By Lance Lamore, Intern at Ascend
Over the past few months, I have had the opportunity to intern with the infrastructure team at Ascend. One of the things we emphasize here is the need for speed, focus, and intensity. As part of my role, I was given the task of assessing and implementing some emerging technologies within the Kubernetes ecosystem. Being a Kubernetes-based product, we are constantly mindful of staying ahead of the latest tech. It seems like there’s always a new feature, security patch, or use case announced every day. Part of our job at Ascend is making sure that our systems can handle all the newest stuff constantly being released by the community.
One of these emerging technologies I evaluated is Istio - named after the Greek word for sailing and backed by Google, IBM, and Lyft. Istio can be implemented within a Kubernetes cluster and proxy all the networking between the microservices. In fact, Google even released integrated Istio support for GKE. Istio is well on its way towards becoming the new standard for managing Kubernetes microservices.
When Ascend evaluated Istio, the first major attraction was its mutual TLS security between all communications. Managing certifications is hard and it’s something nobody wants to spend their time maintaining. Istio can manage all of its own certifications and it does so almost completely out of the box. While our system currently has its own TLS security in place, Istio can replace this and lower the overhead of our own infrastructure.
Ascend also processes huge batches of data, which requires vast distributed systems. This brings me to the second major attraction of Istio - its multi-cluster support. Currently, our computation is split between two Kubernetes clusters. One cluster handles the Frontend, API, metrics, and scheduling. The other cluster handles running all of our Spark jobs. Ascend is rapidly expanding - adding more clusters, nodes, and pods everyday - and Istio is a service we trust to keep up with our demands. Substantial internal routing is necessary to efficiently parallelize all the tasks that come with orchestrating automatic data pipelines. We depend on Istio to handle this routing for us, and it manages to do so while maintaining a fast, secure, and light overhead.
The third major advantage is the range of telemetry features available with install. Istio comes with Jaeger, Prometheus, grafana, and Kiali as installation options. I especially liked the Kiali dashboard, which works with Prometheus to visualize all the network traffic inside the service mesh. This dashboard is astonishingly cool. As an intern, getting up to speed with the architecture of the system can be a monumental task. The Kiali dashboard is a wonderful tool to quickly learn how the API, Frontend, and Backend all communicate with each other.
There are of course additional reasons to get excited about Istio, but these three were the biggest attractors for me as I looked at this new tech. Since Google’s integrated Istio is still in beta, we decided to develop against the open source installment of Istio. As with any emerging product, installment did not come without its hiccups, such as setting up gRPC connections. But all in all we got it solved and it’s exciting to know that I played a part in keeping Ascend on the cutting edge of orchestrating whatever data customers send our way.