the architecture along the way
play

& the architecture along the way! @mt165 mt165.co.uk The life - PowerPoint PPT Presentation

Apr 21, 2023 •242 likes •756 views

QCon London March 2019 & the architecture along the way! @mt165 mt165.co.uk The life of a packet through Istio @mt165 Objectives Learn how a packet traverses an Istio/Envoy/Kubernetes system See what control plane calls are made in that

  1. QCon London March 2019 & the architecture along the way! @mt165 mt165.co.uk

  2. The life of a packet through Istio @mt165 Objectives Learn how a packet traverses an Istio/Envoy/Kubernetes system See what control plane calls are made in that process Build a useful mental model for reasoning about, and debugging Istio

  3. The life of a packet through Istio @mt165 Prerequisites Basic networking knowledge Intermediate Kubernetes knowledge An understanding of what Istio is and does

  4. The life of a packet through Istio @mt165 Outline ● Context and Introduction ● Networking and Containers ● Pilot and Routing ● Mixer and Policy ● Citadel and mTLS

  5. The life of a packet through Istio @mt165 Context and Introduction

  6. The life of a packet through Istio @mt165 Why?

  7. The life of a packet through Istio @mt165

  8. The life of a packet through Istio @mt165

  9. The life of a packet through Istio @mt165 Istio “An open platform to connect , secure , control , and observe services.”

  10. The life of a packet through Istio @mt165 Networking and Containers

  11. The life of a packet through Istio @mt165 Ingress Service A

  12. The life of a packet through Istio @mt165 Cluster IP Cluster IP Node Envoy port Envoy *.example.com Envoy Envoy Load Service A Ingress Balancer

  13. The life of a packet through Istio @mt165 Service A

  14. The life of a packet through Istio @mt165 Envoy SvcA Service A

  15. The life of a packet through Istio @mt165 “Containers” nginx nginx supervisord mnt uts pid user ipc net

  16. The life of a packet through Istio @mt165 Kubernetes Pods nginx logger nginx fluentd supervisord mnt mnt uts uts pid user ipc net

  17. The life of a packet through Istio @mt165 Kubernetes Pods iptables nginx logger routes 192.168.0.42 eth0 nginx fluentd lo supervisord mnt mnt sockets uts uts pid user ipc net

  18. The life of a packet through Istio @mt165 Kubernetes Pods iptables nginx logger routes 192.168.0.42 eth0 :8080/tcp nginx fluentd lo supervisord mnt mnt sockets uts uts pid user ipc net

  19. The life of a packet through Istio @mt165 Kubernetes Pods iptables nginx proxy routes 192.168.0.42 eth0 :8080/tcp nginx envoy lo supervisord mnt mnt sockets uts uts pid user ipc net

  20. The life of a packet through Istio @mt165 Sidecar Injection iptables routes 192.168.0.42 eth0 lo sockets pid user ipc net

  21. The life of a packet through Istio @mt165 Sidecar Injection iptables routes 192.168.0.42 alpine sysctl -w kernel.core_pattern=... eth0 lo sockets pid user ipc net

  22. The life of a packet through Istio @mt165 Sidecar Injection iptables routes 192.168.0.42 istio/proxy_init /usr/local/bin/prepare_proxy.sh -p 15001 -u 1337 eth0 lo sockets pid user ipc net

  23. The life of a packet through Istio @mt165 Sidecar Injection iptables nginx istio/proxy routes 192.168.0.42 eth0 nginx envoy lo :15001/tcp mnt mnt sockets uts uts pid user ipc net

  24. The life of a packet through Istio @mt165 Envoy SvcA Service A

  25. The life of a packet through Istio @mt165 Pilot and Routing

  26. The life of a packet through Istio @mt165 ? ? Envoy SvcA ? Service A

  27. The life of a packet through Istio @mt165 Services $ kubectl get service -o wide service-b NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR service-b ClusterIP 10.98.84.169 <none> 80/TCP 90s app=service-b

  28. The life of a packet through Istio @mt165 Service DNS exposure $ dig service-b.default.svc.cluster.local. ;; ANSWER SECTION: service-b.default.svc.cluster.local. 5 IN A 10.98.84.169

  29. The life of a packet through Istio @mt165 Pods $ kubectl get pods -o wide | grep service-b service-b-644856485c-4rk88 1/1 Running 0 7m46s 10.32.0.4 kind-1-control-plane <none> service-b-644856485c-dc2zv 1/1 Running 0 7m46s 10.32.0.6 kind-1-control-plane <none> service-b-644856485c-gr75k 1/1 Running 0 7m46s 10.32.0.5 kind-1-control-plane <none>

  30. The life of a packet through Istio @mt165 Endpoints $ kubectl get endpoints service-b NAME ENDPOINTS AGE service-b 10.32.0.4:8080,10.32.0.5:8080,10.32.0.6:8080 8m55s

