»How to Make Istio Work With Your Apps«
2019-11-16, 14:45–15:15, The Gallery

The Istio service mesh promises to solve or ease many of the pain points around scaling and securing microservice architectures by giving key tools to make your Kubernetes cluster deployments play nice with each other, but getting some applications to play nice with Istio can be its own major challenge. For those considering Istio or who want to be on the lookout for pitfalls when starting adoption, this talk will highlight possible roadblocks to your move to Istio and offer both short-term workarounds and long-term fixes to reduce headaches and make sure you can get the most out of Istio at any stage.

The potential of Istio has generated a huge amount of excitement, but its widespread adoption is hindered in large part by its often-vertical learning curve, extreme operational complexity, and the fast rate of change in its frequent releases. The official Istio documentation has some great examples that demonstrate what Istio can do, but less information exists about what it is not well suited to and how to coax it into working with applications not designed with Istio in mind. This talk will cover these problem areas and common stumbling blocks, suggesting compromises to ease the migration and deeper changes to make your applications first-class citizens in Istio.

  • Highlight application port and Kubernetes service configurations that are incompatible with Istio or the Envoy proxy out of the box, like mixed-use back-end container ports or headless services
  • Talk about how to handle pod lifecycle race conditions introduced by the istio-proxy sidecar container
  • Discuss why API and web clients may have connection problems when services move to Istio
  • Where to look and what to check when your changes do not “just work”
  • Longer-term strategies for making Istio ready for your application teams (and vice versa) while finding ways to manage Istio itself and the applications you run on the service mesh, especially given the maturing project’s frequent and sometimes-breaking releases