service mesh from the ground up
play

Service Mesh from the Ground Up: How Istio Can Transform Your - PowerPoint PPT Presentation

Aug 12, 2023 •506 likes •1.86k views

Service Mesh from the Ground Up: How Istio Can Transform Your Organization Megan O'Keefe Hello! I'm a Developer Relations Engineer at Google Cloud. I help make Google's products easy to adopt and use. I test-drive new features,

  1. Node Node TLS certs Agent Agent to proxies via Secrets Service A Service B Proxy Proxy Proxy Policy checks and telemetry Discovery & config TLS certs Mixer data to proxies to node agents Pilot Galley Citadel Mesh config to control plane YAML Injector Istio Control Plane Sidecar configuration to Pods

  2. Node Node TLS certs Agent Agent to proxies via Secrets Service A Service B Proxy Proxy Proxy Policy checks and telemetry Discovery & config TLS certs Mixer data to proxies to node agents Pilot Galley Citadel Mesh config to control plane YAML Ingress Ingress Traffic Gateway Injector Istio Control Plane Sidecar configuration to Pods

  3. Installing Istio

  5. dev us-east1-b

  6. dev us-east1-b Mixer Pilot Galley Citadel Ingress Gateway Injector Istio Control Plane

  7. AdService dev EmailService us-east1-b CartService PaymentService CheckoutService Frontend Redis ShippingService CurrencyService Recommendation ProductCatalog Service Service Mixer Pilot Galley Citadel Ingress Gateway Injector Istio Control Plane

  8. dev AdService EmailService us-east1-b CartService PaymentService CheckoutService Frontend Redis ShippingService CurrencyService Recommendation ProductCatalog Service Service Mixer Pilot Galley Citadel Ingress Ingress Traffic Gateway Injector Istio Control Plane

  9. Demo

  10. Questions? ⛵

  11. Observability

  12. Observability is a measure of how well internal states of a system can be inferred from knowledge of its external outputs .

  13. Istio Observability Features Service graph - track dependencies at runtime Bird’s eye view of service behavior for issue triage, reduce time to detect and fjx outages Automatically collects the "golden signals" for every service - latency , error rate , throughput Set, monitor and enforce Service-Level Objectives (SLOs) Tracing : track a request from end to end, across service boundaries

  14. Demo

  15. Security

  16. Moving from VMs to Kubernetes introduces new security challenges.

  17. Viruual Machines Kubernetes Isolation at the host level Containers share a host (Node) Workloads allocated to hosts Nodes work as one viruual host Workloads share OS, dependencies Containers have own dependencies Stable host IPs Ephemeral Pod IPs May run in a trusted , on-prem May run in a cloud environment environment

  18. Istio - Security Automatically secure your services through managed authentication, authorization, and encryption of communication between services. Traffjc encryption Service auth Auditing controls Access policies

  19. Demo: Mutual TLS

  20. Node Node TLS certs Agent Agent to proxies via Secrets Service A Service B Proxy Proxy Proxy Policy checks and telemetry Discovery & config TLS certs Mixer data to proxies to node agents Pilot Galley Citadel Mesh config to control plane YAML Injector Istio Control Plane Sidecar configuration to Pods

  21. MeshPolicy apiVersion: "authentication.istio.io/v1alpha1" kind: "MeshPolicy" metadata: name: "default" spec: peers: - mtls: {}

  22. DestinationRule apiVersion: "networking.istio.io/v1alpha3" kind: "DestinationRule" metadata: name: "default" namespace: "istio-system" spec: host: "*.local" trafficPolicy: tls: mode: ISTIO_MUTUAL

  23. Demo: Authorization

  24. Node Node TLS certs Agent Agent to proxies via Secrets Service A Service B Proxy Proxy Proxy Policy checks and telemetry Discovery & config TLS certs Mixer data to proxies to node agents Pilot Galley Citadel Mesh config to control plane YAML Injector Istio Control Plane Sidecar configuration to Pods

  25. AuthorizationPolicy apiVersion: "security.istio.io/v1beta1" kind: "AuthorizationPolicy" metadata: name: "currency-policy" namespace: default spec: selector: matchLabels: app: currencyservice rules: - from: - source: principals: ["cluster.local/ns/default/sa/frontend-sa"]

  26. Questions?

  27. DevOps

  28. DevOps is an organizational and cultural movement that aims to increase sofuware delivery velocity , improve service reliability , and build shared ownership among sofuware stakeholders. cloud.google.com/devops

  29. What is DevOps? release deploy n plan g i s e d OPS DEV monitor e build t a r t e s p e t o

  30. DevOps is an organizational and cultural movement that aims to increase sofuware delivery velocity , improve service reliability , and build shared ownership among sofuware stakeholders. cloud.google.com/devops

  31. DevOps with Istio Velocity: safe rollouts with traffjc splituing. deprecate legacy services with redirects. accelerate the customer feedback loop with A/B testing. Reliability: set SLOs and alerus on generated metrics. use circuit breaking and fault injection to harden services. Shared ownership: declarative traffjc/security policies in a shared Git repo. scope Istio policies at the namespace level.

