SlideShare a Scribd company logo

Demo: Use Service Mesh with VMs and Containers

Mirantis
Mirantis

Demo of combining Istio and Virtlet to create a service mesh-based app that uses VMs and containers. To access the demo recording, visit: https://info.mirantis.com/istio-virtlet

Technology
1 of 27
Download to read offline
Copyright © 2019 Mirantis, Inc. All rights reserved Istio and Virtlet Service Mesh Demonstration Or… The RETURN of the SMESH!
2 Introduction Bruce Basil Mathews Sr. SolutionsArchitect at Mirantis Bruce has been a Senior Solutions Architect in the computer industry for 40+ years, working at multiple technology companies including Mirantis, HP, Oracle, Sun Microsystems and others.
3 ● Infrastructure layer making service to service communication safe fast and reliable ● Separate the application business logic from ○ Networking ○ Security ○ Observability What is service mesh?
4 Library ● Needed services are sitting in a Library that your microservices applications import and use. Node Agent ● The services are provided by a Node Agent or daemon. The daemon services all of the containers on a particular node/machine. Sidecar ● The services are provided in a Sidecar container that runs alongside your application container. Service Mesh Architectures
5 ● Greek word for "sail" ● Istio is an open-source project ● The project was started by teams from Google and IBM, in partnership with the Envoy team at Lyft. ● Platform Independent ● Service mesh What is ISTIO?
6 ISTIO Architecture ● Envoy - is a high-performance proxy to mediate all inbound and outbound traffic for all services in the service mesh. ● Pilot - provides service discovery for the Envoy sidecars, traffic management capabilities for intelligent routing. ● Mixer - enforces access control and usage policies across the service mesh, and collects telemetry data from the Envoy proxy and other services. ● Citadel - provides strong service-to-service and end-user authentication with built-in identity and credential management
7 What does ISTIO provide? ● Intelligent Routing ● Red/Black deployments ● Canaries ● Gradual upgrades ● Authentication ● Authorization ● Encryption ● Enforce Policies ● Resource limits ● Service dependencies ● Traffic flow ● Tracing ● Monitoring and logging
8 What is a Virtlet? Kubernetes CRI implementation for running VM workloads ○ Targeted at VM workloads that need to behave as containers on the outside ○ Run unmodified OpenStack VM images using qcow2 format ○ Build higher-level Kubernetes objects using VM pods ○ Use familiar kubectl pod commands to work with your VMs ○ Integrate with cluster networking using normal CNI plugins ○ Easy to deploy - only need to install simple CRI Proxy package on the nodes
9 Virtlet enables you to run unmodified QEMU/KVM virtual machines that do not include an additional Docker layer as in similar solutions in Kubernetes. Virtlet supports all standard Kubernetes objects, such as ReplicaSets, Deployments, DaemonSets, and so on, as well as their operations. The following diagram describes the Virtlet components and interactions between them: What does Virtlet Enable?
10 Virtlet includes the following components: ● Virtlet manager that implements CRI interfaces for virtualization and image handling ● A libvirt instance ● Virtlet tapmanager that is responsible for managing a VM networking ● Virtlet vmwrapper that is responsible for preparing environment for an emulator ● An emulator (QEMU with KVM support and with a possibility to disable KVM) ● Container Runtime Interface (CRI) Proxy that provides the ability to mix docker-shim and VM-based workloads on the same Kubernetes node Virtlet Components
11 Container Runtime Interface (CRI) Proxy provides a way to run multiple CRI implementations on the same node, for example, Virtlet and dockershim. It enables running infrastructure pods such as kube-proxy. CRI Proxy reuses the dockershim component from kubelet to have Docker as one of CRI implementations on the multi-runtime nodes. The Container Runtime Interface (CRI) Proxy
12 Demo
13 Lab Topology ● Kubernetes installed using kubeadm ● One master ● Two worker nodes ● Kiali console installed ● BookInfo app installed
14 Application Topology ● https://istio.io/docs/examp les/bookinfo/ ● Polyglot application with several micro services
15 Service mesh observability
16 ● The BookInfo application is being load balanced through the Node.js Proxy ● There are three separate Review instances registered with the load balancer ● Each of the Review container instances puts out a slight variation of the review for Reviewer 1 and Reviewer 2 ● The color of the stars printed change from black to red or are not displayed at all. ● Refreshing the productpage shows the load balancing occurring Some things of Note About the BookInfo Application
17 Simple BookInfo Application $ kubectl get svc istio-ingressgateway -n istio-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE istio-ingressgateway LoadBalancer 10.27.242.183 35.230.80.8 80:31380/TCP, 443:31390/TCP, 31400:31400/TCP, 15011:30570/TCP, 8060:30269/TCP,853:32645/TCP,15030:30155/TCP,15031:32443/TCP 18m Use the external IP to access the BookInfo application using the External IP, highlighted in red. In this case, the application is being assessed in a browser at: http://35.230.80.86/productpage The web page will look like this:
18 ● Enable Virtlet in your existing cluster. Documentation found here: https://docs.mirantis.com/mcp/q4-18/mcp-deployment- guide/deploy-mcp-cluster-manually/deploy-kubernetes-cluster- manually/enable-virtlet/deploy-virtlet.html ● Install the ubuntu_vm_with_testuser VM into the ‘default’ namespace along side BookInfo. Documentation found here: https://docs.google.com/document/d/1pPhPP9HBe_WfTH6IBAjhw5i D1pqWljfeZDJV3EIG9HA/edit?ts=5c700cb8#heading=h.8m0mh0xht 3ml ● Install MySQL on the Virtlet and follow the instructions for joining the mesh found here: https://istio.io/docs/examples/integrating-vms/ ● A new load balanced instance is created which reads the MySQL database and displays the number of stars associated to each reviewer number. ● This MySQL review data only displays on every third refresh or so... Adding Virtlet and MySQL into the Mix to Feed Reviews to BookInfo
19 Virtlet Ubuntu Instance
20 Display Virtlet and MySQL Running
21 BookInfo Display with 2 Stars for Reviewer 1 and 5 Stars for Reviewer 2
22 Modify the MySQL Database to 5 Stars for Reviewer 1 and 2 Stars for Reviewer 2
23 BookInfo Display with 5 Stars for Reviewer 1 and 2 Stars for Reviewer 2
24 A More Complex Use Case – Sock-Shop with Istio
25 Sock-Shop with Istio Full Traceability
2019 | www.mirantis.com Kubernetes & Istio Training training.mirantis.com training.mirantis.com Kubernetes & Docker Bootcamp I (KD100) Learn Docker and Kubernetes to deploy, run, and manage containerized applications 2 days Kubernetes & Docker Bootcamp II (KD200) Advanced training for Kubernetes professionals, preparation for CKA exam 3 days Accelerated Kubernetes & Docker Bootcamp (KD250) Most popular course! A combination of KD100 & KD200 at an accelerated pace, preps for CKA 4 days Istio Fundamentals (IST50) New! Introduction to Istio & Service Mesh 1 day Webinar attendees! Get 15% off Mirantis training! Use coupon code: WEBMIR2019
27 Thank You! Q & A