  31. The life of a packet through Istio @mt165 Endpoints $ kubectl get endpoints service-b -o yaml ... subsets: - addresses: - ip: 10.32.0.4 nodeName: kind-1-control-plane targetRef: kind: Pod … ports: - name: http port: 8080 protocol: TCP

  32. The life of a packet through Istio @mt165 Control Plane API Pilot Config to Envoys Envoy SvcA Service A

  33. The life of a packet through Istio @mt165 k8s consul zk Control Plane API Pilot Config to Envoys Data plane API Envoy SvcA Service A

  34. The life of a packet through Istio @mt165 Pilot ● Ingress Routing ● Traffic Mirroring ● Traffic Shifting ● Canary Deployments ● Circuit Breaking ● Fault Injection

  35. The life of a packet through Istio @mt165 Mixer and Policy

  36. The life of a packet through Istio @mt165 Control Plane API Pilot Config to Envoys Envoy SvcA Service A Service B

  37. The life of a packet through Istio @mt165 Control Plane API Mixer Pilot Config to Envoys Policy checks, Telemetry Envoy Envoy SvcA SvcB Service A Service B

  38. The life of a packet through Istio @mt165 IP 5-tuple (src_addr, src_port, dst_addr, dst_port, proto)

  39. The life of a packet through Istio @mt165 IP Router Architecture BGP OSPF ARP STP CONTROL PLANE Router Information Base DATA PLANE Forwarding User process Information Base Kernel module Interrupt

  40. The life of a packet through Istio @mt165 IP Router Architecture BGP OSPF ARP STP CONTROL PLANE Router Information PILOT Base DATA PLANE Forwarding User process MIXER Information Base Kernel module ENVOY Interrupt

  41. The life of a packet through Istio @mt165 Control Plane API Pilot Config to REPORT Envoys prom ES Mixer Mixer fat client Mixer fat client Envoy Envoy RBAC Rate SvcA SvcB limit CHECK Service A Service B

  42. The life of a packet through Istio @mt165 Mixer ● Check ○ ACLs / Authorization ○ Rate Limiting ● Report ○ Logs ○ Metrics ○ Tracing

  43. The life of a packet through Istio @mt165 Control Plane API Mixer Pilot Config to Envoys Policy checks, Telemetry Envoy Envoy SvcA SvcB Service A Service B

  44. The life of a packet through Istio @mt165 Control Plane API Mixer Citadel Pilot Config to TLS certs Envoys to Envoys Policy checks, Telemetry Envoy Envoy SvcA SvcB Service A Service B

  45. The life of a packet through Istio @mt165 Control Plane API Mixer Citadel Pilot Config to TLS certs Envoys to Envoys Policy checks, Telemetry Envoy Envoy SvcA SvcB Service A Service B

  46. The life of a packet through Istio @mt165 Control Plane API Mixer Citadel Pilot Config to TLS certs Envoys to Envoys Policy checks, Telemetry Envoy Envoy Envoy Envoy Envoy Envoy Envoy Envoy SvcA SvcB Envoy Envoy Ingress Service A Service B Egress

  47. The life of a packet through Istio @mt165 Control Plane API API Server Mixer Citadel Pilot etcd Config to TLS certs Envoys to Envoys Policy checks, Telemetry kubectl Envoy Envoy SvcA SvcB Service A Service B

  48. The life of a packet through Istio @mt165 Control Plane API Galley Mixer Citadel Pilot etcd Config to TLS certs Envoys to Envoys Policy checks, Telemetry kubectl Envoy Envoy SvcA SvcB Service A Service B

  49. The life of a packet through Istio @mt165 Outline ● Context and Introduction ● Networking and Containers ● Pilot and Routing ● Mixer and Policy ● Citadel and mTLS

  50. The life of a packet through Istio @mt165 Recap We learned: ● How a packet traverses an Istio/Envoy/Kubernetes system ● What control plane calls are made in that process ● A useful mental model for reasoning about, and debugging Istio

  51. Thanks! @mt165 QR CODE

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 Where does architecture come from? What order? Use an architecture youve seen before

1 Where does architecture come from? What order? Use an architecture youve seen before

Architecture 2 1 Announcements What is Architecture? Final project hand-in and documentation Big picture Structure or structures that support the system Early design decisions Architecture is the design decisions you

275 views • 5 slides
Overview of Sofware Architecture Sofware Architecture VO (706.706) Roman Kern 2020-10-04

Overview of Sofware Architecture Sofware Architecture VO (706.706) Roman Kern 2020-10-04

# These slides should give an overview of the sofware architecture, and what its role is. # Why and when is sofware architecture important. # In other words: sofware architecture in a nutshell ! Overview of Sofware Architecture Sofware

