Service mesh from the ground up: How Istio can transform your organization
Adopting a microservices architecture can present new challenges in observability, networking, and security. Megan O'Keefe explores how Istio, an open source service mesh tool, can help you solve these challenges by providing a unified management layer for your services. Through demos, you'll learn how to use Istio to route traffic, automate security policies, and monitor services at scale.
| Talk Title | Service mesh from the ground up: How Istio can transform your organization |
| Speakers | Megan O’Keefe (Google) |
| Conference | O’Reilly Software Architecture Conference |
| Conf Tag | Engineering the Future of Software |
| Location | New York, New York |
| Date | February 24-26, 2020 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Microservices are an exciting change in how we think about software architecture, allowing engineering teams to own deployments, release faster, and scale independently. But microservices also impose challenges: more services to keep track of, more programming languages, more network hops. And as you move to microservices, you might be operating services on-premises and in the cloud. You might even be running services on two different cloud providers. All of this imposes a huge complexity overhead on managing, monitoring, and securing applications. Service mesh tools aim to mitigate this complexity by providing a network management layer on top of Kubernetes. Istio is an open source service mesh implementation created by IBM, Google, and Lyft in 2017. Istio works by injecting Envoy, a high-performance proxy, beside each of your services. These proxies mediate all inbound and outbound traffic between services, allowing you to customize traffic and security policies across your application. By using Istio, you can decouple network logic from the application code. This allows your developers to focus on building features, and your operations team to focus on automation, resiliency, and compliance. Megan O’Keefe explores Istio’s architecture and how configuration gets to the sidecar proxies. She covers the complexity and performance trade-offs of adopting a service mesh and basic guidelines for ensuring a highly available Istio installation. Using demos in a Kubernetes environment, Megan dives into Istio’s three key features in detail. You’ll discover how Envoy generates powerful telemetry out of the box (latency, error rate) for each of your services; discuss traffic management: setting time-outs and retry policies, traffic splitting using canary deployments, and how to use Istio for ingress traffic; and you’ll cover security by seeing how to enable end-to-end encryption (mTLS) for all services using a single Istio policy. And you’ll get a brief overview of how Istio can work with multiple Kubernetes clusters and virtual machines. You’ll leave fully equipped to install and get started with Istio in your own Kubernetes environment.
