Best practice of workload & traffic resilience in production distributed cloud

The Distributed cloud offers better resilience by providing redundancy, scalability and flexibility, especially for cloud native applications. However the complexity of multi-cluster workload and traffic management in hybrid or multi-cloud environment brings huge challenges in practice, such as the number of overall multi-cluster workload instances serve for customer request decreased when some unhealthy ones isolated in case of failures.
In this speech, Chaomeng introduces a production practice of Karmada and Istio work together to promote resilience of multi-cluster application. How Karmada and Istio policies configured in a centralized control plane controls both replica and traffic distribution across cluster automatically. In case of failures, how Istio’s failover acts to remove unhealthy endpoints from global load balancing pool, and how Karmada rebuild the according number of instance in other healthy clusters, ensure multi-cluster instances always meet the capacity design.

Detailed Parse and Reproduce Response Flags of Istio Access Log Based on Production Use Case

Access logs of service mesh is practically important in ops work. Especially, Response Flags in each log help improve fault diagnosis efficiency by providing additional details of request. But the simple and brief definition of each field in Envoy community makes it hard to refer to it to effectively find the real problem when running into logs containing “DC, UF, UH” like flags in practice.

In this talk, Chaomeng will introduce the detailed access log use case of service mesh practice in large scale EV production environment. He will reproduce 10+ different Response Flags cases of customer’s practice, analyze what each flags indicates and when such logs generated, and demonstrate how to perform fault diagnosis and problem demarcation based on the Flags, and how to solve the problem of each case.

Kubernetes & Service Mesh Helps Online Collaboration During Coronavirus Time

During the period of coronavirus, lots of people required stay at home or different office, use Welink, an online collaboration platform, work together. The exponentially increased online users bring great performance and capacity challenges. In this Session, Chaomeng and Fei will share their technical experience of Kubernetes&Istio in Welink supporting large traffic from large amount of users’ meeting, mailing and other online collaborations.
The talk focus on practice in large scale productive environment with heavy traffic. Includes:
1. Implement a predictive scaling algorithm to improve the scaling efficiency.
2. Propose a more flexible route chain to decouple configuration complexity (ready to contribute to community)
3. Adopt microservice level canary release, non-intrusive monitoring, interface level rate limiting and transparent service security.

https://cnosvschina20eng.sched.com/event/cp9m/kubernetes-service-mesh-helps-online-collaboration-during-coronavirus-time-chaomeng-zhang-xie-fei-huawei

Istio access log promote fault diagnosis efficiency in EV enterprise’s micro service ops practice

Access logs of service mesh is practically important in ops work. Especially, Response Flags and Time fields in each log help improve fault diagnosis efficiency by providing additional details of request. But the simple and brief definition of each field in Envoy community makes it hard to refer to it to effectively find the real problem when running into logs containing “DC, UF, UH” like flags in practice.
In this session, Chaomeng will introduce the detailed access log use case of service mesh practice in large scale EV production environment. He will reproduce 10+ different Response Flags cases of customer’s practice, analyze what each flags indicates and when such logs generated, and demonstrate how to perform fault diagnosis and problem demarcation based on the Flags, and how to solve the problem of each case. Additionally he will parse the meaning of 6 useful time information of access log from production use case, and introduce how to figure out the most time-consuming period.

Best practice: Karmada & Istio improve workload & traffic resilience of production distributed cloud

The Distributed cloud offers better resilience by providing redundancy, scalability and flexibility, especially for cloud native applications. However the complexity of multi-cluster workload and traffic management in hybrid or multi-cloud environment brings huge challenges in practice, such as the number of overall multi-cluster workload instances serve for customer request decreased when some unhealthy ones isolated in case of failures.
In this speech, Chaomeng introduces a production practice of Karmada and Istio work together to promote resilience of multi-cluster application. How Karmada and Istio policies configured in a centralized control plane controls both replica and traffic distribution across cluster automatically. In case of failures, how Istio’s failover acts to remove unhealthy endpoints from global load balancing pool, and how Karmada rebuild the according number of instance in other healthy clusters, ensure multi-cluster instances always meet the capacity design.

Cert-manager help enhance security and flexibility of Istio certificate management

Peer authentication is fundamental part of Istio’s zero-trust security model. By default, Istio creates a private key and self-signed root certificate, uses them to automatically sign and issue X.509 certificates to every workload, and help application make mutual TLS to secure service-to-service communication without code changes. In production environment, it is strongly recommended to issue the root CA from a PKI provider to enhance the security and provide more flexibility.

In this speech, Chaomeng will share a detailed practice of how cert-manager, a powerful and extensible X.509 certificate controller, help Istio build enhanced zero-trust network. That is how cert-manager simplify Istio root CA lifecycle management by automatically obtaining certificates from a specified PKI provider, and renewing certificates at a configured time before expiry to avoid any service downtime.

Istio multi-cluster traffic management speed up automobile company new business dev,deploy and ops

SMART, a brand to fully transform from fuel vehicles to electric vehicles, is committed to exploring the best solutions for future urban transportation. On its IT infrastructure, cloud-native technologies such as Kubernetes and service mesh help simplify the technology stack, accelerate business innovation, and greatly improve the efficiency of new business development, deployment, operation and maintenance.

In this meeting, Kexing and Changmeng will share their multi-cluster practice in production environment. That is how Istio provides distributed traffic management across 10+ clusters in SMART’s production and testing environments. It includes performing canary release by deploying and splitting traffic of new version in different clusters, providing high availability by failover east-west traffic between instances of different clusters, unified authentication and authorization security management, unified topology view and distributed tracing across clusters, etc.

Best practice：from Spring Cloud to Istio

Spring Cloud has been widely used as a micro service framework in the past several years, especially in traditional enterprise cases. Istio, as a leading service mesh solution, is gaining great popularity, and widely used in cloud-native applications. Istio help customer build a highly resilient, secure, observable and scalable microservice architecture by offloading the complexity from application code to a separate infrastructure layer.

In this presentation, inspired by several typical customers’ cloud native solutions, Chaomeng will share a topic of best practice of Spring Cloud and Istio. He will explore the differences and similarities between Spring Cloud and Istio, include mechanism and working scenario, and focus on the integration and transformation solution, which makes Spring Cloud developed application running natively upon Isito without too many code changes, and gracefully offload traffic management from SDK to infrastructure and make SDK a real develop kit.