(Go: >> BACK << -|- >> HOME <<)
SlideShare a Scribd company logo

Istio Service Mesh for Developers and Platform Engineers

S
SaiLinnThu2

Istio Service Mesh for Developers and Platform Engineers (Presented at Singapore k8s user group 23-May-2023)

1 of 42
Download to read offline
Sai, Field Engineer @ Solo.io Istio Service Mesh For Developers & Platform Engineers
Home Lab BEFORE
Home Lab NOW
Business Drivers for Application Modernization Reduce Costs / Shift Capex to Opex Access to Innovation Increase flexibility and Capacity of Infrastructure Increase Velocity of Development Reduce Risk Monolithic Microservices
The Way We Build Applications Monolithic On-Prem Built on a VM+OS Large Teams Microservices Cloud Built on Kubernetes Agile Teams
Challenges with Microservices ● How to observe interactions among services? ● How to secure service to service communication? ● How to manage transient failures? ● How to control traffic?
Online Boutique Microservices Demo Source: https://github.com/GoogleCloudPlatform/microservices-demo
Application Networking Challenges ● Service discovery ● Load balancing ● Timeouts ● Retry / Budgets ● Circuit breaking ● Tracing, observability ● Secure transport ● Extension Challenges
Application Networking
Data Plane & Control Plane
Why Envoy for Service Mesh Data Plane ● Neutral Foundation (CNCF) ● Large, diverse, vibrant community ● Built ground up for dynamic services environment ● Dynamic configuration, driven by API ● Highly extensible ● L7 filters (HTTP/1, HTTP/2, gRPC, redis, mysql, Kafka, etc) ● Deep signals telemetry out of the box ● Versatile deployment options
Istio - Open Source Service Mesh 2017 Istio Launched Data Plane Enhancements 2019-20 7 New Community Releases 1000s Production Users ~ 1000 Community Contributors 2022 CNCF 2019-2022
Case Studies https://istio.io/latest/about/case-studies/
Istio Service Mesh Architecture
Istio Deployment (Sidecar Architecture)
Use Cases
Too Much TRUST!
Zero Trust Security
Secure Networking - Server Side TLS
Secure Networking - mTLS
Network Security in Kubernetes Default State !!! Desired State “Zero Trust Security”
DIY … Whoops ! ○ 81% of companies experienced a certificate-related outage in the past two years ○ 65% are concerned about the increased workload and risk of outages caused by shorter SSL/TLS certificate lifespans. ○ Human error was a major contributing factor in 95% of breaches
Istio to the Rescue !
Resiliency - There will be Failures Common Mitigations ● Waiting indefinitely is bad ● Trying again is good ● Degrade gracefully when services are overwhelmed
Timeout - Don’t wait Indefinitely
Retry - Trying Again is Good 👍
Circuit Breaker - Degrade gracefully
Observability - Insights for Competitive Advantage Building a Uniform Approach ● Understand traffic patterns ● Determine service health ● Anticipate outages ● Detect dangerous activity ● Audit access
Observability - Metrics and Access Logging [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default metrics
RECAP
Business Drivers for Adopting Istio
Life without ServiceMesh `vs` Life with ServiceMesh Business Logic Security Logic Traffic Management Logic Golden Metrics/ Observability Logic Resiliency Logic Managed by Developer - Multiple Tasks - Multiple Frameworks - Language Specific - Poor Dev Experience - 100s of Manual Steps Business Logic Security Logic Traffic Management Logic Golden Metrics/ Observability Logic Resiliency Logic Managed by Developer - Focus on Biz Logic - Developer Productivity Managed by ServiceMesh - Automated Workflow - Deploy Consistent Infrastructure Layer - Eliminate Language Specific Libraries - Consistent Security & Observability across LOBs Before Service Mesh After Service Mesh Microservice App Microservice App
Istio Deployment (Sidecar Architecture)
Istio Ambient Mesh (Sidecar-less Architecture) A recent, open source contribution to the Istio project, that defines a new sidecar-less data plane. Improve Performance Simplify Operations Cost Reduction https://istio.io/latest/blog/2022/introducing-ambient-mesh/
Istio Deployment (Sidecar-less Architecture)
Something to think about …
Something to think about …
● the Istio Ingress Gateway doesn’t provide the capabilities of an enterprise API gateway ● It’s complex to use and to manage, especially in a multi-cloud context ● mTLS across the clusters ● Lifecycle management for control planes and istio gateways ● Global Observability (centralized metrics and access logging) ● Long term support Something to think about …
Learn More …
Learn More … 10,000+ students have attended hands-on workshops 1,800+ engineers have achieved certifications NPS Score 75 https://academy.solo.io
Istio User Group SINGAPORE
Thanks for attending! @_hellosai_ sai.linnthu@solo.io https://www.linkedin.com/in/sailinnthu/ https://www.youtube.com/@SaiLinnThu Field Engineer - APAC @ Solo.io

