Placeholder Image

字幕表 動画を再生する

  • [MUSIC PLAYING]

  • SANDEEP DINESH: All right, good morning.

  • My name is Sandeep.

  • Today, I want to talk to you about microservices

  • with Kubernetes and Istio.

  • So I'm a developer advocate on the Google Cloud.

  • I've been working with Kubernetes for the past three

  • years.

  • It's grown a lot.

  • And Istio is the next new hot thing coming out,

  • so you're all here to learn about it.

  • So let's go.

  • Because we all know microservices are awesome--

  • when you have a traditional application, like a monolith,

  • you'd have all of your logic in one app,

  • so a Java app, Ruby app, node, whatever.

  • You would have all the code in your one app.

  • It would do all the parts.

  • Maybe you're using object orientation,

  • so you have different classes that do different things.

  • But at the end of the day, it's like one big program

  • that does all the stuff.

  • And there's a lot of advantages to doing this monolithic type

  • of development-- it's easier to debug, it's easier to deploy.

  • You just have one thing, you just push it out,

  • and you're done.

  • And then you have a really small team,

  • and you have a very small app, it's really easy to do.

  • But the problem with the monolith

  • comes when your app starts to grow a little bigger.

  • So now you have all of these things

  • and all these different pieces.

  • But you still have one app that's doing all of it.

  • So any time you want to make a change in invoicing, that

  • means you have to redeploy the whole thing,

  • even though the ETL pipeline might

  • have not been affected at all.

  • And maybe the invoicing part is really good to be done in Java,

  • the ETL pipeline you want to use Python, and the front end,

  • you want to use Node.js.

  • But if you have a monolithic app, you can't really do that.

  • You're kind of stuck into using one language.

  • So a team that wants to make an update to one little part

  • has to touch the whole thing, and things

  • start to get really hairy really quickly.

  • So with microservices, each one of these

  • becomes its own individual component

  • that can be written in its own language, that can be updated

  • and deployed independently of the others.

  • And so this gives you a lot more agility, a lot more

  • flexibility, a lot more speed, and a lot more cool

  • things like that.

  • And so you're like, yes, that sounds really good, why

  • isn't anyone using monoliths?

  • Because once you start growing even bigger,

  • it gets even more complicated.

  • Honestly, a monolith would fall apart at this point too.

  • But even all the advantages of the microservice

  • start to get really hard to manage,

  • because now you don't have just 20 services,

  • you have 2,000 microservices.

  • And how do you know which one talks to which one

  • and how the intricate spider web of connections even works?

  • You might have a single request that

  • comes into your load balancer that

  • gets sent to like 20,000 different microservices

  • and then all the way back up.

  • And anywhere that chain breaks, your whole application

  • looks like it's broken.

  • And so debugging this becomes super hard.

  • Deploying things, making sure everything's in lockstep

  • with each other, it becomes really

  • difficult to try to manage this huge stack of services.

  • So are microservices terrible?

  • Maybe, but we can use a lot of tooling to try

  • to make them more manageable.

  • So let's use tools to automate this infrastructure components,

  • automate the networking components,

  • automate the management side of things.

  • And so when you look at a monolith versus a microservice,

  • they both have a lot of complexity.

  • The difference is-- and unless you know something

  • that I don't, there is no tools out there

  • that automatically write code for you

  • and can maintain a 2 million line Java app, right?

  • It's like some magic AI that can write code,

  • we'd all be out of jobs maybe in a few years.

  • But now we do have tools like Kubernetes, like Docker,

  • like Istio, like Google Cloud that

  • can automate infrastructure a lot more easily.

  • So a lot of the issues that we have with microservice

  • can be automated away.

  • So let's take a look at some of those tools.

  • So how many people are familiar with Docker?

  • I expect a lot of hands to go up.

  • So for those of you who are not familiar with Docker,

  • Docker is basically a way to package your application.

