Get Started Service Mesh with Kubernetes and Istio
1. Get Started Service Mesh
with Kubernetes and Istio
by Larry Cai
Open Big Data Architecture
by Rockie Yang
Jun 27th Thursday 6:00PM
Hammarby Kaj 10D, Stockholm
2. Profile
— An open source, collaboration & Agile evangelist.
Software practice pioneering, aims to discover the best suitable
methods and tools to improve the efficiency of software
development.
— Competence
— CI & Automation & Cloud
— Lead the technical changes
— Agile, CI, Git, docker
Linkedin: https://www.linkedin.com/in/larrycaiyu/
Materials and all demos
https://gitlab.com/larrycai/istio-meetup
3. Agenda
• Docker, Kubernetes and Microservice ..
• What are Istio and service mesh/sidecar
• Demo (use istio for canary deployment)
• Summary
img: https://en.wikipedia.org/wiki/Rolf_Steinhausen
4. • Size: VM 1G -> Docker 100M
• Speed (start time): VM 1 min -> Docker
1 sec
• …
What is docker?
— Package SW inside container and deliver & deploy
into cloud
— Docker (container) is similar to VM, cloud
technology
6. What is Service/Microservices
• Microservices or microservice architecture, is an approach to application
development in which a large application is built as a suite of modular
components or services.
Microservices
7. What can support services better in kubernetes
• One pod contains one container?
• When do we use one pod to have several containers
• How can I just focus on service?
• Log, monitor, traffic flow …
• Are there any layer/framework to simplify …
A service mesh is a dedicated infrastructure layer for making service-to-
service communication safe, fast, and reliable.
Istio is one service mesh framework
8. What is Istio
• Istio : an open source service mesh designed to make it easier to connect, manage and
secure traffic between, and obtain telemetry about microservices running in
containers.
• logically split into a data plane and a control plane
• Sidecar is injected into pod with real service
source
https://glasnostic.com/blog/kubernetes-service-mesh-what-is-istio
https://istio.io/blog/2019/data-plane-setup/
https://en.wikipedia.org/wiki/Rolf_Steinhausen
Data traffic
1 Pod has 2 containers (service + sidecar)
9. • http://meet.up portal (web application) v1, planned to deploy to v2
• The docker images for v1, v2 are ready in advance
• larrycai/istio-meetup:v1
• larrycai/istio-meetup:v2
Use case: Service deployment using istio
10. Canary deployment with strategy
• Canary deployment choose sample sets to deploy and gain more
validation/feedback to continue
• Sample sets strategy example
• User type based: Normal user vs, VIP
• Geography based: Kista -> Sweden -> EU ..
• ….
• Monitor strategy
• Use k8s grafana/prometheus
• AI connected
• Istio service mesh
More in youtube: https://www.youtube.com/watch?v=uxiTzwjf7Eg
11. • http://meet.up portal (web application) v1, planned to deploy to v2
• The docker image for v1, v2 are ready in advance, plan to do canary deployment using istio
• Deployment strategy (simulated in simple):
• Only Firefox browser will access v2
• Other browsers still access v1
Use case: Service deployment using istio
12. Demo steps in high-level
• Install istio packages into existing k8s environment (all needed service)
• Use traditional way to deploy v1 and access it
• Use istio way to deploy v1 and access it
• Canary deploy the v2
• Complete the deployment (switch all traffic to v2)
• Monitor in istio platform (kiali/Grafana)
13. Demo environment
• Minikube/Virtualbox @ Windows 10
• All the tools (helm, kubectl, istio are installed inside VM)
• Codes are shared from Windows to VM
• Port forwarding to access the internal port (VPN issue)
• MobaXterm
• Version
• Istio 1.1.6
• Kubernetes 1.14.0
• Minikube 1.0.0
Materials and all demos
https://gitlab.com/larrycai/istio-meetup
14. Install Istio
• Install istio binary directly from https://github.com/istio/istio/releases
• $ curl -L -O https://github.com/istio/istio/releases/download/1.1.6/istio-1.1.6-linux.tar.gz
$ gunzip < istio-1.1.6-linux.tar.gz | tar xvf - # windows minikube doesn't have gnu tar with -z
$ sudo cp istio-1.1.6/bin/istioctl /usr/bin # or other folder in your path
• $ kubectl apply -f install/kubernetes/istio-demo.yaml
namespace/istio-system created
• $ kubectl get svc -n istio-system
..
grafana ClusterIP 10.110.242.119 <none> 3000/TCP
istio-citadel ClusterIP 10.107.79.4 <none> 8060/TCP,15014/TCP
istio-egressgateway ClusterIP 10.106.150.99 <none> 80/TCP,443/TCP,15443/TCP
istio-galley ClusterIP 10.96.7.103 <none> 443/TCP,15014/TCP,9901/TCP
istio-pilot ClusterIP 10.111.223.158 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP
istio-policy ClusterIP 10.99.92.37 <none> 9091/TCP,15004/TCP,15014/TCP
...
istio-ingressgateway LoadBalancer 10.108.74.19 <pending> 15020:30551/TCP,80:31380/TCP,..
...
kiali ClusterIP 10.111.53.120 <none> 20001/TCP
• The components in istio can be customized
15. Install meet.up web app v1
• Simple deployment and expose as nodeport for testing
• $ kubectl apply -f istio/meetup-v1.yaml
$ kubectl apply -f istio/meetup-nodeport.yaml
16. Demo steps in high-level
• Install istio packages into existing k8s environment (all needed service)
• Use traditional way to deploy v1 and access it
• Use istio way to deploy v1 and access it
• Canary deploy the v2
• Complete the deployment (switch all traffic to v2)
• Monitor in istio platform (kiali/Grafana)
17. Using istio way to install service
• Inject the istio sidecar into original deployment
• Orig: kubectl create -f istio/meetup-v1.yaml
• New: kubectl create -f <(istioctl kube-inject -f istio/meetup-v1.yaml)
• Create DestinationRule, Gateway for virtualservice
• $ kubectl apply -f istio/meetup-destination-v1.yaml
$ kubectl apply -f istio/meetup-gateway.yaml
$ kubectl apply -f istio/meetup-service-all-v1.yaml
Old traffic flow
Istio traffic flow
18. Canary deployment
• Deploy v2 version and route traffic from Firefox to v2
• Both v1,v2 service are deployed
•
$ kubectl apply -f <(istioctl kube-inject -f istio/meetup-v2.yaml)
$ kubectl apply -f istio/meetup-destination-all.yaml
$ kubectl apply -f istio/meetup-service-firefox-v2.yaml
19. What happens and benefit
• Istio let service to focus on the business, leave the common things to the
framework
• Traffic control, Load balance, authentication, Monitoring
• No/Less extra coding inside original service
Sidecar (injected)
Original service
(stay in same pod)
20. Summary
• Docker/kubernetes provides flexible deployment for your services
• Istio (one of the nice tool in k8s) makes it easy to create a network of
deployed services with load balancing, service-to-service authentication,
monitoring, and more, with few or no code changes in service code.
• More features or tools (like istio) will come out in kubernetes
• Using Service Mesh will be much more simple for end-user
21. Profile
— An open source, collaboration & Agile evangelist.
Software practice pioneering, aims to discover the best suitable
methods and tools to improve the efficiency of software
development.
— Competence
— CI & Automation & Cloud
— Lead the technical changes
— Agile, CI, Git, docker
Linkedin: https://www.linkedin.com/in/larrycaiyu/
Materials and all demos
https://gitlab.com/larrycai/istio-meetup