Sumo Logic y Davinci Group unen fuerzas

[et_pb_section bb_built=”1″ _builder_version=”3.0.47″ custom_padding=”0|0px|45.1406px|0px|false|false” inner_width=”auto” inner_max_width=”none”][et_pb_row custom_padding=”0|10%|22.5625px|0%|false|false” custom_padding_tablet=”|0%||0%||false” custom_padding_phone=”|0%||0%” custom_padding_last_edited=”on|desktop” _builder_version=”3.18.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” width=”80%” max_width=”1080px”][et_pb_column type=”4_4″][et_pb_image src=”https://www.ackstorm.com/wp-content/uploads/2019/10/Sumo-Logic-2.svg” align=”center” _builder_version=”3.22.7″ z_index_tablet=”500″ width=”300px” max_width=”50%” /][et_pb_text _builder_version=”3.22.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” text_text_shadow_horizontal_length=”text_text_shadow_style,%91object Object%93″ text_text_shadow_vertical_length=”text_text_shadow_style,%91object Object%93″ text_text_shadow_blur_strength=”text_text_shadow_style,%91object Object%93″ link_text_shadow_horizontal_length=”link_text_shadow_style,%91object Object%93″ link_text_shadow_vertical_length=”link_text_shadow_style,%91object Object%93″ link_text_shadow_blur_strength=”link_text_shadow_style,%91object Object%93″ ul_text_shadow_horizontal_length=”ul_text_shadow_style,%91object Object%93″ ul_text_shadow_vertical_length=”ul_text_shadow_style,%91object Object%93″ ul_text_shadow_blur_strength=”ul_text_shadow_style,%91object Object%93″ ol_text_shadow_horizontal_length=”ol_text_shadow_style,%91object Object%93″ ol_text_shadow_vertical_length=”ol_text_shadow_style,%91object Object%93″ ol_text_shadow_blur_strength=”ol_text_shadow_style,%91object Object%93″ quote_text_shadow_horizontal_length=”quote_text_shadow_style,%91object Object%93″ quote_text_shadow_vertical_length=”quote_text_shadow_style,%91object Object%93″ quote_text_shadow_blur_strength=”quote_text_shadow_style,%91object Object%93″ header_text_shadow_horizontal_length=”header_text_shadow_style,%91object Object%93″ header_text_shadow_vertical_length=”header_text_shadow_style,%91object Object%93″ header_text_shadow_blur_strength=”header_text_shadow_style,%91object Object%93″ header_2_text_shadow_horizontal_length=”header_2_text_shadow_style,%91object Object%93″ header_2_text_shadow_vertical_length=”header_2_text_shadow_style,%91object Object%93″ header_2_text_shadow_blur_strength=”header_2_text_shadow_style,%91object Object%93″ header_3_text_shadow_horizontal_length=”header_3_text_shadow_style,%91object Object%93″ header_3_text_shadow_vertical_length=”header_3_text_shadow_style,%91object Object%93″ header_3_text_shadow_blur_strength=”header_3_text_shadow_style,%91object Object%93″ header_4_text_shadow_horizontal_length=”header_4_text_shadow_style,%91object Object%93″ header_4_text_shadow_vertical_length=”header_4_text_shadow_style,%91object Object%93″ header_4_text_shadow_blur_strength=”header_4_text_shadow_style,%91object Object%93″ header_5_text_shadow_horizontal_length=”header_5_text_shadow_style,%91object Object%93″ header_5_text_shadow_vertical_length=”header_5_text_shadow_style,%91object Object%93″ header_5_text_shadow_blur_strength=”header_5_text_shadow_style,%91object Object%93″ header_6_text_shadow_horizontal_length=”header_6_text_shadow_style,%91object Object%93″ header_6_text_shadow_vertical_length=”header_6_text_shadow_style,%91object Object%93″ header_6_text_shadow_blur_strength=”header_6_text_shadow_style,%91object Object%93″ z_index_tablet=”500″]

 