  • So it doesn't matter if you're writing Node code, Python,

  • Java, whatever.

  • It doesn't matter if you have ImageMagick,

  • some random library that some 13-year-old kid in Ukraine

  • compiled-- doesn't matter, you put it

  • in your Docker container, and you're good to go.

  • All you have to do is care about running the container,

  • you don't have to care about running what's inside of it.

  • So basically, you take your code and your dependencies,

  • and you put it into some sort of generic container format.

  • And so it doesn't matter what's inside.

  • As long as you can run a container,

  • you can run all the containers.

  • So now you have a container, you've

  • got to actually run it on your cluster, because logging

  • into a single machine, and then running Docker run,

  • and then doing that 1,000 times, it seems like a waste of time

  • to me.

  • So instead, we can use something like Kubernetes,

  • which is a container orchestration system.

  • And what we can do with that is we can say,

  • hey Kubernetes, run this container like five times

  • somewhere in my cluster.

  • So what it'll do is it'll run your containers for you

  • automatically.

  • And so let's say you wanted to run

  • this container, that container, that container,

  • and that container, and you want two copies of each.

  • You just tell Kubernetes that, and it figures out

  • how to run them.

  • And so the really nice thing about this

  • is if a server crashes, it will figure out

  • that the server crashed and run them somewhere else.

  • If an application crashes, it'll figure that out.

  • If you want to scale it up, you want to go from two copies

  • to four copies, you can say, hey, make it four,

  • and it'll spin up two more.

  • You want to go down to one, because you

  • want to save some money, you can say, hey, make one.

  • It will remove three.

  • And so this is like a declarative syntax

  • that makes it really easy to manage these containers running

  • on your cluster.

  • You might have thousands of these running.

  • Trying to do it manually is going to be impossible.

  • And how many people have heard of Kubernetes.

  • And keep your hands up if you've used it before.

  • About half, OK, cool.

  • But that's kind of just a starting point.

  • Now that you have these containers running,

  • you actually have to manage the services,

  • because you have a container A talking to container B talking

  • to container C talking to container D,

  • how do you manage that set of points

  • going between each other?

  • How do you set rules on who can talk

  • to who, who can talk to what, how many tries should you have,

  • how much network traffic should you send?

  • All this kind of stuff becomes really complicated,

  • and that's where Istio comes into play.

  • So Istio is a service mesh, which at the end of the day,

  • it means that it manages your services and the connections

  • that they make between themselves.

  • So if you look at it, we take orchestration,

  • and we go to management and communication.

  • So you want to manage how these services

  • interact with each other, because that's

  • what really causes microservices to be so useful,

  • is the communication between each other.

  • You can reuse one service, it can

  • talk to three different ones, give the same information,

  • you can mix and match, you can do all

  • these really powerful things.

  • But it becomes hard to really understand what's happening,

  • and Istio makes it a lot easier to understand what's happening

  • and control what's happening.

  • So that's enough of me just talking about random things.

  • Let's actually move to a demo.

  • And if we can go to the screen, thank you very much, OK,

  • and I can't see anything.

  • Let me-- sweet.

  • So what we're going to do first--

  • actually, can we go back to the slides real quick?

  • I didn't tell you what we're going to do.

  • So what we're going to do is walk through

  • the end-to-end story of taking an app

  • and making it into a microservice.

  • So we're going to take an app, put it into a container,

  • run that container locally, store

  • the container on the cloud.

  • Then, we're going to create a Kubernetes cluster,

  • run our app on that cluster, then scale it out.

  • And then, we're going to do something a little bit more

  • interesting, we're going to run multiple apps that

  • work together, a true microservices services pattern.

  • And then, we're going to monitor and manage them with Istio.

  • Awesome.

  • So let's move back to the demo.

  • So here, I am using Google Cloud Shell.

  • If you haven't used it before, it's

  • basically a free VM in the cloud that lets

  • you do your development work.

