Service mesh from the ground up: How Istio can transform your organization

Megan O'Keefe (Google)

10:45am–12:15pm Tuesday, February 25, 2020

Location: Murray Hill

Microservices

Secondary topics: Best Practice, Hands-on, Overview

Average rating:

(4.67, 3 ratings)

Download slides (PDF)

Who is this presentation for?

Software architects, platforms engineers, security engineers, network engineers, cloud native developers, Kubernetes operators, and site reliability engineers (SREs)

Level

Intermediate

Description

Microservices are an exciting change in how we think about software architecture, allowing engineering teams to own deployments, release faster, and scale independently. But microservices also impose challenges: more services to keep track of, more programming languages, more network hops. And as you move to microservices, you might be operating services on-premises and in the cloud. You might even be running services on two different cloud providers. All of this imposes a huge complexity overhead on managing, monitoring, and securing applications.

Service mesh tools aim to mitigate this complexity by providing a network management layer on top of Kubernetes. Istio is an open source service mesh implementation created by IBM, Google, and Lyft in 2017. Istio works by injecting Envoy, a high-performance proxy, beside each of your services. These proxies mediate all inbound and outbound traffic between services, allowing you to customize traffic and security policies across your application. By using Istio, you can decouple network logic from the application code. This allows your developers to focus on building features, and your operations team to focus on automation, resiliency, and compliance.

Megan O’Keefe explores Istio’s architecture and how configuration gets to the sidecar proxies. She covers the complexity and performance trade-offs of adopting a service mesh and basic guidelines for ensuring a highly available Istio installation.

Using demos in a Kubernetes environment, Megan dives into Istio’s three key features in detail. You’ll discover how Envoy generates powerful telemetry out of the box (latency, error rate) for each of your services; discuss traffic management: setting time-outs and retry policies, traffic splitting using canary deployments, and how to use Istio for ingress traffic; and you’ll cover security by seeing how to enable end-to-end encryption (mTLS) for all services using a single Istio policy. And you’ll get a brief overview of how Istio can work with multiple Kubernetes clusters and virtual machines. You’ll leave fully equipped to install and get started with Istio in your own Kubernetes environment.

Prerequisite knowledge

A basic understanding of containers, Kubernetes, networking (layer 4 versus layer 7), and APIs

What you'll learn

Discover service mesh concepts
Learn how Istio works on Kubernetes, how to use Istio's APIs to manage traffic and security, and how to monitor services using Istio

Megan O'Keefe

Google

Megan O’Keefe is a developer programs engineer at Google Cloud, where she works on building end user experiences for Kubernetes, Istio, and all things containers. A graduate of Wellesley College, her previous experience includes building edge-computing platforms at Cisco. She’s passionate about hybrid cloud, open source, and inclusion in technology.