Going cloud native with Kubernetes and Istio
Here at DWP Digital, our Agile software engineering teams are making use of modern cloud technologies, such as Kubernetes and Istio, to enhance our digital delivery capabilities. These two technologies combine to provide a cloud native infrastructure platform, capable of hosting our business applications.
Kubernetes is an open-source system for automating deployment, scaling and managing containerised applications. It is becoming the new standard for deploying and managing software in the cloud.
Istio is a service mesh that allows us to describe the network of microservices that make up each of our applications and the interactions between them. It automatically handles load balancing, failure recovery, discovery, metrics and monitoring.
How we’re deploying software at scale
We use infrastructure as code (IAC) to define an entire cloud platform, making use of cloud agnostic technology Terraform. Terraform gives us the ability to reproduce every environment in an automated, consistent way. We make use of Terraform ‘providers’ to represent infrastructure types as a Terraform ‘resource’. For example, by using the Kubernetes provider, we are able to interact with Kubernetes resources via Terraform.
Istio is installed using Helm, a package manager for Kubernetes that allows us to combine Kubernetes configuration YAML files into a singular representation of Kubernetes resources, that make up an application stack.
In order to take advantage of all of Istio’s features, pods in the mesh must be running an Istio sidecar proxy. We automatically add the sidecar to all Kubernetes pods using the mutating webhook admission controller. We run Pilot as part of the Istio control plane, as this configures the sidecars through Envoy APIs.
Envoy is an intelligent proxy for mediating and controlling all network communication between microservices, while also collecting and reporting telemetry on all mesh traffic. We also make use of Mixer, Jaeger and Kiali for even richer observability of our services.
A great example of how we are using this technology relates to the current coronavirus (COVID-19) situation. We were able to rapidly respond and reduce pressure on digital Universal Credit (UC) systems by directing a portion of UC identity checks through a new service hosted on our Kubernetes platform.
The rapid, iterative deployment and enhanced scalability, provided by our cloud platform, assisted with DWP’s ability to handle the huge increase in UC claims immediately after the Government’s lockdown policy.
How we deploy software applications onto Kubernetes
Our software teams use Docker for the development of new and existing applications. Docker is a container technology that uses operating system level virtualisation to define run-time application environments as code.
Using Docker to encapsulate their apps, our teams build and package these as Docker images, which are then deployed as containers onto Kubernetes pods as part of their Continuous Integration / Continuous Deployment (CI/CD) pipeline.
Teams are empowered to configure the declared state of their services (their pods) using Helm charts. We use Helm on the pipeline to deploy a new version of an entire application stack, simply by calling ‘helm upgrade’.
The benefits of deploying software on the cloud
This highly abstracted view of running infrastructure allows individual software teams to concentrate on building software to solve business problems without having to worry about infrastructure problems.
The Helm charts used by software teams can be version controlled, providing the ability to return to any previous versions.
We take advantage of this immutable, containerised hosting environment by treating our applications and services as ‘cattle’ not ‘pets’ (in the past we’d treat our services like pets – they were special and unique and you did everything in your power to keep them up).
Now services are no longer unique because they are built from code, they can be instantly replaced if they become unhealthy. This avoids wasted time trying to diagnose the problem in production, and negates the possibility of the app going down and leaving our users without the service.
Kubernetes and Istio provide this capability thanks to the declarative principles of both. The control plane constantly monitors the service state. If a running state differs from its declared state, Kubernetes restores the requisite nodes/pods, in line with the desired configuration, in a fully automated way.
The features of Kubernetes and Istio are inherited by each software team, as they are on-boarded to the cloud platform, giving us powerful re-use of infrastructure, automation and abstraction.
Our software teams are able to stand-up new NodeJS or Java Spring applications, fully separated from existing applications on the same cloud platform, with minimal effort. There’s no need to build, design and engineer the underlying hosting infrastructure and network layer that these apps will run on. There’s no need to manage any servers or operating systems. There’s no need to engineer new deployment methods.
By conforming to the Kubernetes configuration principles, a software team can go from inception to production in a matter of weeks, where previously it would have taken months.
The benefits of having an automated service mesh
Using cloud native technologies such as Kubernetes and Istio gives us:
- less duplication across our infrastructure
- higher re-usability
- reliable environments through the use of declarative state
- rapid application development
- quicker code deployments
- less manual intervention of running services
- better observability of run-time environments
With the software application teams able to just concentrate on solving business problems, our DevOps team of cloud automation software engineers can focus on further automation of the core platform itself. And it frees them up to find new ways to take advantage of this exciting, modern cloud-native eco-system as it evolves.
Subscribe to our newsletter for more articles about our work in government digital transform transformation.