![Back to basics
’Micro-services is a software development technique—[…] that
structures an application as a collection of loosely coupled services.
In a microservices architecture, services are fine-grained and the
protocols are lightweight. The benefit of decomposing an
application into different smaller services is that it improves
modularity and makes the application easier to understand,
develop, test, and more resilient to architecture erosion. It also
parallelizes development by enabling small autonomous teams to
develop, deploy and scale independently. […] Microservices-based
architectures enable continuous delivery and deployment.’
* Wikipedia](https://image.slidesharecdn.com/kubernetesistioofirmakmalazurev1-181220103445/85/Kubernetes-And-Istio-and-Azure-AKS-DevOps-13-320.jpg)
Kubernetes And Istio and Azure AKS DevOps
- 1. Copyright © SELA Software & Education Labs, Ltd. | 14-18 Baruch Hirsch St., Bnei Brak 51202, Israel | www.selagroup.com December 27, 30-31, 2018 SELA DEVELOPER PRACTICE Ofir Makmal | CTO | Sela Group [email protected] + Kubernetes and Istio A Service Mesh platform
- 2. Ku·ber·ne·tes Kubernetes can be many things… Its a scalable, self-healing and resilient ● Container orchestration engine ● Cluster management system ● Mesos, Swarm, Rancher, _______ replacement ● Microservices, CI/CD, Machine Learning platforms ● Portable ‘cloud’ But, It’s NOT just another way to run containers... 2
- 3. The Kubernetes Journey Recent surveys from from CNCF shows that over 83% of the companies that are using containers are using Kubernetes July 2018 It has a huge community: ● ~36K Stars ● ~1600 Contributors! ● ~13K Forks ● ~1000 Pending pull requests! 3
- 4. High Level Architecture © Copyright SELA Software & Education Labs Ltd. | 14-18 Baruch Hirsch St Bnei Brak, 51202 Israel | www.selagroup.com | DevOps Course - Kubernetes Introduction
- 5. 5
- 6. Azure Kubernetes Service (AKS) ● Fully managed Kubernetes cluster ● Set up master and nodes ● One-Click scale and upgrade operations ● Built-in secured dashboard ● Support Block and CIFS volumes on Azure ● Support for GPU workloads ● Fully integrated with Azure Monitor and Log Analytics Also, fully integrated with Azure DevOps 6
- 7. Azure DevOps ● Full-blown Git Repos ● Issues and Tasks boards ● Pipelines support ○ Thousands of steps extensions ● Build on Windows, Linux and Mac! ● Release on Windows, Linux and Mac! ● Manage test plans and load tests ● Built-in Private package managers ○ Private NPM, Nuget, Maven, Gradle, PIP ○ Similar to JFrog Artifactory, Nexus ● Managed from your Azure Account 7
- 8. Demo Creating an AKS Cluster Azure DevOps Kubectl, walkthrough
- 9. We all know Kubernetes Building Blocks
- 10. And we all know how to run an application... Creating a Namespace, defining a Deployment to manage a ReplicaSet of Pods, exposing them as Services and Ingress, maybe mounting Persistent Volumes into their containers, injecting ConfigMaps and Secrets as environment variables. After deployment, we expect that Kubernetes will take care the rest. 10
- 11. Deployment Architecture © Copyright SELA Software & Education Labs Ltd. | 14-18 Baruch Hirsch St Bnei Brak, 51202 Israel | www.selagroup.com | DevOps Course - Kubernetes Introduction
- 12. Micro-services applications are not that simple. 12
- 13. Back to basics ’Micro-services is a software development technique—[…] that structures an application as a collection of loosely coupled services. In a microservices architecture, services are fine-grained and the protocols are lightweight. The benefit of decomposing an application into different smaller services is that it improves modularity and makes the application easier to understand, develop, test, and more resilient to architecture erosion. It also parallelizes development by enabling small autonomous teams to develop, deploy and scale independently. […] Microservices-based architectures enable continuous delivery and deployment.’ * Wikipedia
- 14. Micro-services 101 • Small – do one thing and do it well • Simple! • Has clear domain boundaries and well-defined API’s • Standalone • Independent development • Independent deployment • Build and release is automatic • Testable • Loosely coupled
- 15. With simplicity, comes complexity ® • How to deploy or update services with zero-downtime? • How to A/B test the application? • How to handle network failures? • How to manage security between services? • How to handle timeouts? Retries? • How to rate limit? Add quotas? • Telemetry, Logging, Monitoring? • What about Polyglot, Legacy systems? • Different Tech Stacks
