SlideShare a Scribd company logo

Application Rollout - Istio

M
Mandar Jog

The document discusses common DevOps challenges related to rolling out new versions of microservices and testing them. It introduces Istio as a solution for addressing these challenges through intelligent routing, resiliency features, traffic controls, telemetry collection, and other capabilities. Istio uses the Envoy proxy and control tools like Pilot and Mixer to provide features for reliable traffic management between services, such as advanced routing rules for canary releases, fault injection for testing resiliency, and policy enforcement across the mesh.

Engineering
1 of 23
Download to read offline
Reliable application roll out and operations with Istio Lin Sun, IBM @linsun_unc Mandar Jog, Google @mandarjog
Common DevOps Challenge 1 • How do I roll out a newer version of my microservice without down time? • How do I ensure traffic continue goes to the current version before the newer version is tested and ready?
Common DevOps Challenge 2 • How do I do A/B testing? • Release a new version to a subset of users in a precise way • I have launched B in the dark, but how can I keep B to myself or a small testing group?
Common DevOps Challenge 3 • How do I do canary testing? • I want to leverage crowdsourced testing. How do I test the new version to a subset of users? • How do I proceed to a full rollout after satisfactory testing of the new version?
Other Common DevOps Challenges • Things don’t always go correctly in production… How do I inject fault to my microservices to prepare myself? • Our team knows different languages and our services are written in different languages. • My services can only handle certain rate, how can I limit rate for some of my services? • I need to view what is going on with each of my services when crisis arises.
Introduce Istio http://istio.io
Intelligent Routing and Load Balancing http://istio.io
Resilience Across Languages and Platforms http://istio.io
http://istio.io Secure Access with Fleet Wide Policy Enforcement

http://istio.io In-Depth Telemetry and Reporting
Components of Istio • Envoy proxy, to mediate all inbound and outbound traffic for all services in the service mesh. Leverages Envoy features such as dynamic service discovery, load balancing, TLS termination, HTTP/2 & gRPC proxying, circuit breakers, health checks, staged rollouts with %- based traffic split, fault injection, and rich metrics.
 • Pilot: Programming envoys and responsible for service discovery, registration and load balancing
 • Istio-Security provides strong service-to-service and end-user authentication using mutual TLS, with built-in identity and credential management
 • Mixer is responsible for enforcing access control and usage policies across the service mesh and collecting telemetry data from the Envoy proxy and other services.
Our sidecar of choice
Putting it all together
Traffic Control // A simple traffic control rule destination: name: serviceB.example.cluster.local match:
   source: serviceA.example.cluster.local
 route:
 - labels:
     version: v1.5     env: us-prod   weight: 100 Challenge 1: How can I roll out new version without down time or changing code?
Traffic Steering // Content-based traffic steering rule destination: serviceB.example.cluster.local
 match:
   httpHeaders:
     user-agent:
       regex: ^(.*?;)?(iPhone)(;.*)?$
 precedence: 2
 route:
 - labels:
     version: v2 Challenge 2: How do I do A/B testing?
Traffic Splitting // A simple traffic splitting rule destination: serviceB.example.cluster.local match:
   source: serviceA.example.cluster.local
 route:
 - labels:
     version: v1.5     env: us-prod   weight: 90 - labels:
     version: v2.0-alpha     env: us-staging   weight: 10 Challenge 3: How do I do canary testing?
Resiliency // Circuit breakers destination: serviceB.example.cluster.local
 policy:
 - labels:
     version: v1
   circuitBreaker:
     simpleCb:
       maxConnections: 100
       httpMaxRequests: 1000
       httpMaxRequestsPerConnection: 10
       httpConsecutiveErrors: 7
       sleepWindow: 15m
       httpDetectionInterval: 5m Istio adds fault tolerance to your application without any changes to code Resilience features ❖ Timeouts ❖ Retries with timeout budget ❖ Circuit breakers ❖ Health checks ❖ AZ-aware load balancing w/ automatic failover ❖ Control connection pool size and request load
Resiliency Testing Systematic fault injection to identify weaknesses in failure recovery policies ❖ HTTP/gRPC error codes  ❖ Delay injection
Rate Limiting Istio protects your application from rogue actors by imposing ratelimits Rate limit ❖ Configurable limits with overrides ❖ Multiple rate limiting backends ❖ Conditional rate limiting Quotas: - name: requestcount.quota.istio-system maxAmount: 5000 validDuration: 1s overrides: - dimensions: destination: ratings source: reviews sourceVersion: v3 maxAmount: 1 validDuration: 1s - dimensions: destination: ratings maxAmount: 100 validDuration: 1s
Telemetry Monitoring & tracing should not be an afterthought in the infrastructure Goals ● Metrics without instrumenting apps ● Consistent metrics across fleet ● Trace flow of requests across services ● Portable across metric backend providers
Proposed Istio Deployment Controller
Istio Analytics
Demo +

