Category Archives: Container

Istio- Getting started

I recently wrote about service mesh and how it helps ease managing and deploying services. Istio is an open-source service mesh that layers transparently onto existing distributed applications. Istio helps to create a network of deployed services with load balancing, service-to-service authentication, monitoring with no additional coding requirements. Istio deploys a sidecar for each service which provides features like canary deployments, fault injections, and circuit breakers off the shelf.

Let’s take a look at Istio at a high level

The overall architecture of an Istio-based application.
Image source: https://istio.io/latest/docs/concepts/what-is-istio/

Data Plane: as we can see in the design above that Data Plane uses sidecars through Envoy Proxy and manage traffic for microservices.

Control Plane: Control plane helps to have centralized control over network infrastructure and implement policies and traffic rules.

Control plane functionality (https://istio.io/latest/docs/concepts/what-is-istio/)

Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic.

Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection.

A pluggable policy layer and configuration API supporting access controls, rate limits and quotas.

Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress.

Secure service-to-service communication in a cluster with strong identity-based authentication and authorization.

Currently Istio is supported on

  • Service deployment on Kubernetes
  • Services registered with Consul
  • Services running on individual virtual machines

Lets take a look at core features provided by Istio

Traffic management

Istio helps us manage traffic by implementing circuit breakers, timeouts, and retries, and helps us with A/B testing, canary rollouts, and staged rollouts with percentage-based traffic splits.

Security

Another core area where Istio helps is security. It helps with authentication, authorization, and encryption off the shelf.

While Istio is platform-independent, using it with Kubernetes (or infrastructure) network policies, the benefits are even greater, including the ability to secure pod-to-pod or service-to-service communication at the network and application layers.

https://istio.io/latest/docs/concepts/what-is-istio/#security

Observability

Another important aspect that Istio helps with is observability. It helps managing tracing, monitoring, and logging. Additionally, it provides a set of dashboards like Kiali, Grafana, Jaeger, etc to help visualize the traffic patterns and manage the services.

Additional Resources –

https://istio.io/latest/docs/

https://dzone.com/articles/metadata-management-in-big-data-systems-a-complete-1

Disclaimer: This post was originally posted by me in the cloud community – https://cloudyforsure.com/cloud-computing/istio-getting-started/

Kubernetes

Sometime back I talked about the importance of containers in implementing Microservices-based applications. Implementing such a design comes up with its own challenges, that is, once the number of services and containers grows, it becomes difficult to manage so many container deployments, scaling, disaster recovery, availability, etc.

Container Orchestration with Kubernetes

Because of the challenges mentioned above with container-based deployment of Microservices, there is a strong need for container orchestration. There are a few Container orchestration tools available but it will not be wrong to say that Kubernetes is the most popular at this point of time.

Kubernetes or K8s as it is popularly knows, provides following features off the shelf

  • High availability – no downtime
  • Scalability – high performance
  • Disaster Recovery – backup and restore

Kubernetes Architecture

Image Source: https://kubernetes.io/docs/concepts/overview/components/

Let us take a look at how K8s achieves the features we mentioned above. At the base level, K8s nodes are divided into Master node and Worker nodes. The master node, as the name suggests is the controlling node that manages and controls the worker nodes. Master node makes sure services are available and scaled properly.

Master Node

Master node contains contains following components- API server, Scheduler, Controller and etcd.

API server: The API server exposes APIs for various operations to external users. It validates any request coming in and processes it. API can be exposed through REST calls or a command-line interface. The most popular command-line tool to access API is KubeCTL.

Scheduler: When a new pod (we will look into pods shortly when discussing worker nodes) is being created, the scheduler checks and deploys the pod on available nodes based on configuration settings like hardware and software needs.

Controller/ Control Management: As per official K8s documentation, there are four types of controllers that manage the following responsibilities.

  • Node controller: Responsible for noticing and responding when nodes go down.
  • Replication controller: Responsible for maintaining the correct number of pods for every replication controller object in the system.
  • Endpoints controller: Populates the Endpoints object (that is, joins Services & Pods).
  • Service Account & Token controllers: Create default accounts and API access tokens for new namespaces.

etcd: The etcd is a key-value database store. It stores cluster state at any point in time.

Worker Node

kubelet: It runs on each node and makes sure all the containers running in pods are in healthy state and takes any corrective actions if required.

kube-proxy: It maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster.

Pods and Containers:  One can think of a Pod as a wrapper layer on top of containers. Kubernetes does not want to work directly with containers to give it flexibility so that the underlying layer does not have any dependency.

Disclaimer: This post was originally posted by me in the cloud community – https://cloudyforsure.com/containers/kubernetes/

Developing With Containers

In the last few years, the cloud has completely changed the way we used to think about and design applications. With our eyes taken away from hardware availability, we can think more in terms of scalability and reliability. This has given a rise to microservices based design. Containers further support our idea of microservices based implementations by providing another layer of hardware independence.

What is a container?

Let’s start from the beginning. a decade or so back, when you need to deploy an application, you would go to your hardware department and tell them to get you a new box. So if you are deploying 10 applications, you would end up having 10 different sets of hardware being managed. In all probability, you were using less than half the processing power of a machine your application was deployed on because you would not take a risk of running a production application on a low powered machine.

Then came the era of Virtual machines, which helped us installing multiple virtual machines on the same machine. With the popularity of the cloud, virtual machines got more popular. Now you could easily boot up a virtual machine and deploy your application on that. One pressing downside of a virtual machine is that if you have 4 virtual machines running on a box, that would mean you have an overhead of running 4 operating system which ends up eating a lot of processing power.

This gave rise to the thought process for Containers, which helps us run an application inside its own container rather than an independent physical or virtual machine.

Let’s look at what a container is and how is it different from a VM with help of Docker container technology.

Image source – https://www.docker.com/

What is Docker?

Docker the technology, created by a company namesake, gives us tools to implement the concept of containers. As we can see in the image above, in case of a virtual machine, every virtual box has its independent Operating System image. That would mean that each Virtual machine is somewhat an independent system in itself. On the contrary, Docker installs a Docker engine on top of OS, which can further run multiple containers with a different set of applications.

Here are some useful docker commands

docker run
— Run an image
Docker ps
— Lists down all the running containers
Docker ps -a
— Lists down all the containers
Docker images
— Lists down all the images

More docker commands.
https://docs.docker.com/engine/reference/commandline/docker/

What is Kubernetes?

Running your application using Docker containers is the job half done. In the modern world, you need to take care of problems like how your application will handle the increase or decrease of load? How will we handle a situation when a node is down? Kuberenetes answers these questions helping us orchestrating the nodes and applications. It keeps a check on load and helps us increase or decrease firepower or add/ remove application instances. It takes care of failing nodes and brings in more nodes if required.