service mesh from the ground up
play

Service Mesh from the Ground Up: How Istio Can Transform Your - PowerPoint PPT Presentation

Aug 12, 2023 •506 likes •1.86k views

Service Mesh from the Ground Up: How Istio Can Transform Your Organization Megan O'Keefe Hello! I'm a Developer Relations Engineer at Google Cloud. I help make Google's products easy to adopt and use. I test-drive new features,

  1. Node Node TLS certs Agent Agent to proxies via Secrets Service A Service B Proxy Proxy Proxy Policy checks and telemetry Discovery & config TLS certs Mixer data to proxies to node agents Pilot Galley Citadel Mesh config to control plane YAML Injector Istio Control Plane Sidecar configuration to Pods

  2. Node Node TLS certs Agent Agent to proxies via Secrets Service A Service B Proxy Proxy Proxy Policy checks and telemetry Discovery & config TLS certs Mixer data to proxies to node agents Pilot Galley Citadel Mesh config to control plane YAML Ingress Ingress Traffic Gateway Injector Istio Control Plane Sidecar configuration to Pods

  3. Installing Istio

  5. dev us-east1-b

  6. dev us-east1-b Mixer Pilot Galley Citadel Ingress Gateway Injector Istio Control Plane

  7. AdService dev EmailService us-east1-b CartService PaymentService CheckoutService Frontend Redis ShippingService CurrencyService Recommendation ProductCatalog Service Service Mixer Pilot Galley Citadel Ingress Gateway Injector Istio Control Plane

  8. dev AdService EmailService us-east1-b CartService PaymentService CheckoutService Frontend Redis ShippingService CurrencyService Recommendation ProductCatalog Service Service Mixer Pilot Galley Citadel Ingress Ingress Traffic Gateway Injector Istio Control Plane

  9. Demo

  10. Questions? ⛵

  11. Observability

  12. Observability is a measure of how well internal states of a system can be inferred from knowledge of its external outputs .

  13. Istio Observability Features Service graph - track dependencies at runtime Bird’s eye view of service behavior for issue triage, reduce time to detect and fjx outages Automatically collects the "golden signals" for every service - latency , error rate , throughput Set, monitor and enforce Service-Level Objectives (SLOs) Tracing : track a request from end to end, across service boundaries

  14. Demo

  15. Security

  16. Moving from VMs to Kubernetes introduces new security challenges.

  17. Viruual Machines Kubernetes Isolation at the host level Containers share a host (Node) Workloads allocated to hosts Nodes work as one viruual host Workloads share OS, dependencies Containers have own dependencies Stable host IPs Ephemeral Pod IPs May run in a trusted , on-prem May run in a cloud environment environment

  18. Istio - Security Automatically secure your services through managed authentication, authorization, and encryption of communication between services. Traffjc encryption Service auth Auditing controls Access policies

  19. Demo: Mutual TLS

  20. Node Node TLS certs Agent Agent to proxies via Secrets Service A Service B Proxy Proxy Proxy Policy checks and telemetry Discovery & config TLS certs Mixer data to proxies to node agents Pilot Galley Citadel Mesh config to control plane YAML Injector Istio Control Plane Sidecar configuration to Pods

  21. MeshPolicy apiVersion: "authentication.istio.io/v1alpha1" kind: "MeshPolicy" metadata: name: "default" spec: peers: - mtls: {}

  22. DestinationRule apiVersion: "networking.istio.io/v1alpha3" kind: "DestinationRule" metadata: name: "default" namespace: "istio-system" spec: host: "*.local" trafficPolicy: tls: mode: ISTIO_MUTUAL

  23. Demo: Authorization

  24. Node Node TLS certs Agent Agent to proxies via Secrets Service A Service B Proxy Proxy Proxy Policy checks and telemetry Discovery & config TLS certs Mixer data to proxies to node agents Pilot Galley Citadel Mesh config to control plane YAML Injector Istio Control Plane Sidecar configuration to Pods

  25. AuthorizationPolicy apiVersion: "security.istio.io/v1beta1" kind: "AuthorizationPolicy" metadata: name: "currency-policy" namespace: default spec: selector: matchLabels: app: currencyservice rules: - from: - source: principals: ["cluster.local/ns/default/sa/frontend-sa"]

  26. Questions?

  27. DevOps

  28. DevOps is an organizational and cultural movement that aims to increase sofuware delivery velocity , improve service reliability , and build shared ownership among sofuware stakeholders. cloud.google.com/devops

  29. What is DevOps? release deploy n plan g i s e d OPS DEV monitor e build t a r t e s p e t o

  30. DevOps is an organizational and cultural movement that aims to increase sofuware delivery velocity , improve service reliability , and build shared ownership among sofuware stakeholders. cloud.google.com/devops

  31. DevOps with Istio Velocity: safe rollouts with traffjc splituing. deprecate legacy services with redirects. accelerate the customer feedback loop with A/B testing. Reliability: set SLOs and alerus on generated metrics. use circuit breaking and fault injection to harden services. Shared ownership: declarative traffjc/security policies in a shared Git repo. scope Istio policies at the namespace level.