  • I'm on a Chromebook right now running the dev build.

  • If it all crashes, we're going to like jumping jacks

  • until it comes back or something, I don't know.

  • It happens before.

  • So basically, here I have some code.

  • It's a little Node.js application.

  • If you don't know JavaScript, that's fine.

  • It's a really simple app.

  • Basically, it's a web server that listens to slash.

  • And it will basically ping a downstream.

  • So in this case, it'll ping time.jsontest.com.

  • And then, it'll concatenate that response,

  • and then send it to us.

  • So let's run this locally right now.

  • Nope, don't want node modules.

  • OK, internet-- so if I go npm-start--

  • let's see what happens.

  • Cool.

  • So it's listening on port 3000.

  • So I will-- that's fine, I'll do this.

  • Let's go to port 3000.

  • So on Cloud Shell, we can do a web preview,

  • so it looks like we're basically running a local machine.

  • Awesome.

  • So you can see here that we go to time.jsontest.com,

  • and we print out our current service name, which

  • is test-1 version 1.

  • And we're seeing the current time.

  • So if I refresh this, the time will change.

  • Awesome, cool.

  • So now, let's take this and put it into a Docker container.

  • So to make a Docker container, basically what we do is,

  • we make something called a Docker file.

  • So a Docker file is basically a set of instructions

  • that creates this endpoint.

  • So you can almost think of it like a bash script,

  • it's basically what it is.

  • So here we start with node/8/alpine.

  • So that's kind of a base image.

  • It gives us a bunch of the Node stuff out of the box,

  • so we don't have to worry about installing Node.js.

  • Then, we copy in our package.json,

  • which has our dependencies.

  • Run npm install to install those dependencies,

  • copy in our index.js, which is our code, expose some ports,

  • and then run npm-start.

  • So once you run Docker build, it'll

  • create a Docker container.

  • So let's actually build and run that container.

  • Just for sake of time, I've already built it.

  • Run local-- so here, when I run that container,

  • once I've built it--

  • oh, no, I need to build it.

  • So actually, let's build it.

  • It's just not found.

  • So this might take a little bit of time.

  • And while we're building this, let's

  • switch to going and building our Kubernetes cluster.

  • So here in our Kubernetes-- if I go to Google Kubernetes Engine.

  • Google Kubernetes Engine is Google's managed Kubernetes

  • offering.

  • And so it's probably the easiest way

  • to create a production-ready Kubernetes cluster.

  • So what you can do is just click Create Cluster,

  • and you get a bunch of options on what you

  • can do to create this cluster.

  • So here, you can give it a name, you can give a description,

  • you can make it a zonal or a regional cluster.

  • And this is a really cool feature

  • where you can have multiple masters,

  • so it's highly available.

  • So even if a zone goes down, your cluster

  • will still be up and running.

  • You can choose the version of Kubernetes you want,

  • the size of the cluster, and then

  • a bunch of-- not negative 21, let's not do that.

  • You can do a lot of other cool features

  • too that Google Kubernetes Engine gives you out

  • of the box--

  • things like automatically upgrading your nodes,

  • automatically repairing them if they get broken, logging,

  • monitoring, and a lot more too, for example, auto scaling.

  • You can turn auto scaling on, which

  • means that if you have more containers that

  • can fit in your cluster, Google Kubernetes Engine will actually

  • automatically scale it up to create that space.

  • And even better, if you have less containers,

  • we'll actually scale it down to save you

  • money, which is really cool.

  • So a lot of that cool stuff--

  • and then, all you've got to do is click Create,

  • and it'll create that cluster.

  • So I'm going to click cancel, because I already did one.

  • It's like a cooking show, we have one ready in the oven.

  • This is still going.

  • That's OK.

  • What we'll do instead--

  • because I've already built this, and I've pushed it.

  • So we're going to do the opposite of what I said,

  • And we're going to pull it down.

  • So I kind of cheated, but that's OK.

