SlideShare a Scribd company logo

Get Started Service Mesh with Kubernetes and Istio

Download as PPTX, PDF
Larry Cai
Larry Cai

it is the slides for public meetup https://www.meetup.com/stockholm-hug/events/262285559/

Presentations & Public Speaking
1 of 21
Get Started Service Mesh with Kubernetes and Istio by Larry Cai Open Big Data Architecture by Rockie Yang Jun 27th Thursday 6:00PM Hammarby Kaj 10D, Stockholm
Profile — An open source, collaboration & Agile evangelist. Software practice pioneering, aims to discover the best suitable methods and tools to improve the efficiency of software development. — Competence — CI & Automation & Cloud — Lead the technical changes — Agile, CI, Git, docker Linkedin: https://www.linkedin.com/in/larrycaiyu/ Materials and all demos https://gitlab.com/larrycai/istio-meetup
Agenda • Docker, Kubernetes and Microservice .. • What are Istio and service mesh/sidecar • Demo (use istio for canary deployment) • Summary img: https://en.wikipedia.org/wiki/Rolf_Steinhausen
• Size: VM 1G -> Docker 100M • Speed (start time): VM 1 min -> Docker 1 sec • … What is docker? — Package SW inside container and deliver & deploy into cloud — Docker (container) is similar to VM, cloud technology
app1 (docker) app1 (docker) What is Kubernetes • Kubernetes: container platform Docker container kubernetes app1 (docker) HW Infra
What is Service/Microservices • Microservices or microservice architecture, is an approach to application development in which a large application is built as a suite of modular components or services. Microservices
What can support services better in kubernetes • One pod contains one container? • When do we use one pod to have several containers • How can I just focus on service? • Log, monitor, traffic flow … • Are there any layer/framework to simplify … A service mesh is a dedicated infrastructure layer for making service-to- service communication safe, fast, and reliable. Istio is one service mesh framework
What is Istio • Istio : an open source service mesh designed to make it easier to connect, manage and secure traffic between, and obtain telemetry about microservices running in containers. • logically split into a data plane and a control plane • Sidecar is injected into pod with real service source https://glasnostic.com/blog/kubernetes-service-mesh-what-is-istio https://istio.io/blog/2019/data-plane-setup/ https://en.wikipedia.org/wiki/Rolf_Steinhausen Data traffic 1 Pod has 2 containers (service + sidecar)
• http://meet.up portal (web application) v1, planned to deploy to v2 • The docker images for v1, v2 are ready in advance • larrycai/istio-meetup:v1 • larrycai/istio-meetup:v2 Use case: Service deployment using istio
Canary deployment with strategy • Canary deployment choose sample sets to deploy and gain more validation/feedback to continue • Sample sets strategy example • User type based: Normal user vs, VIP • Geography based: Kista -> Sweden -> EU .. • …. • Monitor strategy • Use k8s grafana/prometheus • AI connected • Istio service mesh More in youtube: https://www.youtube.com/watch?v=uxiTzwjf7Eg
• http://meet.up portal (web application) v1, planned to deploy to v2 • The docker image for v1, v2 are ready in advance, plan to do canary deployment using istio • Deployment strategy (simulated in simple): • Only Firefox browser will access v2 • Other browsers still access v1 Use case: Service deployment using istio
Demo steps in high-level • Install istio packages into existing k8s environment (all needed service) • Use traditional way to deploy v1 and access it • Use istio way to deploy v1 and access it • Canary deploy the v2 • Complete the deployment (switch all traffic to v2) • Monitor in istio platform (kiali/Grafana)
