asd

Author: Tamás Hódi

istio_examples/RouteRule/api/deployment.yml

@@ -4,6 +4,7 @@ metadata:
   name: api-v1
   labels:
     app: api
+    version: v1
 spec:
   replicas: 1
   template:
@@ -20,13 +21,18 @@ spec:
         env:
         - name: VERSION
           value: "v1"
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: api-v2
   labels:
     app: api
+    version: v2
 spec:
   replicas: 1
   template:
@@ -43,3 +49,7 @@ spec:
         env:
         - name: VERSION
           value: "v2"
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace

istio_examples/RouteRule/api/routerule.yml

@@ -12,22 +12,6 @@ spec:
   - labels:
       version: v1
     weight: 100
----
-apiVersion: config.istio.io/v1alpha2
-kind: RouteRule
-metadata:
-  name: api-v2
-  labels:
-    app: api
-spec:
-  destination:
-    name: api
-  precedence: 2
-  match:
-    request:
-      headers:
-        version: 
-          exact: "v2"
-  route:
   - labels:
       version: v2
+    weight: 0

istio_examples/RouteRule/api/routerule2.yml

@@ -0,0 +1,18 @@
+apiVersion: config.istio.io/v1alpha2
+kind: RouteRule
+metadata:
+  name: api-v2
+  labels:
+    app: api
+spec:
+  destination:
+    name: api
+  precedence: 2
+  match:
+    request:
+      headers:
+        version:
+          exact: v2
+  route:
+  - labels:
+      version: v2

istio_examples/RouteRule/api/src/Dockerfile

@@ -1,5 +1,9 @@
 FROM node:8.9.4-alpine
 
+RUN apk update
+RUN apk add curl
+RUN apk add wget
+
 ENV PORT 5000
 
 COPY package.json package.json
@@ -8,4 +12,5 @@ RUN npm install
 COPY . .
 
 CMD ["node", "."]
+
 EXPOSE $PORT

istio_examples/RouteRule/api/src/server.js

@@ -7,9 +7,16 @@ const PORT = process.env.PORT
 const VERSION = process.env.VERSION
 
 app.get('/healthz', (req, res) => res.sendStatus(200))
-app.get('/api', (req, res) => {
-  console.log(JSON.stringify(req.headers))
-  res.json(`Hello World! ${VERSION} ... header version received from ui: ${req.headers.version}`)
-})
+app.get('/api', (req, res) => res.json({
+  requestedVersion: req.headers.version,
+  version: VERSION
+}))
 
 app.listen(PORT, () => console.log(`Example app listening on port ${PORT}!`))
+
+// TODO: remove this part
+setInterval(() => {
+  require('request')(`http://api.default.svc.cluster.local/api`, (error, response, body) => {
+    console.log(error || body)
+  })
+}, 1000)

istio_examples/RouteRule/deploy.sh

@@ -18,3 +18,5 @@ kubectl patch deployment ui --patch '{"spec": {"template": {"spec": {"containers
 
 kubectl delete routerule -l app=api
 kubectl apply -f <(istioctl kube-inject -f $DIR/api/routerule.yml)
+
+minikube service ui

istio_examples/RouteRule/ui/src/src/App.js

@@ -29,9 +29,11 @@ class App extends Component {
   render() {
     return (
       <div className="App">
-        <button onClick={this.callAPIv1}>Call API</button>
-        <button onClick={this.callAPIv2}>Call API with v2 header</button>
-        <div className="data">{this.state.data}</div>
+        <button onClick={this.callAPIv1}>Call API v1</button>
+        <button onClick={this.callAPIv2}>Call API v2</button>
+        <p></p>
+        <div className="data">Requested: <b>{this.state.data.requestedVersion}</b></div>
+        <div className="data">Response: <b>{this.state.data.version}</b></div>
       </div>
     );
   }

post.md

@@ -4,45 +4,63 @@ http://blog.christianposta.com/istio-workshop/slides/#/agenda
 - microservices architecture shifts complexity from the space of code design and implementation into system operations
 - pushing the complexity from one place (software design and development) to another (operations) is just like hiding some tricky parts in somewhere else
 - k8s lets you to automate things and solve the problems easily
+- istio gives the rest of the needed tools
+- use helm to automate things
 
 !["MS meme by Martin Fowler"](https://martinfowler.com/bliki/images/microservicePrerequisites/sketch.png)
 
 # Problems
 
+## Communication
+
+### Direct communication
+- client never calls the service
+- use API gateway
+- handle auth, etc
+
+### Slow communication
+- use cache for GET
+- fail fast when POST, PUT, DEL
+- envoy will be sidecar which can be configured somehow
+
+### Security (NEED TO TEST)
+- kubernetes has NetworkPolicy
+- whats does istio give for us?
+- ingress/egress
+
+## Improve reliability
+
+### Healthz
+- proper timeouts
+
+### Graceful start / shutdown
+  - tear down connections in the good order (to avoid data loss)
+  - idempotency
+  - avoid draining connection pool -> graceful stop is important
+
+### Circuit breaker & rate limitation (NEED TO TEST)
+  - limit the impact of failures, latency spikes, and other undesirable network effects
+
 ## Change management
-- rapid provisioning of new resources
 - services can come and go
+- rapid provisioning of new resources
 - should be able to deploy a new service quickly
+- automate everything (repo, ci, deployment)
+- use helm to pack/deploy apps
 
 ### Deployment strategies
 - k8s deployment `.spec.strategy.type==Recreate` will kill all pods before new ones are created
 - 0 downtime deployment - `.spec.strategy.type==RollingUpdate` controls the process with `maxUnavailable` and `maxSurge`
 - blue/green
-- canary
-
-### Bootstrapping
-- graceful start / shutdown (app skeleton)
-- automate setup (repo, ci, deployment)
-
-## Communication
-
-### Slow communication
-- use cache for GET
-- fail fast when POST, PUT, DEL
-
-### Direct communication
-- client never calls the service
-- use API gateway
-
-### + Scaling
-- persistent problem for MS and monoliths
-- HPA
-- heapster
-- rate limitation
+- canary (monitoring needed, allows to test in production, dark launch -> flippers)
+- use versioned deployments with istio request routing
 
-### Monitoring
+### Monitoring (NEED TO TEST)
 - loosely-coupled services collaborating
 - detect serious problems
+- fail and detect problems fast -> write test where it is necessary
+- prometheus
+- HPA + heapster
 
 ### Fault injection
 - test resilience of your application

services/deploy.sh

@@ -13,3 +13,5 @@ done
 
 API_URL=$(minikube service api --url)
 kubectl patch deployment ui --patch '{"spec": {"template": {"spec": {"containers": [{"name": "ui", "env":[{"name": "REACT_APP_API_URL", "value": "'$API_URL'"}]}]}}}}'
+
+minikube service ui