  • So let's run that container locally.

  • So what we're going to do with Docker is,

  • we're going to say Docker run.

  • And then, we're going to open up that port 3000.

  • And so if we go back here, you can

  • see that it's basically the exact same thing, except now

  • it's running in Docker.

  • And so the really nice thing is, we

  • didn't have the change any of our code.

  • We just put into a Docker container,

  • and we're good to go.

  • OK, cool.

  • So the next step is actually pushing it

  • to a Container Registry.

  • And the reason why we have to do this

  • is because we can't just run containers

  • running on our local machine.

  • We've got to push them to a secure location

  • so that we can run them on our cluster.

  • And Google Container Registry is probably

  • the best place to put them if you're running

  • Google Kubernetes Engine.

  • You've got automatic authentication and stuff

  • and a few other features we'll look at it in a second.

  • So let's actually push it up.

  • That's not how you spell make--

  • M-A-K-E. I love using make, it makes demos super easy.

  • So what we do is run Docker push.

  • Can people read that, or should I make it a little bigger?

  • All right, people can read it.

  • So Docker push, and then give the name of the container.

  • So what will happen is, it'll actually go to Google Container

  • Registry.

  • And so here in my Istio test container,

  • you can see that we have the newest one pushed up right now.

  • And it's tagged as version 1.0.

  • Now, if I enabled it, one really cool thing that it could do

  • is vulnerability scanning.

  • So we can actually scan your containers

  • for known vulnerabilities automatically for any Ubuntu-

  • or Alpine-based images.

  • So that's a really cool thing, especially

  • if you have older containers that you haven't updated

  • in a while, you go back and look,

  • and you'll have tons of vulnerabilities.

  • So it's a really good idea to check this out.

  • It's in beta right now, but it'll find a bunch of stuff

  • wrong with your things and tell you how to fix them.

  • And then, you just go--

  • usually, you just update your containers,

  • and you're good to go.

  • So it's a really good thing, especially

  • running on production and running older containers.

  • So now we have this pushed up.

  • We actually can start to deploy to a Kubernetes cluster.

  • So like I said before, we already have a cluster created.

  • Let's go back there.

  • Now, basically to connect to it, we just run this command.

  • All right, let's run it.

  • Great, so now, we can say kubectl, which is a Kubernetes

  • command line tool, get nodes just to make

  • sure everything is working.

  • Is everything working?

  • That's a good question.

  • Yes, there it is.

  • So we have a four node Kubernetes cluster.

  • They're all good to go, running version 1.9.7.

  • So here now that we have our Kubernetes cluster

  • and we're authenticated to it, we

  • can start running the same container that we ran locally.

  • So what we're going to do is, do kubectl run demo, and then

  • give it the name of that image.

  • And demo is going to be the name of the deployment

  • that we're going to create.

  • So if I say kubectl get deployment,

  • and then give that namespace.

  • The namespace is just for this demo's sake.

  • Don't worry about it, you don't need it real life.

  • So you can see that we have our demo deployment created.

  • And if you say get pods--

  • and so pods are basically the containers in Kubernetes--

  • you can see that we have our container created, it's ready,

  • and it's running.

  • But now that it's running, you have

  • to be able to actually access it.

  • And so this is where it gets a little bit more complicated.

  • Where in the old world, with Docker,

  • you just kind of access it directly,

  • because it's just running on your local machine.

  • But in the Kubernetes world, it's

  • running on one of those four nodes,

  • and we really don't care which one.

  • So we want a static endpoint that

  • can route traffic and access that node.

  • So what we're going to do is create a service.

  • And now I forget what my make command is.

  • That's OK, I'll just go look, it's like a cheat sheet.

  • Let's see-- expose, there it is.

  • Cool, and so what we'll do here is, we'll run kubectl expose,

  • and then we'll give it the target port of 3000, which

  • is where our node.js app is listening,

  • and then run it on port 80, so access a normal HTTP port.

