Skip to content

Instantly share code, notes, and snippets.

@veggiemonk

veggiemonk/chaos-eng-istio.html

Forked from ryanj/gist-reveal.it-slides.html
Last active June 22, 2018 16:17
Show Gist options
  • Save veggiemonk/fd6fc28156ee1e770998ced4be39aca1 to your computer and use it in GitHub Desktop.
Save veggiemonk/fd6fc28156ee1e770998ced4be39aca1 to your computer and use it in GitHub Desktop.
Download ZIP
Chaos Engineering with Service mesh presentations - http://gist-reveal.it/fd6fc28156ee1e770998ced4be39aca1
Raw
chaos-eng-istio.html
<section data-transition='concave' data-state='blackout'>
<h1>CHAOS ENGINEERING</h1>
<h2>with</h2>
<h1>SERVICE MESH</h1>
</section>
<section data-transition='concave' id="inquiry">
<h2>Questions to the audience</h2>
<ol>
<!-- <li>Who uses containers ?</li> -->
<!-- <li>Who uses an orchestrator such as kubernetes ?</li> -->
<li>Who knows what is a service mesh ?</li>
<li>Who knows what is a SLI, SLO, SLA ?</li>
<li>Who knows what is Chaos Engineering ?</li>
<li>Who already did Chaos Engineering ?</li>
</ol>
</section>
<section id='outline'>
<h2>Outline</h2>
<ol>
<li>Kunernetes networking model</li>
<li>Service mesh: architecture and features</li>
<li>Demo of Istio</li>
<li>Chaos Engineering: concepts & origin</li>
<li>Demo of fault-injection</li>
<li>Q&A</li>
</ol>
</section>
<section data-transition='concave' id="kubernetes">
<h2>Kubernetes networking model</h2>
<div class="fragment">
<p>
1.
all containers &#8594; all other containers
<strong>without NAT</strong>
</p>
<p>
2.
all nodes &#8594; all containers
<br/>
all nodes &#8592; all containers
<br/>
<strong>without NAT</strong>
</p>
<p>
3. the IP that a container sees itself as
<br/>
<strong>is the SAME</strong>
<br/>
IP that others see it as
</p>
</div>
<br/>
<span class="fragment">
<a href="https://vimeo.com/245778144/4d1d597c5e">VIDEO: Kubernetes Deconstructed</a>
</span>
</section>
<section data-transition='concave'>
<h4>What is a service mesh</h4>
<h3>What problems does it solve</h3>
<br/>
<h2 class="fragment">Communication between services</h2>
<br/>
<p class="fragment" style="font-style: italic">A network for services, not bytes</p>
</section>
<section>
<section id="arch">
<h4>How does it solve inter service communication</h4>
<div style="display: grid; grid-template-columns: 0.5fr 1fr">
<ul>
<br/>
<li>Traffic management</li>
<li>Resiliency</li>
<li>Security</li>
<li>Observability</li>
</ul>
<img src="https://istio.io/docs/concepts/what-is-istio/img/overview/arch.svg" />
</div>
<aside class="notes">
<p>Source of the most complexity -> not the services themselves, but communication between services.</p>
<p>Those concerns can be addressed by integrating libraries -> library bloat.</p>
<p>Move the solution from the APP into the INFRA.</p>
<p>Pilot = lifecycle/config of Envoy instances</p>
<p>Mixer = enforcing access control/policies + collecting telemetry</p>
</aside>
</section>
<section id="osi-layers">
<img src="https://f5.com/Portals/1/Users/038/38/38/the_new_new_osi_stack.jpg?ver=2017-10-03-080252-023" height="521" width="1024">
<a href="https://f5.com/about-us/blog/articles/the-new-osi-network-stack-containers-and-half-layers-28124">source</a>
</section>
<!-- <section id="setup">
<pre><code contenteditable>
helm install install/kubernetes/helm/istio \
--name istio --namespace istio-system --set global.tag=0.8.0 \
--set sidecarInjectorWebhook.enabled=true \
--set prometheus.enabled=true --set grafana.enabled=true \
--set servicegraph.enabled=true --set tracing.enabled=true \
--set kiali.enabled=true;
</code></pre>
<br/>
<a href="https://github.com/istio/istio/blob/master/install/kubernetes/helm/istio/README.md#configuration">config</a>
</section> -->
</section>
<section>
<h4>What's in the code</h4>
<pre><code>
reviews = {
"name" : "http://reviews:9080",
"endpoint" : "reviews",
"children" : [ratings]
}
productpage = {
"name" : "http://productpage:9080",
"endpoint" : "details",
"children" : [details, reviews]
}
</code></pre>
<a href="https://github.com/istio/istio/blob/master/samples/bookinfo/src/productpage/productpage.py#L202">source code</a>
</section>
<section data-transition='concave' id="routing">
<h4>Traffic Management</h4>
<pre><code contenteditable>
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
...
spec:
hosts:
- reviews
http:
- match:
- headers:
cookie:
regex: ^(.*?;)?(user=jason)(;.*)?$
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v1
</code></pre>
<aside class="notes">
Load balancing,
traffic shaping (canary), traffic mirroring,
service discovery, ingress, egress
(hit 's' on your keyboard).
</aside>
</section>
