►
From YouTube: Istio in 5 minutes
Description
In this video, Megan O'Keefe from Google Cloud Developer Relations takes you on a whirlwind tour of Istio and it's features - all in 5 minutes!
A
Hi
I'm
Megan,
and
this
is
sto
in
five
minutes
running
software
applications
is
not
easy.
You
might
be
operating
in
different
regions,
different
platforms,
some
of
your
applications
may
run
in
virtual
machines,
others
may
run
in
containers
and
the
applications
themselves
might
be
written
in
different
programming
languages
or
use
different
Network
protocols.
So
how
do
you
keep
track
of
everything?
How
do
you
make
sure
all
of
your
services
are
healthy?
A
How
do
you
enforce
policies
across
all
of
those
different
environments
and
how
do
you
let
your
app
developers
focus
on
writing
features
and
how
do
you
do
all
of
that
without
imposing
toil
or
extra
burden
on
your
core
ops
or
platform
team
Bustillo
is
designed
to
help
with
some
of
these
challenges.
Sto
is
a
service
mesh
tool.
A
service
mesh
is
a
way
to
connect
all
of
your
services,
together
with
one
consistent,
Network
and
observability
layer.
Sto
works
by
placing
a
layer,
seven
proxy,
the
Envoy
proxy.
A
Next
to
all
of
your
workloads,
all
of
your
services
and
all
of
those
proxies
mediate.
The
traffic
going
in
and
out
of
your
services,
both
capturing
metrics
around
that
traffic
and
enforcing
traffic
and
security
rules.
You
can
then
use
stos
api's
through
yamo
files
to
add
lots
of
different
kinds
of
traffic
policies
and
security
policies
to
allow
envoy
to
enforce
those
rules
on
your
behalf
at
scale.
Installing
Castillo
is
really
easy.
A
A
All
you
have
to
do
is
label
the
name
space
where
your
applications
live
for
SEO,
sidecar
injection,
then
you
can
deploy
kubernetes
pods,
like
you
usually
would
into
your
cluster
and
sto
will
inject
the
Envoy
proxy
into
your
pods
for
you,
and
once
you
deploy
an
application
with
asti
o
enabled
there
are
a
lot
of
features
you
get
right
out
of
the
box
without
any
additional
configuration.
For
example,
all
of
these
Envoy
proxies
are
sending
metrics
about
the
traffic
happening
between
my
services
into
prometheus,
which
is
pre
shipped
with
this.
A
A
What
is
the
error
rate
to
get
sort
of
immediate
visibility
into
the
running
state
of
my
app
sto
also
comes
pre
shipped
with
key
ollie,
which
is
a
service
graph
tool
which
allows
me
to
see
the
dependencies
between
my
services
at
run
time,
and
if
there
are
problems,
for
example,
errors
between
two
specific
services
Jiali
makes
that
really
clear
and
allows
you
to
more
easily
diagnose
when
things
go
wrong.
Seo
can
also
automate
lots
of
different
security
tasks.
A
For
example,
sto
lets
you
enable
mutual
TLS
authentication
or
encryption
in
transit
inside
of
your
service
mesh
without
any
application
code
changes.
This
teo
also
handles
all
of
the
client
certs
for
you,
so
you
don't
have
to
manage
them.
You
can
also
use
the
sto
API
to
create
service,
specific
authorization
policies
based
on
specific
request
level
rules,
and
yes,
sto
also
does
a
lot
of
network
automation
tasks,
for
example
canary
deployments.
A
So
here
we
are
deploying
a
new
version
of
one
of
our
back-end
services
and
we're
using
the
SCO
api's
to
send
a
small
percentage
of
traffic
to
the
new
version
of
the
service.
This
allows
us
to
easily
see
if
something's
going
wrong
in
production
before
we
send
all
of
the
traffic
to
v2.
We
can
use
the
ple
service
graph
as
well
to
view
the
traffic
splitting
at
runtime
between
the
two
versions
of
our
service.
A
Another
cool
networking
feature
of
SDO
is
ingress
or
traffic
coming
into
your
service
mesh
from
outside
in
sto
ingress
traffic
is
done
through
an
envoy
proxy,
which
is
the
same
way
that
in
cluster
traffic
is
handled.
This
allows
you
to
actually
use
STS
api's
to
do
both
inbound
and
east-west
traffic
in
your
mesh
here.
We're
using
stos
api's
to
expose
our
front-end
service
to
the
public
internet
via
the
sto,
ingress
gateway,
and
this
deal
can
do
all
of
this
stuff
in
a
hybrid
and
multi
cluster
environment
as
well.
A
So
SDO
supports
multi
cluster
that
you
can
run
sto
control
planes
in
different
environments
and
connect
them
all
together
into
one
logical
mesh.
This
is
really
powerful
because
from
there
you
can
start
to
centralize
things
like
security
policies.
You
can
store
them
and
get
sync
them
down
to
all
of
your
clusters
together
and
be
able
to
more
easily
audit
when
configuration
changes
happen
as
well
as
rollback.
A
If
there's
a
problem
and
if
you're
running
services
in
multiple
geographic
regions,
you
can
use
sto
locality
load
balancing
to
do
regional
failover
from
one
region
to
another
which
helps
you
keep
the
lights
on
for
your
users,
even
if
there's
a
really
big
outage.
So
in
the
end,
sto
is
really
designed
to
help
your
organization.