OPENSHIFT CONTAINER PLATFORM TECHNICAL OVERVIEW. Presenter Presenter s title Date

Transcription

1 OPENSHIFT CONTAINER PLATFORM TECHNICAL OVERVIEW Presenter Presenter s title Date

2 Self-Service Standards-based Multi-language Automation Collaboration Multi-tenant 2 Web-scale Open Source Enterprise Grade Secure

3 OPENSHIFT ARCHITECTURE c 3

4 LINUX CONTAINERS

5 WHAT ARE CONTAINERS? It Depends Who You Ask APPLICATIONS INFRASTRUCTURE 5 Application processes on a shared kernel Package apps with all dependencies Simpler, lighter, and denser than VMs Deploy to any environment in seconds Portable across different environments Easily accessed and shared

6 VIRTUAL MACHINES AND CONTAINERS VIRTUAL MACHINES VM App App App App OS Dependencies Kernel CONTAINERS Container Container Container Container App App App App OS deps OS deps OS deps OS deps Container Host (Kernel) Hypervisor Hardware Hardware virtual machines are isolated apps are not 6 containers are isolated so are the apps

7 VIRTUAL MACHINES AND CONTAINERS Virtual Machine Container Application Application OS dependencies OS dependencies Operating System VM Isolation Complete OS Static Compute Static Memory High Resource Usage 7 Container Host Container Isolation Shared Kernel Burstable Compute Burstable Memory Low Resource Usage

8 VIRTUAL MACHINES AND CONTAINERS Container Virtual Machine Application IT Ops (and Dev, sort of) OS dependencies Operating System Clear ownership boundary between Dev and IT Ops drives DevOps adoption and fosters agility Application Dev OS dependencies Container Host IT Ops Infrastructure Infrastructure Optimized for stability Optimized for agility 8

9 APPLICATION PORTABILITY WITH VM Virtual machines are NOT portable across hypervisor and do NOT provide portable packaging for applications Guest VM Application OS dependencies Operating System LAPTOP 9 Application OS dependencies Operating System BARE METAL VM Type X VM Type Y VM Type Z Application Application Application OS dependencies OS dependencies OS dependencies Operating System Operating System Operating System VIRTUALIZATION PRIVATE CLOUD PUBLIC CLOUD

10 APPLICATION PORTABILITY WITH CONTAINERS RHEL Containers + RHEL Host = Guaranteed Portability Across Any Infrastructure Container Container Container Container Container Application Application Application Application Application OS dependencies OS dependencies OS dependencies OS dependencies OS dependencies RHEL RHEL RHEL Virtual Machine Virtual Machine Virtual Machine VIRTUALIZATION PRIVATE CLOUD PUBLIC CLOUD RHEL RHEL Guest VM LAPTOP 10 BARE METAL

11 RAPID SECURITY PATCHING USING CONTAINER IMAGE LAYERING Image Layer 3 Image Layer 2 Image Layer 1 Base Image Container Image Layers 11 Application Layer Java Runtime Layer OS Update Layer Base RHEL Example Container Image

12 A lightweight, OCI-compliant container runtime Optimized for Kubernetes Any OCI-compliant container from any OCI registry (including docker) Available in OpenShift Online (soon) Tech Preview in OCP 3.7, GA in OCP Improve Security and Performance at scale