  • And we'll open a type load balancer,

  • which will give us a public IP address using a Google Cloud

  • load balancer.

  • So now, we can say get service--

  • and I assume most people here are familiar with Kubernetes.

  • If you're not familiar, come and just talk to me.

  • I know I'm going kind of quickly,

  • but there's more exciting things to happen soon.

  • So I want to get to them.

  • So you can see the external IP address is pending,

  • so let's just run a watch on that.

  • And it's done the moment I try anything complicated,

  • it just finishes, it knows.

  • All right, cool, let's go to that URL.

  • That, not copy it--

  • all right.

  • All right, we'll just do this.

  • Cool.

  • And if you go here, you can see the exact same app

  • running on our cluster.

  • So now, we actually have it running on a public IP address.

  • If you go there on your phone or laptop, it will work.

  • And what we can do--

  • let's say all of you go on your phone to this IP address,

  • it will probably overwhelm this app.

  • So in Kubernetes, we can actually just scale it out

  • with the scale command.

  • So let's do that.

  • So let's say kubectl scale deployment demo--

  • the name of deployment-- then, I'm going to say replicas

  • equals 5, and again, that namespace.

  • Awesome.

  • So it will say deployment demo scaled.

  • So now, if we go back to our get pods,

  • you'll notice that we actually have

  • five of them running in our cluster, which is really cool.

  • And then, if you say get deployments,

  • you can see it also says that we have 5 desired, 5 current, 5

  • up to date, and 5 available.

  • So now, if we go back to this IP address, it still works.

  • The only difference is it's now round robining

  • traffic between all five instances of our application.

  • So you have a lot more scalability, a lot more

  • robustness.

  • And you might notice that we're running five copies even

  • though we only have four VMs.

  • That's because we're able to run multiple copies on a single VM,

  • so we get more utilization out of our machines.

  • Let's see-- clean.

  • So let's clean that up, we no longer need that demo.

  • Let's start looking at Istio.

  • So now we had a single service running, kind of useless

  • in the long scheme of things.

  • No one just runs one thing, you don't

  • need Kubernetes to do that.

  • What you really want to do is run multiple applications

  • together and make sure they all work together well.

  • What we're going to do is run this same application

  • three times and then chain it together.

  • So you might have noticed in our code,

  • I'm going to go back to it for a second,

  • that basically I can set whatever

  • I want as the upstream URI using an environment variable.

  • And so what I can do is actually tie multiple

  • of these together using one to talk to the other

  • to talk to the other, and then finally to time.jsontest.com.

  • And then, they will all concatenate their responses,

  • and finally show it to the end user.

  • So that's a really cool thing.

  • In Kubernetes, we can actually dynamically set

  • these environment variables when we're deploying.

  • So let's actually look at that and so normally

  • in Kubernetes, what we would do is,

  • we would create a YAML file.

  • And I'll make this a little bigger.

  • And in this YAML file, we will define our deployments.

  • So I'm going to make four deployments.

  • So the first one is going to be called front end prod, so

  • front end production service.

  • As you can see here, I'm giving it the service name front end

  • prod.

  • And the upstream URI, I'm going to call it middleware.

  • And so Kubernetes will automatically

  • do DNS-based service discovery.

  • So I can actually find my middleware application

  • by just pointing it at middleware,

  • which was really cool.

  • I don't need IP addresses or anything like that.

  • And you can see here, we're giving it

  • some labels, app front end, version prod, and then

  • the same container name that we used before.

  • And then, in our middleware, everything

  • looks exactly the same, except it's app middleware version

  • prod.

  • And then the service name is different,

  • and the upstream URI is now back end.

  • Then, we also have a Canary version of our middleware.

  • So it's like our test version that we're just

  • kind of working on, but we want to see

  • how it works in the real world.

  • So again, this also points back end.

