-
Notifications
You must be signed in to change notification settings - Fork 735
Home
We're going to have a series of scenarios, angled to where a specific feature of Istio can help. Here's the list, I'll mark off progress as I go along...
Demo: obscure problem with a microservice is causing a system slowdown. What's going on?
I want this to be a quick start with Istio, a quick win to sell its features. I need to be careful to keep my powder dry though - using grafana, jaeger AND kiali at once would be overkill I think. Maybe a short look at them???
Aim: 20 minutes all in, brief overview of Istio, followed by the install of the demo system and then onto the scenario.
To add: I think it would be better to semi-resolve this situation, so I suggest that we rewire around the blockage. We can provide the yaml for this maybe....either a timeout or just a straight fault (you can throw 200 as a fault).
This was scheduled to be later in the course, but it was brought forward so we can use these tools in later demos. Tag :6 used here.
A further tag, :6-no-propagation, was created to demonstrate what happens if the tracing headers are not propagated.
No special code was needed here, we decided not to use a faulty system as that put too much strain on minikube.
Tag :6, Filming Sequence 5
Deploy a new version of the staff service, in a weighted canary.
(No new tags were needed here except :6-placeholder for the non canary version)
Tag :6, Filming Sequence 6
Deploy a new version of the front end. With a world beating explanation of why Istio needs an ingress gateway!
(again no new tags needed except the canary, 6-experimental)
- break a lower level microservice and check that the front end isn't affect (need a "static" html for this - staff management?)
- show a heavily loaded component (eg tracker) failing (possibly with injected fault) and show (somehow) that this can cascade upwards, causing failures elsewhere. Introduce a circuit breaker
- Not sure how we could pull this off? Staging/Production minikube?
- show a call to a remote system somewhere. (need an idea on what?) Want to switch off external calls generally.
- let's add in a very brittle external service over which we have no control. We can make a service entry for it, inject some faults and check that we're tolerant to failure. THEN, we can finally add a retry in Istio to paper over the crack!
- Have the simulator run too fast for the tracker (maybe frig a delay into here). Show we can slow traffic down - what happens?
- Mmmm - interesting! Investigate, urgently, could be a solution for header propagation.
- how this is different to authorization in security.
- show we can have ONLY allowed microservices calling others. (think of example)
- show how to enable SSL within the cluster. How to demo this? Might need tracing, so this section might come last!