La compañía líder en plataformas de nube digital segura firma un acuerdo con la compañía de capital estadounidense Sumo Logic para reforzar sus soluciones de servicios gestionados de seguridad en la nube.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row custom_padding=”|10%||0%||false” custom_padding_tablet=”|0%||0%” custom_padding_last_edited=”on|tablet” _builder_version=”3.18.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” width=”80%” max_width=”1080px”][et_pb_column type=”4_4″][et_pb_text _builder_version=”3.22.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” text_text_shadow_horizontal_length=”text_text_shadow_style,%91object Object%93″ text_text_shadow_vertical_length=”text_text_shadow_style,%91object Object%93″ text_text_shadow_blur_strength=”text_text_shadow_style,%91object Object%93″ link_text_shadow_horizontal_length=”link_text_shadow_style,%91object Object%93″ link_text_shadow_vertical_length=”link_text_shadow_style,%91object Object%93″ link_text_shadow_blur_strength=”link_text_shadow_style,%91object Object%93″ ul_text_shadow_horizontal_length=”ul_text_shadow_style,%91object Object%93″ ul_text_shadow_vertical_length=”ul_text_shadow_style,%91object Object%93″ ul_text_shadow_blur_strength=”ul_text_shadow_style,%91object Object%93″ ol_text_shadow_horizontal_length=”ol_text_shadow_style,%91object Object%93″ ol_text_shadow_vertical_length=”ol_text_shadow_style,%91object Object%93″ ol_text_shadow_blur_strength=”ol_text_shadow_style,%91object Object%93″ quote_text_shadow_horizontal_length=”quote_text_shadow_style,%91object Object%93″ quote_text_shadow_vertical_length=”quote_text_shadow_style,%91object Object%93″ quote_text_shadow_blur_strength=”quote_text_shadow_style,%91object Object%93″ header_text_shadow_horizontal_length=”header_text_shadow_style,%91object Object%93″ header_text_shadow_vertical_length=”header_text_shadow_style,%91object Object%93″ header_text_shadow_blur_strength=”header_text_shadow_style,%91object Object%93″ header_2_text_shadow_horizontal_length=”header_2_text_shadow_style,%91object Object%93″ header_2_text_shadow_vertical_length=”header_2_text_shadow_style,%91object Object%93″ header_2_text_shadow_blur_strength=”header_2_text_shadow_style,%91object Object%93″ header_3_text_shadow_horizontal_length=”header_3_text_shadow_style,%91object Object%93″ header_3_text_shadow_vertical_length=”header_3_text_shadow_style,%91object Object%93″ header_3_text_shadow_blur_strength=”header_3_text_shadow_style,%91object Object%93″ header_4_text_shadow_horizontal_length=”header_4_text_shadow_style,%91object Object%93″ header_4_text_shadow_vertical_length=”header_4_text_shadow_style,%91object Object%93″ header_4_text_shadow_blur_strength=”header_4_text_shadow_style,%91object Object%93″ header_5_text_shadow_horizontal_length=”header_5_text_shadow_style,%91object Object%93″ header_5_text_shadow_vertical_length=”header_5_text_shadow_style,%91object Object%93″ header_5_text_shadow_blur_strength=”header_5_text_shadow_style,%91object Object%93″ header_6_text_shadow_horizontal_length=”header_6_text_shadow_style,%91object Object%93″ header_6_text_shadow_vertical_length=”header_6_text_shadow_style,%91object Object%93″ header_6_text_shadow_blur_strength=”header_6_text_shadow_style,%91object Object%93″ z_index_tablet=”500″]

Sumo Logic proporciona una plataforma de análisis de seguridad en la nube en tiempo real que ofrece inteligencia de seguridad para entornos híbridos. Sumo Logic puede ser un SIEM en la nube, reemplazar un SIEM legacy o coexistir con soluciones existentes, para ayudar a tomar decisiones basandose en datos y reducir el tiempo en investigar problemas operativos y de seguridad y liberar recursos para actividades más importantes.

 Este acuerdo le da a Davinci la capacidad de distribuir las soluciones de seguridad y adquirir los productos y poder ofrecerlos a los clientes directamente como proveedores de MSSP.

 “Gracias a Sumo Logic podemos poner en funcionamiento, en menos de 5 minutos y a un precio asequible, una plataforma para la gestión y análisis de datos y la agregación de métricas, con la capacidad de crecer y escalar a demanda sin bloquear procesos o ralentizar, “dice Jorge García-Nieto, CMO del Grupo Davinci”.

 “La asociación con Davinci fortalece aún más la presencia de Sumo Logic en el mercado europeo y ayudará a proporcionar la inteligencia continua que necesitan nuestros clientes en su viaje a la nube”, dice James Campanini, gerente general y vicepresidente para Europa, Sumo Logic.

“Además, el fuerte enfoque de Davinci en la seguridad encaja perfectamente, ya que es una pieza clave para nuestra plataforma de Inteligencia Continua y nos permite ofrecer inteligencia en tiempo real para ayudar a los equipos de seguridad a priorizar mejor sus incidentes de seguridad y acelerar la respuesta”.