Recommended

How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...Mirantis
 
Kubernetes Security Workshop
Kubernetes Security WorkshopKubernetes Security Workshop
Kubernetes Security WorkshopMirantis
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersMirantis
 
How to Build a Basic Edge Cloud
How to Build a Basic Edge CloudHow to Build a Basic Edge Cloud
How to Build a Basic Edge CloudMirantis
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataMirantis
 
What's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesWhat's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesMirantis
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesMirantis
 
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesYour Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesMirantis
 

Recommended

How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...Mirantis
 
Kubernetes Security Workshop
Kubernetes Security WorkshopKubernetes Security Workshop
Kubernetes Security WorkshopMirantis
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersMirantis
 
How to Build a Basic Edge Cloud
How to Build a Basic Edge CloudHow to Build a Basic Edge Cloud
How to Build a Basic Edge CloudMirantis
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataMirantis
 
What's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesWhat's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesMirantis
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesMirantis
 
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesYour Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Your Application Deserves Better than Kubernetes Ingress: Istio vs. KubernetesMirantis
 
Demystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceDemystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceMirantis
 
Mirantis life
Mirantis lifeMirantis life
Mirantis lifeMirantis
 
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...Mirantis
 
Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Mirantis
 
Digital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudDigital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudMirantis
 