More Related Content

What's hot

Istio a service mesh
Istio a service meshIstio a service mesh
Istio a service mesh
Chandresh Pancholi
 
Consul: Service Mesh for Microservices
Consul: Service Mesh for MicroservicesConsul: Service Mesh for Microservices
Consul: Service Mesh for Microservices
ArmonDadgar
 
OpenTelemetry For Architects
OpenTelemetry For ArchitectsOpenTelemetry For Architects
OpenTelemetry For Architects
Kevin Brockhoff
 
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshService-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Christian Posta
 
Evolution of Microservices - Craft Conference
Evolution of Microservices - Craft ConferenceEvolution of Microservices - Craft Conference
Evolution of Microservices - Craft Conference
Adrian Cockcroft
 
Intro to open source observability with grafana, prometheus, loki, and tempo(...
Intro to open source observability with grafana, prometheus, loki, and tempo(...Intro to open source observability with grafana, prometheus, loki, and tempo(...
Intro to open source observability with grafana, prometheus, loki, and tempo(...
LibbySchulze
 
What is an API Gateway?
What is an API Gateway?What is an API Gateway?
What is an API Gateway?
LunchBadger
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps Workshop
Weaveworks
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
Peng Xiao
 
Intro to Knative
Intro to KnativeIntro to Knative
Intro to Knative
Christian Posta
 
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and LinkerdService Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Kai Wähner
 
Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service Mesh
Natanael Fonseca
 
knolx of KubeCost & Infracost
knolx of KubeCost & Infracostknolx of KubeCost & Infracost
knolx of KubeCost & Infracost
Knoldus Inc.
 
Service mesh
Service meshService mesh
Service mesh
Arnab Mitra
 
Velero & Beyond: Backup & Restore for Kubernetes Applications (Cloud Native S...
Velero & Beyond: Backup & Restore for Kubernetes Applications (Cloud Native S...Velero & Beyond: Backup & Restore for Kubernetes Applications (Cloud Native S...
Velero & Beyond: Backup & Restore for Kubernetes Applications (Cloud Native S...
Chakradhar Rao Jonagam
 
Introduction to Apache Camel
Introduction to Apache CamelIntroduction to Apache Camel
Introduction to Apache Camel
Claus Ibsen
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
Amazon Web Services
 
Architecture for the API-enterprise
Architecture for the API-enterpriseArchitecture for the API-enterprise
Architecture for the API-enterprise
Apigee | Google Cloud
 
AManaging Kong API Gateway with Terraform
AManaging Kong API Gateway with TerraformAManaging Kong API Gateway with Terraform
AManaging Kong API Gateway with Terraform
Byungjin Park
 
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko VancsaStarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
Vietnam Open Infrastructure User Group
 

What's hot (20)

Istio a service mesh
Istio a service meshIstio a service mesh
Istio a service mesh
 
Consul: Service Mesh for Microservices
Consul: Service Mesh for MicroservicesConsul: Service Mesh for Microservices
Consul: Service Mesh for Microservices
 
OpenTelemetry For Architects
OpenTelemetry For ArchitectsOpenTelemetry For Architects
OpenTelemetry For Architects
 
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshService-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
 
Evolution of Microservices - Craft Conference
Evolution of Microservices - Craft ConferenceEvolution of Microservices - Craft Conference
Evolution of Microservices - Craft Conference
 
Intro to open source observability with grafana, prometheus, loki, and tempo(...
Intro to open source observability with grafana, prometheus, loki, and tempo(...Intro to open source observability with grafana, prometheus, loki, and tempo(...
Intro to open source observability with grafana, prometheus, loki, and tempo(...
 