13 OPENSHIFT ARCHITECTURE

14 YOUR CHOICE OF INFRASTRUCTURE 14

15 NODES RHEL INSTANCES WHERE APPS RUN 15

16 APPS RUN IN CONTAINERS c 16

17 PODS ARE THE UNIT OF ORCHESTRATION c 17

18 MASTERS ARE THE CONTROL PLANE 18

19 API AND AUTHENTICATION 19

20 DESIRED AND CURRENT STATE 20

21 INTEGRATED CONTAINER REGISTRY 21

22 ORCHESTRATION AND SCHEDULING 22

23 PLACEMENT BY POLICY c 23

24 AUTOSCALING PODS c 24

25 SERVICE DISCOVERY c 25

26 PERSISTENT DATA IN CONTAINERS c 26

27 ROUTING AND LOAD-BALANCING c 27

28 ACCESS VIA WEB, CLI, IDE AND API c 28

29 TECHNICAL DEEP DIVE

30 MONITORING APPLICATION HEALTH

31 AUTO-HEALING FAILED PODS c c 31

32 AUTO-HEALING FAILED CONTAINERS c c 32

33 AUTO-HEALING FAILED CONTAINERS c c 33

34 AUTO-HEALING FAILED CONTAINERS c c 34

35 AUTO-HEALING FAILED CONTAINERS c 35 c

36 NETWORKING

37 BUILT-IN SERVICE DISCOVERY INTERNAL LOAD-BALANCING 37

38 BUILT-IN SERVICE DISCOVERY INTERNAL LOAD-BALANCING 38

39 ROUTE EXPOSES SERVICES EXTERNALLY 39

40 ROUTING AND EXTERNAL LOAD-BALANCING Pluggable routing architecture HAProxy Router F5 Router Multiple-routers with traffic sharding Router supported protocols HTTP/HTTPS WebSockets TLS with SNI 40 Non-standard ports via cloud load-balancers, external IP, and NodePort

41 ROUTE SPLIT TRAFFIC Split Traffic Between Multiple Services For A/B Testing, Blue/Green and Canary Deployments 41

42 EXTERNAL TRAFFIC TO A SERVICE ON A RANDOM PORT WITH NODEPORT 42 NodePort binds a service to a unique port on all the nodes Traffic received on any node redirects to a node with the running service Ports in 30K-60K range which usually differs from the service Firewall rules must allow traffic to all nodes on the specific port

43 EXTERNAL TRAFFIC TO A SERVICE ON ANY PORT WITH INGRESS 43 Access a service with an external IP on any TCP/UDP port, such as Databases Message Brokers Automatic IP allocation from a predefined pool using Ingress IP Self-Service IP failover pods provide high availability for the IP pool

44 CONTROL OUTGOING TRAFFIC SOURCE IP WITH EGRESS ROUTER 44

45 OPENSHIFT NETWORKING 45 Built-in internal DNS to reach services by name Split DNS is supported via SkyDNS Master answers DNS queries for internal services Other nameservers serve the rest of the queries Software Defined Networking (SDN) for a unified cluster network to enable pod-to-pod communication OpenShift follows the Kubernetes Container Networking Interface (CNI) plug-in model

46 OPENSHIFT NETWORK PLUGINS * Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift on OpenStack reference architecture 46

47 OPENSHIFT NETWORKING 47

48 OPENSHIFT SDN FLAT NETWORK (Default) All pods can communicate with each other across projects MULTI-TENANT NETWORK Project-level network isolation Multicast support Egress network policies NETWORK POLICY (Tech Preview) 48 Granular policy-based isolation NODE NODE POD POD POD POD POD POD POD POD

49 OPENSHIFT SDN - NETWORK POLICY Example Policies Allow all traffic inside the project Allow traffic from green to gray Allow traffic to purple on 8080 apiversion: extensions/v1beta1 kind: NetworkPolicy metadata: name: allow-to-purple-on-8080 spec: podselector: matchlabels: color: purple ingress: - ports: - protocol: tcp port:

50 OPENSHIFT SDN - OVS PACKET FLOW Container to Container on the Same Host 50

51 OPENSHIFT SDN - OVS PACKET FLOW Container to Container on the Different Hosts 51

52 OPENSHIFT SDN - OVS PACKET FLOW Container Connects to External Host 52

53 OPENSHIFT SDN WITH FLANNEL FOR OPENSTACK Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift on OpenStack reference architecture 53

54 LOGGING & METRICS

55 CENTRAL LOG MANAGEMENT WITH EFK EFK stack to aggregate logs for hosts and applications Elasticsearch: an object store to store all logs Fluentd: gathers logs and sends to Elasticsearch. Kibana: A web UI for Elasticsearch. Access control Cluster administrators can view all logs Users can only view logs for their projects Ability to send logs elsewhere 55 External elasticsearch, Splunk, etc

56 CENTRAL LOG MANAGEMENT WITH EFK NODE POD POD POD POD POD NODE RHEL POD POD POD POD RHEL POD POD RHEL 56 FLUENTD NODE ELASTIC ELASTIC ELASTIC ELASTIC ELASTIC ELASTIC ELASTIC ELASTIC FLUENTD FLUENTD POD

57 CONTAINER METRICS 57

58 CONTAINER METRICS NODE POD FLUENTD POD POD POD POD NODE RHEL POD POD POD POD RHEL POD POD RHEL 58 CADVISOR NODE FLUENTD POD ELASTIC ELASTIC