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackDecomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackMirantis
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryMirantis
 
Accelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsAccelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsMirantis
 
Containers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleContainers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleMirantis
 
Protecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutProtecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutMirantis
 
It's Not the Technology, It's You
It's Not the Technology, It's YouIt's Not the Technology, It's You
It's Not the Technology, It's YouMirantis
 
OpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationOpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationMirantis
 
Moving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMoving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMirantis
 
Your 1st Ceph cluster
Your 1st Ceph clusterYour 1st Ceph cluster
Your 1st Ceph clusterMirantis
 
App catalog (Vancouver)
App catalog (Vancouver)App catalog (Vancouver)
App catalog (Vancouver)Mirantis
 
Tales From The Ship: Navigating the OpenStack Community Seas
Tales From The Ship: Navigating the OpenStack Community SeasTales From The Ship: Navigating the OpenStack Community Seas
Tales From The Ship: Navigating the OpenStack Community SeasMirantis
 
OpenStack Overview and History
OpenStack Overview and HistoryOpenStack Overview and History
OpenStack Overview and HistoryMirantis
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
Designing OpenStack Architectures
Designing OpenStack ArchitecturesDesigning OpenStack Architectures
Designing OpenStack ArchitecturesMirantis
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 

More Related Content

More from Mirantis

Demystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceDemystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceMirantis
 
Mirantis life
Mirantis lifeMirantis life
Mirantis lifeMirantis
 
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...Mirantis
 
Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Mirantis
 
Digital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudDigital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudMirantis
 
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackDecomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackMirantis
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryMirantis
 
Accelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsAccelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsMirantis
 
Containers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleContainers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleMirantis
 
Protecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutProtecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutMirantis
 
It's Not the Technology, It's You
It's Not the Technology, It's YouIt's Not the Technology, It's You
It's Not the Technology, It's YouMirantis
 
OpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationOpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationMirantis
 
Moving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMoving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMirantis
 
Your 1st Ceph cluster
Your 1st Ceph clusterYour 1st Ceph cluster
Your 1st Ceph clusterMirantis
 
App catalog (Vancouver)
App catalog (Vancouver)App catalog (Vancouver)
App catalog (Vancouver)Mirantis
 
Tales From The Ship: Navigating the OpenStack Community Seas
Tales From The Ship: Navigating the OpenStack Community SeasTales From The Ship: Navigating the OpenStack Community Seas
Tales From The Ship: Navigating the OpenStack Community SeasMirantis
 
OpenStack Overview and History
OpenStack Overview and HistoryOpenStack Overview and History
OpenStack Overview and HistoryMirantis
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
Designing OpenStack Architectures
Designing OpenStack ArchitecturesDesigning OpenStack Architectures
Designing OpenStack ArchitecturesMirantis
 

More from Mirantis (20)

Demystifying Cloud Security Compliance
Demystifying Cloud Security ComplianceDemystifying Cloud Security Compliance
Demystifying Cloud Security Compliance
 
Mirantis life
Mirantis lifeMirantis life
Mirantis life
 
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...OpenStack and the IoT: Where we are, where we're going, what we need to get t...
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
 
Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016Boris Renski: OpenStack Summit Keynote Austin 2016
Boris Renski: OpenStack Summit Keynote Austin 2016
 
Digital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the CloudDigital Disciplines: Attaining Market Leadership through the Cloud
Digital Disciplines: Attaining Market Leadership through the Cloud
 
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStackDecomposing Lithium's Monolith with Kubernetes and OpenStack
Decomposing Lithium's Monolith with Kubernetes and OpenStack
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service Delivery
 
Accelerating the Next 10,000 Clouds
Accelerating the Next 10,000 CloudsAccelerating the Next 10,000 Clouds
Accelerating the Next 10,000 Clouds
 
Containers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That SimpleContainers for the Enterprise: It's Not That Simple
Containers for the Enterprise: It's Not That Simple
 
Protecting Yourself from the Container Shakeout
Protecting Yourself from the Container ShakeoutProtecting Yourself from the Container Shakeout
Protecting Yourself from the Container Shakeout
 
