 version down) 5. Notice (Kiali, Grafana, Jaeger) 6. Find … 7. Fix → circuit breaker (avoid damaged version)
  58. 58. TAKEWAY
  59. 59. Distributed Services Platform ANY INFRASTRUCTURE OpenShift Container Platform (Enterprise Kubernetes) Amazon Web Services Microsoft Azure Google CloudOpenStackDatacenterLaptop OpenShift Service Mesh (Istio + Kiali + Jaeger) ANY APPLICATION Service CONTAINER Service CONTAINER Service CONTAINER Service CONTAINER Service CONTAINER try it at http://learn.openshift.com
  60. 60. Get Started! ● https://istio.io/docs/ ● https://maistra.io/ ● https://www.kiali.io/ ● https://github.com/redhat-developer-demos/istio-tutorial ● https://github.com/rmarting/service-mesh-meetup (This Demo)
  61. 61. Questions?
  62. 62. Thank you!

×