How can organisations achieve the DevOps dream? Kubernetes, an Istio Service Mesh and a dash of innovation, says Auto Trader’s Dave Whyte
Kubernetes, the container orchestrator developed by Google and made open source by the tech giant in 2015, has become the lynchpin to DevOps success for a huge number of businesses. With Kubernetes running on cloud servers, developers and engineers have the tool and infrastructure to handle large containerised applications at the required scale for business.
For Dave Whyte, operations lead at UK automotive marketplace Auto Trader, a combination of Google Kubernetes Engine and an Istio service mesh has made the company’s DevOps dish taste even sweeter. At this year’s DevOps Live in London, Dave will explain why the centralised platform the company has built using the two tools is “the DevOps dream.”
The combination is a powerful weapon. But what are Kubernetes and Istio’s respective roles in the new environment?
Kubernetes provides self-healing, rapid container cluster management and quick release roll-back. Don’t worry if you’re a little confused. A cluster refers to the network of computers upon which containerised applications run, while quick release roll-back enables IT shops to jump back in time to a healthy release version. And the magic-sounding “self-healing functionality” refers to Kubernetes’ ability to restart containers that fail and kill unresponsive ones.
Istio, on the other hand, helps Auto Trader’s platform squad encrypt traffic within clusters and manage traffic between different services by setting policies. This has enabled the team to integrate security into the pipeline (known as “DevSecOps”), in line with the OWASP application security model. “All of our applications have end-to-end encryption with their own outbound and inbound network policies,” explains Dave. “We have integrated OWASP into our release pipelines and carry out regular manual and automated security scans.”
Within this dual-environment, the company’s devs effectively gain secure freedom. They can “release when they want, control inbound and outbound network rules to their apps, and adjust the CPU and Memory resource and amount of [replica containers],” explains Dave.
Need for speed
Auto Trader decided to make the switch to Kubernetes to upgrade its security layers and implement mutual Transport Layer Security (mTLS) authentication between its apps. After a spike of work, Dave’s team realised that, whilst not impossible, retrofitting this on its Cloud Stack platform would be a challenge: