the architecture along the way
play

& the architecture along the way! @mt165 mt165.co.uk The life - PowerPoint PPT Presentation

Apr 21, 2023 •242 likes •756 views

QCon London March 2019 & the architecture along the way! @mt165 mt165.co.uk The life of a packet through Istio @mt165 Objectives Learn how a packet traverses an Istio/Envoy/Kubernetes system See what control plane calls are made in that

  1. QCon London March 2019 & the architecture along the way! @mt165 mt165.co.uk

  2. The life of a packet through Istio @mt165 Objectives Learn how a packet traverses an Istio/Envoy/Kubernetes system See what control plane calls are made in that process Build a useful mental model for reasoning about, and debugging Istio

  3. The life of a packet through Istio @mt165 Prerequisites Basic networking knowledge Intermediate Kubernetes knowledge An understanding of what Istio is and does

  4. The life of a packet through Istio @mt165 Outline ● Context and Introduction ● Networking and Containers ● Pilot and Routing ● Mixer and Policy ● Citadel and mTLS

  5. The life of a packet through Istio @mt165 Context and Introduction

  6. The life of a packet through Istio @mt165 Why?

  7. The life of a packet through Istio @mt165

  8. The life of a packet through Istio @mt165

  9. The life of a packet through Istio @mt165 Istio “An open platform to connect , secure , control , and observe services.”

  10. The life of a packet through Istio @mt165 Networking and Containers

  11. The life of a packet through Istio @mt165 Ingress Service A

  12. The life of a packet through Istio @mt165 Cluster IP Cluster IP Node Envoy port Envoy *.example.com Envoy Envoy Load Service A Ingress Balancer

  13. The life of a packet through Istio @mt165 Service A

  14. The life of a packet through Istio @mt165 Envoy SvcA Service A

  15. The life of a packet through Istio @mt165 “Containers” nginx nginx supervisord mnt uts pid user ipc net

  16. The life of a packet through Istio @mt165 Kubernetes Pods nginx logger nginx fluentd supervisord mnt mnt uts uts pid user ipc net

  17. The life of a packet through Istio @mt165 Kubernetes Pods iptables nginx logger routes 192.168.0.42 eth0 nginx fluentd lo supervisord mnt mnt sockets uts uts pid user ipc net

  18. The life of a packet through Istio @mt165 Kubernetes Pods iptables nginx logger routes 192.168.0.42 eth0 :8080/tcp nginx fluentd lo supervisord mnt mnt sockets uts uts pid user ipc net

  19. The life of a packet through Istio @mt165 Kubernetes Pods iptables nginx proxy routes 192.168.0.42 eth0 :8080/tcp nginx envoy lo supervisord mnt mnt sockets uts uts pid user ipc net

  20. The life of a packet through Istio @mt165 Sidecar Injection iptables routes 192.168.0.42 eth0 lo sockets pid user ipc net

  21. The life of a packet through Istio @mt165 Sidecar Injection iptables routes 192.168.0.42 alpine sysctl -w kernel.core_pattern=... eth0 lo sockets pid user ipc net

  22. The life of a packet through Istio @mt165 Sidecar Injection iptables routes 192.168.0.42 istio/proxy_init /usr/local/bin/prepare_proxy.sh -p 15001 -u 1337 eth0 lo sockets pid user ipc net

  23. The life of a packet through Istio @mt165 Sidecar Injection iptables nginx istio/proxy routes 192.168.0.42 eth0 nginx envoy lo :15001/tcp mnt mnt sockets uts uts pid user ipc net

  24. The life of a packet through Istio @mt165 Envoy SvcA Service A

  25. The life of a packet through Istio @mt165 Pilot and Routing

  26. The life of a packet through Istio @mt165 ? ? Envoy SvcA ? Service A

  27. The life of a packet through Istio @mt165 Services $ kubectl get service -o wide service-b NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR service-b ClusterIP 10.98.84.169 <none> 80/TCP 90s app=service-b

  28. The life of a packet through Istio @mt165 Service DNS exposure $ dig service-b.default.svc.cluster.local. ;; ANSWER SECTION: service-b.default.svc.cluster.local. 5 IN A 10.98.84.169

  29. The life of a packet through Istio @mt165 Pods $ kubectl get pods -o wide | grep service-b service-b-644856485c-4rk88 1/1 Running 0 7m46s 10.32.0.4 kind-1-control-plane <none> service-b-644856485c-dc2zv 1/1 Running 0 7m46s 10.32.0.6 kind-1-control-plane <none> service-b-644856485c-gr75k 1/1 Running 0 7m46s 10.32.0.5 kind-1-control-plane <none>