 

Más acerca de Sumo Logic

Sumo Logic es una plataforma segura, cloud native y de inteligencia continua para DevSecOps, que ofrece inteligencia en tiempo real de datos estructurados, semiestructurados y no estructurados para todo el ciclo de vida de las aplicaciones y del stack. Ofrece su plataforma basada en una arquitectura SaaS multi-tentat,, que permite a las empresas digitales prosperar en Intelligence Economy.

Fundada en 2010, Sumo Logic es una empresa privada con sede en Redwood City, California, y está respaldada por Accel Partners, Battery Ventures, DFJ Growth, Franklin Templeton, Greylock Partners, IVP, Sapphire Ventures, Sequoia Capital, Sutter Hill Ventures y Tiger Global.

 

Más sobre Davinci

Davinci Group nace de la unión de dos empresas consolidadas del sector TI en España: Davinci Tecnologías de la Información y Ackstorm, posicionándose como uno de los grupos TI de capital nacional con mayor oferta de servicios y soluciones de vanguardia tecnológica.

Cuenta con un importante abanico de alianzas tecnológicas y certificaciones en sus distintos ámbitos de especialización y se define como uno de los partners estratégicos en España para fabricantes nacionales e internacionales.

Actualmente, Davinci Group gestiona proyectos especializados de más de 350 clientes en España, tanto del sector público como privado, dispone de más de 100 certificaciones tecnológicas, una capacidad de desarrollo e implementación que supera las 200 tecnologías y alianzas estratégicas con más de 20 partners tecnológicos de primer nivel.

Cloud, Security, Data Analytics y Digital Platforms conforman la perspectiva integral de soluciones y servicios a partir de la cual este nuevo Grupo empresarial desarrolla sus actividades.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

What Istio is and how it can simplify cluster management (part 2/2)

[et_pb_section bb_built=”1″ _builder_version=”3.22.3″ custom_padding=”0|0px|45.1406px|0px|false|false” next_background_color=”#000000″][et_pb_row custom_padding=”0||22.5625px|0%|false|false” custom_padding_tablet=”|0%||0%||false” custom_padding_phone=”|0%||0%” custom_padding_last_edited=”on|desktop” _builder_version=”3.22.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″][et_pb_image src=”https://www.ackstorm.com/wp-content/uploads/2019/08/24.png” align=”center” _builder_version=”3.22.7″ /][/et_pb_column][/et_pb_row][et_pb_row custom_padding=”|10%||0%||false” custom_padding_tablet=”|0%||0%” custom_margin=”18px|auto||auto||” custom_padding_last_edited=”on|tablet” _builder_version=”3.22.3″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″][et_pb_text _builder_version=”3.22.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” z_index_tablet=”500″ text_text_shadow_horizontal_length=”text_text_shadow_style,%91object Object%93″ text_text_shadow_vertical_length=”text_text_shadow_style,%91object Object%93″ text_text_shadow_blur_strength=”text_text_shadow_style,%91object Object%93″ link_text_shadow_horizontal_length=”link_text_shadow_style,%91object Object%93″ link_text_shadow_vertical_length=”link_text_shadow_style,%91object Object%93″ link_text_shadow_blur_strength=”link_text_shadow_style,%91object Object%93″ ul_text_shadow_horizontal_length=”ul_text_shadow_style,%91object Object%93″ ul_text_shadow_vertical_length=”ul_text_shadow_style,%91object Object%93″ ul_text_shadow_blur_strength=”ul_text_shadow_style,%91object Object%93″ ol_text_shadow_horizontal_length=”ol_text_shadow_style,%91object Object%93″ ol_text_shadow_vertical_length=”ol_text_shadow_style,%91object Object%93″ ol_text_shadow_blur_strength=”ol_text_shadow_style,%91object Object%93″ quote_text_shadow_horizontal_length=”quote_text_shadow_style,%91object Object%93″ quote_text_shadow_vertical_length=”quote_text_shadow_style,%91object Object%93″ quote_text_shadow_blur_strength=”quote_text_shadow_style,%91object Object%93″ header_text_shadow_horizontal_length=”header_text_shadow_style,%91object Object%93″ header_text_shadow_vertical_length=”header_text_shadow_style,%91object Object%93″ header_text_shadow_blur_strength=”header_text_shadow_style,%91object Object%93″ header_2_text_shadow_horizontal_length=”header_2_text_shadow_style,%91object Object%93″ header_2_text_shadow_vertical_length=”header_2_text_shadow_style,%91object Object%93″ header_2_text_shadow_blur_strength=”header_2_text_shadow_style,%91object Object%93″ header_3_text_shadow_horizontal_length=”header_3_text_shadow_style,%91object Object%93″ header_3_text_shadow_vertical_length=”header_3_text_shadow_style,%91object Object%93″ header_3_text_shadow_blur_strength=”header_3_text_shadow_style,%91object Object%93″ header_4_text_shadow_horizontal_length=”header_4_text_shadow_style,%91object Object%93″ header_4_text_shadow_vertical_length=”header_4_text_shadow_style,%91object Object%93″ header_4_text_shadow_blur_strength=”header_4_text_shadow_style,%91object Object%93″ header_5_text_shadow_horizontal_length=”header_5_text_shadow_style,%91object Object%93″ header_5_text_shadow_vertical_length=”header_5_text_shadow_style,%91object Object%93″ header_5_text_shadow_blur_strength=”header_5_text_shadow_style,%91object Object%93″ header_6_text_shadow_horizontal_length=”header_6_text_shadow_style,%91object Object%93″ header_6_text_shadow_vertical_length=”header_6_text_shadow_style,%91object Object%93″ header_6_text_shadow_blur_strength=”header_6_text_shadow_style,%91object Object%93″]