59 SECURITY

60 TEN LAYERS OF CONTAINER SECURITY 60 Container Host & Multi-tenancy Federated Clusters Container Platform API Management Network Isolation Deploying Container Container Registry Container Content Storage Building Containers

61 SECRET MANAGEMENT 61 Secure mechanism for holding sensitive data e.g. Passwords and credentials SSH Keys Certificates Secrets are made available as Environment variables Volume mounts Interaction with external systems Encrypted in transit Never rest on the nodes

62 PERSISTENT STORAGE

63 PERSISTENT STORAGE 63 Persistent Volume (PV) is tied to a piece of network storage Provisioned by an administrator (static or dynamically) Allows admins to describe storage and users to request storage Assigned to pods based on the requested size, access mode, labels and type NFS OpenStack Cinder iscsi Azure Disk AWS EBS FlexVolume GlusterFS Ceph RBD Fiber Channel Azure File GCE Persistent Disk VMWare vsphere VMDK

64 PERSISTENT STORAGE 64

65 DYNAMIC VOLUME PROVISIONING 65

66 CONTAINER-NATIVE STORAGE Containerized Red Hat Gluster Storage Native integration with OpenShift Unified Orchestration using Kubernetes for applications and storage 66 Greater control & ease of use for developers Lower TCO through convergence Single vendor Support

67 CONTAINER-NATIVE STORAGE MASTER NODE NODE POD 67 NODE POD POD NODE POD POD POD POD POD POD POD POD POD POD

68 SERVICE BROKER

69 WHY A SERVICE BROKER? Manual, Time-consuming and Inconsistent 69

70 A multi-vendor project to standardize how services are consumed on cloud-native platforms across service providers 70

71 WHAT IS A SERVICE BROKER? Automated, Standard and Consistent 71

72 OPENSHIFT SERVICE CATALOG 72

73 SERVICE BROKER CONCEPTS SERVICE: an offering that can be used by an app e.g. database PLAN: a specific flavor of a service e.g. Gold Tier SERVICE INSTANCE: an instance of the offering PROVISION: creating a service instance SERVICE CONSUMER BIND: associate a service instance and its credentials to an app 73 SERVICE CATALOG SERVICE BROKER SERVICE PROVIDER

74 HOW TO ADD A SERVICE BROKER Deploy service broker on or off OpenShift Register the broker referring to the deployed broker apiversion: servicecatalog.k8s.io/v1alpha1 kind: Broker metadata: name: asb-broker spec: url: 74 Register the broker services by creating ServiceClass resources (the service broker might automatically perform this step)

75 TEMPLATE SERVICE BROKER 75 Exposes Templates and Instant Apps in the Service Catalog Pulled from openshift namespace by default Multiple namespaces can be configured for template discovery

76 TEMPLATE SERVER BROKER PROVISIONING openshift namespace nodejs-template Service Broker creates a the objects from the template OpenShift Service Catalog Template Service Broker 76 Node.js Container

77 TEMPLATE SERVICE BROKER BINDING openshift namespace nodejs-template OpenShift Service Catalog Template Service Broker create binding 77 Service Broker creates a binding and secret for any credentials (config map, secret, etc) created by the template Node.js Container

78 OPENSHIFT ANSIBLE BROKER Use Ansible on OpenShift 78 Deploy containerized applications Provision external services (e.g. Oracle database) Provision cloud services (e.g. AWS RDS) Orchestrate multi-service solutions Conditional logic for control on deployments (e.g. database is initialized) Leverage existing Ansible playbooks Anything you can do with Ansible, you can do with OAB

79 ANSIBLE PLAYBOOK BUNDLES (APB) Lightweight application definition Packaged as a container image Embedded Ansible runtime Metadata for parameters Named playbooks for actions Leverage existing Ansible playbooks Registry is queried to discover APBs roles playbooks provision.yaml unprovision.yaml bind.yaml unbind.yaml apb.yaml Ansible Runtime 79 Ansible Playbook Bundle (Container Image)

80 OPENSHIFT ANSIBLE BROKER PROVISIONING mediawiki-apb postgresql-apb OpenShift Service Catalog OpenShift Ansible Broker 80 Docker Hub OpenShift Registry Red Hat Container Catalog Discover and list APBs from the configured image registries