Recommended

Connecting All Abstractions with Istio
Connecting All Abstractions with IstioConnecting All Abstractions with Istio
Connecting All Abstractions with IstioVMware Tanzu
 
istio: service mesh for all
istio: service mesh for allistio: service mesh for all
istio: service mesh for allMandar Jog
 
The elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioThe elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioInho Kang
 
An Open-Source Platform to Connect, Manage, and Secure Microservices
An Open-Source Platform to Connect, Manage, and Secure MicroservicesAn Open-Source Platform to Connect, Manage, and Secure Microservices
An Open-Source Platform to Connect, Manage, and Secure MicroservicesDoiT International
 
Stop reinventing the wheel with Istio by Mete Atamel (Google)
Stop reinventing the wheel with Istio by Mete Atamel (Google)Stop reinventing the wheel with Istio by Mete Atamel (Google)
Stop reinventing the wheel with Istio by Mete Atamel (Google)Codemotion
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service MeshLuke Marsden
 
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, DatawireNYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, DatawireAmbassador Labs
 
Microservices with Spring
Microservices with SpringMicroservices with Spring
Microservices with SpringSoftware Infrastructure
 

Recommended

Connecting All Abstractions with Istio
Connecting All Abstractions with IstioConnecting All Abstractions with Istio
Connecting All Abstractions with IstioVMware Tanzu
 
istio: service mesh for all
istio: service mesh for allistio: service mesh for all
istio: service mesh for allMandar Jog
 
The elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioThe elegant way of implementing microservices with istio
The elegant way of implementing microservices with istioInho Kang
 
An Open-Source Platform to Connect, Manage, and Secure Microservices
An Open-Source Platform to Connect, Manage, and Secure MicroservicesAn Open-Source Platform to Connect, Manage, and Secure Microservices
An Open-Source Platform to Connect, Manage, and Secure MicroservicesDoiT International
 
Stop reinventing the wheel with Istio by Mete Atamel (Google)
Stop reinventing the wheel with Istio by Mete Atamel (Google)Stop reinventing the wheel with Istio by Mete Atamel (Google)
Stop reinventing the wheel with Istio by Mete Atamel (Google)Codemotion
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service MeshLuke Marsden
 
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, DatawireNYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, DatawireAmbassador Labs
 
Microservices with Spring
Microservices with SpringMicroservices with Spring
Microservices with SpringSoftware Infrastructure
 
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...Daniel Oh
 
Service mesh with istio
Service mesh with istioService mesh with istio
Service mesh with istioWisnuPrabowo20
 
linkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service Meshlinkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service MeshDario Simonetti
 
Tech Talks Microservices
Tech Talks MicroservicesTech Talks Microservices
Tech Talks MicroservicesMauricio Ferreyra
 
Istio
Istio Istio
Istio Arun prasath
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdChristian Posta
 
Managing Microservices traffic using Istio
Managing Microservices traffic using IstioManaging Microservices traffic using Istio
Managing Microservices traffic using IstioArun prasath
 
Ambassador Kubernetes-Native API Gateway
Ambassador Kubernetes-Native API GatewayAmbassador Kubernetes-Native API Gateway
Ambassador Kubernetes-Native API GatewayAmbassador Labs
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service MeshRafik HARABI
 
Istio : Service Mesh
Istio : Service MeshIstio : Service Mesh
Istio : Service MeshKnoldus Inc.
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for MicroservicesNGINX, Inc.
 
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...VMware Tanzu
 
Managing Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on KubernetesManaging Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on KubernetesIftach Schonbaum
 
Microservices with Spring Cloud and Netflix OSS
Microservices with Spring Cloud and Netflix OSSMicroservices with Spring Cloud and Netflix OSS
Microservices with Spring Cloud and Netflix OSSDenis Danov
 
Microservices on kubernetes
Microservices on kubernetesMicroservices on kubernetes
Microservices on kubernetesChandresh Pancholi
 
WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh? WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh? Anton Weiss
 
Asynchronous Microservices in nodejs
Asynchronous Microservices in nodejsAsynchronous Microservices in nodejs
Asynchronous Microservices in nodejsBruno Pedro
 
Securing Microservices with Istio
Securing Microservices with IstioSecuring Microservices with Istio
Securing Microservices with IstioDaniel Berg
 