 

Istio is the perfect complement to Kubernetes. An elegant and complete networking solution, that also provides log management and monitoring on several platforms (Prometheus, Grafana, Jaeger, Servicegraph, etc.), which is directly integrated into its “control plane”.

 

In the first part of the articlewe discussed traffic management and monitoring.

Istio advantages

 

Cluster with Istio

Kubernetes, by default, comes without some controllers. Ingress Controller and NetworkPolicy Controller, are some of them. This is one of the drawbacks of using Kubernetes on bare metal; that you have to adapt it to the control plane in which you run. And, that’s why solutions like GKE or EKS are so popular.

In GKE, Istio can be enabled/installed upon clustr creating. But GKE already has GCLB, which is Google’s Kubernetes Ingress Controller, and Calico can be installed, just like Istio; when creating the cluster, as NetworkPolicy Controller. Let’s see what is the difference between using these controllers and Istio.

Ingress Controller

With GCLB and an Ingress type object we have a layer 7 Load Balancer. We can redirect traffic to one service or another, depending on the host and the path of the request. This is a one-to-one mapping. The same request will always be redirected to the same service, which will go to the same set of pods (backends).

This is a somewhat rigid way of managing traffic. For example, to redirect 5% of the traffic to a “canary” version of the application, you would have to create 1 “canary” pod for every 19 of the main application, and configure them to be targeted by the same service. Although you do not need 20 pods to support the traffic, to get the desired 95-5, it is the only way.

With Istio, this is quite comfortable. What Istio does is to add another jump between the service and the backend, giving considerable flexibility. You can define as many “sub-services” as necessary, in which case the service would make a homogeneous load balancing between the backends of each “sub-service”, and if we wanted to redirect 5% of the traffic to the backends of a specific “sub-service”, we would define it explicitly, when creating it.

In the figure above, Service 1 has two versions. If not explicitly specified, the traffic will be sent equally to the two versions. Service 2 will send 95% of the requests to version 1, and 5% to version 2. Thus, with 3 backends, you can get a “canary” version, without complication.

It is also possible to configure this behavior with headers. For example, you can force requests from an iPhone to be redirected to one version of the application, while requests from an Android are handled by another one. The concept of “sub-service”, in Istio, is the subset of a host, that is specified in a VirtualService.

NetworkPolicy Controller

NetworkPolicies are cluster internal rules with respect of who can “talk” to who. The NetworkPolicy object allows to group a set of pods by their label and enforce ingress, egress, or both policies. The policy is applied by denying all traffic to the set of selected pods, and allowing alny what has been configured; that can be from three sources:

  • Pods de un namespace​. Any pod that has been created in a specific namespace, can communicate with the set of pods.
  • Pods with certain labels​. Any pod, from any namespace, with certain labels, can communicate with the set of pods.
  • Traffic from an IP block. Typically they would be internal IPs, not belonging to the cluster. They cloud be IPs internal to the cluster, but in that case it would be more convenient to focus it as the two previous points.

NetworkPolicies are quite robust objects, in Kubernetes, although not quite used. The only drawback is that the driver is third-party, and you have to search and install one.

In Istio, nothing is configured directly for this purpose, but it happens naturally; when configuring the routes. As Envoy proxies, within the mesh, are configured to accept traffic only from specific sources, the result is similar, although with different approach.

The management of logs and the monitoring of Istio, in the way it is done, is new, so it can not really be compared with any other solution. Maybe with Stackdriver (within GCP), but they are of different magnitude, so we will not make that comparison in this article.

