http://blog.christianposta.com/istio-workshop/slides/#/agenda
- microservices architecture shifts complexity from the space of code design and implementation into system operations
- pushing the complexity from one place (software design and development) to another (operations) is just like hiding some tricky parts in somewhere else
- k8s lets you to automate things and solve the problems easily
- istio gives the rest of the needed tools
- use helm to automate things
- client never calls the service
- use API gateway
- handle auth, etc
- use cache for GET
- fail fast when POST, PUT, DEL
- envoy will be sidecar which can be configured somehow
- kubernetes has NetworkPolicy
- whats does istio give for us?
- ingress/egress
- proper timeouts
- tear down connections in the good order (to avoid data loss)
- idempotency
- avoid draining connection pool -> graceful stop is important
- limit the impact of failures, latency spikes, and other undesirable network effects
- services can come and go
- rapid provisioning of new resources
- should be able to deploy a new service quickly
- automate everything (repo, ci, deployment)
- use helm to pack/deploy apps
- k8s deployment
.spec.strategy.type==Recreatewill kill all pods before new ones are created - 0 downtime deployment -
.spec.strategy.type==RollingUpdatecontrols the process withmaxUnavailableandmaxSurge - blue/green
- canary (monitoring needed, allows to test in production, dark launch -> flippers)
- use versioned deployments with istio request routing
- loosely-coupled services collaborating
- detect serious problems
- fail and detect problems fast -> write test where it is necessary
- prometheus
- HPA + heapster
- test resilience of your application
- network latency -> delay
- crash failure -> abort