  32. Istio - Traffjc Management VirtualService , Gateway , Traffjc splituing Traffjc steering Fault injection DestinationRule , and ServiceEntry Circuit breaking Egress control

  33. VirtualService apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: frontend spec: hosts: - "frontend.default.svc.cluster.local" http: - route: - destination: host: frontend

  34. Gateway apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: frontend-gateway spec: selector: istio: ingressgateway servers: - port: number: 80 name: http protocol: HTTP hosts: - "*"

  35. DestinationRule apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: frontend spec: host: frontend.default.svc.cluster.local subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2

  36. Kubernetes Deployment Pods Pods

  37. Kubernetes Service Kubernetes Deployment Pods Pods

  38. Kubernetes Service Kubernetes Deployment Kubernetes Deployment Pods Pods v1 v2

  39. Kubernetes Service DestinationRule Pods Pods v1 v2

  40. VirtualService Kubernetes Service DestinationRule Pods Pods v1 v2

  41. VirtualService VirtualService Kubernetes Service Kubernetes Service DestinationRule DestinationRule Pods Pods Pods Pods v1 v2 v1 v2

  42. Gateway VirtualService VirtualService Kubernetes Service Kubernetes Service DestinationRule DestinationRule Pods Pods Pods Pods v1 v2 v1 v2

  43. release deploy n plan g i s e d OPS DEV monitor e build t a r t e s p e t o

  44. release deploy n plan g i s e d OPS DEV monitor e build t a r t e s p e t o

  45. Demo: Service Redirect

  46. Service Redirect Scenario - we've moved to a faster payments Frontend payments service, coolcash. We want to deprecate paymentservice paymentservice:80 and redirect calls to coolcash. coolcash

  47. release deploy n plan g i s e d OPS DEV monitor e build t a r t e s p e t o

  48. Demo: Canary Deployment

Recommend

A Service Mesh Is Easy To Swallow In Small Pieces Andrew Jenkins Eng Lead, Aspen Mesh

A Service Mesh Is Easy To Swallow In Small Pieces Andrew Jenkins Eng Lead, Aspen Mesh

A Service Mesh Is Easy To Swallow In Small Pieces Andrew Jenkins Eng Lead, Aspen Mesh @notthatjenkins Why Should I Use A Service Mesh? Managing Microservices Without a Service Mesh Python Node.js Java Flask http.createServer Spring

412 views • 29 slides
Learning 3D object models from 2D images Cropped Input Image Predicted Mesh Generated Ground

Learning 3D object models from 2D images Cropped Input Image Predicted Mesh Generated Ground

Learning 3D object models from 2D images Cropped Input Image Predicted Mesh Generated Ground Truth Predicted Landmarks Mesh Loss Latent Spatial Mesh Convolutional ResNet-50 Vector Decoder Iterative Model Fitting Learning from Imperfect

964 views • 69 slides
Service Mess to Service Mesh Observe. Control. Secure. Rob Richardson Technical Evangelist,

Service Mess to Service Mesh Observe. Control. Secure. Rob Richardson Technical Evangelist,

Service Mess to Service Mesh Observe. Control. Secure. Rob Richardson Technical Evangelist, MemSQL Kavya Pearlman Cybersecurity Strategist, Wallarm https://www.shutterstock.com/image-photo/ca r-technology-autonomous-self-driving-concep

306 views • 26 slides
The Service Mesh Its About the Traffic Oliver Gould @olix0r Oliver Gould Photo Goes Here

The Service Mesh Its About the Traffic Oliver Gould @olix0r Oliver Gould Photo Goes Here

The Service Mesh Its About the Traffic Oliver Gould @olix0r Oliver Gould Photo Goes Here Linkerd Lead; Buoyant CTO @olix0r @olix0r @olix0r Nov 9, 2016 QConSF Agenda Why Does Linkerd Exist? The Trough of Service Mesh

525 views • 34 slides
Mesh Networks | Hacking The T3lc0 Model http://arig.org.il What's a Mesh Anyway ? Mesh =

Mesh Networks | Hacking The T3lc0 Model http://arig.org.il What's a Mesh Anyway ? Mesh =