- 16. We used to do this ourself • Integrating services and libraries for the following: • Eureka - Service Registry • Ribbon - Client Side Load Balancing • Hystrix - Circuit Breaker • Zipkin - Distributed Tracing • Prometheus - Monitoring • Grafana - Dashboards and Visualization • Nginx - API Gateway • Many of them requires complicated code in our API libraries
- 17. The rise of Service Mesh • Managing a horde of Microservices yourself is too hard • Service Meshes are taking care of all communication and policies needs between services and allows extensibility by middlewares • Istio, Linkerd, Conduit – are all different approaches to Service Mesh
- 18. Introducing Istio • Initiative from Google, IBM and Lyft • Built for Kubernetes • But also supports – Nomad, Consul, and in the future will support Cloud Foundry and Mesos • A uniform way to connect, manage and secure Micro-services: • Advanced Load-Balancing for TCP, HTTP, gRPC, and Web Sockets • Rule-based Traffic Control • Advanced policies – ACL’s, Mutual-TLS, Rotating Certificates, Rate- limits, etc.. • Automatic metrics, logs, traces collection • IstioCtl – like KubeCtl, only for Istio (we can actually use KubeCtl most of the time)
- 20. Control Plane vs Data Plane • Control Plane • Abstract platform specific capabilities • Provide cluster wide Rules Api for Routing • Propagate Policy and Configuration • Manages data plan • Data Plane • Service Discovery • Routing • Load Balancing • Authentication and Authorization • Health Checking • Observability
- 21. Envoy • Originally built at Lyft • Now a CNCF Graduate • A C++ based L4/L7 proxy • Battle-tested with great performance • Acts as the smart Data-Plane managed by Istio • Many built-in mechanism used by Istio • API Driven updates (without hot-reload) • In recent versions being injected as a side-car
- 22. Pilot – Discovery and Traffic management • Manages the lifecycle of Envoy instances deployed across Istio • Intelligent Router • Handle timeouts, retries • Implement Circuit-Breaker • Allows A/B testing • Sophisticated Deployments
- 23. Mixer • Manages Access Control and Policies • Extract request attributes • Collects Telemetry and metrics • Tracing & Metric backend can be changed at runtime (Prometheus, InfluxDB, StackDriver, etc..) Citadel • Service-to-service authentication and Mutual TLS • Supports RBAC (Role-Based Access Control) - like Kubernetes • Automatically manages credentials and certificates
- 24. BookInfo
- 25. Built-in Addons • Prometheus & Grafana • Out-of-the-box cluster-wide metric-collection, and support for alert’s manager • Fully customizable dashboards using Grafana • Service Graph • For Observability • Open Tracing • Vendor-neutral APIs and instrumentation for distributed tracing • Jaeger or Zipkin
- 26. Demo Demo Application – Simple BookApp Platform observability, monitoring, and tracing
- 27. Istio has Building Blocks too
- 28. apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: reviews spec: hosts: - reviews http: - route: - destination: host: reviews subset: v1 VirtualService
- 29. apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: reviews spec: host: reviews subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 DestinationRule
- 30. Intelligent Routing Capabilities • Request Routing • Manage multiple environments (dev, test, prod) and multiple versions (vX, vY) at the same time while configuring sophisticated rules based-on Uri, Headers and more. • Implement Weight-based version routing • Allows A/B testing and Canary Deployments • Handle Ingress and Egress routing rules and gateways • Warm-up services with request mirroring • Load Balancing • Handle service-registration and service-discovery • Advanced Algorithms • Weighted round robin, Weighted least request, Ring-Hash, Maglev, Random, Orig- Destination • Zone-awareness, priorities and more
- 31. Failure Handling • Timeouts and Deadlines • Following request journey in the Service Mesh • Supports per-request configuration • Retries • Supports variable jitter between retries • Rate-limiting and Quotas • Connection limits, requests throttling • Circuit-Breaker • Help getting failed services back to shape after subsequent failures (fully configurable)
- 32. Fault Injection • Allows to test the failure handling mechanism • Enables granular Chaos testing (i.e Netflix’s Chaos Monkey) • Introduce latency to specific services or users • Inject statistical errors to requests
- 34. Recap • Istio introduces unparalleled support for the unique challenges that comes with Micro-services • Istio is vendor-agnostic, and supports both on-prem and cloud deployments • Istio is now stable for GA and considered production ready. • v0.8+ Includes major API changes (VirtualService, DestinationRule)