81 OPENSHIFT ANSIBLE BROKER PROVISIONING mediawiki-apb postgresql-apb Docker Hub OpenShift Registry Red Hat Container Catalog Pull APB image and run it with the broker action as a parameter OpenShift Service Catalog OpenShift Ansible Broker oc run postgresql-apb provision $vars 81 APB Container (postgresql)

82 OPENSHIFT ANSIBLE BROKER PROVISIONING mediawiki-apb postgresql-apb Docker Hub OpenShift Registry Red Hat Container Catalog APB container runs provision.yaml playbook to create a PostgreSQL container OpenShift Service Catalog OpenShift Ansible Service Broker Ansible oc run postgresql-apb provision $vars 82 APB Container (postgresql) ansible-playbook provision.yaml $vars Postgre SQL Container

83 OPENSHIFT ANSIBLE BROKER BINDING mediawiki-apb postgresql-apb Docker Hub OpenShift Registry Red Hat Container Catalog APB container runs bind.yaml playbook to create database user OpenShift Service Catalog OpenShift Ansible Broker oc run postgresql-apb bind $vars APB Container (postgresql) Postgre SQL Container ansible-playbook bind.yaml $vars MediaWiki Container 83

84 OPENSHIFT ANSIBLE BROKER BINDING mediawiki-apb postgresql-apb Docker Hub OpenShift Registry Red Hat Container Catalog APB container goes away and Service Broker creates a binding for the PostgreSQL service OpenShift Service Catalog OpenShift Ansible Broker create binding 84 Postgre SQL Container MediaWiki Container

85 OPENSHIFT ANSIBLE BROKER BINDING mediawiki-apb postgresql-apb Docker Hub OpenShift Registry Red Hat Container Catalog Service Catalog creates a secret for the binding, containing the database credentials OpenShift Service Catalog OpenShift Ansible Broker mount binding secret 85 Postgre SQL Container MediaWiki Container

86 OPENSHIFT ANSIBLE BROKER BINDING mediawiki-apb postgresql-apb Docker Hub OpenShift Registry Red Hat Container Catalog OpenShift Service Catalog OpenShift Ansible Broker mount binding secret 86 MediaWiki container uses the credentials in the secret to connect to the PostgreSQL database Postgre SQL Container MediaWiki Container

87 AWS SERVICE BROKER 87 Targets Top 10 AWS Services Uses Ansible Playbook Bundles Available in OpenShift 3.7 SQS SNS DynamoDB Redshift SES S3 RDS EMR AWS Batch ElastiCache Route 53

88 AWS PROVISIONING s3-apb rds-apb Compatible Docker Registries AWS ECR APB container runs provision.yaml playbook to interact with CFN and create RDS instance OpenShift Service Catalog OpenShift Ansible Broker oc run rds-apb provision $vars 88 APB Container (rds) ansible-playbook provision.yaml $vars AWS Cloud Formation AWS RDS

89 OPERATIONAL MANAGEMENT

90 TOP CHALLENGES OF RUNNING CONTAINERS AT SCALE OPERATIONAL EFFICIENCY 90 SERVICE HEALTH SECURITY & COMPLIANCE FINANCIAL MANAGEMENT

91 91

92 OPERATIONAL EFFICIENCY 92 CloudForms continuously discovers your infrastructure in near real time. CloudForms discovers and visualizes relationships between infra components CloudForms cross references inventory across technologies. CloudForms offers custom automation via control policy or UI extensions

93 OPERATIONAL EFFICIENCY 93

94 SERVICE HEALTH 94 CloudForms monitors resource consumption and shows trends CloudForms alerts on performance thresholds or other events CloudForms offers right-sizing recommendations CloudForms enforces configuration and tracks it over time.

95 SERVICE HEALTH 95

96 SECURITY & COMPLIANCE 96 CloudForms finds and marks nodes non-compliant with policy. CloudForms allows reporting on container provenance. CloudForms scans container images using OpenSCAP. CloudForms tracks genealogy between images and containers.

97 SECURITY & COMPLIANCE 97

98 FINANCIAL MANAGEMENT 98 Define cost models for infrastructure and understand your cost. Rate schedules per platform and per tenant with multi-tiered and multi-currency support CloudForms shows top users for CPU, memory, as well as cost. Chargeback/showback to projects based on container utilization.

