SlideShare a Scribd company logo

Things I wish someone had told me about Istio, Omer Levi Hevroni

Download as PPTX, PDF
Soluto, profile picture
Soluto

The document discusses the implementation of Istio in production environments, highlighting its architecture and the challenges faced during deployment, such as service mesh observability and high availability. It emphasizes the importance of monitoring tools like Jaeger, Kiali, and Grafana, as well as the potential resource usage implications of Istio. The author concludes with key takeaways, noting the complexity of production deployments and considerations for alternative service mesh solutions.

Technology
1 of 55
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
Week: xx/x-xx/x Istio in Production? @omerlh Photo by Yossef Ordentlich
Why? @omerlh
https://www.solutotlv.com/ @omerlh
Registration Authentication Analytics Messages Content Notifications Notifications Worker Notifications Dispatcher Users Worker Users DB Users API Analytics Worker Messages DB Content API @omerlh
@omerlh Number of Deployments Over Time
• AuthN/AuthZ • Visibility • Deployments Micro Services Challenges @omerlh
Service Mesh Observability Traffic Routing Fault Injection mTLS @omerlhCREDIT: COURTESY OF BOOMERANG
Let’s try it? @omerlh
Easy Peasy @omerlhSource: hafla.com
@omerlhSource: Pixabay
@omerlhSource: Princess Bride
I’m a builder @omerlh
DevSecOps @ @omerlh
A Production Deployment? @omerlh
Istio Overview @omerlh
Multi Cluster Deployment? @omerlh
• High Availability (single point of failure) • Tracing and visibility? • Cross-Cluster communication (fail-over) Multi Clusters Trade-Offs @omerlh
Recap – Istio Architecture @omerlh
High Availability Deployment • Monitoring? Dashboards? • What we should care about? • Make sure everything is highly-available • Multiple instances • HPA @omerlh
values.yaml @omerlh
Observability @omerlh
• Jaeger • Kiali • Grafana • Prometheus Istio Come With Friends @omerlh
@omerlh
@omerlh
@omerlh
• Jaeger • Kiali • Grafana • Prometheus What about them? Istio Come With Friends @omerlh
values.yaml @omerlh
Nginx Ingress Tracing @omerlh
Header Propagation @omerlh
Let’s turn it on @omerlh
Reminder – Istio Proxy @omerlh
Injection Rules @omerlh
Enabling Istio @omerlh
An Optimistic Approach @omerlh
Rollout Started Rollback @omerlh Number of Pods Over Time
@omerlhSource: Pixabay
• Sidecar added (request: 100 ml CPU) • Sidecar consume a lot more CPU • HPA kick in • Sidecar keep consume more • HPA keep scale Post Mortem @omerlh
Remediation @omerlh
• Enable istio on a namespace • Restart one pod • Wait a few minutes • Keep restarting pods gradually • Repeat this process per service A bit Safer Approach @omerlh
@omerlh
Istio Resource Usage @omerlh
Istio Proxy CPU Usage @omerlh
Istio Proxy Memory Usage @omerlh
@omerlh Source: Pixabay
Average CPU Usage Across Pods Grafana @omerlh
WHY????? @omerlh Source: The Pajamas
Changing Default Request @omerlh
Wrapping Up @omerlh
Registration Authentication Analytics Messages Content Notifications Notifications Worker Notifications Dispatcher Users Worker Users DB Users API Analytics Worker Messages DB Content API @omerlh
• AuthN/AuthZ • Visibility • Deployments Challenges @omerlh
• A production deployment is not trivial • Be prepared for a long journey • Kiali and Jaeger are very valuable • Not sure yet istio worth it Main Takeaways @omerlh
• Istio might not play well with cronjobs • Proxy leaks info with headers • Service name issues • Tracing is not that trivial Things Worth Knowing @omerlh
• API Gateway (Gloo/Kong)? • AWS AppMesh? Linkerd? Istio being more mature? • Service Mesh Interface? • Service Mesh Hub/SuperGloo? Back To The Drawing Table @omerlh
Questions? @omerlh
Thank you! @omerlh

More Related Content

PPTX
Microservices Architecture - Bangkok 2018
Araf Karsh Hamid
 
PPSX
Microservices, Containers, Kubernetes, Kafka, Kanban
Araf Karsh Hamid
 
ODP
micro services architecture (FrosCon2014)
smancke
 
PPTX
Mastering Chaos - A Netflix Guide to Microservices
Josh Evans
 
PDF
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
Animesh Singh
 
PPTX
Software Architectures, Week 3 - Microservice-based Architectures
Angelos Kapsimanis
 