  32. Istio - Traffjc Management VirtualService , Gateway , Traffjc splituing Traffjc steering Fault injection DestinationRule , and ServiceEntry Circuit breaking Egress control

  33. VirtualService apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: frontend spec: hosts: - "frontend.default.svc.cluster.local" http: - route: - destination: host: frontend

  34. Gateway apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: frontend-gateway spec: selector: istio: ingressgateway servers: - port: number: 80 name: http protocol: HTTP hosts: - "*"

  35. DestinationRule apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: frontend spec: host: frontend.default.svc.cluster.local subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2

  36. Kubernetes Deployment Pods Pods

  37. Kubernetes Service Kubernetes Deployment Pods Pods

  38. Kubernetes Service Kubernetes Deployment Kubernetes Deployment Pods Pods v1 v2

  39. Kubernetes Service DestinationRule Pods Pods v1 v2

  40. VirtualService Kubernetes Service DestinationRule Pods Pods v1 v2

  41. VirtualService VirtualService Kubernetes Service Kubernetes Service DestinationRule DestinationRule Pods Pods Pods Pods v1 v2 v1 v2

  42. Gateway VirtualService VirtualService Kubernetes Service Kubernetes Service DestinationRule DestinationRule Pods Pods Pods Pods v1 v2 v1 v2

  43. release deploy n plan g i s e d OPS DEV monitor e build t a r t e s p e t o

  44. release deploy n plan g i s e d OPS DEV monitor e build t a r t e s p e t o

  45. Demo: Service Redirect

  46. Service Redirect Scenario - we've moved to a faster payments Frontend payments service, coolcash. We want to deprecate paymentservice paymentservice:80 and redirect calls to coolcash. coolcash

  47. release deploy n plan g i s e d OPS DEV monitor e build t a r t e s p e t o

  48. Demo: Canary Deployment

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Service Mesh Is Easy To Swallow In Small Pieces Andrew Jenkins Eng Lead, Aspen Mesh

A Service Mesh Is Easy To Swallow In Small Pieces Andrew Jenkins Eng Lead, Aspen Mesh

A Service Mesh Is Easy To Swallow In Small Pieces Andrew Jenkins Eng Lead, Aspen Mesh @notthatjenkins Why Should I Use A Service Mesh? Managing Microservices Without a Service Mesh Python Node.js Java Flask http.createServer Spring

412 views • 29 slides
Learning 3D object models from 2D images Cropped Input Image Predicted Mesh Generated Ground

Learning 3D object models from 2D images Cropped Input Image Predicted Mesh Generated Ground

Learning 3D object models from 2D images Cropped Input Image Predicted Mesh Generated Ground Truth Predicted Landmarks Mesh Loss Latent Spatial Mesh Convolutional ResNet-50 Vector Decoder Iterative Model Fitting Learning from Imperfect

964 views • 69 slides
Service Mess to Service Mesh Observe. Control. Secure. Rob Richardson Technical Evangelist,

Service Mess to Service Mesh Observe. Control. Secure. Rob Richardson Technical Evangelist,

Service Mess to Service Mesh Observe. Control. Secure. Rob Richardson Technical Evangelist, MemSQL Kavya Pearlman Cybersecurity Strategist, Wallarm https://www.shutterstock.com/image-photo/ca r-technology-autonomous-self-driving-concep

306 views • 26 slides
The Service Mesh Its About the Traffic Oliver Gould @olix0r Oliver Gould Photo Goes Here

The Service Mesh Its About the Traffic Oliver Gould @olix0r Oliver Gould Photo Goes Here

The Service Mesh Its About the Traffic Oliver Gould @olix0r Oliver Gould Photo Goes Here Linkerd Lead; Buoyant CTO @olix0r @olix0r @olix0r Nov 9, 2016 QConSF Agenda Why Does Linkerd Exist? The Trough of Service Mesh

525 views • 34 slides
Mesh Networks | Hacking The T3lc0 Model http://arig.org.il What's a Mesh Anyway ? Mesh =

Mesh Networks | Hacking The T3lc0 Model http://arig.org.il What's a Mesh Anyway ? Mesh =

