Trac Routing with Istio on Oracle Cloud Slides: - - PowerPoint PPT Presentation

tra c routing with istio on oracle cloud
SMART_READER_LITE
LIVE PREVIEW

Trac Routing with Istio on Oracle Cloud Slides: - - PowerPoint PPT Presentation

Aug 04, 2023 483 likes •919 views

Trac Routing with Istio on Oracle Cloud Slides: https://slides.peterj.dev @pjausovec 1 / 43 Safe Harbor The following is intended to outline our general product direction. It is intended for information purposes only, and may not be

slide-1
SLIDE 1

Trac Routing with Istio on Oracle Cloud

Slides: https://slides.peterj.dev

@pjausovec

1 / 43

slide-2
SLIDE 2

Safe Harbor

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, coe, or functionality, and should not be relied upon in making purchasing decisions. The development, release, timing, and princing of any features

  • r functionality described for Oracle's products may change and remains at the sole

discretion of Oracle Corporation. Statements in this presentation relating to Oracle's future plans, expectations, beliefts, intentions and prospects are "forward-looking statements" and are subject to material risks and uncertainties. A detailed discussion of these factors and other risks that aect our business is contained in Oracle's Securities and Exchange Commission (SEC) lings, including

  • ur most recent reports on Form 10-K and Form 10-Q under the heading "Risk Factors."

These lings are available on the SEC's website or on Oracle's website at http://www.oracle.com/investor. All information in this presentation is current as of September 2019 and Oracle undertakes no duty to update any statement in light of new information or future events.

slide-3
SLIDE 3

Introduction

I am Peter (@pjausovec) Software Engineer at Oracle Working on "cloud-native" stu Books: Cloud Native: Using Containers, Functions, and Data to Build Next-Gen Apps SharePoint Development VSTO For Dummies Courses: Kubernetes Course (https://startkubernetes.com) Istio Service Mesh Course (https://learnistio.com)

3 / 43

slide-4
SLIDE 4

Docker?

@pjausovec

4 / 43

slide-5
SLIDE 5

Kubernetes?

@pjausovec

5 / 43

slide-6
SLIDE 6

Service Mesh

@pjausovec

6 / 43

slide-7
SLIDE 7

Dedicated infrastructure layer to connect connect connect connect connect, manage manage manage manage manage, and secure secure secure secure secure workloads by managing the communication between them

@pjausovec

7 / 43

slide-8
SLIDE 8

Istio service mesh

Open source service mesh Google, IBM, Lyft Well-dened API Can be deployed on-premise, in the cloud Kubernetes Mesos

@pjausovec

8 / 43

slide-9
SLIDE 9

@pjausovec

9 / 43

slide-10
SLIDE 10

@pjausovec

10 / 43

slide-11
SLIDE 11

@pjausovec

11 / 43

slide-12
SLIDE 12

@pjausovec

12 / 43

slide-13
SLIDE 13

Source: https://barkpost.com/cute/sidecar-dogs/ 13 / 43

slide-14
SLIDE 14

Service Mesh - Architecture

Data plane (proxies) Run next to each service instance (or one per host) Istio uses Envoy proxy Intercept all incoming/outgoing requests (iptables) Congure on how to handle trac Emits metric Control plane Validates rules Translates high-level rules to proxy conguration Updates the proxies/conguration Collects metrics from proxies

@pjausovec

14 / 43

slide-15
SLIDE 15

Service Mesh - Features

Connect Layer 7 routing and trac management %-based trac split (URIs, header, scheme, method, ...) Circuit breakers, timeouts and retries Manage Telemetry (proxies collect metrics automatically -> tools: Grafana, Jaeger, Kiali) Visibility into service communication without code changes Secure Secure communication between services (mutual TLS) Identity + cert for each service

@pjausovec

15 / 43

slide-16
SLIDE 16

@pjausovec

16 / 43

slide-17
SLIDE 17

Trac Management

@pjausovec

17 / 43

slide-18
SLIDE 18

@pjausovec

18 / 43

slide-19
SLIDE 19

@pjausovec

19 / 43

slide-20
SLIDE 20

@pjausovec

20 / 43

slide-21
SLIDE 21

Trac Management Scenarios

Canary "5% of the trac should go to v2 and 95% of the trac to v1" A/B tests "Is User-Agent header == Firefox, direct trac to v2 version" "Any requests to URL /api/user should be redirected to /api/v1/user" "All GET requests to /api/v2 all POST requests to /api/v1" ...