PPTX
Docker Kubernetes Istio
Araf Karsh Hamid
 
PPTX
Microservices Architecture & Testing Strategies
Araf Karsh Hamid
 
Microservices Architecture - Bangkok 2018
Araf Karsh Hamid
 
Microservices, Containers, Kubernetes, Kafka, Kanban
Araf Karsh Hamid
 
micro services architecture (FrosCon2014)
smancke
 
Mastering Chaos - A Netflix Guide to Microservices
Josh Evans
 
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
Animesh Singh
 
Software Architectures, Week 3 - Microservice-based Architectures
Angelos Kapsimanis
 
Docker Kubernetes Istio
Araf Karsh Hamid
 
Microservices Architecture & Testing Strategies
Araf Karsh Hamid
 

What's hot (20)

PDF
ADDO 2020: "The past, present, and future of cloud native API gateways"
Daniel Bryant
 
PDF
Understanding MicroSERVICE Architecture with Java & Spring Boot
Kashif Ali Siddiqui
 
PPSX
Microservices Testing Strategies JUnit Cucumber Mockito Pact
Araf Karsh Hamid
 
PDF
GOTOpia 2020: "The Past, Present, and Future of Cloud Native API Gateways"
Daniel Bryant
 
PDF
IE issues with AJAX Apps
Araf Karsh Hamid
 
PPSX
CI-CD Jenkins, GitHub Actions, Tekton
Araf Karsh Hamid
 
PPTX
Micro services Architecture
Araf Karsh Hamid
 
PPTX
Microservices Architecture Part 2 Event Sourcing and Saga
Araf Karsh Hamid
 
PPTX
Istio Mesh – Managing Container Deployments at Scale
Mofizur Rahman
 
PPTX
.Net Microservices with Event Sourcing, CQRS, Docker and... Windows Server 20...
Javier García Magna
 
PPTX
Cloud Native Architectures with an Open Source, Event Driven, Serverless Plat...
Daniel Krook
 
PPTX
From Monolithic to Microservices in 45 Minutes
MongoDB
 
PPTX
Microservices Architecture & Testing Strategies
Araf Karsh Hamid
 
PDF
Orchestraing the Blockchain Using Containers
Andrew Kennedy
 
PDF
Making Friendly Microservices by Michele Titlol
Docker, Inc.
 
PPTX
Connecting All Abstractions with Istio
VMware Tanzu
 
PPTX
Event Driven Architecture
Sistek Yazılım
 
PDF
Microservices Antipatterns
C4Media
 
PDF
Docker up & running
Le Thi
 
PDF
Cisco's MultiCloud Strategy
Maulik Shyani
 
ADDO 2020: "The past, present, and future of cloud native API gateways"
Daniel Bryant
 
Understanding MicroSERVICE Architecture with Java & Spring Boot
Kashif Ali Siddiqui
 
Microservices Testing Strategies JUnit Cucumber Mockito Pact
Araf Karsh Hamid
 
GOTOpia 2020: "The Past, Present, and Future of Cloud Native API Gateways"
Daniel Bryant
 
IE issues with AJAX Apps
Araf Karsh Hamid
 
CI-CD Jenkins, GitHub Actions, Tekton
Araf Karsh Hamid
 
Micro services Architecture
Araf Karsh Hamid
 
Microservices Architecture Part 2 Event Sourcing and Saga
Araf Karsh Hamid
 
Istio Mesh – Managing Container Deployments at Scale
Mofizur Rahman
 
.Net Microservices with Event Sourcing, CQRS, Docker and... Windows Server 20...
Javier García Magna
 
Cloud Native Architectures with an Open Source, Event Driven, Serverless Plat...
Daniel Krook
 
From Monolithic to Microservices in 45 Minutes
MongoDB
 
Microservices Architecture & Testing Strategies
Araf Karsh Hamid
 
Orchestraing the Blockchain Using Containers
Andrew Kennedy
 
Making Friendly Microservices by Michele Titlol
Docker, Inc.
 
Connecting All Abstractions with Istio
VMware Tanzu
 
Event Driven Architecture
Sistek Yazılım
 
Microservices Antipatterns
C4Media
 
Docker up & running
Le Thi
 
Cisco's MultiCloud Strategy
Maulik Shyani
 
Ad

Similar to Things I wish someone had told me about Istio, Omer Levi Hevroni (20)

PDF
WebAssembly & Zero Trust for Code
All Things Open
 
PDF
從 Ops 觀點看 DevOps, DevOps from Ops Perspective
Robert Hu
 
PDF
初探 OpenTelemetry - 蒐集遙測數據的新標準
Marcus Tung
 
PPTX
Can Kubernetes Keep a Secret? - Women in AppSec Webinar
Soluto
 
PPTX
Problems you’ll face in the Microservices World: Configuration, Authenticatio...
Quentin Adam
 