99 FINANCIAL MANAGEMENT 99

100 REFERENCE ARCHITECTURES

101 REFERENCE ARCHITECTURES OpenShift on VMware vcenter Application Release Strategies with OpenShift OpenShift on Red Hat OpenStack Platform Building Polyglot Microservices on OpenShift OpenShift on Amazon Web Services Building JBoss EAP 6 Microservices on OpenShift OpenShift on Google Cloud Platform Building JBoss EAP 7 Microservices on OpenShift OpenShift on Microsoft Azure Business Process Management with JBoss BPMS on OpenShift OpenShift on Red Hat Virtualization Build and Deployment of Java Applications on OpenShift OpenShift on HPE Servers with Ansible Tower Building Microservices on OpenShift with Fuse Integration... OpenShift on VMware vcenter 6 with Gluster JFrog Artifactory on OpenShift Container Platform Deploying an OpenShift Distributed Architecture Spring Boot Microservices on Red Hat OpenShift OpenShift Architecture and Deployment Guide API Management with Red Hat 3scale on OpenShift OpenShift Scaling, Performance, and Capacity Planning 101

102 BUILD AND DEPLOY CONTAINER IMAGES

103 BUILD AND DEPLOY CONTAINER IMAGES DEPLOY YOUR SOURCE CODE 103 DEPLOY YOUR APP BINARY DEPLOY YOUR CONTAINER IMAGE

104 DEPLOY SOURCE CODE WITH SOURCE-TO-IMAGE (S2I) User/Tool Does 104 OpenShift Does

105 DEPLOY APP BINARY WITH SOURCE-TO-IMAGE (S2I) User/Tool Does 105 OpenShift Does

106 DEPLOY DOCKER IMAGE User/Tool Does 106 OpenShift Does

107 BUILD IMAGES IN MULTIPLE STAGES 107

108 EXAMPLE: USE ANY RUNTIME IMAGE WITH SOURCE-TO-IMAGE BUILDS Use Source-to-Image to build app binaries and deploy on lean vanilla runtimes read more on 108

109 EXAMPLE: USE ANY BUILD TOOL WITH OFFICIAL RUNTIME IMAGES Use your choice of build tool like Gradle and deploy to official images like the JDK image read more on 109

110 EXAMPLE: SMALL LEAN RUNTIMES Build the app binary and deploy on small scratch images read more on 110

111 CONTINUOUS INTEGRATION (CI) CONTINUOUS DELIVERY (CD)

112 CI/CD WITH BUILD AND DEPLOYMENTS BUILDS Webhook triggers: build the app image whenever the code changes Image trigger: build the app image whenever the base language or app runtime changes Build hooks: test the app image before pushing it to an image registry DEPLOYMENTS 112 Deployment triggers: redeploy app containers whenever configuration changes or the image changes in the OpenShift integrated registry or upstream registries

113 CONTINUOUS DELIVERY WITH CONTAINERS 113

114 OPENSHIFT LOVES CI/CD JENKINS-AS-A SERVICE ON OPENSHIFT 114 HYBRID JENKINS INFRA WITH OPENSHIFT EXISTING CI/CD DEPLOY TO OPENSHIFT

115 JENKINS-AS-A-SERVICE ON OPENSHIFT 115 Certified Jenkins images with pre-configured plugins Provided out-of-the-box Follows Jenkins 1.x and 2.x LTS versions Jenkins S2I Builder for customizing the image Install Plugins Configure Jenkins Configure Build Jobs OpenShift plugins to integrate authentication with OpenShift and also CI/CD pipelines Dynamically deploys Jenkins slave containers

116 HYBRID JENKINS INFRA WITH OPENSHIFT 116 Scale existing Jenkins infrastructure by dynamically provisioning Jenkins slaves on OpenShift Use Kubernetes plug-in on existing Jenkin servers

117 EXISTING CI/CD DEPLOY TO OPENSHIFT 117 Existing CI/CD infrastructure outside OpenShift performs operations against OpenShift OpenShift Pipeline Jenkins Plugin for Jenkins OpenShift CLI for integrating other CI Engines with OpenShift Without disrupting existing processes, can be combined with previous alternative

