Istio Service Mesh
Everything you need to coordinate microservices in a service mesh with the powerful monitoring and management tool, Istio.
In this session, we will introduce you to cloud native architecture by demonstrating numerous principles and techniques for building and deploying Java microservices via Spring Boot, Wildfly Swarm and Vert.x, while leveraging Istio on Kubernetes with OpenShift.
Introduction to Istio Service Mesh
A service mesh provides traffic monitoring, access control, discovery, security, resiliency, and other useful things to a group of services. Istio does all that, but it doesn't require any changes to the code of any of those services. To make the magic happen, Istio deploys a proxy (called a sidecar) next to each service. All of the traffic meant for a service goes to the proxy, which uses policies to decide how, when, or if that traffic should go on to the service. Istio also enables sophisticated DevOps techniques such as canary deployments, circuit breakers, fault injection, and more.
How Istio Works with Containers and Kubernetes
Istio service mesh is a sidecar container implementation of the features and functions needed when creating and managing microservices. Monitoring, tracing, circuit breakers, routing, load balancing, fault injection, retries, timeouts, mirroring, access control, rate limiting, and more, are all a part of this. While all those features and functions are now available by using a myriad of libraries in your code, what sets Istio apart is that you get these benefits with no changes to your source code.
By using the sidecar model, Istio runs in a Linux container in your Kubernetes pods (much like a sidecar rides along side a motorcycle) and injects and extracts functionality and information based on your configuration. Again (for emphasis), this is your configuration that lives outside of your code. This immediately lessens code complexity and heft.
It also (and this is important), moves operational aspects away from code development and into the domain of operations. Why should a developer be burdened with circuit breakers and fault injections and should they respond to them? Yes, but for handling and/or creating them? Take that out of your code and let your code focus on the underlying business domain. Make the code smaller and less complex.
The Service Mesh
Istio's functionality running outside of your source code introduces the concept of Service Mesh. That's a coordinated group of one or more binaries that make up a mesh of networking functions. If you haven't already, you're going hear about Service Mesh a lot in the coming months.
Overview of How Istio works with Microservices
Here's the 30,000-foot view of how a sidecar container works with Kubernetes and Minishift. Once you've started your Minishift instance, you create a project for Istio (let's call it "istio-system"), and you install and start all of the Istio-related components. From there, as you create projects and pods, you add configuration information to your deployments, and your pods will use Istio. The following diagram is a simple overview:
Once you're at this point, you can start to change Istio settings to invoke fault injection or support a Canary Deployment or anything else Istio supports -- all while never touching your application source code. For example, let's say you want to direct all web traffic from users from your largest customer (Foo Corporation) to a new version of your website. You may decide to do this by simply creating an Istio Route Rule that searches for @foocorporation.com in their user id and directs them appropriately. To the rest of the world, this is transparent. Meanwhile, you can test your new software. This doesn't require a developer in order for it to happen.
Is It Expensive?
No. Istio is pretty fast. It's written in Go and adds a very tiny overhead to your system. Plus, what you may lose in online performance should be paid for by increased developer efficiency and speed. That's the theory at least. Don't overlook the fact that developers are expensive. As for the software, Istio is open source, so you can grab it and start using it now.
Do It Yourself
Want to see for yourself? The Red Hat Developer Experience Team has developed an in-depth, hands-on tutorial that you can use to learn more about Istio. It supports Linux, macOS, and Windows, with code in either Java or Node.js.
Deep Dive: Istio Service Mesh for Microservices
The book covers the following topics:
- What is a service mesh?
- Understanding Istio and the importance of its capabilities in a microservices architecture
- How to do the following with Istio:
- Resilience patterns
- Routing patterns
- Chaos testing
- Telemetry collection with tracing, metrics, and Grafana
Get familiar with Service Mesh and why you'd use it. Then learn how to install Istio on a Kubernetes (OpenShift) cluster.
Use Istio to deploy three microservices with Spring Boot and Vert.x.
Learn about Istio’s out-of-the-box monitoring, custom metrics, and OpenTracing via Prometheus and Grafana.
Discover how Istio can be used to control routes based on simple rules.
Learn about Istio’s smart routing, access control, load balancing, and rate limiting.
Understand failure scenarios of distributed computing by working through HTTP errors and network delays, applying chaos engineering to repair the environment.
Install Siege to stress test URLs, fail fast, and achieve the ultimate back-end resilience using retries, circuit breaker, and pool ejection.
Use Egress routes to apply rules to how internal services interact with external APIs and services.
Explore Kiali’s ability to give a big picture of the mesh and show the whole flow of requests and data.
Create an Istio Gateway and VirtualService, then get a closer look at mutual TLS (mTLS) to learn its settings.