PPTX
Getting started with docker
Saim Safder
 
PPTX
Can Kubernetes Keep a Secret?
Soluto
 
PDF
Infrastructure for Decision Makers
Eric Lubow
 
PDF
Amazon ECS (December 2015)
Julien SIMON
 
PDF
Our Brave Modular Future
Orchestrate
 
PPTX
Mircoservices, dev ops and Engineering best practices at Wix.com
Aviran Mordo
 
PDF
Do you really want to go fully micro?
Robert Munteanu
 
PDF
MvvmCross Introduction
Stuart Lodge
 
PDF
MvvmCross Seminar
Xamarin
 
PDF
Scaling micro services at gilt
Adrian Trenaman
 
PPTX
Business and IT agility through DevOps and microservice architecture powered ...
Lucas Jellema
 
PDF
Managing Multiple Clouds in an Enteprise - A Heterogenous Lens
Mayur Shintre
 
PPSX
Microservices Architecture, Monolith Migration Patterns
Araf Karsh Hamid
 
PPTX
2019 05 - Exploring Container Offerings in Azure
Adam Stephensen
 
PPTX
Microservices in the Enterprise
Jesus Rodriguez
 
WebAssembly & Zero Trust for Code
All Things Open
 
從 Ops 觀點看 DevOps, DevOps from Ops Perspective
Robert Hu
 
初探 OpenTelemetry - 蒐集遙測數據的新標準
Marcus Tung
 
Can Kubernetes Keep a Secret? - Women in AppSec Webinar
Soluto
 
Problems you’ll face in the Microservices World: Configuration, Authenticatio...
Quentin Adam
 
Getting started with docker
Saim Safder
 
Can Kubernetes Keep a Secret?
Soluto
 
Infrastructure for Decision Makers
Eric Lubow
 
Amazon ECS (December 2015)
Julien SIMON
 
Our Brave Modular Future
Orchestrate
 
Mircoservices, dev ops and Engineering best practices at Wix.com
Aviran Mordo
 
Do you really want to go fully micro?
Robert Munteanu
 
MvvmCross Introduction
Stuart Lodge
 
MvvmCross Seminar
Xamarin
 
Scaling micro services at gilt
Adrian Trenaman
 
Business and IT agility through DevOps and microservice architecture powered ...
Lucas Jellema
 
Managing Multiple Clouds in an Enteprise - A Heterogenous Lens
Mayur Shintre
 
Microservices Architecture, Monolith Migration Patterns
Araf Karsh Hamid
 
2019 05 - Exploring Container Offerings in Azure
Adam Stephensen
 
Microservices in the Enterprise
Jesus Rodriguez
 
Ad

More from Soluto (20)

PPTX
Solving trust issues at scale - AppSec California
Soluto
 
PPTX
Solving trust issues at scale
Soluto
 
PPTX
FTRD - Can Kubernetes Keep a Secret?
Soluto
 
PPTX
The Dark Side of Monitoring
Soluto
 
PPTX
Hacking like a FED
Soluto
 
PPTX
Monitoria@Icinga camp berlin
Soluto
 
PPTX
Kamus intro
Soluto
 
PPTX
Secure Your Pipeline
Soluto
 
PDF
React new features and intro to Hooks
Soluto
 
PPTX
Secure the Pipeline - OWASP Poland Day 2018
Soluto
 
PDF
Monitoria@reversim
Soluto
 
PPTX
Languages don't matter anymore!
Soluto
 
PPTX
Security Testing for Containerized Applications
Soluto
 
PPTX
Owasp glue
Soluto
 
PPTX
Unify logz with fluentd
Soluto
 
PPTX
Storing data in Redis like a pro
Soluto
 
PPTX
Monitor all the thingz slideshare
Soluto
 
PPTX
Authentication without Authentication - AppSec California
Soluto
 
PPTX
Authentication without Authentication - Peerlyst meetup
Soluto
 
PPTX
Security Testing with Zap
Soluto
 
Solving trust issues at scale - AppSec California
Soluto
 
Solving trust issues at scale
Soluto
 
FTRD - Can Kubernetes Keep a Secret?
Soluto
 
The Dark Side of Monitoring
Soluto
 
Hacking like a FED
Soluto
 
Monitoria@Icinga camp berlin
Soluto
 
Kamus intro
Soluto
 
Secure Your Pipeline
Soluto
 
React new features and intro to Hooks
Soluto
 
Secure the Pipeline - OWASP Poland Day 2018
Soluto
 
Monitoria@reversim
Soluto
 
Languages don't matter anymore!
Soluto
 
Security Testing for Containerized Applications
Soluto
 
Owasp glue
Soluto
 
Unify logz with fluentd
Soluto
 
Storing data in Redis like a pro
Soluto
 
Monitor all the thingz slideshare
Soluto
 
Authentication without Authentication - AppSec California
Soluto
 
Authentication without Authentication - Peerlyst meetup
Soluto
 
Security Testing with Zap
Soluto
 

Recently uploaded (20)