Mesh Networks | Hacking The T3lc0 Model http://arig.org.il What's a Mesh Anyway ? Mesh = topology. anything not a star / bus / ring / tree Nodes = routers, smart phones, cars anything wi-fi enabled Links = wireless connections

516 views • 25 slides
Mesh Basics Mesh Basics 1 Spring 2010 Definitions: Definitions: 1/2 Definitions:

Mesh Basics Mesh Basics 1 Spring 2010 Definitions: Definitions: 1/2 Definitions:

Mesh Basics Mesh Basics 1 Spring 2010 Definitions: Definitions: 1/2 Definitions: Definitions: 1/2 1/2 1/2 A polygonal mesh consists of three kinds of mesh elements : vertices, edges, and faces. The information describing the mesh

781 views • 45 slides
Service Mesh sh Interface Brendan Burns QCon New York 2019 This Photoby Unknown Author is

Service Mesh sh Interface Brendan Burns QCon New York 2019 This Photoby Unknown Author is

Service Mesh sh Interface Brendan Burns QCon New York 2019 This Photoby Unknown Author is licensed under CC BY-SA The e Service ice Me Mesh Landsc scape This Photoby Unknown Author is licensed under CC BY-NC-ND The problem for users

448 views • 34 slides
Ground: A Data Context Service Joe Hellerstein, Vikram Sreekanti, Joey Gonzalez, et al . CIDR 2017

Ground: A Data Context Service Joe Hellerstein, Vikram Sreekanti, Joey Gonzalez, et al . CIDR 2017

Ground: A Data Context Service Joe Hellerstein, Vikram Sreekanti, Joey Gonzalez, et al . CIDR 2017 https:/ /github.com/ground-context/ground ground Open Source Big Data Community Health Long-term Data L Data Analysis Data Wrangling I A

566 views • 34 slides
What Makes for a Good Mesh? CS101 Meshing Winter 2007 1 Mesh Quality What makes a mesh

What Makes for a Good Mesh? CS101 Meshing Winter 2007 1 Mesh Quality What makes a mesh

What Makes for a Good Mesh? CS101 Meshing Winter 2007 1 Mesh Quality What makes a mesh good? application dependent some general principles PL approximation (triangles/tets) faithful to geometry values gradients

307 views • 11 slides
What is a mesh network? A mesh network is created when many devices have established

What is a mesh network? A mesh network is created when many devices have established

What is a mesh network? A mesh network is created when many devices have established communication between them in more than one way. Any device with an appropriate wireless node can participate in a mesh network. Initialising

140 views • 12 slides
Increasing Delivery Velocity with a Service Mesh at Indeed Joshua Shanks Senior Software

Increasing Delivery Velocity with a Service Mesh at Indeed Joshua Shanks Senior Software

Increasing Delivery Velocity with a Service Mesh at Indeed Joshua Shanks Senior Software Engineer, Indeed Indeed is the #1 job site worldwide what where Software Engineer Seattle, WA Find Jobs 60 countries 30 languages 200M unique visitors

870 views • 69 slides
Automated Canaries with Prometheus, Kubernetes and Service Mesh Bryan Boreham

Automated Canaries with Prometheus, Kubernetes and Service Mesh Bryan Boreham

Automated Canaries with Prometheus, Kubernetes and Service Mesh Bryan Boreham @bboreham https://weave.works @weaveworks 1 Canary Deployment Stages https://github.com/weaveworks/flagger Thank You! Weaveworks

301 views • 5 slides
A look into mesh density IN THIS WEBINAR: PRESENTED BY: Mesh refinement Andrew Nelson

A look into mesh density IN THIS WEBINAR: PRESENTED BY: Mesh refinement Andrew Nelson

Accuracy vs. Speed A look into mesh density IN THIS WEBINAR: PRESENTED BY: Mesh refinement Andrew Nelson Discussing higher order elements Stress Engineer Examining analytical error and Structural Design and Analysis

205 views • 9 slides
13 Mesh Animation Steve Marschner CS5625 Spring 2020 Basic surface deformation methods Blend

13 Mesh Animation Steve Marschner CS5625 Spring 2020 Basic surface deformation methods Blend

13 Mesh Animation Steve Marschner CS5625 Spring 2020 Basic surface deformation methods Blend shapes: make a mesh by combining several meshes Mesh skinning: deform a mesh based on an underlying skeleton Both use simple linear algebra Easy to

559 views • 17 slides
05 Mesh Animation Steve Marschner CS5625 Spring 2019 Basic surface deformation methods Blend

05 Mesh Animation Steve Marschner CS5625 Spring 2019 Basic surface deformation methods Blend

05 Mesh Animation Steve Marschner CS5625 Spring 2019 Basic surface deformation methods Blend shapes: make a mesh by combining several meshes Mesh skinning: deform a mesh based on an underlying skeleton Both use simple linear algebra Easy to