 

Conclusión

 

I personally find Istio a very comfortable and powerful tool to work with. Like a Swiss army knife. Even for medium and small clusters. The fact that the objects are integrated directly into Kubernetes, the flexibility of routing traffic, the enforcement of compliance policies, the logging and monitoring make Istio definitely to be considered adding to our toolbox.

Suren Danielyan
Training Manager & Cloud Technology Evangelist

Juan Carlos Moreno
CTO & Senior Cloud Engineer

 

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ _builder_version=”3.22.7″ prev_background_color=”#000000″][et_pb_row _builder_version=”3.22.7″][et_pb_column type=”4_4″][et_pb_text _builder_version=”3.22.7″ header_2_font=”|600|||||||” header_2_font_size=”52px” header_2_font_size_tablet=”40px” header_2_font_size_phone=”26px” header_2_font_size_last_edited=”on|tablet” header_3_font=”|600|||||||” header_3_text_color=”#31638c” header_3_font_size=”34px” header_3_font_size_tablet=”30px” header_3_font_size_phone=”26px” header_3_font_size_last_edited=”on|phone” locked=”off” text_text_shadow_horizontal_length=”text_text_shadow_style,%91object Object%93″ text_text_shadow_vertical_length=”text_text_shadow_style,%91object Object%93″ text_text_shadow_blur_strength=”text_text_shadow_style,%91object Object%93″ link_text_shadow_horizontal_length=”link_text_shadow_style,%91object Object%93″ link_text_shadow_vertical_length=”link_text_shadow_style,%91object Object%93″ link_text_shadow_blur_strength=”link_text_shadow_style,%91object Object%93″ ul_text_shadow_horizontal_length=”ul_text_shadow_style,%91object Object%93″ ul_text_shadow_vertical_length=”ul_text_shadow_style,%91object Object%93″ ul_text_shadow_blur_strength=”ul_text_shadow_style,%91object Object%93″ ol_text_shadow_horizontal_length=”ol_text_shadow_style,%91object Object%93″ ol_text_shadow_vertical_length=”ol_text_shadow_style,%91object Object%93″ ol_text_shadow_blur_strength=”ol_text_shadow_style,%91object Object%93″ quote_text_shadow_horizontal_length=”quote_text_shadow_style,%91object Object%93″ quote_text_shadow_vertical_length=”quote_text_shadow_style,%91object Object%93″ quote_text_shadow_blur_strength=”quote_text_shadow_style,%91object Object%93″ header_text_shadow_horizontal_length=”header_text_shadow_style,%91object Object%93″ header_text_shadow_vertical_length=”header_text_shadow_style,%91object Object%93″ header_text_shadow_blur_strength=”header_text_shadow_style,%91object Object%93″ header_2_text_shadow_horizontal_length=”header_2_text_shadow_style,%91object Object%93″ header_2_text_shadow_vertical_length=”header_2_text_shadow_style,%91object Object%93″ header_2_text_shadow_blur_strength=”header_2_text_shadow_style,%91object Object%93″ header_3_text_shadow_horizontal_length=”header_3_text_shadow_style,%91object Object%93″ header_3_text_shadow_vertical_length=”header_3_text_shadow_style,%91object Object%93″ header_3_text_shadow_blur_strength=”header_3_text_shadow_style,%91object Object%93″ header_4_text_shadow_horizontal_length=”header_4_text_shadow_style,%91object Object%93″ header_4_text_shadow_vertical_length=”header_4_text_shadow_style,%91object Object%93″ header_4_text_shadow_blur_strength=”header_4_text_shadow_style,%91object Object%93″ header_5_text_shadow_horizontal_length=”header_5_text_shadow_style,%91object Object%93″ header_5_text_shadow_vertical_length=”header_5_text_shadow_style,%91object Object%93″ header_5_text_shadow_blur_strength=”header_5_text_shadow_style,%91object Object%93″ header_6_text_shadow_horizontal_length=”header_6_text_shadow_style,%91object Object%93″ header_6_text_shadow_vertical_length=”header_6_text_shadow_style,%91object Object%93″ header_6_text_shadow_blur_strength=”header_6_text_shadow_style,%91object Object%93″ z_index_tablet=”500″]

Want to know more about Istio?