118 OPENSHIFT PIPELINES 118 OpenShift Pipelines allow defining a CI/CD workflow via a Jenkins pipeline which can be started, monitored, and managed similar to other builds Dynamic provisioning of Jenkins slaves Auto-provisioning of Jenkins server OpenShift Pipeline strategies Embedded Jenkinsfile Jenkinsfile from a Git repository apiversion: v1 kind: BuildConfig metadata: name: app-pipeline spec: strategy: type: JenkinsPipeline jenkinspipelinestrategy: jenkinsfile: node('maven') { stage('build app') { git url: ' sh "mvn package" } stage('build image') { sh "oc start-build app --from-file=target/app.jar } stage('deploy') { openshiftdeploy deploymentconfig: 'app' } }

119 119

120 CONTINUOUS DELIVERY PIPELINE 120

121 CONTINUOUS DELIVERY PIPELINE 121

122 CONTINUOUS DELIVERY PIPELINE 122

123 CONTINUOUS DELIVERY PIPELINE 123

124 CONTINUOUS DELIVERY PIPELINE ServiceNow JIRA Service Desk Zendeks BMC Remedy 124

125 CONTINUOUS DELIVERY PIPELINE 125

126 DEVELOPER WORKFLOW

127 LOCAL DEVELOPMENT WORKFLOW 127

128 LOCAL DEVELOPMENT WORKFLOW BOOTSTRAP Pick your programming language and application runtime of choice Create the project skeleton from scratch or use a generator such as 128 Maven archetypes Quickstarts and Templates OpenShift Generator Spring Initializr

129 LOCAL DEVELOPMENT WORKFLOW DEVELOP 129 Pick your framework of choice such as Java EE, Spring, Ruby on Rails, Django, Express,... Develop your application code using your editor or IDE of choice Build and test your application code locally using your build tools Create or generate OpenShift templates or Kubernetes objects

130 LOCAL DEVELOPMENT WORKFLOW LOCAL DEPLOY 130 Deploy your code on a local OpenShift cluster Red Hat Container Development Kit (CDK), minishift and oc cluster Red Hat CDK provides a standard RHEL-based development environment Use binary deploy, maven or CLI rsync to push code or app binary directly into containers

131 LOCAL DEVELOPMENT WORKFLOW VERIFY 131 Verify your code is working as expected Run any type of tests that are required with or without other components (database, etc) Based on the test results, change code, deploy, verify and repeat

132 LOCAL DEVELOPMENT WORKFLOW GIT PUSH 132 Push the code and configuration to the Git repository If using Fork & Pull Request workflow, create a Pull Request If using code review workflow, participate in code review discussions

133 LOCAL DEVELOPMENT WORKFLOW PIPELINE 133 Pushing code to the Git repository triggers one or multiple deployment pipelines Design your pipelines based on your development workflow e.g. test the pull request Failure in the pipeline? Go back to the code and start again

134 APPLICATION SERVICES

135 A PLATFORM THAT GROWS WITH YOUR BUSINESS 135 Web Application Data Virtualization Intelligent Process Micro services API Management Single Sign-On Java EE Application Mobile Integration Messaging Data Grid Real Time Decision

136 TRUE POLYGLOT PLATFORM LANGUAGES DATABASES CrunchyData GitLab Iron.io WEB SERVERS Couchbase Sonatype EnterpriseDB NuoDB Fujitsu MIDDLEWARE 136 and many more

137 TESTED AND VERIFIED MICROSERVICES FRAMEWORKS LAUNCH Spring Boot Netflix Hystrix Netflix Ribbon SUPPORTED MICROSERVICES RUNTIMES Reactive MicroProfile Server-side JS Java EE Java EE Web Eclipse Vert.x WildFly Swarm Node.js JBoss EAP Embedded Tomcat Modern, Cloud-Native Application Runtimes and an Opinionated Developer Experience 137

138 MICROSERVICES INFRASTRUCTURE: ISTIO SERVICE MESH

139 WHAT YOU NEED FOR MICROSERVICES? Visibility & Reporting Resilience & Fault Tolerance Routing & Traffic Control Identity & Security Policy Enforcement 139

140 WHAT YOU NEED FOR MICROSERVICES? Visibility & Reporting Resilience & Fault Tolerance Routing & Traffic Control Identity & Security Policy Enforcement 140 Istio

141 WHAT IS ISTIO? a service mesh to connect, manage, and secure microservices Control Plane Data Plane 141 Pilot Mixer Auth Envoy Envoy Envoy Envoy App App App App Pod Pod Pod Pod

142