Milestone 3 : Part 2

Assignment 3 : Part 2

Problem Statement

As discussed in the previous proposal the current implementation of the Radar Data Visualization Applications has some avenues where improvement is possible, for example, inter-service communication, security, service authorization, load balancing and improved monitoring. All of these can be achieved through an integration of a service mesh layer above the existing Kubernetes architecture.

Following are the desired improvements:

Service Authorization & Authentication - A service mesh can be implemented to enforce inter-service communication restrictions.
Load Balancing - The current architecture uses a round-robin fashion of load balancing, now although this works it is not an optimum way to do it, this can be improved by integration of a service mesh which offers multiple options of doing so like Random, Weighted, Less requests.
Monitoring - A service mesh to collect and provide various system/network metrics can be implemented.
Sidecar Proxy - Inter-service communication can be improved by addition of sidecar proxies, which would become solely responsible for the communication of microservices. This can be achieved through the integration of a service mesh.

Changes from Initial Proposal

After, studying service meshes and comparing it with our current architecture, we decided on scraping Encryption, as the data sent from the front-end to the api-gateway is already encrypted, and rest of the communication is already hidden behind the api-gateway layer.

Problem Statement Development:

https://github.com/airavata-courses/VignyaanDwaarNirman/issues/29

https://github.com/airavata-courses/VignyaanDwaarNirman/issues/31

https://github.com/airavata-courses/VignyaanDwaarNirman/issues/32

https://github.com/airavata-courses/VignyaanDwaarNirman/issues/34

Methodology

After, looking into serivce mesh technology, we realized how the existing application can be improved from the developer's point of view. Monitoring is a big asset which can effectively help analyze the traffic flow and check which particular microservices experience loads at peak loads. So, trying to address some of the existing architectural flaws that we felt existed in the current deployed instances. We decided to continue with Istio and by further monitoring the traffic and testing the application against multiple loads using the Kiali Dashboard provided with Istio. Below are the steps to setup Istio.

To install Istio on our Kubernetes cluster,

Downloaded the Istio v1.5.2 and cd into the Istio package.

$ curl -L https://istio.io/downloadIstio | sh -
$ cd istio-1.5.2

Install the default Istio configuration profile:

$ istioctl manifest apply --set profile=demo

Add a namespace label to instruct Istio to automatically inject Envoy sidecar proxies when we deploy the application later. This sidecar injection facilitates the inbound and outbound traffic for each service.

$ kubectl label namespace default istio-injection=enabled
$ kubectl apply -f kiali.yaml
$ istioctl dashboard kiali

Click here to check kiali.yaml
Click here to access the Kiali Dashboard

Username: admin Password: admin

We implemented Service Authentication and Authorization between microservices using Istio build-in mTLS authentication. It provides each service with a strong identity representing its role to enable interoperability across clusters and clouds, secures service-to-service communication & provides a key management system to automate key and certificate generation, distribution, and rotation.

$ kubectl apply -f tls-strict.yaml

Click here to check tls-strict.yaml

We can gracefully implement Load balancing using Istio that lets us update the configuration to incorporate various algorithms like round robin, random, weighted etc. We implemented it using below commands:

$ kubectl apply -f httpGateway.yaml
$ kubectl apply -f DestinationRules.yaml
$ kubectl apply -f virtualService.yaml

Click here to check httpGateway.yaml
Click here to check DestinationRules.yaml
Click here to check virtualService.yaml

Service-Health graph

Kiali Dashboard

WhatsApp Image 2020-05-05 at 10 16 01 PM (1)

Services Health Check

AppGraph

App-Graph

ServiceGraph

App-Service Graph

Evaluation

As mentioned in the methodology above, we had some assumptions about the flaws in our architecture and after installing istio and monitoring the traffic we came to know about other possible improvements. Following are some of the references which helped us a lot along the way:

Conclusions and Outcomes

Service Meshes while hard to get a grasp on at first, having a steep learning curve and a tedious installation and integration is an amazing utility and practically a must in the current tech-world, seeing the utility and control it provides over an application is simply fascinating. Integrating Istio with our application provided us with an amazing amount of added utilities and complete control over the system, various factors like Monitoring, Traffic Management, Authentication and Load Balancing which seem like a far-fetched complex dream for us actually became a reality thanks to Istio.

Team Member Contributions

Every team member contributed equally for the success of the project, all kind of work may it be, Learning, Debugging, Installation, Implementation, Documentation was divided equally among all the team members and approached it with utmost zeal and enthusiasm.

Anshul Vohra :

Viral Prajapati :

Devansh Jain :

Provide feedback

Saved searches

Use saved searches to filter your results more quickly