What is an API Gateway?
What is an API Gateway?What is an API Gateway?
What is an API Gateway?
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps Workshop
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
 
Intro to Knative
Intro to KnativeIntro to Knative
Intro to Knative
 
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and LinkerdService Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
 
Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service Mesh
 
knolx of KubeCost & Infracost
knolx of KubeCost & Infracostknolx of KubeCost & Infracost
knolx of KubeCost & Infracost
 
Service mesh
Service meshService mesh
Service mesh
 
Velero & Beyond: Backup & Restore for Kubernetes Applications (Cloud Native S...
Velero & Beyond: Backup & Restore for Kubernetes Applications (Cloud Native S...Velero & Beyond: Backup & Restore for Kubernetes Applications (Cloud Native S...
Velero & Beyond: Backup & Restore for Kubernetes Applications (Cloud Native S...
 
Introduction to Apache Camel
Introduction to Apache CamelIntroduction to Apache Camel
Introduction to Apache Camel
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
 
Architecture for the API-enterprise
Architecture for the API-enterpriseArchitecture for the API-enterprise
Architecture for the API-enterprise
 
AManaging Kong API Gateway with Terraform
AManaging Kong API Gateway with TerraformAManaging Kong API Gateway with Terraform
AManaging Kong API Gateway with Terraform
 
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko VancsaStarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
StarlingX - A Platform for the Distributed Edge | Ildiko Vancsa
 

Similar to Istio Service Mesh for Developers and Platform Engineers

Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service Mesh
Rafik HARABI
 
Oracle Open World 2018 - Cloud Lift Accelerator Suite
Oracle Open World 2018 - Cloud Lift Accelerator SuiteOracle Open World 2018 - Cloud Lift Accelerator Suite
Oracle Open World 2018 - Cloud Lift Accelerator Suite
Ike Aniagoh
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019
Ram Vennam
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
Ram Vennam
 
How we buit microservices
How we buit microservicesHow we buit microservices
How we buit microservices
Ihor Harahatyi
 
EXTENT-2016: Network Instrumentation Challenges and Solutions
EXTENT-2016: Network Instrumentation Challenges and SolutionsEXTENT-2016: Network Instrumentation Challenges and Solutions
EXTENT-2016: Network Instrumentation Challenges and Solutions
Iosif Itkin
 
Overview xs en
Overview xs enOverview xs en
Overview xs en
Sophie Morin
 
SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...
SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...
SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...
Daniel Bryant
 
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...
Daniel Bryant
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
MyNOG
 
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
WSO2
 
Cloud APIs Overview Tucker
Cloud APIs Overview TuckerCloud APIs Overview Tucker
Cloud APIs Overview Tucker
Infrastructure 2.0
 
Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?
Eurotech
 
Cloudify: Open vCPE Design Concepts and Multi-Cloud Orchestration
Cloudify: Open vCPE Design Concepts and Multi-Cloud OrchestrationCloudify: Open vCPE Design Concepts and Multi-Cloud Orchestration
Cloudify: Open vCPE Design Concepts and Multi-Cloud Orchestration
Cloudify Community
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
MyNOG
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service Mesh
Lew Tucker
 
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
apidays
 
Microservice Powered Orchestration
Microservice Powered OrchestrationMicroservice Powered Orchestration
Microservice Powered Orchestration
Open Networking Summit
 
Managing Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on KubernetesManaging Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on Kubernetes
Iftach Schonbaum
 
DEVNET-1153 Enterprise Application to Infrastructure Integration – SDN Apps
DEVNET-1153 Enterprise Application to Infrastructure Integration – SDN AppsDEVNET-1153 Enterprise Application to Infrastructure Integration – SDN Apps
DEVNET-1153 Enterprise Application to Infrastructure Integration – SDN Apps
Cisco DevNet
 

Similar to Istio Service Mesh for Developers and Platform Engineers (20)

Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service Mesh
 
Oracle Open World 2018 - Cloud Lift Accelerator Suite
Oracle Open World 2018 - Cloud Lift Accelerator SuiteOracle Open World 2018 - Cloud Lift Accelerator Suite
Oracle Open World 2018 - Cloud Lift Accelerator Suite
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
 
How we buit microservices
How we buit microservicesHow we buit microservices
How we buit microservices
 
EXTENT-2016: Network Instrumentation Challenges and Solutions
EXTENT-2016: Network Instrumentation Challenges and SolutionsEXTENT-2016: Network Instrumentation Challenges and Solutions
EXTENT-2016: Network Instrumentation Challenges and Solutions
 
Overview xs en
Overview xs enOverview xs en
Overview xs en
 
SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...
SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...
SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...
 