  • And then, finally our back end, which

  • points to time.jsontest.com.

  • So at this point, we can deploy it into our cluster.

  • And so now, we'll create these deployments.

  • But of course, we'll also need to create

  • the corresponding services so they can actually

  • find each other.

  • So let's take a look at that.

  • So here in our services.YAML, it's pretty straightforward.

  • We have a front end, a middleware, and a back end

  • service.

  • They all open up port 3000 to port 80, which makes sense.

  • The only difference here is the front end service

  • is of type load balancer so that we get that public IP address.

  • So let's go to that public IP address and see what happens.

  • Great, OK, still pending, that's fine.

  • Let's do it one more time.

  • There we go.

  • OK so interesting, it was a little bit

  • different than before.

  • You can see that our front end prod went to our middleware,

  • then the middleware went to our back end,

  • and our back end went to time.jsontest.com.

  • But we're getting a 404, which is really

  • weird, because I mean, if I go to this website,

  • clearly it works.

  • We were seeing it working all this time before, right?

  • It's working, so why are we getting a 404?

  • And so now, we go into the world of Istio.

  • So I actually have Istio already running in this cluster.

  • And what it's just going to do is,

  • it's going to really lock down and help

  • you manage your microservices.

  • So it knows that time.jsontest.com

  • is an external service.

  • And by default, it's going to block all traffic going out

  • of your cluster.

  • And this is really good for security reasons,

  • you don't want your app just talking to random endpoints

  • on the internet.

  • You want you as a cluster administrator

  • to be able to lock down and only talk to trusted endpoints.

  • So by default, everything is blocked

  • that's going out of your cluster.

  • So how do you unblock it?

  • Well, in Istio, we have something called egress rules.

  • So it's a pretty simple thing.

  • You can see it's only like a few lines of YAML.

  • And so here, we're going to say allow traffic

  • to time.jsontest.com on both port 80 for HTP and 443

  • for HTPS.

  • So let's deploy that rule.

  • And for Istio, we use the Istio control command line tool.

  • It's just like the kubctl, or kubctl, Istioctl,

  • I don't know how to pronounce it,

  • your guess is as good as mine.

  • But it's very similar to the kubctl tool.

  • And so now, we've created that.

  • And we can go back to our web site, and hit refresh,

  • and you can see it's all working perfectly fine.

  • So we've kind of whitelisted traffic to time.jsontest.com.

  • Now, you might notice another thing going on.

  • If I hit refresh, just look at this line right here.

  • Sometimes it says canary and sometimes it says prod.

  • And So the reason why this is happening is,

  • by default, Kubernetes will use round robin load

  • balancing for its services.

  • So our middleware service is pointing

  • to any deployment or any pod that

  • has the tag app middleware.

  • But both the Canary and the prod versions

  • both have that tag, so Kubernetes will blindly

  • send traffic to both.

  • In fact, if you had three versions of Canary

  • and only two versions of your prod,

  • a disproportionate amount of traffic would go to canary.

  • In fact, 3 to 2.

  • Because it's just round robin.

  • So with Istio, we can actually make traffic

  • go exactly where we want.

  • Let's do that real fast.

  • So what we can do is set something called a route rule.

  • And basically, we can send whenever

  • the destination is middleware, always send it to prod.

  • And then, whenever the destination is front end,

  • send it to prod, and back into prod, super simple things.

  • But what this happens is, now I hit refresh,

  • it will always go to our production service.

  • So as an end user, I never have to worry about it.

  • I'll always hit production, I won't

  • hit some random test build that's running

  • in my cluster, which is really nice.

  • But this is great.

  • This app is like bulletproof, so simple it never breaks.

  • But in the real world, our code is not perfect.

  • I don't write perfect code, you don't write perfect code,

  • let's be honest with each other.

  • In the real world, things break all the time.

  • So to simulate that, I have this really cool function

  • called create issues.

  • And what create issues will do is,

  • it'll look at a header called fail.

