12. 12
Library approach? What if...
●
You use Spring?
●
Vert.x?
●
Go?
●
Python?
●
Ruby?
●
Perl?
●
I’m kidding, don’t use Perl :)
13. 13
“Micro” Services?
Actual Service A
Library 1
Library 2
Library 3
Library 4
Microservice A
Actual Service B
Library 5
Library 6
Library 7
Library 8
Microservice B
16. 16
What is Envoy?
●
service proxy, developed by Lyft
●
written in C++, highly parallel, non-blocking
●
L3/4 network filter
●
out of the box L7 filters
●
HTTP 2, including gRPC
●
baked in service discovery/health checking
●
advanced load balancing
●
stats, metrics, tracing
17. 17
Sidecar model
Actual Service A
Microservice A
Envoy
Actual Service B
Microservice B
Envoy
A kind of deployment in Kubernetes
PodPod
23. 23
What is Istio?
●
Control plane for a service mesh
●
Abstracts Envoy concepts and configurations
●
Easy to operate: YAML files a la Kubernetes
●
Kubectl or Istioctl can be used
●
Created by Google, with the help of other companies
●
New project, just reached 1.0
24. 24
Istio Service Mesh
Actual Service 1
Microservice 1
Envoy
Actual Service N
Microservice N
Envoy
Istio Control Plane
Pilot
Configure proxies
Istio Data Plane
25. 25
Istio Service Mesh
Actual Service 1
Microservice 1
Envoy
Actual Service N
Microservice N
Envoy
Istio Control Plane
Pilot
Configure proxies
Istio Data Plane
Service Discovery
Rules (YAML)
26. 26
What pilot can do?
●
Traffic control – enforce route rules & policies
●
Resiliency – circuit breaker, timeouts, retries
Actual Service A
Microservice A
Envoy
Actual Service B
Microservice B
Envoy
27. 27
Istio Service Mesh
Actual Service 1
Microservice 1
Envoy
Actual Service N
Microservice N
Envoy
Pilot Mixer
Check / Report
Adapters:
API Mgt
Prometheus
Tracing...
28. 28
What mixer can do?
●
Quota / API Management
●
Telemetry (Prometheus, ...)
●
Tracing (Jeager, …)
●
Your own integration (pluggable model)
29. 29
Istio Service Mesh
Actual Service 1
Microservice 1
Envoy
Actual Service N
Microservice N
Envoy
Istio Control Plane
Pilot MixerCitadel
Manage TLS certs
30. 30
What citadel can do?
●
Enforce mTLS between services
●
Along with mixer and pilot allows authorization and auditing
Actual Service A
Microservice A
Envoy
Actual Service B
Microservice B
Envoy
Mutual TLS