  30. The life of a packet through Istio @mt165 Endpoints $ kubectl get endpoints service-b NAME ENDPOINTS AGE service-b 10.32.0.4:8080,10.32.0.5:8080,10.32.0.6:8080 8m55s

  31. The life of a packet through Istio @mt165 Endpoints $ kubectl get endpoints service-b -o yaml ... subsets: - addresses: - ip: 10.32.0.4 nodeName: kind-1-control-plane targetRef: kind: Pod … ports: - name: http port: 8080 protocol: TCP

  32. The life of a packet through Istio @mt165 Control Plane API Pilot Config to Envoys Envoy SvcA Service A

  33. The life of a packet through Istio @mt165 k8s consul zk Control Plane API Pilot Config to Envoys Data plane API Envoy SvcA Service A

  34. The life of a packet through Istio @mt165 Pilot ● Ingress Routing ● Traffic Mirroring ● Traffic Shifting ● Canary Deployments ● Circuit Breaking ● Fault Injection

  35. The life of a packet through Istio @mt165 Mixer and Policy

  36. The life of a packet through Istio @mt165 Control Plane API Pilot Config to Envoys Envoy SvcA Service A Service B

  37. The life of a packet through Istio @mt165 Control Plane API Mixer Pilot Config to Envoys Policy checks, Telemetry Envoy Envoy SvcA SvcB Service A Service B

  38. The life of a packet through Istio @mt165 IP 5-tuple (src_addr, src_port, dst_addr, dst_port, proto)

  39. The life of a packet through Istio @mt165 IP Router Architecture BGP OSPF ARP STP CONTROL PLANE Router Information Base DATA PLANE Forwarding User process Information Base Kernel module Interrupt

  40. The life of a packet through Istio @mt165 IP Router Architecture BGP OSPF ARP STP CONTROL PLANE Router Information PILOT Base DATA PLANE Forwarding User process MIXER Information Base Kernel module ENVOY Interrupt

  41. The life of a packet through Istio @mt165 Control Plane API Pilot Config to REPORT Envoys prom ES Mixer Mixer fat client Mixer fat client Envoy Envoy RBAC Rate SvcA SvcB limit CHECK Service A Service B

  42. The life of a packet through Istio @mt165 Mixer ● Check ○ ACLs / Authorization ○ Rate Limiting ● Report ○ Logs ○ Metrics ○ Tracing

  43. The life of a packet through Istio @mt165 Control Plane API Mixer Pilot Config to Envoys Policy checks, Telemetry Envoy Envoy SvcA SvcB Service A Service B

  44. The life of a packet through Istio @mt165 Control Plane API Mixer Citadel Pilot Config to TLS certs Envoys to Envoys Policy checks, Telemetry Envoy Envoy SvcA SvcB Service A Service B

  45. The life of a packet through Istio @mt165 Control Plane API Mixer Citadel Pilot Config to TLS certs Envoys to Envoys Policy checks, Telemetry Envoy Envoy SvcA SvcB Service A Service B

  46. The life of a packet through Istio @mt165 Control Plane API Mixer Citadel Pilot Config to TLS certs Envoys to Envoys Policy checks, Telemetry Envoy Envoy Envoy Envoy Envoy Envoy Envoy Envoy SvcA SvcB Envoy Envoy Ingress Service A Service B Egress

  47. The life of a packet through Istio @mt165 Control Plane API API Server Mixer Citadel Pilot etcd Config to TLS certs Envoys to Envoys Policy checks, Telemetry kubectl Envoy Envoy SvcA SvcB Service A Service B

  48. The life of a packet through Istio @mt165 Control Plane API Galley Mixer Citadel Pilot etcd Config to TLS certs Envoys to Envoys Policy checks, Telemetry kubectl Envoy Envoy SvcA SvcB Service A Service B

  49. The life of a packet through Istio @mt165 Outline ● Context and Introduction ● Networking and Containers ● Pilot and Routing ● Mixer and Policy ● Citadel and mTLS

  50. The life of a packet through Istio @mt165 Recap We learned: ● How a packet traverses an Istio/Envoy/Kubernetes system ● What control plane calls are made in that process ● A useful mental model for reasoning about, and debugging Istio

  51. Thanks! @mt165 QR CODE

Recommend

1 Where does architecture come from? What order? Use an architecture youve seen before

1 Where does architecture come from? What order? Use an architecture youve seen before

Architecture 2 1 Announcements What is Architecture? Final project hand-in and documentation Big picture Structure or structures that support the system Early design decisions Architecture is the design decisions you

275 views • 5 slides
Overview of Sofware Architecture Sofware Architecture VO (706.706) Roman Kern 2020-10-04

Overview of Sofware Architecture Sofware Architecture VO (706.706) Roman Kern 2020-10-04