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
 
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
 
Cloud APIs Overview Tucker
Cloud APIs Overview TuckerCloud APIs Overview Tucker
Cloud APIs Overview Tucker
 
Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?
 
Cloudify: Open vCPE Design Concepts and Multi-Cloud Orchestration
Cloudify: Open vCPE Design Concepts and Multi-Cloud OrchestrationCloudify: Open vCPE Design Concepts and Multi-Cloud Orchestration
Cloudify: Open vCPE Design Concepts and Multi-Cloud Orchestration
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service Mesh
 
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
 
Microservice Powered Orchestration
Microservice Powered OrchestrationMicroservice Powered Orchestration
Microservice Powered Orchestration
 
Managing Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on KubernetesManaging Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on Kubernetes
 
DEVNET-1153 Enterprise Application to Infrastructure Integration – SDN Apps
DEVNET-1153 Enterprise Application to Infrastructure Integration – SDN AppsDEVNET-1153 Enterprise Application to Infrastructure Integration – SDN Apps
DEVNET-1153 Enterprise Application to Infrastructure Integration – SDN Apps
 

Recently uploaded

Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Erasmo Purificato
 
Data Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber SecurityData Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber Security
anupriti
 
How RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptxHow RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptx
SynapseIndia
 
GDG Cloud Southlake #34: Neatsun Ziv: Automating Appsec
GDG Cloud Southlake #34: Neatsun Ziv: Automating AppsecGDG Cloud Southlake #34: Neatsun Ziv: Automating Appsec
GDG Cloud Southlake #34: Neatsun Ziv: Automating Appsec
James Anderson
 
How Netflix Builds High Performance Applications at Global Scale
How Netflix Builds High Performance Applications at Global ScaleHow Netflix Builds High Performance Applications at Global Scale
How Netflix Builds High Performance Applications at Global Scale
ScyllaDB
 
AI_dev Europe 2024 - From OpenAI to Opensource AI
AI_dev Europe 2024 - From OpenAI to Opensource AIAI_dev Europe 2024 - From OpenAI to Opensource AI
AI_dev Europe 2024 - From OpenAI to Opensource AI
Raphaël Semeteys
 
MYIR Product Brochure - A Global Provider of Embedded SOMs & Solutions
MYIR Product Brochure - A Global Provider of Embedded SOMs & SolutionsMYIR Product Brochure - A Global Provider of Embedded SOMs & Solutions
MYIR Product Brochure - A Global Provider of Embedded SOMs & Solutions
Linda Zhang
 
AC Atlassian Coimbatore Session Slides( 22/06/2024)
AC Atlassian Coimbatore Session Slides( 22/06/2024)AC Atlassian Coimbatore Session Slides( 22/06/2024)
AC Atlassian Coimbatore Session Slides( 22/06/2024)
apoorva2579
 
UiPath Community Day Kraków: Devs4Devs Conference
UiPath Community Day Kraków: Devs4Devs ConferenceUiPath Community Day Kraków: Devs4Devs Conference
UiPath Community Day Kraków: Devs4Devs Conference
UiPathCommunity
 
@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time
@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time
@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time
amitchopra0215
 
The Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive ComputingThe Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive Computing
Larry Smarr
 
Cookies program to display the information though cookie creation
Cookies program to display the information though cookie creationCookies program to display the information though cookie creation
Cookies program to display the information though cookie creation
shanthidl1
 
What Not to Document and Why_ (North Bay Python 2024)
What Not to Document and Why_ (North Bay Python 2024)What Not to Document and Why_ (North Bay Python 2024)
What Not to Document and Why_ (North Bay Python 2024)
Margaret Fero
 