[/et_pb_text][et_pb_text _builder_version=”3.22.7″]

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

What Istio is and how it can simplify cluster management (part 1/2)

[et_pb_section bb_built=”1″ _builder_version=”3.22.3″ custom_padding=”0|0px|45.1406px|0px|false|false” next_background_color=”#000000″][et_pb_row custom_padding=”0||22.5625px|0%|false|false” custom_padding_tablet=”|0%||0%||false” custom_padding_phone=”|0%||0%” custom_padding_last_edited=”on|desktop” _builder_version=”3.22.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″][et_pb_image src=”https://www.ackstorm.com/wp-content/uploads/2019/08/24.png” align=”center” _builder_version=”3.22.7″ /][/et_pb_column][/et_pb_row][et_pb_row custom_padding=”|10%||0%||false” custom_padding_tablet=”|0%||0%” custom_margin=”18px|auto||auto||” custom_padding_last_edited=”on|tablet” _builder_version=”3.22.3″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″][et_pb_text _builder_version=”3.22.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” z_index_tablet=”500″ text_text_shadow_horizontal_length=”text_text_shadow_style,%91object Object%93″ text_text_shadow_vertical_length=”text_text_shadow_style,%91object Object%93″ text_text_shadow_blur_strength=”text_text_shadow_style,%91object Object%93″ link_text_shadow_horizontal_length=”link_text_shadow_style,%91object Object%93″ link_text_shadow_vertical_length=”link_text_shadow_style,%91object Object%93″ link_text_shadow_blur_strength=”link_text_shadow_style,%91object Object%93″ ul_text_shadow_horizontal_length=”ul_text_shadow_style,%91object Object%93″ ul_text_shadow_vertical_length=”ul_text_shadow_style,%91object Object%93″ ul_text_shadow_blur_strength=”ul_text_shadow_style,%91object Object%93″ ol_text_shadow_horizontal_length=”ol_text_shadow_style,%91object Object%93″ ol_text_shadow_vertical_length=”ol_text_shadow_style,%91object Object%93″ ol_text_shadow_blur_strength=”ol_text_shadow_style,%91object Object%93″ quote_text_shadow_horizontal_length=”quote_text_shadow_style,%91object Object%93″ quote_text_shadow_vertical_length=”quote_text_shadow_style,%91object Object%93″ quote_text_shadow_blur_strength=”quote_text_shadow_style,%91object Object%93″ header_text_shadow_horizontal_length=”header_text_shadow_style,%91object Object%93″ header_text_shadow_vertical_length=”header_text_shadow_style,%91object Object%93″ header_text_shadow_blur_strength=”header_text_shadow_style,%91object Object%93″ header_2_text_shadow_horizontal_length=”header_2_text_shadow_style,%91object Object%93″ header_2_text_shadow_vertical_length=”header_2_text_shadow_style,%91object Object%93″ header_2_text_shadow_blur_strength=”header_2_text_shadow_style,%91object Object%93″ header_3_text_shadow_horizontal_length=”header_3_text_shadow_style,%91object Object%93″ header_3_text_shadow_vertical_length=”header_3_text_shadow_style,%91object Object%93″ header_3_text_shadow_blur_strength=”header_3_text_shadow_style,%91object Object%93″ header_4_text_shadow_horizontal_length=”header_4_text_shadow_style,%91object Object%93″ header_4_text_shadow_vertical_length=”header_4_text_shadow_style,%91object Object%93″ header_4_text_shadow_blur_strength=”header_4_text_shadow_style,%91object Object%93″ header_5_text_shadow_horizontal_length=”header_5_text_shadow_style,%91object Object%93″ header_5_text_shadow_vertical_length=”header_5_text_shadow_style,%91object Object%93″ header_5_text_shadow_blur_strength=”header_5_text_shadow_style,%91object Object%93″ header_6_text_shadow_horizontal_length=”header_6_text_shadow_style,%91object Object%93″ header_6_text_shadow_vertical_length=”header_6_text_shadow_style,%91object Object%93″ header_6_text_shadow_blur_strength=”header_6_text_shadow_style,%91object Object%93″]

 

 

Istio is the perfect complement to Kubernetes. An elegant and complete networking solution, that also provides log management and monitoring on several platforms (Prometheus, Grafana, Jaeger, Servicegraph, etc.), which is directly integrated into its “control plane”.

 

In this article, more than deconstruct; explaining separately each component Istio consists of, we will see what Istio is, and how it can simplify the management of a cluster, as it grows. We will also see the approaches that an administrator should change, and the difference between the data management of a cluster; with, and without Istio.

 

Traffic management

 

The problem

Moving from a monolithic application to micro-services, not all are advantages. A monolithic application can be divided into dozens of micro-services. As a cluster grows, it is inevitable to have several tens, and even hundreds of services running; with different versions, in different environments, etc. In such a circumstances, it is not easy to visualize the cluster, and, with time, one can get prone to mistakes.

