Istio Service Mesh

This is a work in progress as I’m currently integrating the Frank Ozz Microservices application into Istio and changing it (if needed) to take advantage of Istio.

Label your default namespace to allow sidecar containers to inject themselves into the pods in your namespace.

Canary Deployment using VirtualService/DestinationRule

Istio Gateway – Allows us to configure an Edge Proxy so that you can load balance traffic coming into the proxy. They gave you the Istio Ingress Gateway container proxy to allow you to route incoming traffic thru the proxy so that you can take advantage of the VirtualService proxy.
kubectl get po -n istio-system should show
istio-ingressgateway

kubectl get svc -n istio-system should show the ingressgateway and the cluster port that we should always be able to access.

Dark Release – The ability to test (in production) releases via headers using header propogation.

Fault Injection – The ability to inject faults (for testing) into your services to see how pods respond in real world situations where faults occur.

Circuit Breakers – The ability to setup governer switches to adjust themselves (in real time) to error situations/faults to prevent cascading failures in bringing down / hurting the performance of your running pods in a cluster.

Here’s a demo (in parts) of Istio along with some courses I recommend

Part 1

Part 2

Part 3 (Includes Dark Releases)

Part 4 (Includes Canary Deployments)

Outstanding Kubernetes course -Kubernetes Hands-On Deploy by Richard Chesterwood

This is just an amazing course. A no-brainer “just but it with confidence” purchase. Please see my video on what this course will offer you.

https://www.udemy.com/kubernetes-microservices/

Please watch

Moving the ASP.NET Microservices course application up into a Kubernetes cluster in AWS

In my link to the Frank Ozz course (a definite must purchase) on Udemy here , it shows how to deploy his application into a Kubernetes cluster. In these examples, I ported them up to AWS running Kops as the Kubernetes cluster.

I show 2 examples:
One where you have a Load Balancer for the token server and one where you expose a port within the K8 cluster itself for the token server (no Load Balancer).

Disclaimer: Whatever cloud platform you use, please make sure to delete your cluster/instances when you’re done IF you’re experimenting. You don’t want to incur unnecessary charges.
Also (VERY IMPORTANT) since this example uses a tokenserver microservice that fronts the IdentityServer4, it’s critical that you use SSL terminate your loadbalancer -or SSL terminate your Kubernetes Ingress controller depending on which way you go. You do “not” want to run this (or any) app in production only using http. I have a previous video that shows how to SSL terminate the ingress controller.

You can use wildcard certs and the ACM on AWS for the load balancer(s) -or- a free CA like “Lets Encrypt” (or any other CA you chose) for your Kubernetes ingress controllers.

Having said that above, here are the 2 videos.

Using the LoadBalancer

Using NodePort

A working (but quirky) demo a Kubernetes Ingress controller in AWS with TLS/SSL termination.

Admittingly, I struggled a little bit in this video due to a browser caching issue and needing to clear out HSTS (which was forwarding http requests over to https due to a previous demo). As an extra, you get to see how I had to get around that by clearing out HSTS from Chrome 🙂

Please refer to this video to see my “quirky” demo on getting a sample website up and running in a Kubernetes cluster that was SSL/TLS terminated in a Kubernetes Ingress controller. The demo is in AWS and I used KOPS to spin up the cluster.

Porting a GREAT Must Buy ASP.NET Core Microservices course to Kubernetes cluster :-)

I took this course last year and was incredibly impressed with it.

https://www.udemy.com/course/aspnet-core-20-e-commerce-web-site-based-on-microservices-and-docker/

It took me a good 4 weeks off hours to carefully go thru slow and I learned a ton. He walks you thru creating a full blown e-commerce application written in a Microservices style utilizing Docker containers (to run each service in). Walks you thru technologies/platforms such as IdentityServer 4.0, RabbitMQ, MSSQLServer linux containers, Redis, etc..

His course inspired me to spend time to port it over to run in a Kubernetes cluster on both my Windows and Mac environments.

If you REALLY want to reap the benefits and learn a lot about how this (the examples below) all works, you’re going to really have to buy his course (as I have honored his request to not show details of the source code to the course) but I promise you it’s well worth the investment and it’s a purchase you will be very happy with.

The github repo where the Kubernetes orchestration file(s) are (not the source to his course as you’ll need to buy the course)

https://github.com/kousekt/netmicroservices

Note: In the video’s, I used LoadBalancer as the type of service but it really does not apply in a single node cluster like Minikube. In reality, we should use NodePort’s for those.

Disclaimer: this was ported only over to a single node cluster environment locally with minikube/docker for desktop. You will have to do some tweaking of the parameters to get this deployed to the AWS/Azure cloud running a Kubernetes cluster. I may do that in a future video.

Windows demo

Running the kubernetes files to create/deploy to a Kubernetes cluster on Windows

Running Swagger against the Kubernetes example

Running the docker-compose files in Windows

Running Swagger against the docker-compose example

Mac demo

Running the kubernetes files to create/deploy to a Kubernetes cluster on the Mac

Running the docker-compose files for the Mac

I have agreed not to reveal much at all of the details of the code to his course and only to the Kubernetes files I created to port the course application over to.

Please buy his course and learn a ton.