►
From YouTube: Your laptop as part of the service mesh
Description
#IstioCon2021
Presented at IstioCon 2021 by Lorenzo Fundaró.
In this talk, we will show how we used Istio’s EnvoyFilter to dynamically route requests from our QA cluster to a developer’s laptop and back. This networking hack significantly eased development, especially when running end-to-end tests and helped us reduce infrastructure costs.
A
A
A
A
Our
clusters,
both
production
and
qa,
are
running
kubernetes
and
easter.
So
now
the
problem
today
running
end-to-end
tests
at
omeo
is
both
not
efficient
and
cost.
Effective
people
are
running
tests
today
in
qa,
but
this
process
is
slow
as
it
requires
many
steps
in
the
pipeline
to
reach
qa
and
then
find
out
if
there
was
a
problem,
other
people
spin
up
standalone
vms,
where
they
need
to
go
through
the
lengthy
process
of
putting
strap
bootstrapping
all
the
dependencies
that
they
need
for
the
test.
A
So
why
is
this
process
neither
efficient
nor
cost
effective?
So
first,
I
would
like
to
minimize
time
to
bug
detection.
Ideally,
I
would
like
to
run
this
test
at
pr
time
or
even
from
the
comfort
of
my
laptop
today.
We
are
just
three
steps
away
to
find
if
there
is
a
problem
allow
simultaneousness,
particularly
if
you're,
if
you're,
if
you're
testing
a
particular
service,
you
want
to
make
sure
you
go
one
commute
at
a
time,
so
you
don't
have
noise
or
overlapping
tests.
A
We
want
to
reuse
existing
infrastructure
as
well.
So
all
these
services
that
are
being
bootstrapped
in
vms
they're
already
existing
in
qa.
So
why
not
reuse
them
at
this
point
you
may
ask,
but
why
don't
you
do
mocking
or
contract
testing
at
the
scale
of
800
providers?
Mocking
has
a
high
cost.
Also
mocks
are
like
any
other
software.
They
will
have
bugs
and
they'll
require
maintenance.
A
So
can
we
do
better
in
this
diagram?
We
have
a
qa
cluster
with
three
services,
a
b
and
c
a
request
triggers
a
chain
of
call
that
hits
a
then
normally
should
go
to
b
and
then
c.
What?
If,
for
that
particular
request?
I
can
change
that
chain
of
call
and
make
it
hit
b
star
on
my
laptop
and
we
filter
to
the
rescue.
A
A
A
A
Let's
take
a
look
at
a
pseudo
implementation
of
our
function,
so
you
get
check
you
first
check
if
the
header
is
present
and
if
there
is
a
match,
if
there
is
no
match
with
the
service
that
this
this
function
is
running
in,
then
you
just
return
and
the
flow
goes
as
normal.
If
there
is
a
match,
then
you
take
the
address.
You
take
the
headers
of
the
original
request
and
you
make
the
call
to
whatever
you
need
to
make
it
and
notice
that
we
respond
immediately.
A
The
only
problem
is
that
your
laptop
is
not
part
of
the
service
mesh
cloud.
This
lua
code
can
only
make
calls
to
members
of
the
mesh,
and
but
this
is
easy
to
overcome.
We
can
have
a
dummy
proxy
that
will
be
now
called
by
the
lua
code.
Then
it
passes
the
contract
header
and
makes
any
http
calls
that
needs
to
do
so.
The
big
picture
looks
like
this.
A
Let's
say
we
have
a
request
that
has
routing
information
with
for
b,
so
the
request
gets
to
a
there's
no
match
with
service
a
then.
It
goes
to
b
the
lua
code
finds
a
match
with
b
and
sends
that
request
to
our
that
route
proxy
running
in
the
cluster,
this
proxy
parses
the
contract
and
then
sends
the
request.
Finally
to
be
running
your
laptop
notice.
That
b
doesn't
have
to
be
your
laptop.
A
It
can
be
also
a
c
agent
or
anything
you
want
as
long
as
there
is
connectivity,
what
about
virtual
services,
so
this
can
also
be
implemented
with
virtual
services,
but
the
goal
of
this
contract
was
to
make
it
as
easy
as
possible
for
developers
to
use
this
rerouting
feature.
We
didn't
want
them
to
have
any
prior
knowledge
to
istio
or
having
to
deploy
virtual
services
and
destination
groups
so
our
checkpoint.
A
We
now
can
run
this
test
from
pr
or
from
our
laptop.
We
can
have
as
many
simultaneous
tests
as
possible
because
this
routing
happens
on
a
per
request
basis.
We
can
also
reuse
all
the
infrastructure
we
have
in
qa
and
reduce
costs,
so
it
seems
that
we're
doing
good
drawbacks.
Yes,
there
are
drawbacks.
The
contract
header
needs
to
be
preserved
all
the
way
through
the
call
chain.
A
That
can
be
a
problem,
if
does
if
there
is
no,
if
the
servers
don't
pass
the
header,
let's
do
a
demo
now.
So,
on
the
left
side,
we
have
a
kubernetes
cluster
running
an
echo
server.
Let's
imagine
this
is
b
and
let's
check
it
out.
A
A
And
now
we
have
here
a
docker,
an
echo
server
running
in
docker
on
port
8001.
This
echo
server
is
the
same
one
as
the
one.
It's
the
same
one
as
the
one
in
the
cluster.
A
So
now
we're
making
we're
going
to
make
a
request
again
to
the
server
running
in
kubernetes
on
port
30.
But
this
time
we're
gonna,
add
our
header.
Actually
you
have
it
somewhere
here,
yeah
there.
You
go
so
notice
that
we
add
this.
The
brow
header
saying
when
you
hit
echo
server,
please
send
it
to
docker
on
port
8001..
A
So
some
learnings,
I
think
the
adoption
rate
of
this
contract
has
been
lower
than
we
expected.
A
People
are
some.
Some
teams
are
using
this
on
their
day-to-day
workflow,
but
some
others
aren't
because
they
are
using
grpc
mainly
and
this
contract
doesn't
support
that.
I
think
at
the
end
of
the
day,
the
we
had
a
lot
of
fun
doing
this
and
the
experience
is
positive,
and
so
we
use
issue
in
ways
we
never
thought
of,
and
we
thought
it
was
worth
sharing
this
with
you.
A
So
thank
you
very
much
and
if
you
have
any
questions
or
want
to
try
to
dig
in
a
bit
more
on
this,
please
check
our
blog
post
on
medium
or
our
reference
implementation,
I'll
be
also
on
slack
answering
questions.
Thank
you
very
much.
Bye.