What is Istio, and how can it help with cluster management

Istio is a service mesh, which provides traffic management, implementation of compliance policies and collection of metrics. A service mesh is a dedicated infrastructure layer to manage service-to-service communication.

In Istio, this is achieved by configuring “Envoy” based proxies, which is added to the pods, as “sidecar” container, and imposes the natural flow of traffic to the appropriate backend, while disabling other services that communicate with it. In addition, services do not communicate directly, but through their sidecar containers (“Envoy”). The component in charge of this process is the “Pilot”.

Some readers may have realized that with this behavior, Istio satisfies some requirements that would be achieved with NetworkPolicies

In the figure above it is illustrated how services A and B do not communicate directly, but they do through their associated Envoy sidecar containers. So if service A wanted to send a packet to service B, it would pass it to its Envoy container, which would send it to the Envoy container of service B, which in turn would pass it to service B.

If service B had several replicas, Pilot would be responsible for the distribution of the load in a homogeneous way, as well as it could be configured to send part of the requests, arbitrary or based on some criteria, like headers, to a service B’.

Pilot advance config

The collection and visualization of the metrics is an extra feature to be grateful for. The truth is that it is a pretty clever from Istio team. Once the packet is set to be routed, it does not cost anything to multiplex it to another block and get the most out of the traffic. The block that is responsible for this task is the Mixer.

Mixer applies compliance policies along the mesh (check if service A is configured to talk to service B), and collects metrics from Envoy sidecar containers and other services (figure below). It also provides several additional features in Istio. Due to its general-purpose plugin model, it is possible to expand the infra-structural backends with which Mixer can interact relatively easily. It involves programming an adapter though.

Istio comes with several built-in ​Mixer adapters(drivers); that allows with minimum configuration to achieve a particular purpose, such as having the logs and metrics in the tool of our choice

For monitoring in Prometheus, we would pass the metrics to the Prometheus adapter, and the Mixer would take care of the rest.

figura – Mixer specific

The good thing about Istio is that it is implemented as an extension of kubernetes, which makes the objects to be integrated into the api-server. This causes the admin to have to learn some new objects of kubernetes, and its purpose, instead of deploying a decoupled application, and configure it.

This is an advantage provided by Kubernetes, not Istio directly.

The new objects to be highlighted, for traffic management, are Gateway, VirtualSevice and DestinationRule. These objects combined, and the Istio plane control, allow to replace the default ingress controller, or integrate one, if there is no any. In GKE, this would imply a more granular and flexible traffic control, and lower cost. Next we are going to see these objects, and their purpose.

  • Gateway: The Gateway object describes how traffic should enter the cluster. This object would typically define the port, the protocol, the host, information about the certificate and the TLS key, etc. An application would have to satisfy the requirements required to enter the cluster.
  • VirtualService: A VirtualService is linked to a Gateway. In this object, routing rules are defined; that apply to all applications that have exceeded the requirements of the Gateway, to which it is linked. A typical configuration would be to distribute the traffic between several backends, according to the path.
  • DestinationRule: The DestinationRule defines rules, which apply to a request, that has already been routed to a particular service. It may be the case that we have several versions of the same application. You could define a subset of the application, and depending on some parameters, send the traffic to one version or another. These checks would be done in the VirtualService.

This is a slightly different approach to using an Ingress type object, which would route the packet to a service, which would end up in a pod. And, even if Istio is able to manage an Ingress object, it may not be a very good idea, because of the flexibility of the alternative described above. In other words, Istio manages the traffic entering the cluster in its own way, which turns out to be more appropriate, to the conventional Ingress object.

Also, although in the same way, with these objects Istio achieves cluster behaviour similar to one with NetworkPolicies.

In Istio, unauthorized communication is blocked for both; ingress and egress. The objects described above cover the ingress rules. For egress, there is one object to point out; ServiceEntry.

  • ServiceEntry: The ServiceEntry object allows you to add external services to the cluster, to the mesh. That is, if we wanted to access “google.com”, for example, from a pod inside the mesh, we wouldn’t be able to unless we added a ServiceEntry allowing access to “google.com”.

 

 

Monitoring

 

For log management and monitoring, there are several objects; that are grouped into three types; instances, handlers and rules. Next we will see what they are. Recall, from Mixer, that Istio has several adapters, very popular tools, integrated by default.