Demo environment • Minikube/Virtualbox @ Windows 10 • All the tools (helm, kubectl, istio are installed inside VM) • Codes are shared from Windows to VM • Port forwarding to access the internal port (VPN issue) • MobaXterm • Version • Istio 1.1.6 • Kubernetes 1.14.0 • Minikube 1.0.0 Materials and all demos https://gitlab.com/larrycai/istio-meetup
Install Istio • Install istio binary directly from https://github.com/istio/istio/releases • $ curl -L -O https://github.com/istio/istio/releases/download/1.1.6/istio-1.1.6-linux.tar.gz $ gunzip < istio-1.1.6-linux.tar.gz | tar xvf - # windows minikube doesn't have gnu tar with -z $ sudo cp istio-1.1.6/bin/istioctl /usr/bin # or other folder in your path • $ kubectl apply -f install/kubernetes/istio-demo.yaml namespace/istio-system created • $ kubectl get svc -n istio-system .. grafana ClusterIP 10.110.242.119 <none> 3000/TCP istio-citadel ClusterIP 10.107.79.4 <none> 8060/TCP,15014/TCP istio-egressgateway ClusterIP 10.106.150.99 <none> 80/TCP,443/TCP,15443/TCP istio-galley ClusterIP 10.96.7.103 <none> 443/TCP,15014/TCP,9901/TCP istio-pilot ClusterIP 10.111.223.158 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP istio-policy ClusterIP 10.99.92.37 <none> 9091/TCP,15004/TCP,15014/TCP ... istio-ingressgateway LoadBalancer 10.108.74.19 <pending> 15020:30551/TCP,80:31380/TCP,.. ... kiali ClusterIP 10.111.53.120 <none> 20001/TCP • The components in istio can be customized
Install meet.up web app v1 • Simple deployment and expose as nodeport for testing • $ kubectl apply -f istio/meetup-v1.yaml $ kubectl apply -f istio/meetup-nodeport.yaml
Demo steps in high-level • Install istio packages into existing k8s environment (all needed service) • Use traditional way to deploy v1 and access it • Use istio way to deploy v1 and access it • Canary deploy the v2 • Complete the deployment (switch all traffic to v2) • Monitor in istio platform (kiali/Grafana)
Using istio way to install service • Inject the istio sidecar into original deployment • Orig: kubectl create -f istio/meetup-v1.yaml • New: kubectl create -f <(istioctl kube-inject -f istio/meetup-v1.yaml) • Create DestinationRule, Gateway for virtualservice • $ kubectl apply -f istio/meetup-destination-v1.yaml $ kubectl apply -f istio/meetup-gateway.yaml $ kubectl apply -f istio/meetup-service-all-v1.yaml Old traffic flow Istio traffic flow
Canary deployment • Deploy v2 version and route traffic from Firefox to v2 • Both v1,v2 service are deployed • $ kubectl apply -f <(istioctl kube-inject -f istio/meetup-v2.yaml) $ kubectl apply -f istio/meetup-destination-all.yaml $ kubectl apply -f istio/meetup-service-firefox-v2.yaml
What happens and benefit • Istio let service to focus on the business, leave the common things to the framework • Traffic control, Load balance, authentication, Monitoring • No/Less extra coding inside original service Sidecar (injected) Original service (stay in same pod)
Summary • Docker/kubernetes provides flexible deployment for your services • Istio (one of the nice tool in k8s) makes it easy to create a network of deployed services with load balancing, service-to-service authentication, monitoring, and more, with few or no code changes in service code. • More features or tools (like istio) will come out in kubernetes • Using Service Mesh will be much more simple for end-user
Profile — An open source, collaboration & Agile evangelist. Software practice pioneering, aims to discover the best suitable methods and tools to improve the efficiency of software development. — Competence — CI & Automation & Cloud — Lead the technical changes — Agile, CI, Git, docker Linkedin: https://www.linkedin.com/in/larrycaiyu/ Materials and all demos https://gitlab.com/larrycai/istio-meetup

Recommended

Learn kubernetes in 90 minutes
Learn kubernetes in 90 minutesLearn kubernetes in 90 minutes
Learn kubernetes in 90 minutes
Larry Cai
 