It's Not the Technology, It's You
It's Not the Technology, It's YouIt's Not the Technology, It's You
It's Not the Technology, It's You
 
OpenStack as the Platform for Innovation
OpenStack as the Platform for InnovationOpenStack as the Platform for Innovation
OpenStack as the Platform for Innovation
 
Moving AWS workloads to OpenStack
Moving AWS workloads to OpenStackMoving AWS workloads to OpenStack
Moving AWS workloads to OpenStack
 
Your 1st Ceph cluster
Your 1st Ceph clusterYour 1st Ceph cluster
Your 1st Ceph cluster
 
App catalog (Vancouver)
App catalog (Vancouver)App catalog (Vancouver)
App catalog (Vancouver)
 
Tales From The Ship: Navigating the OpenStack Community Seas
Tales From The Ship: Navigating the OpenStack Community SeasTales From The Ship: Navigating the OpenStack Community Seas
Tales From The Ship: Navigating the OpenStack Community Seas
 
OpenStack Overview and History
OpenStack Overview and HistoryOpenStack Overview and History
OpenStack Overview and History
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 
Designing OpenStack Architectures
Designing OpenStack ArchitecturesDesigning OpenStack Architectures
Designing OpenStack Architectures
 

Recently uploaded

The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 

Recently uploaded (20)