# These slides should give an overview of the sofware architecture, and what its role is. # Why and when is sofware architecture important. # In other words: sofware architecture in a nutshell ! Overview of Sofware Architecture Sofware

207 views • 7 slides
SE2: Introduction to Software Architecture Mei Nagappan What is Architecture? Encyclopedia

SE2: Introduction to Software Architecture Mei Nagappan What is Architecture? Encyclopedia

Material and some slide content from: - Emerson Murphy-Hill - Reid Holmes - Mehdi Mirakhorli - Software Architecture: Foundations, Theory, and Practice - Essential Software Architecture SE2: Introduction to Software Architecture Mei Nagappan

341 views • 31 slides
Instruction Set Architecture ( ISA ) 1 / 28 instructions 2 / 28 Instruction Set Architecture

Instruction Set Architecture ( ISA ) 1 / 28 instructions 2 / 28 Instruction Set Architecture

Instruction Set Architecture ( ISA ) 1 / 28 instructions 2 / 28 Instruction Set Architecture Also called (computer) architecture Implementation --&gt; actual realisation of ISA ISA can have multiple implementations ISA allows

825 views • 28 slides
A lthough architecture has be- Five core concepts and relationships metaphor for the design of

A lthough architecture has be- Five core concepts and relationships metaphor for the design of

S T A N D A R D S Software product lines, and product families in which software plays a substantial role in development, operation, or evolution. Architecture: WHAT IS AN ARCHITECTURE? Although defining architecture in the context of

314 views • 3 slides
HAMPTON MILLENNIAL VILLAGE . Who we are Architecture: Hampton University is a private

HAMPTON MILLENNIAL VILLAGE . Who we are Architecture: Hampton University is a private

The Millennial Village Team is made up of 5 architecture students and one electrical 4 th year Architecture 5 th year Architecture 4 th year Architecture Lead-advisor: engineering Prof. Laura Battaglia (Lead) Kobi Henson Ty Champion Amir

640 views • 35 slides
Wonders of Modern Architecture Oh, the wonders of modern architecture! The geniuses of

Wonders of Modern Architecture Oh, the wonders of modern architecture! The geniuses of

Wonders of Modern Architecture Oh, the wonders of modern architecture! The geniuses of architecture today continue to create design masterpieces that could make one proud of being a citizen of the 21st Century! Enjoy the beauty of these modern

832 views • 52 slides
Instruction Set Architecture Assembly Language View Computer Architecture: Instruction Set

Instruction Set Architecture Assembly Language View Computer Architecture: Instruction Set

Instruction Set Architecture Assembly Language View Computer Architecture: Instruction Set Processor state Application Program Registers, memory, Architecture Instructions Compiler OS addq , pushq , ret , How

239 views • 7 slides
Introduction to Software Architecture Reid Holmes Architecture Architecture is: All

Introduction to Software Architecture Reid Holmes Architecture Architecture is: All

Introduction to Software Architecture Reid Holmes Architecture Architecture is: All about communication. What parts are there? How do the parts fit together? Architecture is not: About development. About

392 views • 18 slides
From Requirements to Architecture Ana Moreira Software Architecture - Basics 1 Goals

From Requirements to Architecture Ana Moreira Software Architecture - Basics 1 Goals

From Requirements to Architecture Ana Moreira Software Architecture - Basics 1 Goals Understanding the importance of software architecture what is software architecture Discussing emerging issues in the transition from requirements to

521 views • 24 slides
CS184b: Computer Architecture [Single Threaded Architecture: abstractions, quantification, and

CS184b: Computer Architecture [Single Threaded Architecture: abstractions, quantification, and

CS184b: Computer Architecture [Single Threaded Architecture: abstractions, quantification, and optimizations] Day1: January 3, 2000 Architecture and overview Caltech CS184b Winter2001 -- DeHon 1 Today This Quarter What is

341 views • 15 slides
A New Golden Age for 1. Software advances can inspire architecture Computer Architecture:

A New Golden Age for 1. Software advances can inspire architecture Computer Architecture:

8/28/19 Lessons of last 50 years of Computer Architecture A New Golden Age for 1. Software advances can inspire architecture Computer Architecture: innovations 2. Raising the hardware/software interface creates History, Challenges, and

1.08k views • 14 slides
CMS Strip Readout Architecture for SLHC OUTLINE brief review of LHC strip readout architecture p

CMS Strip Readout Architecture for SLHC OUTLINE brief review of LHC strip readout architecture p

CMS Strip Readout Architecture for SLHC OUTLINE brief review of LHC strip readout architecture p proposed architecture for SLHC front end amplifier design in 130nm system architecture ideas system architecture ideas triggering possibilities

369 views • 24 slides
IMS based NGN IMS based NGN Architecture Architecture and its application and its application