Service Discovery with Consul
Service Discovery with ConsulService Discovery with Consul
Service Discovery with ConsulAli Demirsoy
 
Istio on Kubernetes
Istio on KubernetesIstio on Kubernetes
Istio on KubernetesDaneyon Hansen
 
21st Docker Switzerland Meetup - ISTIO
21st Docker Switzerland Meetup - ISTIO21st Docker Switzerland Meetup - ISTIO
21st Docker Switzerland Meetup - ISTIONiklaus Hirt
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Ram Vennam
 

More Related Content

What's hot

Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...Daniel Oh
 
Service mesh with istio
Service mesh with istioService mesh with istio
Service mesh with istioWisnuPrabowo20
 
linkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service Meshlinkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service MeshDario Simonetti
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdChristian Posta
 
Managing Microservices traffic using Istio
Managing Microservices traffic using IstioManaging Microservices traffic using Istio
Managing Microservices traffic using IstioArun prasath
 
Ambassador Kubernetes-Native API Gateway
Ambassador Kubernetes-Native API GatewayAmbassador Kubernetes-Native API Gateway
Ambassador Kubernetes-Native API GatewayAmbassador Labs
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service MeshRafik HARABI
 
Istio : Service Mesh
Istio : Service MeshIstio : Service Mesh
Istio : Service MeshKnoldus Inc.
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for MicroservicesNGINX, Inc.
 
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...VMware Tanzu
 
Managing Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on KubernetesManaging Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on KubernetesIftach Schonbaum
 
Microservices with Spring Cloud and Netflix OSS
Microservices with Spring Cloud and Netflix OSSMicroservices with Spring Cloud and Netflix OSS
Microservices with Spring Cloud and Netflix OSSDenis Danov
 
WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh? WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh? Anton Weiss
 
Asynchronous Microservices in nodejs
Asynchronous Microservices in nodejsAsynchronous Microservices in nodejs
Asynchronous Microservices in nodejsBruno Pedro
 
Securing Microservices with Istio
Securing Microservices with IstioSecuring Microservices with Istio
Securing Microservices with IstioDaniel Berg
 
Service Discovery with Consul
Service Discovery with ConsulService Discovery with Consul
Service Discovery with ConsulAli Demirsoy
 

What's hot (20)

Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and ...
 
Service mesh with istio
Service mesh with istioService mesh with istio
Service mesh with istio
 
linkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service Meshlinkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service Mesh
 
Tech Talks Microservices
Tech Talks MicroservicesTech Talks Microservices
Tech Talks Microservices
 
Istio
Istio Istio
Istio
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
 
Managing Microservices traffic using Istio
Managing Microservices traffic using IstioManaging Microservices traffic using Istio
Managing Microservices traffic using Istio
 
Ambassador Kubernetes-Native API Gateway
Ambassador Kubernetes-Native API GatewayAmbassador Kubernetes-Native API Gateway
Ambassador Kubernetes-Native API Gateway
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service Mesh
 
Istio : Service Mesh
Istio : Service MeshIstio : Service Mesh
Istio : Service Mesh
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for Microservices
 
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
 
Managing Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on KubernetesManaging Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on Kubernetes
 
Microservices with Spring Cloud and Netflix OSS
Microservices with Spring Cloud and Netflix OSSMicroservices with Spring Cloud and Netflix OSS
Microservices with Spring Cloud and Netflix OSS
 
Microservices on kubernetes
Microservices on kubernetesMicroservices on kubernetes
Microservices on kubernetes
 
WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh? WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh?
 
Asynchronous Microservices in nodejs
Asynchronous Microservices in nodejsAsynchronous Microservices in nodejs
Asynchronous Microservices in nodejs
 
Securing Microservices with Istio
Securing Microservices with IstioSecuring Microservices with Istio
Securing Microservices with Istio
 
Service Discovery with Consul
Service Discovery with ConsulService Discovery with Consul
Service Discovery with Consul
 
Istio on Kubernetes
Istio on KubernetesIstio on Kubernetes
Istio on Kubernetes
 

Similar to Application Rollout - Istio

21st Docker Switzerland Meetup - ISTIO
21st Docker Switzerland Meetup - ISTIO21st Docker Switzerland Meetup - ISTIO
21st Docker Switzerland Meetup - ISTIONiklaus Hirt
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Ram Vennam
 
Service Mesh Talk for CTO Forum
Service Mesh Talk for CTO ForumService Mesh Talk for CTO Forum
Service Mesh Talk for CTO ForumRick Hightower
 
Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)Rick Hightower
 
Using Service Discovery and Service Proxy
Using Service Discovery and Service ProxyUsing Service Discovery and Service Proxy
Using Service Discovery and Service ProxyIBM
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxPINGXIONG3
 
Debugging Microservices - QCON 2017
Debugging Microservices - QCON 2017Debugging Microservices - QCON 2017
Debugging Microservices - QCON 2017Idit Levine
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?NGINX, Inc.
 