PPTX
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
PDF
Best ERP System for Manufacturing in India | Elite Mindz
Elite Mindz
 
PDF
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
PPTX
Comunidade Salesforce São Paulo - Desmistificando o Omnistudio (Vlocity)
Francisco Vieira Júnior
 
PDF
REPORT: Heating appliances market in Poland 2024
SPIUG
 
PDF
Chapter 1 Introduction to CV and IP Lecture Note.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
Coupa-Overview _Assumptions presentation
annapureddyn
 
PDF
How-Cloud-Computing-Impacts-Businesses-in-2025-and-Beyond.pdf
Artjoker Software Development Company
 
PDF
Building High-Performance Oracle Teams: Strategic Staffing for Database Manag...
SMACT Works
 
PDF
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
PDF
Advances in Ultra High Voltage (UHV) Transmission and Distribution Systems.pdf
Nabajyoti Banik
 
PDF
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
PDF
A Day in the Life of Location Data - Turning Where into How.pdf
Precisely
 
PDF
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
PDF
CIFDAQ'S Market Insight: BTC to ETH money in motion
CIFDAQ
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
PDF
Chapter 2 Digital Image Fundamentals.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdf
Sandesh Rao
 
PDF
Cloud-Migration-Best-Practices-A-Practical-Guide-to-AWS-Azure-and-Google-Clou...
Artjoker Software Development Company
 
PDF
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
Best ERP System for Manufacturing in India | Elite Mindz
Elite Mindz
 
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
Comunidade Salesforce São Paulo - Desmistificando o Omnistudio (Vlocity)
Francisco Vieira Júnior
 
REPORT: Heating appliances market in Poland 2024
SPIUG
 
Chapter 1 Introduction to CV and IP Lecture Note.pdf
Getnet Tigabie Askale -(GM)
 
Coupa-Overview _Assumptions presentation
annapureddyn
 
How-Cloud-Computing-Impacts-Businesses-in-2025-and-Beyond.pdf
Artjoker Software Development Company
 
Building High-Performance Oracle Teams: Strategic Staffing for Database Manag...
SMACT Works
 
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
Advances in Ultra High Voltage (UHV) Transmission and Distribution Systems.pdf
Nabajyoti Banik
 
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
A Day in the Life of Location Data - Turning Where into How.pdf
Precisely
 
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
CIFDAQ'S Market Insight: BTC to ETH money in motion
CIFDAQ
 
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
Chapter 2 Digital Image Fundamentals.pdf
Getnet Tigabie Askale -(GM)
 
Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdf
Sandesh Rao
 
Cloud-Migration-Best-Practices-A-Practical-Guide-to-AWS-Azure-and-Google-Clou...
Artjoker Software Development Company
 
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 

Things I wish someone had told me about Istio, Omer Levi Hevroni

Editor's Notes

  • #3: ???
  • #4: 305 million customers that trust us with their input
  • #5: ???
  • #6: ???
  • #7: What about Istio helper components?
  • #8: Buzzword
  • #10: Me want this
  • #11: Dumpster fire
  • #13: I’m a builder, this is what I love doing and doing it from a really early age Doing it professionally for the last 8 years I’m from Israel, married etc Who else is a builder? This talk is for you!
  • #14: Today I’m working at Soluto, our missing is to help people with their technology My job is DevSecOps, or as I see it - helping the entire team to build a more secure software I’m achieving it via many approaches, including education, reviewing and threat modeling – but what I love the most is threat modeling
  • #15: ???
  • #18: What about Istio helper components?
  • #22: ???
  • #23: What about Istio helper components?
  • #27: What about Istio helper components?
  • #31: ???
  • #32: Show me the magic – istio proxy
  • #33: What about Istio helper components?
  • #34: What about Istio helper components?
  • #35: The problem
  • #36: The story of push notification API
  • #37: Dumpster fire
  • #38: Manual injection?
  • #40: Manual injection?
  • #42: ???
  • #43: The story of push notification API
  • #44: The story of push notification API
  • #48: Default request and why you should care
  • #49: ???
  • #50: ???
  • #51: What about Istio helper components?
  • #55: ???