Performance Budgets for the Real World by Tammy Everts
Performance Budgets for the Real World by Tammy EvertsPerformance Budgets for the Real World by Tammy Everts
Performance Budgets for the Real World by Tammy Everts
ScyllaDB
 
Implementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real worldImplementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real world
Emerging Tech
 
Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...
BookNet Canada
 
STKI Israeli Market Study 2024 final v1
STKI Israeli Market Study 2024 final v1STKI Israeli Market Study 2024 final v1
STKI Israeli Market Study 2024 final v1
Dr. Jimmy Schwarzkopf
 
HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)
Alpen-Adria-Universität
 
What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024
Stephanie Beckett
 
Verti - EMEA Insurer Innovation Award 2024
Verti - EMEA Insurer Innovation Award 2024Verti - EMEA Insurer Innovation Award 2024
Verti - EMEA Insurer Innovation Award 2024
The Digital Insurer
 

Recently uploaded (20)

Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
 
Data Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber SecurityData Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber Security
 
How RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptxHow RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptx
 
GDG Cloud Southlake #34: Neatsun Ziv: Automating Appsec
GDG Cloud Southlake #34: Neatsun Ziv: Automating AppsecGDG Cloud Southlake #34: Neatsun Ziv: Automating Appsec
GDG Cloud Southlake #34: Neatsun Ziv: Automating Appsec
 
How Netflix Builds High Performance Applications at Global Scale
How Netflix Builds High Performance Applications at Global ScaleHow Netflix Builds High Performance Applications at Global Scale
How Netflix Builds High Performance Applications at Global Scale
 
AI_dev Europe 2024 - From OpenAI to Opensource AI
AI_dev Europe 2024 - From OpenAI to Opensource AIAI_dev Europe 2024 - From OpenAI to Opensource AI
AI_dev Europe 2024 - From OpenAI to Opensource AI
 
MYIR Product Brochure - A Global Provider of Embedded SOMs & Solutions
MYIR Product Brochure - A Global Provider of Embedded SOMs & SolutionsMYIR Product Brochure - A Global Provider of Embedded SOMs & Solutions
MYIR Product Brochure - A Global Provider of Embedded SOMs & Solutions
 
AC Atlassian Coimbatore Session Slides( 22/06/2024)
AC Atlassian Coimbatore Session Slides( 22/06/2024)AC Atlassian Coimbatore Session Slides( 22/06/2024)
AC Atlassian Coimbatore Session Slides( 22/06/2024)
 
UiPath Community Day Kraków: Devs4Devs Conference
UiPath Community Day Kraków: Devs4Devs ConferenceUiPath Community Day Kraków: Devs4Devs Conference
UiPath Community Day Kraków: Devs4Devs Conference
 
@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time
@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time
@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time
 
The Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive ComputingThe Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive Computing
 
Cookies program to display the information though cookie creation
Cookies program to display the information though cookie creationCookies program to display the information though cookie creation
Cookies program to display the information though cookie creation
 
What Not to Document and Why_ (North Bay Python 2024)
What Not to Document and Why_ (North Bay Python 2024)What Not to Document and Why_ (North Bay Python 2024)
What Not to Document and Why_ (North Bay Python 2024)
 
Performance Budgets for the Real World by Tammy Everts
Performance Budgets for the Real World by Tammy EvertsPerformance Budgets for the Real World by Tammy Everts
Performance Budgets for the Real World by Tammy Everts
 
Implementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real worldImplementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real world
 
Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...
 
STKI Israeli Market Study 2024 final v1
STKI Israeli Market Study 2024 final v1STKI Israeli Market Study 2024 final v1
STKI Israeli Market Study 2024 final v1
 
HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)
 
What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024
 
Verti - EMEA Insurer Innovation Award 2024
Verti - EMEA Insurer Innovation Award 2024Verti - EMEA Insurer Innovation Award 2024
Verti - EMEA Insurer Innovation Award 2024
 