Learn jobDSL for Jenkins
Learn jobDSL for JenkinsLearn jobDSL for Jenkins
Learn jobDSL for Jenkins
Larry Cai
 
Learn RabbitMQ with Python in 90mins
Learn RabbitMQ with Python in 90minsLearn RabbitMQ with Python in 90mins
Learn RabbitMQ with Python in 90mins
Larry Cai
 
Learn flask in 90mins
Learn flask in 90minsLearn flask in 90mins
Learn flask in 90mins
Larry Cai
 
Learn ELK in docker
Learn ELK in dockerLearn ELK in docker
Learn ELK in docker
Larry Cai
 
Software Engineer Talk
Software Engineer TalkSoftware Engineer Talk
Software Engineer Talk
Larry Cai
 
Learn nginx in 90mins
Learn nginx in 90minsLearn nginx in 90mins
Learn nginx in 90mins
Larry Cai
 
Learn basic ansible using docker
Learn basic ansible using dockerLearn basic ansible using docker
Learn basic ansible using docker
Larry Cai
 

Recommended

Learn kubernetes in 90 minutes
Learn kubernetes in 90 minutesLearn kubernetes in 90 minutes
Learn kubernetes in 90 minutes
Larry Cai
 
Learn jobDSL for Jenkins
Learn jobDSL for JenkinsLearn jobDSL for Jenkins
Learn jobDSL for Jenkins
Larry Cai
 
Learn RabbitMQ with Python in 90mins
Learn RabbitMQ with Python in 90minsLearn RabbitMQ with Python in 90mins
Learn RabbitMQ with Python in 90mins
Larry Cai
 
Learn flask in 90mins
Learn flask in 90minsLearn flask in 90mins
Learn flask in 90mins
Larry Cai
 
Learn ELK in docker
Learn ELK in dockerLearn ELK in docker
Learn ELK in docker
Larry Cai
 
Software Engineer Talk
Software Engineer TalkSoftware Engineer Talk
Software Engineer Talk
Larry Cai
 
Learn nginx in 90mins
Learn nginx in 90minsLearn nginx in 90mins
Learn nginx in 90mins
Larry Cai
 
Learn basic ansible using docker
Learn basic ansible using dockerLearn basic ansible using docker
Learn basic ansible using docker
Larry Cai
 
Build service with_docker_in_90mins
Build service with_docker_in_90minsBuild service with_docker_in_90mins
Build service with_docker_in_90mins
Larry Cai
 
Learn docker in 90 minutes
Learn docker in 90 minutesLearn docker in 90 minutes
Learn docker in 90 minutes
Larry Cai
 
Learn Dashing Widget in 90 minutes
Learn Dashing Widget in 90 minutesLearn Dashing Widget in 90 minutes
Learn Dashing Widget in 90 minutes
Larry Cai
 
Learn REST API with Python
Learn REST API with PythonLearn REST API with Python
Learn REST API with Python
Larry Cai
 
Jenkins Scriptler in 90mins
Jenkins Scriptler in 90minsJenkins Scriptler in 90mins
Jenkins Scriptler in 90mins
Larry Cai
 
Python virtualenv & pip in 90 minutes
Python virtualenv & pip in 90 minutesPython virtualenv & pip in 90 minutes
Python virtualenv & pip in 90 minutes
Larry Cai
 
Lead changes in software development
Lead changes in software developmentLead changes in software development
Lead changes in software development
Larry Cai
 
Python in 90mins
Python in 90minsPython in 90mins
Python in 90mins
Larry Cai
 
Practical way to experience of Specification by Example
Practical way to experience of Specification by ExamplePractical way to experience of Specification by Example
Practical way to experience of Specification by Example
Larry Cai
 
Experience from specification_by_examples
Experience from specification_by_examplesExperience from specification_by_examples
Experience from specification_by_examples
Larry Cai
 
Write book in markdown
Write book in markdownWrite book in markdown
Write book in markdown
Larry Cai
 
