Running Resilient Workloads with Istio
25 June 2019 | KubeCon, Shanghai China
Recording
Session Information
Abstract
Remember how cool Kubernetes seemed when you first started using it? A simple, easy API for scalable compute in any cloud: just a Deployment and a Service and you’re done! But as you use it more, you learn that this isn’t really enough. A production system needs requests and limits, liveness checks, HPAs, PDBs, PSPs, etc.
The same is true for Istio, which can solve a lot of the problems with microservices out of the box, but isn’t magic. When you get beyond playing with bookinfo, more configuration is needed to get the most out of it.
In this talk I’ll show you how to:
- Identify app versions, deploy canaries and run A/B tests
- Set timeouts
- Configure retries, with exponential backoff
- Enforce rate limits
- Enable circuit breakers
- Inject faults for testing
I’ll also cover a couple of the big security features:
- Enabling mTLS
- Using service-to-service access control lists (RBAC)