Module 4: Enhancing Traffic Resilience and Security for Virtual Machines with OpenShift Service Mesh

In this module we are going to explore how you can further make the solution secure and robust whilst exposing it to the outside world. You will ensure that your Virtual Machine (VM) based solution can recover from failures of a VM without having to intervene to manage that as well cater for the release of a new version of a VM component.

Objectives

  • Expose VMs for public consumption via service mesh ingress gateway.

  • Perform a canary release deployment of a new version on one of the VMs, run it in parallel to the original and define % of traffic to flow on each version.

  • Create policies with the help of service mesh to exclude instances of your VMs when they are unresponsive in order to ensure any failures do not impact end-user requests.

  • Apply restrictions for business and security purposes via authorization policies.

About cloud native capabilities

Canary Release

In traditional monolithic applications new features where released with a feature toggle which when enabled it would allow a subset of requests to flow through the new feature functionality. In a cloud native world where microservices contain the subset of the functionality the toggle can be the version associated with the a microservice deployment.

canary 01

Canary release (or canary launch or canary deployment) allows for the release of a new feature microservice targeted by a flag, the URI of changed version or other means available to differentiate between the instance of old and new feature.

Circuit Breakers

Circuit breaking is an important pattern for creating resilient microservice applications. Circuit breaking allows to create applications that limit the impact of failures, latency spikes, and other undesirable effects of network peculiarities.

Unlike timeout-based methods, which can lead to delayed error responses or the premature failure of healthy requests, the Circuit Breaker pattern can proactively identify unresponsive services and can prevent repeated attempts.