Mesh Networks | Hacking The T3lc0 Model http://arig.org.il What's a Mesh Anyway ? Mesh = topology. anything not a star / bus / ring / tree Nodes = routers, smart phones, cars anything wi-fi enabled Links = wireless connections

516 views • 25 slides
Mesh Basics Mesh Basics 1 Spring 2010 Definitions: Definitions: 1/2 Definitions:

Mesh Basics Mesh Basics 1 Spring 2010 Definitions: Definitions: 1/2 Definitions:

Mesh Basics Mesh Basics 1 Spring 2010 Definitions: Definitions: 1/2 Definitions: Definitions: 1/2 1/2 1/2 A polygonal mesh consists of three kinds of mesh elements : vertices, edges, and faces. The information describing the mesh

781 views • 45 slides
Service Mesh sh Interface Brendan Burns QCon New York 2019 This Photoby Unknown Author is

Service Mesh sh Interface Brendan Burns QCon New York 2019 This Photoby Unknown Author is

Service Mesh sh Interface Brendan Burns QCon New York 2019 This Photoby Unknown Author is licensed under CC BY-SA The e Service ice Me Mesh Landsc scape This Photoby Unknown Author is licensed under CC BY-NC-ND The problem for users

448 views • 34 slides
Ground: A Data Context Service Joe Hellerstein, Vikram Sreekanti, Joey Gonzalez, et al . CIDR 2017

Ground: A Data Context Service Joe Hellerstein, Vikram Sreekanti, Joey Gonzalez, et al . CIDR 2017

Ground: A Data Context Service Joe Hellerstein, Vikram Sreekanti, Joey Gonzalez, et al . CIDR 2017 https:/ /github.com/ground-context/ground ground Open Source Big Data Community Health Long-term Data L Data Analysis Data Wrangling I A

566 views • 34 slides
What Makes for a Good Mesh? CS101 Meshing Winter 2007 1 Mesh Quality What makes a mesh

What Makes for a Good Mesh? CS101 Meshing Winter 2007 1 Mesh Quality What makes a mesh

What Makes for a Good Mesh? CS101 Meshing Winter 2007 1 Mesh Quality What makes a mesh good? application dependent some general principles PL approximation (triangles/tets) faithful to geometry values gradients

307 views • 11 slides
What is a mesh network? A mesh network is created when many devices have established

What is a mesh network? A mesh network is created when many devices have established

What is a mesh network? A mesh network is created when many devices have established communication between them in more than one way. Any device with an appropriate wireless node can participate in a mesh network. Initialising

140 views • 12 slides
Increasing Delivery Velocity with a Service Mesh at Indeed Joshua Shanks Senior Software

Increasing Delivery Velocity with a Service Mesh at Indeed Joshua Shanks Senior Software

Increasing Delivery Velocity with a Service Mesh at Indeed Joshua Shanks Senior Software Engineer, Indeed Indeed is the #1 job site worldwide what where Software Engineer Seattle, WA Find Jobs 60 countries 30 languages 200M unique visitors

870 views • 69 slides
Automated Canaries with Prometheus, Kubernetes and Service Mesh Bryan Boreham

Automated Canaries with Prometheus, Kubernetes and Service Mesh Bryan Boreham

Automated Canaries with Prometheus, Kubernetes and Service Mesh Bryan Boreham @bboreham https://weave.works @weaveworks 1 Canary Deployment Stages https://github.com/weaveworks/flagger Thank You! Weaveworks

301 views • 5 slides
A look into mesh density IN THIS WEBINAR: PRESENTED BY: Mesh refinement Andrew Nelson

A look into mesh density IN THIS WEBINAR: PRESENTED BY: Mesh refinement Andrew Nelson

Accuracy vs. Speed A look into mesh density IN THIS WEBINAR: PRESENTED BY: Mesh refinement Andrew Nelson Discussing higher order elements Stress Engineer Examining analytical error and Structural Design and Analysis

205 views • 9 slides
13 Mesh Animation Steve Marschner CS5625 Spring 2020 Basic surface deformation methods Blend

13 Mesh Animation Steve Marschner CS5625 Spring 2020 Basic surface deformation methods Blend

13 Mesh Animation Steve Marschner CS5625 Spring 2020 Basic surface deformation methods Blend shapes: make a mesh by combining several meshes Mesh skinning: deform a mesh based on an underlying skeleton Both use simple linear algebra Easy to

559 views • 17 slides
05 Mesh Animation Steve Marschner CS5625 Spring 2019 Basic surface deformation methods Blend

05 Mesh Animation Steve Marschner CS5625 Spring 2019 Basic surface deformation methods Blend

05 Mesh Animation Steve Marschner CS5625 Spring 2019 Basic surface deformation methods Blend shapes: make a mesh by combining several meshes Mesh skinning: deform a mesh based on an underlying skeleton Both use simple linear algebra Easy to