The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 

Demo: Use Service Mesh with VMs and Containers

  • 1. Copyright © 2019 Mirantis, Inc. All rights reserved Istio and Virtlet Service Mesh Demonstration Or… The RETURN of the SMESH!
  • 2. 2 Introduction Bruce Basil Mathews Sr. SolutionsArchitect at Mirantis Bruce has been a Senior Solutions Architect in the computer industry for 40+ years, working at multiple technology companies including Mirantis, HP, Oracle, Sun Microsystems and others.
  • 3. 3 ● Infrastructure layer making service to service communication safe fast and reliable ● Separate the application business logic from ○ Networking ○ Security ○ Observability What is service mesh?
  • 4. 4 Library ● Needed services are sitting in a Library that your microservices applications import and use. Node Agent ● The services are provided by a Node Agent or daemon. The daemon services all of the containers on a particular node/machine. Sidecar ● The services are provided in a Sidecar container that runs alongside your application container. Service Mesh Architectures
  • 5. 5 ● Greek word for "sail" ● Istio is an open-source project ● The project was started by teams from Google and IBM, in partnership with the Envoy team at Lyft. ● Platform Independent ● Service mesh What is ISTIO?
  • 6. 6 ISTIO Architecture ● Envoy - is a high-performance proxy to mediate all inbound and outbound traffic for all services in the service mesh. ● Pilot - provides service discovery for the Envoy sidecars, traffic management capabilities for intelligent routing. ● Mixer - enforces access control and usage policies across the service mesh, and collects telemetry data from the Envoy proxy and other services. ● Citadel - provides strong service-to-service and end-user authentication with built-in identity and credential management
  • 7. 7 What does ISTIO provide? ● Intelligent Routing ● Red/Black deployments ● Canaries ● Gradual upgrades ● Authentication ● Authorization ● Encryption ● Enforce Policies ● Resource limits ● Service dependencies ● Traffic flow ● Tracing ● Monitoring and logging
  • 8. 8 What is a Virtlet? Kubernetes CRI implementation for running VM workloads ○ Targeted at VM workloads that need to behave as containers on the outside ○ Run unmodified OpenStack VM images using qcow2 format ○ Build higher-level Kubernetes objects using VM pods ○ Use familiar kubectl pod commands to work with your VMs ○ Integrate with cluster networking using normal CNI plugins ○ Easy to deploy - only need to install simple CRI Proxy package on the nodes
  • 9. 9 Virtlet enables you to run unmodified QEMU/KVM virtual machines that do not include an additional Docker layer as in similar solutions in Kubernetes. Virtlet supports all standard Kubernetes objects, such as ReplicaSets, Deployments, DaemonSets, and so on, as well as their operations. The following diagram describes the Virtlet components and interactions between them: What does Virtlet Enable?
  • 10. 10 Virtlet includes the following components: ● Virtlet manager that implements CRI interfaces for virtualization and image handling ● A libvirt instance ● Virtlet tapmanager that is responsible for managing a VM networking ● Virtlet vmwrapper that is responsible for preparing environment for an emulator ● An emulator (QEMU with KVM support and with a possibility to disable KVM) ● Container Runtime Interface (CRI) Proxy that provides the ability to mix docker-shim and VM-based workloads on the same Kubernetes node Virtlet Components
  • 11. 11 Container Runtime Interface (CRI) Proxy provides a way to run multiple CRI implementations on the same node, for example, Virtlet and dockershim. It enables running infrastructure pods such as kube-proxy. CRI Proxy reuses the dockershim component from kubelet to have Docker as one of CRI implementations on the multi-runtime nodes. The Container Runtime Interface (CRI) Proxy
  • 13. 13 Lab Topology ● Kubernetes installed using kubeadm ● One master ● Two worker nodes ● Kiali console installed ● BookInfo app installed
  • 14. 14 Application Topology ● https://istio.io/docs/examp les/bookinfo/ ● Polyglot application with several micro services
  • 16. 16 ● The BookInfo application is being load balanced through the Node.js Proxy ● There are three separate Review instances registered with the load balancer ● Each of the Review container instances puts out a slight variation of the review for Reviewer 1 and Reviewer 2 ● The color of the stars printed change from black to red or are not displayed at all. ● Refreshing the productpage shows the load balancing occurring Some things of Note About the BookInfo Application
  • 17. 17 Simple BookInfo Application $ kubectl get svc istio-ingressgateway -n istio-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE istio-ingressgateway LoadBalancer 10.27.242.183 35.230.80.8 80:31380/TCP, 443:31390/TCP, 31400:31400/TCP, 15011:30570/TCP, 8060:30269/TCP,853:32645/TCP,15030:30155/TCP,15031:32443/TCP 18m Use the external IP to access the BookInfo application using the External IP, highlighted in red. In this case, the application is being assessed in a browser at: http://35.230.80.86/productpage The web page will look like this:
  • 18. 18 ● Enable Virtlet in your existing cluster. Documentation found here: https://docs.mirantis.com/mcp/q4-18/mcp-deployment- guide/deploy-mcp-cluster-manually/deploy-kubernetes-cluster- manually/enable-virtlet/deploy-virtlet.html ● Install the ubuntu_vm_with_testuser VM into the ‘default’ namespace along side BookInfo. Documentation found here: https://docs.google.com/document/d/1pPhPP9HBe_WfTH6IBAjhw5i D1pqWljfeZDJV3EIG9HA/edit?ts=5c700cb8#heading=h.8m0mh0xht 3ml ● Install MySQL on the Virtlet and follow the instructions for joining the mesh found here: https://istio.io/docs/examples/integrating-vms/ ● A new load balanced instance is created which reads the MySQL database and displays the number of stars associated to each reviewer number. ● This MySQL review data only displays on every third refresh or so... Adding Virtlet and MySQL into the Mix to Feed Reviews to BookInfo
  • 20. 20 Display Virtlet and MySQL Running
  • 21. 21 BookInfo Display with 2 Stars for Reviewer 1 and 5 Stars for Reviewer 2
  • 22. 22 Modify the MySQL Database to 5 Stars for Reviewer 1 and 2 Stars for Reviewer 2
  • 23. 23 BookInfo Display with 5 Stars for Reviewer 1 and 2 Stars for Reviewer 2
  • 24. 24 A More Complex Use Case – Sock-Shop with Istio
  • 25. 25 Sock-Shop with Istio Full Traceability
  • 26. 2019 | www.mirantis.com Kubernetes & Istio Training training.mirantis.com training.mirantis.com Kubernetes & Docker Bootcamp I (KD100) Learn Docker and Kubernetes to deploy, run, and manage containerized applications 2 days Kubernetes & Docker Bootcamp II (KD200) Advanced training for Kubernetes professionals, preparation for CKA exam 3 days Accelerated Kubernetes & Docker Bootcamp (KD250) Most popular course! A combination of KD100 & KD200 at an accelerated pace, preps for CKA 4 days Istio Fundamentals (IST50) New! Introduction to Istio & Service Mesh 1 day Webinar attendees! Get 15% off Mirantis training! Use coupon code: WEBMIR2019