348 views • 15 slides
CREATIVE FREEDOM FOR COMPUTATIONAL MESH GENERATION IN DEAL.II Nicola Giuliani , Luca Heltai

CREATIVE FREEDOM FOR COMPUTATIONAL MESH GENERATION IN DEAL.II Nicola Giuliani , Luca Heltai

CREATIVE FREEDOM FOR COMPUTATIONAL MESH GENERATION IN DEAL.II Nicola Giuliani , Luca Heltai (ngiuliani@sissa.it) Sixth deal.II Users and Developers Workshop MESH GENERATION Mesh generation a secret of the darkest arts An accurate mesh

500 views • 20 slides
W ir eless Mesh Netw or k W ir eless Mesh Netw or k Technical Overview Technical Overview Danny

W ir eless Mesh Netw or k W ir eless Mesh Netw or k Technical Overview Technical Overview Danny

W ir eless Mesh Netw or k W ir eless Mesh Netw or k Technical Overview Technical Overview Danny Ng mailto:danng@nortelnetworks.com What is a Wireless Mesh Network ? What is a Wireless Mesh Network ? Traditional WLAN Architecture Access

511 views • 16 slides
Lyft's Envoy: Embracing a Service Mesh Matt Klein / @mattklein123, Software Engineer @Lyft

Lyft's Envoy: Embracing a Service Mesh Matt Klein / @mattklein123, Software Engineer @Lyft

Lyft's Envoy: Embracing a Service Mesh Matt Klein / @mattklein123, Software Engineer @Lyft @mattklein123 Lyft ~5 years ago PHP / Apache Internet Clients AWS ELB monolith MongoDB Simple! No microservices! ( but still not that simple )

538 views • 22 slides
Mesh Compression Mesh Compression Connectivity: Often, triangulated graph CS101 - Meshing

Mesh Compression Mesh Compression Connectivity: Often, triangulated graph CS101 - Meshing

Triangle Meshes Two main parts: Mesh Compression Mesh Compression Connectivity: Often, triangulated graph CS101 - Meshing Sometimes, polygons 3-connected graphs Geometry: Positions in space CS101b - Meshing 2 Basic

781 views • 20 slides
Smart Networking with Service Meshes aka What is this Service Mesh hype about? Anubhav

Smart Networking with Service Meshes aka What is this Service Mesh hype about? Anubhav

Smart Networking with Service Meshes aka What is this Service Mesh hype about? Anubhav Mishra Developer Advocate, HashiCorp @anubhavm Anubhav Mishra Developer Advocate, HashiCorp @anubhavm Atlan&s Anubhav Mishra Developer

2.07k views • 196 slides
Overview of Unstructured Mesh Generation Methods Structured Meshes local mesh points and

Overview of Unstructured Mesh Generation Methods Structured Meshes local mesh points and

Overview of Unstructured Mesh Generation Methods Structured Meshes local mesh points and cells do not depend on their position but are defined by a general rule. Lead to very efficient algorithms and storage. High quality for

982 views • 75 slides
Mesh Models (Chapter 8) 1. Overview of Mesh and Related models. a. Diameter: The linear

Mesh Models (Chapter 8) 1. Overview of Mesh and Related models. a. Diameter: The linear

Mesh Models (Chapter 8) 1. Overview of Mesh and Related models. a. Diameter: The linear array is O n , which is large. The mesh as diameter O n , which is significantly smaller. b. The size of the diameter is

601 views • 27 slides
Photon Detector Consor-um Weekly Mee-ng January 15, 2019 Dave Warner Outline APA ground

Photon Detector Consor-um Weekly Mee-ng January 15, 2019 Dave Warner Outline APA ground

Photon Detector Consor-um Weekly Mee-ng January 15, 2019 Dave Warner Outline APA ground screen connec-ons Integra-on/installa-on discussions Implica-ons for PD produc-on Upcoming Technical Milestones Mesh Panel Fixing (4

467 views • 14 slides
Solucionando Problemas de Microsservios com Service Mesh: Istio e Envoy Edson Yanaga (@yanaga)

Solucionando Problemas de Microsservios com Service Mesh: Istio e Envoy Edson Yanaga (@yanaga)

Solucionando Problemas de Microsservios com Service Mesh: Istio e Envoy Edson Yanaga (@yanaga) bit.ly/istio-tutorial @yanaga - bit.ly/istio-intro 1 @yanaga Edson Yanaga Raffle Rules @yanaga - Follow: - With a picture of the session -

1.16k views • 84 slides

More recommend