  • And then, it will generally generate a number,

  • and if it's less than that, it'll just return a 500.

  • Yeah, I didn't know how else to make things break on purpose.

  • It's hard to make things break on purpose.

  • So if you've ever-- this is going

  • to be a program called Postman.

  • If you've never used it before, it's awesome.

  • Basically, it lets you set headers in json and things

  • like that automatically.

  • So let's just do a normal request right now.

  • You can see it works just the same way as doing

  • a request from the web browser.

  • But now, we can actually send headers from this tool.

  • And let's set a value of 0.3.

  • So it's a 30% chance of failure.

  • Let's see what happens.

  • Boom, back end failed, boom, middleware failed.

  • Everything worked, back end failed again,

  • everything worked again, middleware failed,

  • there, everything failed.

  • And we might notice that the problem is actually

  • worse than we think, because in our code what we're actually

  • doing is, we're propagating these headers.

  • These are for tracing, we'll take a look

  • at that in a second.

  • But we're actually forwarding this fail header

  • along each request.

  • So it's not just a 30% chance, it's a 30% times 30%

  • times 30% chance of failure.

  • And that's where all these cascading failures

  • come into play with microservices,

  • because one failure can trigger tons of failures downstream.

  • So let's take a look how Istio can help us with this.

  • So let's do our second routing rules.

  • Let's do something called a simple retry policy.

  • So let's have Istio automatically retry the request

  • three times before giving up.

  • And again, we don't have to change our code at all.

  • Istio is transparently proxying all of these network calls--

  • proxying is a strong word-- transparently

  • managing all these network calls.

  • So what happens is, our code doesn't

  • have to know at all that Istio is trying it three times.

  • It just tries it once.

  • And Istio actually manages all the back off,

  • and the retries, and all that kind of stuff

  • for you automatically.

  • So you don't have to.

  • So now, if we go back to Postman,

  • let's see what happens.

  • Boom, working.

  • Still some issues, working, working, working,

  • working, much better.

  • Obviously, it didn't fix the issue.

  • In fact, if I increase this to something like version 0.5,

  • you see it's going to fail a lot more, or not.

  • It might not fail, it might mask that.

  • You know what?

  • 0.9, all right, see, failure.

  • And you might notice it's failing a lot at the front,

  • too.

  • So let's take a look at two things.

  • One, it's able to mask--

  • M-A-S-K-- your failures.

  • But you don't want it to always do that.

  • Just because things are working doesn't mean things are good.

  • You want to be able to detect that you have errors,

  • and be able to detect that and fix it.

  • So Istio actually gives you a lot

  • of tooling out of the box to manage your systems.

  • The first thing I want to show you

  • is something called service graph.

  • So because Istio is sitting and intercepting all those network

  • calls, it's actually able to create a full picture

  • of your services for you.

  • So you can see here, we have a front end talking to our prod

  • and canary, talking to our back end,

  • just talking to time.jsontest.com--

  • we can also start doing things, automatically

  • start getting metrics from our cluster as well.

  • Wow, that looks way too zoomed in.

  • All right, let's zoom out a little bit.

  • You can see here, once we started adding those errors,

  • our global success rate just started crashing to the bottom.

  • And so Istio will actually automatically find

  • your 500s, your 400s, your volume, your QPS, your latency,

  • all this stuff automatically for you,

  • and start throwing it onto Prometheus and other dashboards

  • so you can start putting them into your systems,

  • and start running metrics, and understanding what

  • is going on in your services.

  • And I didn't have to write any code for this.

  • Istio gives me all these metrics out of the box for free.

  • And then finally, we can use something like Zipkin,

  • or Jaeger to do tracing.

  • So our stack level trace, a lot of these tools all work.

  • So let's find some traces.

  • So you can see here, we can see our front end talks

  • to our middleware talks to our back end.

