Istio & Kubernetes

Kubernetes Meetup, Geneva

Andy Repton, Mission Critical Engineer @ Schuberg Philis


What's new in v1.11?

New features

  • Pod Pre-Emption and priority
  • CoreDNS becomes default
  • Heapster is now deprecated, long live metrics-server
  • Persistent volume resizing moves to Beta (your pod will need a restart)
  • Online FileSystem resizing moves to Alpha

The Kubernetes changelog is becoming boring... However...

Kubernetes is getting complicated

This was the Kubernetes control plane in v1.2

Kubernetes is getting complicated

This is it today

It's only going to get more so over time

Kubernetes will become an incredibly extendable, flexible and powerful distributed kernel for your applications

Kubernetes makes it easy to orchestrate your microservices at scale

So these days, it's super simple to run microservices at scale, right?

At first service routing can be easy

But what if you want to do this?

Or send Bob somewhere else?

And Deny all requests from Service B to C

And test your app with a fake 5 second delay

With a rate limit to an external Database

Kubernetes alone does not provide the tools to allow these kinds of scenarios

This is where a Service Mesh steps in

How it works

  • Each Pod has a sidecar proxy injected into it
  • Every request in or out of the pod goes through this sidecar proxy
  • The proxy intelligently queries the control plane to determine where to route the connection, or to manipulate it




Service Discovery and Intelligent routing

Access Control and Usage Policy

High Performance proxy

The original Istio components

The user applies traffic and routing rules to Pilot

Pilot pushes these to the Envoy proxies

Envoy checks with Mixer for policy enforcement

  • Mixer will approve or deny the request
  • Envoy will report back telemetry, tracing and logging for each request back to Mixer

Demo - Canary deployments


Istio & Kubernetes

By Andy Repton

Istio & Kubernetes

  • 739
Loading comments...

More from Andy Repton