Skip to content

01 Managing Microservices With Istio

Jump to bottom
Kim Schlesinger edited this page Jul 20, 2018 · 3 revisions

Standardizing Microservice Management with a Service Mesh

Neeraj Poddar from Aspen Mesh: July 19, 2018

Service Mesh Definition

  • A service mesh is a magical routing layer for microservices. The mesh provides service discovery, load balancing, encryption, auth and support
  • An infrastructure layer that handles communications between your applications (microservices)

Architectural Options

  • Per-node proxy
  • Sidecar Proxy
    • The proxy lives in the same node as the app
    • The sidecar should be compact

Managing Microservices with Istio

https://istio.io/docs/concepts/what-is-istio/overview/

  • Istio uses Envoy as a sidecar

Control Plane Components

  • Pilot
    • Looks at the configuration files
  • Mixer
    • Enforces policies
    • Quota enforement (how many requests per second, etc.)
    • Telemetry
  • Citadel
    • Service to service auth
    • End-User Auth
  • Sidecar Injector
    • Monitors K8s for new pods to inject
  • Ingress Gateway
    • allows traffic into your cluster
  • Egress Gateway
    • allows traffic out of your cluster

Traffic Management

  • Setting up how you want your traffic to flow into your mesh
  • Request routing
    • Looking at request headers
  • Fault Injection
    • Verifying the resilance of our applications
  • Traffic Shifting
    • A form of canary deployment
  • Request Timeouts
    • Configuring when a request should be abandoned

Security (Citadel)

  • How can you secure your microservices environment?
  • Authentication
    • Origin-based auth. Istio can make sure that the user has the proper credentials
    • Peer-based auth: mutual TLS
    • RBAC

Policy and Telemetry (Mixer)

  • Rate Limiting
  • Distributed Tracing
    • Tracking how microservies interact
    • Lets you see latency and trace failures
    • See here
Clone this wiki locally