  • And we can see that obviously the back end takes the longest

  • amount of time, because it's talking

  • to our external service.

  • But even more interesting than this, you can see here,

  • it actually has back end 2x, 2x, and middleware 2x.

  • And I can't find one, that's OK.

  • Let's see look back one hour.

  • That's OK.

  • So you can see all the distributed tracing.

  • And to do that, all I had to do was forward those trace headers

  • along.

  • Let's look at that for one second, those trace headers.

  • So as long as I'm forwarding those trace headers,

  • I get distributed tracing for free out of the box.

  • And actually, I have another talk

  • where I talk about open census, which can automatically forward

  • these for you as well--

  • so even less work for you as a developer.

  • Now, let's do one final thing.

  • So here, you can see when I hit refresh,

  • I'm always going to my prod service.

  • But as a tester, I kind of want to actually use

  • a Canary service and see what happens in this new path.

  • And the really nice thing is that we

  • can do in-production testing using Istio.

  • Because when we have thousands of services,

  • it's impossible to launch them all in our local machine

  • and test it that way.

  • We want to kind of push our service.

  • You think it's working, so we push it

  • into a production cluster, but we don't want any production

  • traffic hitting it.

  • We just want our test traffic hitting it.

  • So what we're going to do is put up the last and final route

  • rule.

  • And it's going to make a new route called

  • the middleware canary route.

  • And what it's going to look for is a header called x-dev-user.

  • And then, whenever it sees a value of super secret,

  • it's going to route it to our Canary.

  • So all normal traffic will go to our production service.

  • And then, the super secret traffic

  • will go to our Canary service.

  • Obviously, you'd use something like OAuth

  • or some sort of authentication scheme,

  • not just the word super secret, because security is important.

  • Let's take a look at that, so make Canary.

  • So let's deploy this rule.

  • And so now, if we go here, obviously it

  • will still go to our production service.

  • But if we go to Postman--

  • and let's remove that fail header.

  • And let's go to x-dev-user.

  • Boom, nope, did I spell it wrong?

  • I don't know, let's see what happened.

  • Oh, this is disabled, ah-ha, there we go.

  • Thank you.

  • There we go, middleware Canary.

  • So we're able to route to a specific service in the middle

  • of our stack using headers.

  • And that's because we're using header propagation.

  • So even if you had like 2,000 services,

  • and you want to make the middle one, the 900th service,

  • a special thing.

  • By propagating these headers, we can actually

  • use Istio and then route to that one,

  • even if it's in the middle of our stack.

  • So not just the front end, we can test anything

  • in the whole stack using Istio and header propagation.

  • All right, let's switch back to the slides, please.

  • So we do all this stuff--

  • thank you all so much.

  • If you want to get a deeper dive into Istio,

  • it's basically this top with a little bit more things

  • to focus specifically on Istio.

  • You can check out my main dot com slash Istio-101,

  • it will have a YouTube video.

  • All this code is open source on my GitHub.

  • Again, if you go to that website, Istio-101,

  • I have a link to my GitHub repository there.

  • You can check out Google Kubernetes Engine at g.co/gke,

  • istio.io, follow me on Twitter.

  • If you have any questions, please follow me out the door.

  • I'm going to go staff the office hours right now,

  • so come talk to me there, or talk to me right outside,

  • or find me in the sandbox.

  • I'm happy to answer any questions.

  • I know we went kind of quickly today.

  • But yeah, thank you all so much.

  • Enjoy the rest of your IO, enjoy the concert tonight.

  • And I'll see you out there.

[MUSIC PLAYING]

字幕と単語

ワンタップで英和辞典検索 単語をクリックすると、意味が表示されます

B1 中級

KubernetesとIstioを使ったクラウドのマイクロサービス(Google I/O '18 (Microservices in the Cloud with Kubernetes and Istio (Google I/O '18))

  • 63 4
    黃文楨 に公開 2021 年 01 月 14 日
動画の中の単語