logo
allArticlesConferencesPresentations

Simplifying Service Mesh Operations with Flux and Flagger

Conference:  KubeCon + CloudNativeCon Europe 2022

2022-05-20

Authors:   Stefan Prodan, Mitch Connors

Summary

The presentation discusses the challenges of upgrading Istio and proposes a GitOps approach to automate service mesh upgrades.
  • Upgrading Istio is difficult and time-consuming
  • 88% of Istio installations still have known CVEs despite efforts to make upgrades easier
  • The GitOps approach using Flux and Flagger can automate Istio upgrades and improve observability
  • The Helm controller in Flux provides a better experience than the Istio operator
  • Istio upgrades should be treated like any other piece of infrastructure and automated using GitOps
The speaker emphasizes the importance of automating Istio upgrades and not treating it as a unique and special piece of infrastructure. They caution against using the Istio operator and recommend using the Helm controller in Flux instead. The GitOps approach using Flux and Flagger can improve observability and automate upgrades, making it easier for users to keep Istio up to date.

Abstract

Distributed Proxies have opened the floodgates for Service Meshes to provide substantial value at the Application Networking Layer, but early adopters of Service Meshes are often overwhelmed by operational complexities. How do you ensure that the proxy is distributed everywhere your software runs? How do you safely upgrade or roll back all those proxies? How can you ensure that your network config is correct - without pushing it to production and risking an outage? Following the GitOps Principles is key to simplifying Service Mesh Operations. Defining the entire service mesh declaratively - be it installation, proxy injection, or configuration - provides a mechanism to safely manage the complexities of a service mesh. Continuously reconciling declarative config with the latest service mesh release keeps you from being caught off-guard by CVEs. Progressive Delivery tools enable seamless movement from one version of a service mesh to another - and back - with minimal impact to traffic.Click here to view captioning/translation in the MeetingPlay platform!
Materials:
Slides
Tags:
service meshes
Application Networking
GitOps
Service Mesh Operations
CVEs

Post a comment

Related work

Future of Service Mesh - Sidecar or Sidecarless or Proxyless?

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Eric Van Norman, Idit Levine, Yuval Kohavi, John Howard, Keith Mattix
2023-04-21

Securing User to Service Access in Kubernetes

Conference:  Cloud Native SecurityCon North America 2023
Authors: Maya Kaczorowski, Maisem Ali

Rotate Roots Right Round: Using Cert-Manager for Safer Private PKI

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Ashley Davis
2023-04-20

Whose Packet Is It Anyway? Life of a Packet Through a Service Mesh

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Kevin Leimkuhler, Douglas Jordan
2022-10-26

Taking Your Database Beyond the Border of a Single Kubernetes Cluster

Conference:  KubeCon + CloudNativeCon North America 2021
Authors: Christopher Bradford, Ty Morton
2021-10-14

Using SLOs for Continuous Performance Optimizations of Your K8s Workloads

Conference:  KubeCon + CloudNativeCon North America 2021
Authors: Andreas Grabner
2021-10-13