@pjausovec

21 / 43

slide-22
SLIDE 22

Trac Management Scenarios

Ingress Gateway Route domains/subdomains to dierent services https://hello.example.com → hello-svc https://blog.example.com → blog-svc https://other-domain.com → some-service Egress Gateway/Service Entry Control outgoing trac/external services Mirroring/Shadowing Duplicate incoming requests and send them to dierent service

@pjausovec

22 / 43

slide-23
SLIDE 23

Service Mesh - Istio

Trac Management Resources Gateway VirtualService DestinationRule ServiceEntry Sidecar

@pjausovec

23 / 43

slide-24
SLIDE 24

Service Mesh - Virtual Service

1 apiVersion: networking.istio.io/v1alpha3 2 kind: VirtualService 3 metadata: 4 name: serviceb-vs 5 spec: 6 hosts: 7 - service-b.default.svc.cluster.local 8 http: 9 - route: 10 - destination: 11 host: service-b.default.svc.cluster.local 12 subset: v1 13 weight: 98 14 - destination: 15 host: service-b.default.svc.cluster.local 16 subset: v2 17 weight: 2

@pjausovec

24 / 43

slide-25
SLIDE 25

Service Mesh - Destination Rule

apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: serviceb-dr spec: host: service-b.default.svc.cluster.local subsets:

  • name: v1

labels: version: v1

  • name: v2

labels: version: v2 trafficPolicy: tls: mode: ISTIO_MUTUAL

@pjausovec

25 / 43

slide-26
SLIDE 26

@pjausovec

26 / 43

slide-27
SLIDE 27

@pjausovec

27 / 43

slide-28
SLIDE 28

Destination rule

1 apiVersion: networking.istio.io/v1alpha3 2 kind: DestinationRule 3 metadata: 4 name: serviceb-dr 5 spec: 6 host: service-b.default.svc.cluster.local 7 subsets: 8 - name: v1 9 labels: 10 version: v1 11 - name: v2 12 labels: 13 version: v2

@pjausovec

28 / 43

slide-29
SLIDE 29

Virtual service

1 ... 2 http: 3 - route: 4 - destination: 5 host: service-b.default.svc.cluster.local 6 subset: v1 7 weight: 30

@pjausovec

29 / 43

slide-30
SLIDE 30

@pjausovec

30 / 43

slide-31
SLIDE 31

@pjausovec

31 / 43

slide-32
SLIDE 32

@pjausovec

32 / 43

slide-33
SLIDE 33

Service Mesh - Service Entry

1 apiVersion: networking.istio.io/v1alpha3 2 kind: ServiceEntry 3 metadata: 4 name: movie-db 5 spec: 6 hosts: 7 - api.themoviedb.org 8 ports: 9 - number: 443 10 name: https 11 protocol: HTTPS 12 resolution: DNS 13 location: MESH_EXTERNAL

@pjausovec

33 / 43

slide-34
SLIDE 34

Service Mesh - Gateway

1 apiVersion: networking.istio.io/v1alpha3 2 kind: Gateway 3 metadata: 4 name: gateway 5 spec: 6 selector: 7 istio: ingressgateway 8 servers: 9 - port: 10 number: 80 11 name: http 12 protocol: HTTP 13 hosts: 14 - "hello.example.com"

@pjausovec

34 / 43

slide-35
SLIDE 35

@pjausovec

35 / 43

slide-36
SLIDE 36

@pjausovec

36 / 43

slide-37
SLIDE 37

@pjausovec

37 / 43

slide-38
SLIDE 38

@pjausovec

38 / 43

slide-39
SLIDE 39

Service Mesh - Sidecar

1 apiVersion: networking.istio.io/v1alpha3 2 kind: Sidecar 3 metadata: 4 name: default 5 namespace: prod-us-west-1 6 spec: 7 egress: 8 - hosts: 9 - 'prod-us-west-1/*' 10 - 'prod-apis/*' 11 - 'istio-system/*'

@pjausovec

39 / 43

slide-40
SLIDE 40

@pjausovec

40 / 43

slide-41
SLIDE 41

Resources

Kubernetes on Oracle Cloud (OKE) - (https://cloud.oracle.com) Kubernetes - (https://kubernetes.io) Istio - (https://istio.io) Oracle Microservices Example MuShop - https://github.com/oracle-quickstart/oci-cloudnative

@pjausovec

41 / 43

slide-42
SLIDE 42

Thank you

Slides: https://slides.peterj.dev Contact @pjausovec https://peterj.dev

@pjausovec

42 / 43

slide-43
SLIDE 43

Table of Contents

Introduction Service Mesh Trac Management Resources

@pjausovec

43 / 43