<section data-transition='concave' id="resiliency">
<h4>Resiliency</h4>
<pre><code contenteditable>
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v2
retries:
attempts: 3
perTryTimeout: 2s
</code></pre>
<aside class="notes"> Timeouts, retries, circuit breaker, rate limiting, delay and fault injection (hit 's' on your keyboard).</aside>
</section>
<section id="Security">
<h2>Security</h2>
<ul>
<li>namespace-level and service-level policies</li>
<li>mutual TLS Authentication</li>
<li>role-based access control (RBAC)</li>
</ul>
</section>
<section>
<h2>Observability</h2>
<ul>
<li>Metrics</li>
<li>Logs</li>
<li>Tracing</li>
</ul>
</section>
<section>
<h1>DEMO</h1>
<img style="background-color: white;"src="https://istio.io/docs/guides/img/bookinfo/withistio.svg" alt="Bookinfo app"/>
</section>
<section>
<h1>CHAOS ENGINEERING</h1>
</section>
<section>
<blockquote class="twitter-tweet" data-lang="en">
<p lang="en" dir="ltr">Having a child: Chaos Engineering for everything in your life.</p>
&mdash; Arnaud Porterie (@icecrime)
<a href="https://twitter.com/icecrime/status/963115377562669057?ref_src=twsrc%5Etfw">February 12, 2018</a>
</blockquote>
<!-- <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script> -->
</section>
<section>
<blockquote>
<p lang="en" dir="ltr">Chaos Engineering is the discipline of experimenting on a distributed system in order to build confidence
in the system’s capability to withstand turbulent conditions in production.</p>
&mdash; <a href="https://principlesofchaos.org/">principlesofchaos.org</a>
</blockquote>
</section>
<section>
<blockquote>
<p>Thoughtful, planned experiments designed to reveal the weakness in our systems. </p>
&mdash; <a href="https://www.gremlin.com/">Kolton Andrus (cofounder and CEO of Gremlin Inc.)</a>
</blockquote>
<img src="https://media.science360.gov/files/story/cbb08900-d237-40a5-be17-307532b53688-largeImage.jpg" width="350px" />
</section>
<section>
<h3>Usually untested</h3>
<ol>
<li>Graceful shutdown</li>
<li>Health check</li>
<li>Cascading timeouts</li>
<li>Deployments (smoke test)</li>
</ol>
</section>
<section>
<h2>Type of errors</h2>
<ul>
<li>Unreachable</li>
<li>Delays</li>
<li>Timeout cascading</li>
<li>Circuit breaker</li>
</ul>
</section>
<section>
<h2>How to start Chaos Engineering</h2>
<ol>
<li>Set up monitoring !!!</li>
<li>Identify a measurable output that indicates behavior, define "steady state"</li>
<li>Form a hypothesis</li>
<li>Simulate real-world events</li>
<li>Disprove your hypothesis</li>
</ol>
</section>
<section>
<h2>Site Reliability Engineering</h2>
<ul>
<li>Identify weaknesses</li>
<li>Improve resiliency</li>
<li>
<a href="https://landing.google.com/sre/book/chapters/service-level-objectives.html">SLI, SLO, SLA</a>
</li>
</ul>
</section>
<section>
<h1>DEMO</h1>
<img style="background-color: white;" src="https://istio.io/docs/guides/img/bookinfo/withistio.svg" alt="Bookinfo app"/>
</section>
<section id="resources">
<h2>Resources</h2>
<small>
<ul>
<li><a href="https://blog.buoyant.io/2017/04/25/whats-a-service-mesh-and-why-do-i-need-one/">What's a service mesh</a></li>
<li><a href="https://www.microservices.com/talks/lyfts-envoy-monolith-service-mesh-matt-klein/">[Talk] Lyft's envoy</a></li>
<li><a href="https://www.techrepublic.com/article/chaos-engineering-a-cheat-sheet/">Cheat sheet</a></li>
<li><a href="https://landing.google.com/sre/book/index.html">SRE book</a></li>
<li><a href="https://www.gremlin.com/community/tutorials/chaos-engineering-the-history-principles-and-practice/">Chaos Engineering: the history, principles, and practice</a></li>
<li><a href="https://www.gremlin.com/blog/">Gremlin Blog</a></li>
<li><a href="https://github.com/dastergon/awesome-chaos-engineering">Awesome Chaos Engineering</a></li>
<li><a href="https://www.infoq.com/presentations/adopt-chaos-engineering">[Talk] Choose Your Own Adventure: Chaos Engineering</a></li>
</ul>
</small>
</section>
<section>
<h2>THANK YOU</h2>
<br/>
<h3>Julien Bisconti</h3>
<p>
<small>
<a style='font-weight:bold;color:deepskyblue;' href='http://github.com/veggiemonk'>Github: @veggiemonk</a>
<br/>
<a style='font-weight:bold;color:deepskyblue;' href='https://twitter.com/veggiemonk'>Twitter: @veggiemonk</a>
<br/>
<a style='font-weight:bold;color:deepskyblue;' href='https://www.linkedin.com/in/julienbisconti/'>LinkedIn: julienbisconti</a>
</small>
</p>
<br/>
<h4>Revaljs by Hakim El Hattab / hakim.se</h4>
<!-- <h4>
<a href="http://gist-reveal.it">gist-reveal</a> by
<a href="http://twitter.com/ryanj/">ryanj</a> and
<a href="https://github.com/fkautz">fkautz</a>
</h4> -->
</section>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment