Professional Documents
Culture Documents
SRECon19 - Managing Microservices With Istio Service Mesh - v1.1
SRECon19 - Managing Microservices With Istio Service Mesh - v1.1
Network Reliability
Spring Cloud
Docker
Enterprise microservice framework
Containerization for Java
Microservices challenges
- N to N communications.
-Challenge 1 software interconnection
Distributed Challenge 2and troubleshooting
Challenge
is hard.3
- Containers should stay thin and platform agnostic.
- Upgrade of polyglot microservices is hard at scale.
Microservices building blocks
Configuration Service Load Balancing / Intelligent Routing
Challenge 1 Challenge 3
Business Value
API Gateway
Configuration Service
Service A Service B
Tracing Tracing
Metrics Metrics
Code oriented pattern
Foundation
Business Values
Challenge 3
Business Service Configuration Service
Challenge 1
Load Balancing / Intelligent Routing
Service Registry / Discovery
Authentication & Authorization
API Gateway
Circuit
Rate Limiting
Breaker/Retry
Log Aggregation
Audit
Code oriented solutions limits
- Language oriented.
- Error prone (implementation).
- Hard to upgrade each microservice when system grow.
- Add technical challenges and duties to development teams.
- Different teams in the same organization may have different
implementations.
- Each team should maintien his implementation.
buoyant.io
Each service will have its own proxy
service and all these proxy services
Injected
Proxy Proxy
Circuit Breaker Circuit Breaker
Rate limiting Rate limiting
Tracing Network concerns Tracing
Metrics become transparent Metrics
Service A Service B
Business logic Business logic
History of Istio
- Envoy proxy (Istio data plane) created by Lyft and open-sourced in 2016.
- IBM and Google launch the project in May 2017.
- First major version released in July 2018.
- Current version: 1.3
Istio goal
Solution
concerns.
● No change in the service code.
● Central configuration
Istio Promises management.
● Easy to upgrade
● Security
Istio does: Istio does not:
- Service discovery
- Load Balancing & Intelligent
Routing - Event Driven Asynchronous
- Resiliency: Circuit Breaker & communication
Retry - Service Orchestration
- Rate Limiting
- Authentication and
Authorization
- Service to Service mTLS
- Policy enforcement
- Observability
- Monitoring metrics
- Distributed tracing
Sidecar pattern
Foundation
Business Values Challenge 3
Configuration Service
Business Service
Challenge 1 Service Registry / Discovery
Business Service
API Gateway
Business Service
Load Balancing / Intelligent Routing
- HTTP L7 filter
- HTTP L7 routing (based on http headers and cookies)
- First class HTTP/2
- gRPC support
- Fine-grained traffic splitting
Architecture
Challenge 1 Challenge 2 Challenge 3
Istio building blocks 1/2
Component Description
Pilot Responsible for service discovery and for configuring the Envoy
sidecar proxies