Istio Service Mesh for Developers and Platform Engineers

  • 1. Sai, Field Engineer @ Solo.io Istio Service Mesh For Developers & Platform Engineers
  • 4. Business Drivers for Application Modernization Reduce Costs / Shift Capex to Opex Access to Innovation Increase flexibility and Capacity of Infrastructure Increase Velocity of Development Reduce Risk Monolithic Microservices
  • 5. The Way We Build Applications Monolithic On-Prem Built on a VM+OS Large Teams Microservices Cloud Built on Kubernetes Agile Teams
  • 6. Challenges with Microservices ● How to observe interactions among services? ● How to secure service to service communication? ● How to manage transient failures? ● How to control traffic?
  • 7. Online Boutique Microservices Demo Source: https://github.com/GoogleCloudPlatform/microservices-demo
  • 8. Application Networking Challenges ● Service discovery ● Load balancing ● Timeouts ● Retry / Budgets ● Circuit breaking ● Tracing, observability ● Secure transport ● Extension Challenges
  • 10. Data Plane & Control Plane
  • 11. Why Envoy for Service Mesh Data Plane ● Neutral Foundation (CNCF) ● Large, diverse, vibrant community ● Built ground up for dynamic services environment ● Dynamic configuration, driven by API ● Highly extensible ● L7 filters (HTTP/1, HTTP/2, gRPC, redis, mysql, Kafka, etc) ● Deep signals telemetry out of the box ● Versatile deployment options
  • 12. Istio - Open Source Service Mesh 2017 Istio Launched Data Plane Enhancements 2019-20 7 New Community Releases 1000s Production Users ~ 1000 Community Contributors 2022 CNCF 2019-2022
  • 14. Istio Service Mesh Architecture
  • 15. Istio Deployment (Sidecar Architecture)
  • 19. Secure Networking - Server Side TLS
  • 21. Network Security in Kubernetes Default State !!! Desired State “Zero Trust Security”
  • 22. DIY … Whoops ! ○ 81% of companies experienced a certificate-related outage in the past two years ○ 65% are concerned about the increased workload and risk of outages caused by shorter SSL/TLS certificate lifespans. ○ Human error was a major contributing factor in 95% of breaches
  • 23. Istio to the Rescue !
  • 24. Resiliency - There will be Failures Common Mitigations ● Waiting indefinitely is bad ● Trying again is good ● Degrade gracefully when services are overwhelmed
  • 25. Timeout - Don’t wait Indefinitely
  • 26. Retry - Trying Again is Good 👍
  • 27. Circuit Breaker - Degrade gracefully
  • 28. Observability - Insights for Competitive Advantage Building a Uniform Approach ● Understand traffic patterns ● Determine service health ● Anticipate outages ● Detect dangerous activity ● Audit access
  • 29. Observability - Metrics and Access Logging [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default metrics
  • 30. RECAP
  • 31. Business Drivers for Adopting Istio
  • 32. Life without ServiceMesh `vs` Life with ServiceMesh Business Logic Security Logic Traffic Management Logic Golden Metrics/ Observability Logic Resiliency Logic Managed by Developer - Multiple Tasks - Multiple Frameworks - Language Specific - Poor Dev Experience - 100s of Manual Steps Business Logic Security Logic Traffic Management Logic Golden Metrics/ Observability Logic Resiliency Logic Managed by Developer - Focus on Biz Logic - Developer Productivity Managed by ServiceMesh - Automated Workflow - Deploy Consistent Infrastructure Layer - Eliminate Language Specific Libraries - Consistent Security & Observability across LOBs Before Service Mesh After Service Mesh Microservice App Microservice App
  • 33. Istio Deployment (Sidecar Architecture)
  • 34. Istio Ambient Mesh (Sidecar-less Architecture) A recent, open source contribution to the Istio project, that defines a new sidecar-less data plane. Improve Performance Simplify Operations Cost Reduction https://istio.io/latest/blog/2022/introducing-ambient-mesh/
  • 36. Something to think about …
  • 37. Something to think about …
  • 38. ● the Istio Ingress Gateway doesn’t provide the capabilities of an enterprise API gateway ● It’s complex to use and to manage, especially in a multi-cloud context ● mTLS across the clusters ● Lifecycle management for control planes and istio gateways ● Global Observability (centralized metrics and access logging) ● Long term support Something to think about …
  • 40. Learn More … 10,000+ students have attended hands-on workshops 1,800+ engineers have achieved certifications NPS Score 75 https://academy.solo.io