Continuous Integration Introduction
Continuous Integration IntroductionContinuous Integration Introduction
Continuous Integration Introduction
Larry Cai
 
Agile & ALM tools
Agile & ALM toolsAgile & ALM tools
Agile & ALM tools
Larry Cai
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
Kayode Fayemi
 
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
David Celestin
 
Introduction to Artificial intelligence.
Introduction to Artificial intelligence.Introduction to Artificial intelligence.
Introduction to Artificial intelligence.
thamaeteboho94
 
Zone Chairperson Role and Responsibilities New updated.pptx
Zone Chairperson Role and Responsibilities New updated.pptxZone Chairperson Role and Responsibilities New updated.pptx
Zone Chairperson Role and Responsibilities New updated.pptx
lionnarsimharajumjf
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
Islamia university of Rahim Yar khan campus
 
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
ZurliaSoop
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
amilabibi1
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
NhPhngng3
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
nswingard
 

More Related Content

More from Larry Cai

Learn REST API with Python
Learn REST API with PythonLearn REST API with Python
Learn REST API with Python
Larry Cai
 
Practical way to experience of Specification by Example
Practical way to experience of Specification by ExamplePractical way to experience of Specification by Example
Practical way to experience of Specification by Example
Larry Cai
 
Experience from specification_by_examples
Experience from specification_by_examplesExperience from specification_by_examples
Experience from specification_by_examples
Larry Cai
 

More from Larry Cai (13)

Build service with_docker_in_90mins
Build service with_docker_in_90minsBuild service with_docker_in_90mins
Build service with_docker_in_90mins
 
Learn docker in 90 minutes
Learn docker in 90 minutesLearn docker in 90 minutes
Learn docker in 90 minutes
 
Learn Dashing Widget in 90 minutes
Learn Dashing Widget in 90 minutesLearn Dashing Widget in 90 minutes
Learn Dashing Widget in 90 minutes
 
Learn REST API with Python
Learn REST API with PythonLearn REST API with Python
Learn REST API with Python
 
Jenkins Scriptler in 90mins
Jenkins Scriptler in 90minsJenkins Scriptler in 90mins
Jenkins Scriptler in 90mins
 
Python virtualenv & pip in 90 minutes
Python virtualenv & pip in 90 minutesPython virtualenv & pip in 90 minutes
Python virtualenv & pip in 90 minutes
 
Lead changes in software development
Lead changes in software developmentLead changes in software development
Lead changes in software development
 
Python in 90mins
Python in 90minsPython in 90mins
Python in 90mins
 
Practical way to experience of Specification by Example
Practical way to experience of Specification by ExamplePractical way to experience of Specification by Example
Practical way to experience of Specification by Example
 
Experience from specification_by_examples
Experience from specification_by_examplesExperience from specification_by_examples
Experience from specification_by_examples
 
Write book in markdown
Write book in markdownWrite book in markdown
Write book in markdown
 
Continuous Integration Introduction
Continuous Integration IntroductionContinuous Integration Introduction
Continuous Integration Introduction
 
Agile & ALM tools
Agile & ALM toolsAgile & ALM tools
Agile & ALM tools
 

Recently uploaded

Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
Kayode Fayemi
 
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
David Celestin
 
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
ZurliaSoop
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
amilabibi1
 
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven CuriosityUnlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Hung Le
 

Recently uploaded (17)

Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
 
Introduction to Artificial intelligence.
Introduction to Artificial intelligence.Introduction to Artificial intelligence.
Introduction to Artificial intelligence.
 