348 views • 15 slides
CREATIVE FREEDOM FOR COMPUTATIONAL MESH GENERATION IN DEAL.II Nicola Giuliani , Luca Heltai

CREATIVE FREEDOM FOR COMPUTATIONAL MESH GENERATION IN DEAL.II Nicola Giuliani , Luca Heltai

CREATIVE FREEDOM FOR COMPUTATIONAL MESH GENERATION IN DEAL.II Nicola Giuliani , Luca Heltai (ngiuliani@sissa.it) Sixth deal.II Users and Developers Workshop MESH GENERATION Mesh generation a secret of the darkest arts An accurate mesh

500 views • 20 slides
Service Properties Trust (Nasdaq: SVC) Investor Presentation August 2020 Warning Concerning

Service Properties Trust (Nasdaq: SVC) Investor Presentation August 2020 Warning Concerning

Service Properties Trust (Nasdaq: SVC) Investor Presentation August 2020 Warning Concerning Forward-Looking Statements. This presentation contains statements that constitute forward-looking statements within the meaning of the Private

609 views • 31 slides
MSBVH: An Efficient Acceleration Data Structure for Ray Traced Motion Blur Leonhard Gr

MSBVH: An Efficient Acceleration Data Structure for Ray Traced Motion Blur Leonhard Gr

MSBVH: An Efficient Acceleration Data Structure for Ray Traced Motion Blur Leonhard Gr unschlo Martin Stich Sehera Nawaz Alexander Keller August 6, 2011 Principles of Accelerated Ray Tracing Hierarchical culling object list

985 views • 79 slides
The Foreign National Driver Resource Card & Suspended and Revoked Drivers AAMVA Annual

The Foreign National Driver Resource Card & Suspended and Revoked Drivers AAMVA Annual

The Foreign National Driver Resource Card & Suspended and Revoked Drivers AAMVA Annual International Conference Charlotte, NC August 22, 2012 Brian Ursino, AAMVA Director of Law Enforcement AAMVA Official Use Only Enforcement Standing

194 views • 17 slides
Suspension and Expulsion Prevention Child Care and Development Program Division of

Suspension and Expulsion Prevention Child Care and Development Program Division of

Suspension and Expulsion Prevention Child Care and Development Program Division of Welfare & Supportive Services What is the Child Care and Development Program? The Child Care and Development Program (CCDP)

430 views • 20 slides
2019-20 FINAL BUDGET June 2019 2019-20 BUDGET GOALS ESTABLISHED JAN 2019: MAINTAIN CURRENT

2019-20 FINAL BUDGET June 2019 2019-20 BUDGET GOALS ESTABLISHED JAN 2019: MAINTAIN CURRENT

NORRISTOWN AREA SCHOOL DISTRICT 2019-20 FINAL BUDGET June 2019 2019-20 BUDGET GOALS ESTABLISHED JAN 2019: MAINTAIN CURRENT STAFFING LEVELS MAINTAIN CURRENT FUND BALANCE MAXIMUM TAX INCREASE @ ACT I INDEX OF 2.80% 2019-20 BUDGET

424 views • 20 slides
Analysis of Variability of Solar Panels in The Distribution System Tatianne Da Silva Advisor:

Analysis of Variability of Solar Panels in The Distribution System Tatianne Da Silva Advisor:

Analysis of Variability of Solar Panels in The Distribution System Tatianne Da Silva Advisor: Dr. Hctor Pulgar-Painemal Mentor: Jonathan Devadason Final Presentation 7/14/2016 Motivation Distribution System Substation Residences Solar

529 views • 14 slides
Budget Presentation June 3, 2020 Township of Millstone 2020 Budget Summary Title:

Budget Presentation June 3, 2020 Township of Millstone 2020 Budget Summary Title:

Township of Millstone 2020 Municipal Budget Presentation June 3, 2020 Township of Millstone 2020 Budget Summary Title: 2020-Estimated 2019-Actual $ Change % Change Net Valuation Taxable $1,882,865,731.00 $1,875,523,218.00 $7,342,513.00

516 views • 24 slides
How to Import SVG and Adjust it 1. If you want import a SVG file and change it to 3D Object, you

How to Import SVG and Adjust it 1. If you want import a SVG file and change it to 3D Object, you

How to Import SVG and Adjust it 1. If you want import a SVG file and change it to 3D Object, you can use Shape->Freehand Shape . Or you can use SVG Shape and click Open SVG File . Because I want to teach the SVG settings, so we

144 views • 3 slides

More recommend