Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Istio / Istio Feature Tours / 10 Jun 2020
Istio / Istio Feature Tours / 10 Jun 2020
Previous Meeting
Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Istio in 5 minutes

Description

In this video, Megan O'Keefe from Google Cloud Developer Relations takes you on a whirlwind tour of Istio and it's features - all in 5 minutes!

A

Hi I'm Megan, and this is sto in five minutes running software applications is not easy. You might be operating in different regions, different platforms, some of your applications may run in virtual machines, others may run in containers and the applications themselves might be written in different programming languages or use different Network protocols. So how do you keep track of everything? How do you make sure all of your services are healthy?

A

How do you enforce policies across all of those different environments and how do you let your app developers focus on writing features and how do you do all of that without imposing toil or extra burden on your core ops or platform team Bustillo is designed to help with some of these challenges. Sto is a service mesh tool. A service mesh is a way to connect all of your services, together with one consistent, Network and observability layer. Sto works by placing a layer, seven proxy, the Envoy proxy.

A

Next to all of your workloads, all of your services and all of those proxies mediate. The traffic going in and out of your services, both capturing metrics around that traffic and enforcing traffic and security rules. You can then use stos api's through yamo files to add lots of different kinds of traffic policies and security policies to allow envoy to enforce those rules on your behalf at scale. Installing Castillo is really easy.

A

All you need to start is one kubernetes cluster I have one cluster here running in Google, Cloud and I use the sto CTL command line tool to install sto on to my cluster. Once sto is installed and ready to go.

A

All you have to do is label the name space where your applications live for SEO, sidecar injection, then you can deploy kubernetes pods, like you usually would into your cluster and sto will inject the Envoy proxy into your pods for you, and once you deploy an application with asti o enabled there are a lot of features you get right out of the box without any additional configuration. For example, all of these Envoy proxies are sending metrics about the traffic happening between my services into prometheus, which is pre shipped with this.

A

Do and those metrics are made visible in some pre-configured core fauna dashboards. That tell me things such as what is the latency of my services? What is the request throughput?

A

What is the error rate to get sort of immediate visibility into the running state of my app sto also comes pre shipped with key ollie, which is a service graph tool which allows me to see the dependencies between my services at run time, and if there are problems, for example, errors between two specific services Jiali makes that really clear and allows you to more easily diagnose when things go wrong. Seo can also automate lots of different security tasks.

A

For example, sto lets you enable mutual TLS authentication or encryption in transit inside of your service mesh without any application code changes. This teo also handles all of the client certs for you, so you don't have to manage them. You can also use the sto API to create service, specific authorization policies based on specific request level rules, and yes, sto also does a lot of network automation tasks, for example canary deployments.

A

So here we are deploying a new version of one of our back-end services and we're using the SCO api's to send a small percentage of traffic to the new version of the service. This allows us to easily see if something's going wrong in production before we send all of the traffic to v2. We can use the ple service graph as well to view the traffic splitting at runtime between the two versions of our service.

A

Another cool networking feature of SDO is ingress or traffic coming into your service mesh from outside in sto ingress traffic is done through an envoy proxy, which is the same way that in cluster traffic is handled. This allows you to actually use STS api's to do both inbound and east-west traffic in your mesh here. We're using stos api's to expose our front-end service to the public internet via the sto, ingress gateway, and this deal can do all of this stuff in a hybrid and multi cluster environment as well.

A

So SDO supports multi cluster that you can run sto control planes in different environments and connect them all together into one logical mesh. This is really powerful because from there you can start to centralize things like security policies. You can store them and get sync them down to all of your clusters together and be able to more easily audit when configuration changes happen as well as rollback.

A

If there's a problem and if you're running services in multiple geographic regions, you can use sto locality load balancing to do regional failover from one region to another which helps you keep the lights on for your users, even if there's a really big outage. So in the end, sto is really designed to help your organization.

A

Have consistency across environments, reduce toil, improve observer ability and be able to scale up to having lots of services without actually having to scale up your core platform team- and this is really just the beginning of what sto can do to learn more about service mesh and how you can get started with sto check out the documentation, I'm Meghan, and this was sto in five minutes.