  • Instances: An instance defines the attributes that must be passed to an adapter. Typically it could be a metric.
  • Handler: A handler is responsible for delivering the attribute to the adapter. If we say that Istio has several adapters integrated by default, we are saying that it has several types of pre-defined handlers.
  • Rule:​ A rule binds an Instance to a handler.

For example, if we wanted to monitor an application in Prometheus, we would create a metric type object, which would be the instance, in which we would define the metrics we want to monitor. We would also create a prometheus type object, which would be the handler, where we would define how we want to process and format the metrics. Finally, a rule type object would link the instance with the handler, so that Mixer knows how to act.

Istio, by default, collects the metrics from the control plane. Which makes easier to identify certain problems. You would have to configure only the metrics of your application. Below, an example of Grafana with the service mesh dashboard.

Dashboard Grafana

 

 

Stay tuned for part 2!

 

 

 

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ _builder_version=”3.22.7″ prev_background_color=”#000000″][et_pb_row _builder_version=”3.22.7″][et_pb_column type=”4_4″][et_pb_text _builder_version=”3.22.7″ header_2_font=”|600|||||||” header_2_font_size=”52px” header_2_font_size_tablet=”40px” header_2_font_size_phone=”26px” header_2_font_size_last_edited=”on|tablet” header_3_font=”|600|||||||” header_3_text_color=”#31638c” header_3_font_size=”34px” header_3_font_size_tablet=”30px” header_3_font_size_phone=”26px” header_3_font_size_last_edited=”on|phone” locked=”off” text_text_shadow_horizontal_length=”text_text_shadow_style,%91object Object%93″ text_text_shadow_vertical_length=”text_text_shadow_style,%91object Object%93″ text_text_shadow_blur_strength=”text_text_shadow_style,%91object Object%93″ link_text_shadow_horizontal_length=”link_text_shadow_style,%91object Object%93″ link_text_shadow_vertical_length=”link_text_shadow_style,%91object Object%93″ link_text_shadow_blur_strength=”link_text_shadow_style,%91object Object%93″ ul_text_shadow_horizontal_length=”ul_text_shadow_style,%91object Object%93″ ul_text_shadow_vertical_length=”ul_text_shadow_style,%91object Object%93″ ul_text_shadow_blur_strength=”ul_text_shadow_style,%91object Object%93″ ol_text_shadow_horizontal_length=”ol_text_shadow_style,%91object Object%93″ ol_text_shadow_vertical_length=”ol_text_shadow_style,%91object Object%93″ ol_text_shadow_blur_strength=”ol_text_shadow_style,%91object Object%93″ quote_text_shadow_horizontal_length=”quote_text_shadow_style,%91object Object%93″ quote_text_shadow_vertical_length=”quote_text_shadow_style,%91object Object%93″ quote_text_shadow_blur_strength=”quote_text_shadow_style,%91object Object%93″ header_text_shadow_horizontal_length=”header_text_shadow_style,%91object Object%93″ header_text_shadow_vertical_length=”header_text_shadow_style,%91object Object%93″ header_text_shadow_blur_strength=”header_text_shadow_style,%91object Object%93″ header_2_text_shadow_horizontal_length=”header_2_text_shadow_style,%91object Object%93″ header_2_text_shadow_vertical_length=”header_2_text_shadow_style,%91object Object%93″ header_2_text_shadow_blur_strength=”header_2_text_shadow_style,%91object Object%93″ header_3_text_shadow_horizontal_length=”header_3_text_shadow_style,%91object Object%93″ header_3_text_shadow_vertical_length=”header_3_text_shadow_style,%91object Object%93″ header_3_text_shadow_blur_strength=”header_3_text_shadow_style,%91object Object%93″ header_4_text_shadow_horizontal_length=”header_4_text_shadow_style,%91object Object%93″ header_4_text_shadow_vertical_length=”header_4_text_shadow_style,%91object Object%93″ header_4_text_shadow_blur_strength=”header_4_text_shadow_style,%91object Object%93″ header_5_text_shadow_horizontal_length=”header_5_text_shadow_style,%91object Object%93″ header_5_text_shadow_vertical_length=”header_5_text_shadow_style,%91object Object%93″ header_5_text_shadow_blur_strength=”header_5_text_shadow_style,%91object Object%93″ header_6_text_shadow_horizontal_length=”header_6_text_shadow_style,%91object Object%93″ header_6_text_shadow_vertical_length=”header_6_text_shadow_style,%91object Object%93″ header_6_text_shadow_blur_strength=”header_6_text_shadow_style,%91object Object%93″ z_index_tablet=”500″]

Want to know more about Istio?

[/et_pb_text][et_pb_text _builder_version=”3.22.7″]

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]