Three questions, back to where we left off.
What problem does ServiceMesh solve?
SM is essentially a decoupling of business services from the underlying technology architecture:
-
A process implements the business logic (either the caller or the service provider), biz, the white box in the figure above
-
A process implements the underlying technical architecture, proxy, shown in the blue box above
Voice: Load balancing, monitoring alarms, service discovery and governance, invocation chains… And a lot of other infrastructure, are implemented in this layer.
What is Istio?
Istio is the product delivery of ServiceMesh.
What is the layered architecture design of Istio?
Istio uses a data plane and a control plane that separate implementation and control.
The data plane
- Envoy (proxy) : Responsible for efficient forwarding and policy landing [core]
Control plane
-
Mixer: An adapter through which the data plane interacts with the control plane
-
Pilot: Policy Configuration Component [core]
-
Citadel: security components
-
Galley: Decoupled component of the underlying platform (for example, K8S)
The core of the architecture is envoy and Pilot.
Starting today, we’ll talk about Istio flow control, typically gray scale publishing.
Just as ServiceMesh is designed to decouple technology system from business services, the essence of Istio flow control model is to decouple flow control from service instance extension. More specifically:
-
The user only needs to use the Pilot in the control plane to set what rules to route the expected traffic
-
Don’t you need to specify how service Pods are received
-
The data plane Envoy retrieves rules and commands from the Pilot and then lands various traffic forwarding strategies
As shown in the figure above, initially ServiceA accesses the older version of ServiceB.
Voiceover, decoupling of business and bottom layer:
(1) The gray circle serves the business Svc;
(2) The purple hexagon is an Envoy;
(3) Local access between the service and the proxy;
(4) There are Envoy proxy interactions across network segments (blue arrows);
How to do grayscale publishing?
As shown in the figure above, service A invoxes Service B, and to release A grayscale version of service B, 5% of the traffic needs to be sent to the new version of Service B, which only requires:
(1) Deploy the new version of service B;
(2) Configure the policy on the Pilot and synchronize the policy to the Envoy;
(3) The data plane Envoy receives the policy configuration, real-time traffic forwarding policy;
Voiceover: The diagram does not show the Pilot and Envoy interacting.
Done, this process business service is completely decoupled from the flow control policy, perfect!
In addition to gray-scale publishing based on flow ratio split, application-layer gray-scale publishing is also very easy to implement through Istio.
As you can see above, to release a grayscale version of service B, you need to send the iPhone traffic to the new version of SERVICE B. The process is exactly the same (deploy service, Pilot control, Envoy implementation).
If the Envoy originally supports traffic proportional forwarding but does not support application-layer protocol forwarding, only the following needs to be done:
(1) Upgrade the Envoy’s traffic flow strategy and the Pilot;
(2) Caller service A does not need to be upgraded;
(3) The service party, Service B, does not need to be upgraded;
Business and underlying infrastructure are completely decoupled, perfect!
Voiceover: This is one of the core concepts of Service Mesh, as described in __What problem does ServiceMesh solve”.
In the case of a traditional microservices framework, the framework needs to be upgraded, and both the caller and the server need to cooperate with the upgrade and restart.
Recently work is relatively late, today first write here. Pilot’s hierarchical architecture, and how it works with Envoy to control flow, will be broken down next time.
The idea is more important than the conclusion.
Research:
Everyone upgrade a flow control policy, business service to upgrade, need to restart?