Using Istio and Envoy for Edge Routing in Cloud Foundry Shubha - - PowerPoint PPT Presentation

using istio and envoy for edge routing in cloud foundry
SMART_READER_LITE
LIVE PREVIEW

Using Istio and Envoy for Edge Routing in Cloud Foundry Shubha - - PowerPoint PPT Presentation

Mar 02, 2024 465 likes •691 views

Using Istio and Envoy for Edge Routing in Cloud Foundry Shubha Anjur Tupil Product Manager, Pivotal Aaron Hurley Engineer, Pivotal Cloud Foundry is an Open Source Cloud Application Platform Integration friendly Any App Interoperable

slide-1
SLIDE 1

Using Istio and Envoy for Edge Routing in Cloud Foundry

Shubha Anjur Tupil

Product Manager, Pivotal

Aaron Hurley

Engineer, Pivotal

slide-2
SLIDE 2

Cloud Foundry is an … Open Source Cloud Application Platform

Interoperable Any App Integration friendly Services Marketplace IaaS Agnostic Proven at Scale

slide-3
SLIDE 3

What users expect from a platform?

Security

○ “mTLS everywhere” ○ Application Isolation ○ Policy configuration ○ App security ○ Secure app to app communication

slide-4
SLIDE 4

What users expect from a platform?

Resiliency

○ Backup and Disaster Recovery ○ Resiliency of control plane components

slide-5
SLIDE 5

What users expect from a platform?

High Availability

○ Availability Zones ○ Health Management for App Instances ○ Process monitoring ○ Resurrection for VMs

slide-6
SLIDE 6

What users expect from a platform?

Telemetry

○ Logging ○ Metrics

slide-7
SLIDE 7

Cloud Foundry and Kubernetes

Abstraction Layer Optimization Project & Community Application Productivity Unified Container Customizability Expansive

slide-8
SLIDE 8

Use cases (for Istio) in Cloud Foundry

Traffic Management Security Protocol Support Cross Platform Workloads Flexible L7 routing

  • Canary Releases
  • A/B Testing
  • Staged rollouts
  • HTTP Header

based routing

  • Regex match
  • HTTP/2
  • UDP
  • IPv6
  • gRPC
  • mTLS everywhere
  • Secure app to app

communication

  • k8s + CF

Granular Control

  • Per application

controls

  • Per route controls

Fault Tolerance

  • Circuit breaking
  • Timeouts
  • Retries
slide-9
SLIDE 9

Motivations for using Istio in Cloud Foundry

  • Community adoption
  • Delivering value to our users faster
  • Unified routing tier for K8s and non-K8s environments
  • Simplify Cloud Foundry Routing architecture
slide-10
SLIDE 10

CF Routing Data Plane

Load Balancer GoRouter App

Cloud Foundry (Private Cloud)

Load Balancer TCP Router App

*.apps.example.com tcp.apps.example.com

slide-11
SLIDE 11

CF Routing Control Plane

Diego BBS

Diego Cell

GoRouter Cloud Controller Route Emitter DB NATS

C C C C

... ...

DB

(non-durable)

TCP Router Routing API DB

Desired Workloads + routing metadata Desired & Actual Workloads + routing metadata HTTP Route Mappings HTTP Route Mappings TCP Route Mappings TCP Route Mappings

slide-12
SLIDE 12
  • Cleanup of Orchestration Layer
  • Unified Routing Tier
  • Removed NATS, Routing API (DB),

Route Emitter

CF Routing Control Plane (In Progress)

Diego BBS

Diego Cell

Envoy

(Gateway)

Cloud Controller Route Emitter DB

C C C C

... ...

DB

(non-durable) Desired Workloads + routing metadata Desired & Actual Workloads + routing metadata

Istio Pilot Copilot

URLs IP:Port xDS APIs Route Mappings

CF

slide-13
SLIDE 13
  • Envoy

○ v1.7 (latest) ○ gRPC ADS via Pilot ○ Gateway

apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: cloudfoundry-ingress spec: servers:

  • port:

name: http number: 80 protocol: http hosts:

  • "*"

Implementation Details

slide-14
SLIDE 14

Implementation Details

  • Istio Pilot Discovery Service

○ In-Memory Config Store ○ CF Service Registry ■ Co-pilot Snapshotter

slide-15
SLIDE 15

Implementation Details

  • Co-pilot

○ Interfaces with CF components ■ gRPC - Cloud Controller (URLs) ■ HTTP stream - Diego BBS (IP:Port) ○ gRPC - Pilot (Route Mappings)

  • Mesh Config Protocol (TBD)
slide-16
SLIDE 16

Challenges

  • Young project that moves quickly
  • Istio built with Kubernetes in mind
  • How should Istio functionality be exposed to Cloud Foundry users?
slide-17
SLIDE 17

Weighted Routing Example (Istio)

reviews.yaml apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: creationTimestamp: null name: reviews namespace: default resourceVersion: "1999" spec: hosts:

  • reviews

http:

  • route:
  • destination:

host: reviews subset: v1 weight: 90

  • destination:

host: reviews subset: v2 weight: 10

$ istioctl create -f reviews.yaml

Envoy reviews v1 reviews v2 90% 10%

slide-18
SLIDE 18

Weighted Routing Example (CF app manifest)

$ cf push -f reviews.yaml

Envoy reviews v1 reviews v2 90% 10%

reviews.yaml applications:

  • name: reviews-v1

path: ./v1/

  • name: reviews-v2

path: ./v2/ routes:

  • route: reviews.example.com

destinations:

  • name: reviews-v1

weight: 90

  • name: reviews-v2

weight: 10

slide-19
SLIDE 19

Weighted Routing Example (CF CLI)

$ cf update-route reviews-v1 example.com --hostname reviews --weight 90 $ cf update-route reviews-v2 example.com --hostname reviews --weight 10

Envoy reviews v1 reviews v2 90% 10%

slide-20
SLIDE 20

Wins:

  • Istio Gateway work
  • Basic HTTP Routing through Envoy in CF
  • CF e2e Test in Pilot

Currently focused on:

  • Mesh Config Protocol
  • Scaling of Control Plane

We’re on our way...

slide-21
SLIDE 21

We love feedback!

○ Try out Cloud Foundry! ○ github.com/cloudfoundry/istio-release ○ How are you leveraging Istio?

#istio in cloudfoundry.slack.com sanjurtupil@pivotal.io (Shubha) ahurley@pivotal.io (Aaron)

slide-22
SLIDE 22

Resources

  • Get Started with Cloud Foundry
  • istio-release (BOSH release)
  • CF Weighted Routing Proposal
  • CF/Istio Proposal
  • CF/Istio Technical Design Doc
  • Mesh Config APIs / Protocol
  • routing-release (BOSH release)
  • CF Routing Team Backlog