Continuous Integration and Continuous Delivery to Facilitate Web Service Testing
Continuous Integration and Continuous Delivery to Facilitate Web Service TestingContinuous Integration and Continuous Delivery to Facilitate Web Service Testing
Continuous Integration and Continuous Delivery to Facilitate Web Service TestingCognizant
 
Ragha Deepika_Exp_4+
Ragha Deepika_Exp_4+Ragha Deepika_Exp_4+
Ragha Deepika_Exp_4+Ragha batchu
 
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...StreamNative
 
Agile integration: Decomposing the monolith
Agile integration: Decomposing the monolith Agile integration: Decomposing the monolith
Agile integration: Decomposing the monolith Judy Breedlove
 
RCS Service Monitoring - 1-to-1 Chat
RCS Service Monitoring - 1-to-1 ChatRCS Service Monitoring - 1-to-1 Chat
RCS Service Monitoring - 1-to-1 ChatJose Gonzalez
 
Testing Microservices
Testing MicroservicesTesting Microservices
Testing MicroservicesNagarro
 
Experitest & Cigniti Co-Webinar -
Experitest & Cigniti Co-Webinar -Experitest & Cigniti Co-Webinar -
Experitest & Cigniti Co-Webinar -Experitest
 
Experitest & Wipro Co-Webinar
Experitest & Wipro Co-Webinar Experitest & Wipro Co-Webinar
Experitest & Wipro Co-Webinar Experitest
 
Open Source Networking Days- Service Mesh
Open Source Networking Days- Service MeshOpen Source Networking Days- Service Mesh
Open Source Networking Days- Service MeshCloudOps2005
 

Similar to Application Rollout - Istio (20)

21st Docker Switzerland Meetup - ISTIO
21st Docker Switzerland Meetup - ISTIO21st Docker Switzerland Meetup - ISTIO
21st Docker Switzerland Meetup - ISTIO
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019
 
Service Mesh Talk for CTO Forum
Service Mesh Talk for CTO ForumService Mesh Talk for CTO Forum
Service Mesh Talk for CTO Forum
 
Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)
 
Using Service Discovery and Service Proxy
Using Service Discovery and Service ProxyUsing Service Discovery and Service Proxy
Using Service Discovery and Service Proxy
 
Microservice Powered Orchestration
Microservice Powered OrchestrationMicroservice Powered Orchestration
Microservice Powered Orchestration
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptx
 
Debugging Microservices - QCON 2017
Debugging Microservices - QCON 2017Debugging Microservices - QCON 2017
Debugging Microservices - QCON 2017
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?
 
Continuous Integration and Continuous Delivery to Facilitate Web Service Testing
Continuous Integration and Continuous Delivery to Facilitate Web Service TestingContinuous Integration and Continuous Delivery to Facilitate Web Service Testing
Continuous Integration and Continuous Delivery to Facilitate Web Service Testing
 
Ragha Deepika_Exp_4+
Ragha Deepika_Exp_4+Ragha Deepika_Exp_4+
Ragha Deepika_Exp_4+
 
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...
 
Agile integration: Decomposing the monolith
Agile integration: Decomposing the monolith Agile integration: Decomposing the monolith
Agile integration: Decomposing the monolith
 
RCS Service Monitoring - 1-to-1 Chat
RCS Service Monitoring - 1-to-1 ChatRCS Service Monitoring - 1-to-1 Chat
RCS Service Monitoring - 1-to-1 Chat
 
Testing Microservices
Testing MicroservicesTesting Microservices
Testing Microservices
 
Hello istio
Hello istioHello istio
Hello istio
 
Experitest & Cigniti Co-Webinar -
Experitest & Cigniti Co-Webinar -Experitest & Cigniti Co-Webinar -
Experitest & Cigniti Co-Webinar -
 
Experitest & Wipro Co-Webinar
Experitest & Wipro Co-Webinar Experitest & Wipro Co-Webinar
Experitest & Wipro Co-Webinar
 
Testing in Production (TiP)
Testing in Production (TiP)Testing in Production (TiP)
Testing in Production (TiP)
 
Open Source Networking Days- Service Mesh
Open Source Networking Days- Service MeshOpen Source Networking Days- Service Mesh
Open Source Networking Days- Service Mesh
 

