热门城市
- 快召唤伙伴们来围观吧
- 微博 QQ QQ空间 贴吧
- 文档嵌入链接
- 复制
- 微信扫一扫分享
- 已成功复制到剪贴板
Istio-构造、守护、监控微服务的守护神
Istio-构造、守护、监控微服务的守护神
展开查看详情
1 .Istio: Weaving, Securing and Observing Microservices LIN SUN Senior Technical Staff Member, IBM
2 .Lin Sun IBM Senior Technical Staff Member & Master Inventor Istio Steering Committee member Istio Technical Steering Committee member Frequent Speakers (DockerCon, KubeCon, All Things Open, OpenStack Summit, ContainerCon, InteropITX, API World, etc)
3 .2 mins Why Istio? 10 mins Introduction to Istio 5 mins Istio User Cases 15 mins Istio v0.8 Update 8 mins Istio v1.0 5 mins Q/A
4 .The Problem modern distributed architecture container based services deployed into dynamic environments composed via the network
5 .The Problem IT’s shift to a modern distributed architecture has left enterprises unable to monitor, manage or secure their services in a consistent way.
6 .Istio An open platform to connect, manage, monitor, and secure microservices.
7 .Istio An open platform to connect, manage, monitor, and secure microservices. Connect: Discovery, Resiliency, Load Balancing Manage: Traffic Control, Policy Enforcement Monitor: Metrics, Logging, Tracing Secure: Encryption (TLS), Authentication, and Authorization of service-to- service communication
8 .2 mins Why Istio? 10 mins Introduction to Istio 5 mins Istio User Cases 15 mins Istio v0.8 Update 8 mins Istio v1.0 5 mins Q/A
9 .How does it work? A B call
10 .How does it work? 1. Deploy a proxy (Envoy) beside your application (“sidecar deployment”) A B Envoy Envoy call
11 .How does it work? 2. Deploy Pilot to configure the sidecars A B Envoy Envoy config Envoy Pilot
12 .How does it work? 3. Deploy Mixer to get telemetry and enforce policy A B Envoy telemetry Envoy policy decisions Envoy Envoy Pilot Mixer
13 .How does it work? 4. Deploy Citadel to assign identities and enable secure communication A B Envoy Envoy certs Envoy Envoy Envoy Pilot Mixer Citadel
14 .How does it work? A calls B A B Envoy Envoy Envoy Envoy Envoy Pilot Mixer Citadel
15 .How does it work? A’s sidecar intercepts the call A B Envoy Envoy Envoy Envoy Envoy Pilot Mixer Citadel
16 .How does it work? A’s sidecar selects a destination A B Envoy Envoy Envoy Envoy Envoy Pilot Mixer Citadel
17 .How does it work? B’s sidecar performs policy checks A B Envoy Envoy Envoy Envoy Envoy Pilot Mixer Citadel
18 .How does it work? B’s sidecar forwards the call to B A B Envoy Envoy Envoy Envoy Envoy Pilot Mixer Citadel
19 .How does it work? B’s response is sent back A B Envoy Envoy Envoy Envoy Envoy Pilot Mixer Citadel
20 .How does it work? Both sidecars report telemetry data A B Envoy Envoy Envoy Envoy Envoy Pilot Mixer Citadel
21 .Wire it up together Ingress Egress Gateway Gateway
22 .2 mins Why Istio? 10 mins Introduction to Istio 5 mins Istio User Cases 15 mins Istio v0.8 Update 8 mins Istio v1.0 5 mins Q/A
23 .Istio has lots of features Provides a network for services: Key Features: Security Service authn and identity Authorization Policy Enforcement Rate limiting Resiliency Load balancing / shedding Traffic Control Retries and circuit breaking Observability Fine-grained routing Metrics and logs generation Request tracing Fault injection
24 .The Weather Company Journey Why Istio? Using Istio 8 months Single platform for many tools api.weather.com not in production yet Significantly less code to write Some smaller APIs using Istio in production Enterprise support and testing Actively working on 0.8.0 & 1.0 support Cloud agnostic Cloud Native
25 .The Weather Company Istio allows us to … Resolve issues faster Mitigate backend issues Be more transparent Reduce use of custom code Make route changes at will Nick Nellis talk: https://www.youtube.com/watch?v=0fKi3NeCsSE
26 .Service Entries apiVersion: 40 service entries networking.istio.io/v1alpha3 kind: ServiceEntry Dynamically updateable metadata: name: current-weather spec: Can use mTLS hosts: - current-weather.internal- Gateways weather.com ports: Virtual Services - number: 80 protocol: http name: http • Nick Nellis talk: https://www.youtube.com/watch?v=0fKi3NeCsSE
27 .Routing - Cache Intercept apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: Virtual service is new route rule name: current-weather-cache spec: Dynamically updateable gateways: - istio-ingress hosts: - api.weather.com Gateway selector http: - route: - destination: name: cache-generator - match: - uri: exact: /v3/wx/observations/current Nick Nellis talk: https://www.youtube.com/watch?v=0fKi3NeCsSE
28 . The Weather Company - Vistio https://itnext.io/vistio-visualize-your-istio-mesh-using-netflixs-vizceral-b075c402e18e
29 .American Airline Leverage Traffic Management: Request Routing Circuit Breaking Route Rule Traffic mirroring Egress-Ingress Policies *Credit to Ray Hudaihed and his team
3秒后跳转登录页面
去登陆