207 views • 7 slides
SE2: Introduction to Software Architecture Mei Nagappan What is Architecture? Encyclopedia

SE2: Introduction to Software Architecture Mei Nagappan What is Architecture? Encyclopedia

Material and some slide content from: - Emerson Murphy-Hill - Reid Holmes - Mehdi Mirakhorli - Software Architecture: Foundations, Theory, and Practice - Essential Software Architecture SE2: Introduction to Software Architecture Mei Nagappan

341 views • 31 slides
Instruction Set Architecture ( ISA ) 1 / 28 instructions 2 / 28 Instruction Set Architecture

Instruction Set Architecture ( ISA ) 1 / 28 instructions 2 / 28 Instruction Set Architecture

Instruction Set Architecture ( ISA ) 1 / 28 instructions 2 / 28 Instruction Set Architecture Also called (computer) architecture Implementation --&gt; actual realisation of ISA ISA can have multiple implementations ISA allows

825 views • 28 slides
A lthough architecture has be- Five core concepts and relationships metaphor for the design of

A lthough architecture has be- Five core concepts and relationships metaphor for the design of

S T A N D A R D S Software product lines, and product families in which software plays a substantial role in development, operation, or evolution. Architecture: WHAT IS AN ARCHITECTURE? Although defining architecture in the context of

314 views • 3 slides
HAMPTON MILLENNIAL VILLAGE . Who we are Architecture: Hampton University is a private

HAMPTON MILLENNIAL VILLAGE . Who we are Architecture: Hampton University is a private

The Millennial Village Team is made up of 5 architecture students and one electrical 4 th year Architecture 5 th year Architecture 4 th year Architecture Lead-advisor: engineering Prof. Laura Battaglia (Lead) Kobi Henson Ty Champion Amir

640 views • 35 slides
Wonders of Modern Architecture Oh, the wonders of modern architecture! The geniuses of

Wonders of Modern Architecture Oh, the wonders of modern architecture! The geniuses of

Wonders of Modern Architecture Oh, the wonders of modern architecture! The geniuses of architecture today continue to create design masterpieces that could make one proud of being a citizen of the 21st Century! Enjoy the beauty of these modern

832 views • 52 slides
Instruction Set Architecture Assembly Language View Computer Architecture: Instruction Set

Instruction Set Architecture Assembly Language View Computer Architecture: Instruction Set

Instruction Set Architecture Assembly Language View Computer Architecture: Instruction Set Processor state Application Program Registers, memory, Architecture Instructions Compiler OS addq , pushq , ret , How

239 views • 7 slides
Introduction to Software Architecture Reid Holmes Architecture Architecture is: All

Introduction to Software Architecture Reid Holmes Architecture Architecture is: All

Introduction to Software Architecture Reid Holmes Architecture Architecture is: All about communication. What parts are there? How do the parts fit together? Architecture is not: About development. About

392 views • 18 slides
From Requirements to Architecture Ana Moreira Software Architecture - Basics 1 Goals

From Requirements to Architecture Ana Moreira Software Architecture - Basics 1 Goals

From Requirements to Architecture Ana Moreira Software Architecture - Basics 1 Goals Understanding the importance of software architecture what is software architecture Discussing emerging issues in the transition from requirements to

521 views • 24 slides
CS184b: Computer Architecture [Single Threaded Architecture: abstractions, quantification, and

CS184b: Computer Architecture [Single Threaded Architecture: abstractions, quantification, and

CS184b: Computer Architecture [Single Threaded Architecture: abstractions, quantification, and optimizations] Day1: January 3, 2000 Architecture and overview Caltech CS184b Winter2001 -- DeHon 1 Today This Quarter What is

341 views • 15 slides
A New Golden Age for 1. Software advances can inspire architecture Computer Architecture:

A New Golden Age for 1. Software advances can inspire architecture Computer Architecture:

8/28/19 Lessons of last 50 years of Computer Architecture A New Golden Age for 1. Software advances can inspire architecture Computer Architecture: innovations 2. Raising the hardware/software interface creates History, Challenges, and

1.08k views • 14 slides
CMS Strip Readout Architecture for SLHC OUTLINE brief review of LHC strip readout architecture p

CMS Strip Readout Architecture for SLHC OUTLINE brief review of LHC strip readout architecture p

CMS Strip Readout Architecture for SLHC OUTLINE brief review of LHC strip readout architecture p proposed architecture for SLHC front end amplifier design in 130nm system architecture ideas system architecture ideas triggering possibilities

369 views • 24 slides
IMS based NGN IMS based NGN Architecture Architecture and its application and its application

IMS based NGN IMS based NGN Architecture Architecture and its application and its application