Zone Chairperson Role and Responsibilities New updated.pptx
Zone Chairperson Role and Responsibilities New updated.pptxZone Chairperson Role and Responsibilities New updated.pptx
Zone Chairperson Role and Responsibilities New updated.pptx
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait Cityin kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
 
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven CuriosityUnlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdfSOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalDigital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of Drupal
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 

Get Started Service Mesh with Kubernetes and Istio

  • 1. Get Started Service Mesh with Kubernetes and Istio by Larry Cai Open Big Data Architecture by Rockie Yang Jun 27th Thursday 6:00PM Hammarby Kaj 10D, Stockholm
  • 2. Profile — An open source, collaboration & Agile evangelist. Software practice pioneering, aims to discover the best suitable methods and tools to improve the efficiency of software development. — Competence — CI & Automation & Cloud — Lead the technical changes — Agile, CI, Git, docker Linkedin: https://www.linkedin.com/in/larrycaiyu/ Materials and all demos https://gitlab.com/larrycai/istio-meetup
  • 3. Agenda • Docker, Kubernetes and Microservice .. • What are Istio and service mesh/sidecar • Demo (use istio for canary deployment) • Summary img: https://en.wikipedia.org/wiki/Rolf_Steinhausen
  • 4. • Size: VM 1G -> Docker 100M • Speed (start time): VM 1 min -> Docker 1 sec • … What is docker? — Package SW inside container and deliver & deploy into cloud — Docker (container) is similar to VM, cloud technology
  • 5. app1 (docker) app1 (docker) What is Kubernetes • Kubernetes: container platform Docker container kubernetes app1 (docker) HW Infra
  • 6. What is Service/Microservices • Microservices or microservice architecture, is an approach to application development in which a large application is built as a suite of modular components or services. Microservices
  • 7. What can support services better in kubernetes • One pod contains one container? • When do we use one pod to have several containers • How can I just focus on service? • Log, monitor, traffic flow … • Are there any layer/framework to simplify … A service mesh is a dedicated infrastructure layer for making service-to- service communication safe, fast, and reliable. Istio is one service mesh framework
  • 8. What is Istio • Istio : an open source service mesh designed to make it easier to connect, manage and secure traffic between, and obtain telemetry about microservices running in containers. • logically split into a data plane and a control plane • Sidecar is injected into pod with real service source https://glasnostic.com/blog/kubernetes-service-mesh-what-is-istio https://istio.io/blog/2019/data-plane-setup/ https://en.wikipedia.org/wiki/Rolf_Steinhausen Data traffic 1 Pod has 2 containers (service + sidecar)
  • 9. • http://meet.up portal (web application) v1, planned to deploy to v2 • The docker images for v1, v2 are ready in advance • larrycai/istio-meetup:v1 • larrycai/istio-meetup:v2 Use case: Service deployment using istio
  • 10. Canary deployment with strategy • Canary deployment choose sample sets to deploy and gain more validation/feedback to continue • Sample sets strategy example • User type based: Normal user vs, VIP • Geography based: Kista -> Sweden -> EU .. • …. • Monitor strategy • Use k8s grafana/prometheus • AI connected • Istio service mesh More in youtube: https://www.youtube.com/watch?v=uxiTzwjf7Eg
  • 11. • http://meet.up portal (web application) v1, planned to deploy to v2 • The docker image for v1, v2 are ready in advance, plan to do canary deployment using istio • Deployment strategy (simulated in simple): • Only Firefox browser will access v2 • Other browsers still access v1 Use case: Service deployment using istio