IMS based NGN IMS based NGN Architecture Architecture and its application and its application

I nternational Telecom m unication Union ITU-T IMS based NGN IMS based NGN Architecture Architecture and its application and its application Dick Knight BT Group plc I TU-T W orkshop NGN and its Transport Netw orks Kobe, 2 0 -2 1

218 views • 17 slides
CE419 Session 11: Web Application Architecture Web Programming 1 What is architecture ? There

CE419 Session 11: Web Application Architecture Web Programming 1 What is architecture ? There

CE419 Session 11: Web Application Architecture Web Programming 1 What is architecture ? There are two common elements: One is the highest-level breakdown of a system into its parts; the other, decisions that are hard to change. 2

503 views • 26 slides
Wooden Architecture. Traditional Karelian Timber Architecture and Landscape Seventh Framework

Wooden Architecture. Traditional Karelian Timber Architecture and Landscape Seventh Framework

Wooden Architecture. Traditional Karelian Timber Architecture and Landscape Seventh Framework Programme Marie Curie Actions People International Research Staff Exchange Scheme Annex I Acronym: Wooden Architecture Proposal number:269185

361 views • 35 slides
Ostro OS security architecture An IoT OS security architecture that is so boring that you can

Ostro OS security architecture An IoT OS security architecture that is so boring that you can

Ostro OS security architecture An IoT OS security architecture that is so boring that you can sleep soundly at night Ismo Puustinen, Intel Finland What is Ostro OS? https://ostroproject.org IoT operating system, based on Yocto project

261 views • 9 slides
Cap 1 Introduction Introduction What is Parallel Architecture? Why Parallel Architecture?

Cap 1 Introduction Introduction What is Parallel Architecture? Why Parallel Architecture?

Cap 1 Introduction Introduction What is Parallel Architecture? Why Parallel Architecture? Adaptado dos slides da editora por Mario Crtes IC/Unicamp Evolution and Convergence of Parallel Architectures Fundamental Design Issues pag 1 2

1.47k views • 106 slides
MIPS Architecture An Example: MIPS Example: subset of MIPS processor architecture From the

MIPS Architecture An Example: MIPS Example: subset of MIPS processor architecture From the

MIPS Architecture An Example: MIPS Example: subset of MIPS processor architecture From the Harris/Weste book Drawn from Patterson &amp; Hennessy MIPS is a 32-bit architecture with 32 registers Based on the MIPS-like processor from

339 views • 6 slides
CISC 322 Software Architecture Lecture 10: Linux Architecture Emad Shihab Paper by: Ivan T.

CISC 322 Software Architecture Lecture 10: Linux Architecture Emad Shihab Paper by: Ivan T.

CISC 322 Software Architecture Lecture 10: Linux Architecture Emad Shihab Paper by: Ivan T. Bowman, Richard C. Holt and Neil V. Brewster Recap of Last Class Layered Style Virtual Machine Client-Server Architecture Recovery Why

516 views • 19 slides
Neural Architecture Search Yu Cao What is Neural Architecture Search (NAS) Selecting the optimal

Neural Architecture Search Yu Cao What is Neural Architecture Search (NAS) Selecting the optimal

Neural Architecture Search Yu Cao What is Neural Architecture Search (NAS) Selecting the optimal network architecture automatically via machine instead of design it manually. It is an important aspect of AutoML. NAS search space 1.

3.43k views • 37 slides
Conceptual Architecture Sofware Architecture VO (706.706) Roman Kern Version 2.3 Institute for

Conceptual Architecture Sofware Architecture VO (706.706) Roman Kern Version 2.3 Institute for

Conceptual Architecture Sofware Architecture VO (706.706) Roman Kern Version 2.3 Institute for Interactive Systems and Data Science, TU Graz 1 Outline Definition Designing Conceptual Architecture Behaviour Model Data Models &amp; Component

170 views • 16 slides
The MIPS instruction set architecture The MIPS has a 32 bit architecture, with 32 bit

The MIPS instruction set architecture The MIPS has a 32 bit architecture, with 32 bit

The MIPS instruction set architecture The MIPS has a 32 bit architecture, with 32 bit instructions, a 32 bit data word, and 32 bit addresses. It has 32 addressable internal registers requiring a 5 bit register ad- dress. Register 0 always has

940 views • 72 slides
Architectural Decomposition Reid Holmes What is SW architecture? Definition: The set of

Architectural Decomposition Reid Holmes What is SW architecture? Definition: The set of

Material and some slide content from: - Emerson Murphy-Hill - Software Architecture: Foundations, Theory, and Practice - Essential Software Architecture - Steve Easterbrook Architectural Decomposition Reid Holmes What is SW architecture?

310 views • 19 slides

More recommend