I nternational Telecom m unication Union ITU-T IMS based NGN IMS based NGN Architecture Architecture and its application and its application Dick Knight BT Group plc I TU-T W orkshop NGN and its Transport Netw orks Kobe, 2 0 -2 1

218 views • 17 slides
CE419 Session 11: Web Application Architecture Web Programming 1 What is architecture ? There

CE419 Session 11: Web Application Architecture Web Programming 1 What is architecture ? There

CE419 Session 11: Web Application Architecture Web Programming 1 What is architecture ? There are two common elements: One is the highest-level breakdown of a system into its parts; the other, decisions that are hard to change. 2

503 views • 26 slides
Wooden Architecture. Traditional Karelian Timber Architecture and Landscape Seventh Framework

Wooden Architecture. Traditional Karelian Timber Architecture and Landscape Seventh Framework

Wooden Architecture. Traditional Karelian Timber Architecture and Landscape Seventh Framework Programme Marie Curie Actions People International Research Staff Exchange Scheme Annex I Acronym: Wooden Architecture Proposal number:269185

361 views • 35 slides
Model-Driven Software Migration towards Service- Oriented Architectures Volker Riediger

Model-Driven Software Migration towards Service- Oriented Architectures Volker Riediger

Model-Driven Software Migration towards Service- Oriented Architectures Volker Riediger Institute for Software Technology University of Koblenz-Landau, Germany Coworkers: U. Erdmenger, U. Kaiser, D. Uhlig, Y. Zimmermann A. Herget, W. Teppe,

291 views • 16 slides
Personalizing Netflix with Streaming datasets Shriya Arora Senior Data Engineer Personalization

Personalizing Netflix with Streaming datasets Shriya Arora Senior Data Engineer Personalization

Personalizing Netflix with Streaming datasets Shriya Arora Senior Data Engineer Personalization Analytics @shriyarora What is this talk about ? Helping you decide if a streaming pipeline fits your ETL problem If it does, how to

427 views • 23 slides
Getting the Most Out of an ERP System Scott A. Holter, CPIM April 9, 2014 Presentation Outline

Getting the Most Out of an ERP System Scott A. Holter, CPIM April 9, 2014 Presentation Outline

The Entrepreneurs Edge Click to add headline Getting the Most Out of an ERP System Scott A. Holter, CPIM April 9, 2014 Presentation Outline Click to add headline Managing the Maintain, Upgrade, or Replace Dilemma for ERP Software

1.22k views • 106 slides
Web-based framework for exploration of LU/LC data Tomas Loukotka Gisat s.r.o. 2012 Outline

Web-based framework for exploration of LU/LC data Tomas Loukotka Gisat s.r.o. 2012 Outline

Web-based framework for exploration of LU/LC data Tomas Loukotka Gisat s.r.o. 2012 Outline Introduction Purpose and benefits of application Input data Projects Video presentation Technologies Other features

319 views • 13 slides
Developmental Disabilities Association Carly Charbonneau, Hana Haxhiavdija, Belinda Yip Where

Developmental Disabilities Association Carly Charbonneau, Hana Haxhiavdija, Belinda Yip Where

Developmental Disabilities Association Carly Charbonneau, Hana Haxhiavdija, Belinda Yip Where did we go? Developmental Disabilities Association (DDA) for adults in Vancouver 7208 Main Street - Adult Drop-in Centre. Community

505 views • 17 slides
Divide &amp; Conquer Why niching down your target demographic will help you save time, earn more,

Divide &amp; Conquer Why niching down your target demographic will help you save time, earn more,

Divide &amp; Conquer Why niching down your target demographic will help you save time, earn more, and dominate your market. By Jackson Bloore Who Is This Presentation For? Fitness Professionals NOT Fitness Hobbyists Want to make more money

503 views • 28 slides
Visualisations tridimensionnelles de donnes issues de simulations numriques trs haute

Visualisations tridimensionnelles de donnes issues de simulations numriques trs haute

Visualisations tridimensionnelles de donnes issues de simulations numriques trs haute rsolution en mcanique des fluides Patrick Bgou (LEGI/MoST) Patrick.Begou@legi.grenoble-inp.fr 30 novembre 2017 Patrick Bgou (LEGI/MoST)

528 views • 42 slides
Are We Really Cloud-Native? Bert Ertman Cloud-Native Computing What is Cloud-Native? answer:

Are We Really Cloud-Native? Bert Ertman Cloud-Native Computing What is Cloud-Native? answer:

Are We Really Cloud-Native? Bert Ertman Cloud-Native Computing What is Cloud-Native? answer: Blah blah blah Kubernetes! Kubernetes is the Greek god of spending money on cloud services - @QuinniPig About me: Java/Cloud

1.03k views • 67 slides

More recommend