  • 12. Demo steps in high-level • Install istio packages into existing k8s environment (all needed service) • Use traditional way to deploy v1 and access it • Use istio way to deploy v1 and access it • Canary deploy the v2 • Complete the deployment (switch all traffic to v2) • Monitor in istio platform (kiali/Grafana)
  • 13. Demo environment • Minikube/Virtualbox @ Windows 10 • All the tools (helm, kubectl, istio are installed inside VM) • Codes are shared from Windows to VM • Port forwarding to access the internal port (VPN issue) • MobaXterm • Version • Istio 1.1.6 • Kubernetes 1.14.0 • Minikube 1.0.0 Materials and all demos https://gitlab.com/larrycai/istio-meetup
  • 14. Install Istio • Install istio binary directly from https://github.com/istio/istio/releases • $ curl -L -O https://github.com/istio/istio/releases/download/1.1.6/istio-1.1.6-linux.tar.gz $ gunzip < istio-1.1.6-linux.tar.gz | tar xvf - # windows minikube doesn't have gnu tar with -z $ sudo cp istio-1.1.6/bin/istioctl /usr/bin # or other folder in your path • $ kubectl apply -f install/kubernetes/istio-demo.yaml namespace/istio-system created • $ kubectl get svc -n istio-system .. grafana ClusterIP 10.110.242.119 <none> 3000/TCP istio-citadel ClusterIP 10.107.79.4 <none> 8060/TCP,15014/TCP istio-egressgateway ClusterIP 10.106.150.99 <none> 80/TCP,443/TCP,15443/TCP istio-galley ClusterIP 10.96.7.103 <none> 443/TCP,15014/TCP,9901/TCP istio-pilot ClusterIP 10.111.223.158 <none> 15010/TCP,15011/TCP,8080/TCP,15014/TCP istio-policy ClusterIP 10.99.92.37 <none> 9091/TCP,15004/TCP,15014/TCP ... istio-ingressgateway LoadBalancer 10.108.74.19 <pending> 15020:30551/TCP,80:31380/TCP,.. ... kiali ClusterIP 10.111.53.120 <none> 20001/TCP • The components in istio can be customized
  • 15. Install meet.up web app v1 • Simple deployment and expose as nodeport for testing • $ kubectl apply -f istio/meetup-v1.yaml $ kubectl apply -f istio/meetup-nodeport.yaml
  • 16. Demo steps in high-level • Install istio packages into existing k8s environment (all needed service) • Use traditional way to deploy v1 and access it • Use istio way to deploy v1 and access it • Canary deploy the v2 • Complete the deployment (switch all traffic to v2) • Monitor in istio platform (kiali/Grafana)
  • 17. Using istio way to install service • Inject the istio sidecar into original deployment • Orig: kubectl create -f istio/meetup-v1.yaml • New: kubectl create -f <(istioctl kube-inject -f istio/meetup-v1.yaml) • Create DestinationRule, Gateway for virtualservice • $ kubectl apply -f istio/meetup-destination-v1.yaml $ kubectl apply -f istio/meetup-gateway.yaml $ kubectl apply -f istio/meetup-service-all-v1.yaml Old traffic flow Istio traffic flow
  • 18. Canary deployment • Deploy v2 version and route traffic from Firefox to v2 • Both v1,v2 service are deployed • $ kubectl apply -f <(istioctl kube-inject -f istio/meetup-v2.yaml) $ kubectl apply -f istio/meetup-destination-all.yaml $ kubectl apply -f istio/meetup-service-firefox-v2.yaml
  • 19. What happens and benefit • Istio let service to focus on the business, leave the common things to the framework • Traffic control, Load balance, authentication, Monitoring • No/Less extra coding inside original service Sidecar (injected) Original service (stay in same pod)
  • 20. Summary • Docker/kubernetes provides flexible deployment for your services • Istio (one of the nice tool in k8s) makes it easy to create a network of deployed services with load balancing, service-to-service authentication, monitoring, and more, with few or no code changes in service code. • More features or tools (like istio) will come out in kubernetes • Using Service Mesh will be much more simple for end-user
  • 21. Profile — An open source, collaboration & Agile evangelist. Software practice pioneering, aims to discover the best suitable methods and tools to improve the efficiency of software development. — Competence — CI & Automation & Cloud — Lead the technical changes — Agile, CI, Git, docker Linkedin: https://www.linkedin.com/in/larrycaiyu/ Materials and all demos https://gitlab.com/larrycai/istio-meetup

Editor's Notes

  1. https://www.tokkoro.com/3072950-bench_camping_forest_green_greenery_tall_trees_woods.html