Recently uploaded

Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 

Recently uploaded (20)

Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 

Application Rollout - Istio

  • 1. Reliable application roll out and operations with Istio Lin Sun, IBM @linsun_unc Mandar Jog, Google @mandarjog
  • 2. Common DevOps Challenge 1 • How do I roll out a newer version of my microservice without down time? • How do I ensure traffic continue goes to the current version before the newer version is tested and ready?
  • 3. Common DevOps Challenge 2 • How do I do A/B testing? • Release a new version to a subset of users in a precise way • I have launched B in the dark, but how can I keep B to myself or a small testing group?
  • 4. Common DevOps Challenge 3 • How do I do canary testing? • I want to leverage crowdsourced testing. How do I test the new version to a subset of users? • How do I proceed to a full rollout after satisfactory testing of the new version?
  • 5. Other Common DevOps Challenges • Things don’t always go correctly in production… How do I inject fault to my microservices to prepare myself? • Our team knows different languages and our services are written in different languages. • My services can only handle certain rate, how can I limit rate for some of my services? • I need to view what is going on with each of my services when crisis arises.
  • 7. Intelligent Routing and Load Balancing http://istio.io
  • 8. Resilience Across Languages and Platforms http://istio.io
  • 9. http://istio.io Secure Access with Fleet Wide Policy Enforcement

  • 11. Components of Istio • Envoy proxy, to mediate all inbound and outbound traffic for all services in the service mesh. Leverages Envoy features such as dynamic service discovery, load balancing, TLS termination, HTTP/2 & gRPC proxying, circuit breakers, health checks, staged rollouts with %- based traffic split, fault injection, and rich metrics.
 • Pilot: Programming envoys and responsible for service discovery, registration and load balancing
 • Istio-Security provides strong service-to-service and end-user authentication using mutual TLS, with built-in identity and credential management
 • Mixer is responsible for enforcing access control and usage policies across the service mesh and collecting telemetry data from the Envoy proxy and other services.
  • 12. Our sidecar of choice
  • 13. Putting it all together
  • 14. Traffic Control // A simple traffic control rule destination: name: serviceB.example.cluster.local match:
   source: serviceA.example.cluster.local
 route:
 - labels:
     version: v1.5     env: us-prod   weight: 100 Challenge 1: How can I roll out new version without down time or changing code?
  • 15. Traffic Steering // Content-based traffic steering rule destination: serviceB.example.cluster.local
 match:
   httpHeaders:
     user-agent:
       regex: ^(.*?;)?(iPhone)(;.*)?$
 precedence: 2
 route:
 - labels:
     version: v2 Challenge 2: How do I do A/B testing?
  • 16. Traffic Splitting // A simple traffic splitting rule destination: serviceB.example.cluster.local match:
   source: serviceA.example.cluster.local
 route:
 - labels:
     version: v1.5     env: us-prod   weight: 90 - labels:
     version: v2.0-alpha     env: us-staging   weight: 10 Challenge 3: How do I do canary testing?
  • 17. Resiliency // Circuit breakers destination: serviceB.example.cluster.local
 policy:
 - labels:
     version: v1
   circuitBreaker:
     simpleCb:
       maxConnections: 100
       httpMaxRequests: 1000
       httpMaxRequestsPerConnection: 10
       httpConsecutiveErrors: 7
       sleepWindow: 15m
       httpDetectionInterval: 5m Istio adds fault tolerance to your application without any changes to code Resilience features ❖ Timeouts ❖ Retries with timeout budget ❖ Circuit breakers ❖ Health checks ❖ AZ-aware load balancing w/ automatic failover ❖ Control connection pool size and request load
  • 18. Resiliency Testing Systematic fault injection to identify weaknesses in failure recovery policies ❖ HTTP/gRPC error codes  ❖ Delay injection
  • 19. Rate Limiting Istio protects your application from rogue actors by imposing ratelimits Rate limit ❖ Configurable limits with overrides ❖ Multiple rate limiting backends ❖ Conditional rate limiting Quotas: - name: requestcount.quota.istio-system maxAmount: 5000 validDuration: 1s overrides: - dimensions: destination: ratings source: reviews sourceVersion: v3 maxAmount: 1 validDuration: 1s - dimensions: destination: ratings maxAmount: 100 validDuration: 1s
  • 20. Telemetry Monitoring & tracing should not be an afterthought in the infrastructure Goals ● Metrics without instrumenting apps ● Consistent metrics across fleet ● Trace flow of requests across services ● Portable across metric backend providers