On-Demand Link: https://www.nginx.com/resources/webinars/are-you-service-mesh-ready-moving-from-consideration-to-implementation/ At NGINX, we think the question is no longer “Do I have to use a service mesh?” but rather “When will I be ready for a service mesh?” We believe that anyone deploying containers in production and using Kubernetes to orchestrate them has the potential to reach the level of app and infrastructure maturity where a service mesh adds value. But how to do you know when you’re ready or which mesh will be right for your apps? In this webinar, our experts talk about the steps to successfully implementing a service mesh.

1. Are You
Service Mesh Ready?
MOVING FROM CONSIDERATION TO IMPLEMENTATION

2. | ©2020 F5
2
SR. PRODUCT MANAGER – NGINX SERVICE MESH
Alan Murphy Whether you're ready for a service mesh
How to choose a mesh that’s right for
your apps
The importance of a high-performance
Kubernetes application data plane
How NGINX Service Mesh improves the
developer experience

3. | ©2020 F5
4
PART 3: SERVICE MESH
Production-Grade Kubernetes
You are here!

4. | ©2020 F5
5
What is your organization’s expertise
with Microservices?
1. We’re not using a Microservices architecture yet.
2. We are taking first steps to production Microservices.
3. We run both Microservices and Traditional architectures in
production.
4. We are (almost) entirely a Microservices-first organization.

5. | ©2020 F5
6
What’s your biggest concern
with Microservices?
1. Training and Knowledge – the journey to production is difficult
2. In production – Logging, Visibility and Monitoring
3. In production – Security
4. In production – Scaling to large apps and multiple teams
5. None – I know what I’m doing, all is working

6. | ©2020 F5
7
PRETTY WELL SUMS IT UP…
Kubernetes Networking Is Hard

7. | ©2020 F5
8
WHAT’S MISSING IN K8S AND WHAT DO YOU REALLY WANT AND NEED FROM A MESH?
Networking: K8, L3, L4, L5, L7
• K8s, and CNI, provides L4 servicing – IP endpoints
• Many, complex options
• https://kubernetes.io/docs/concepts/cluster-administration/networking/
• L7 Traffic Management is missing
• Policy-based routing
• Service-level access control
• SSL/mTLS enforcement
• Enter: Service Mesh

8. | ©2020 F5
9
WHAT’S MISSING IN K8S AND WHAT DO YOU REALLY WANT AND NEED FROM A MESH?
What Is A Service Mesh?
• A service mesh adds L7 traffic management & security:
• sidecar deployment
• policy management
• application availability/health,
• Service mesh isn’t just one “thing”, it’s a lot of managed and dependent
components
• Takes over where K8s networking stops (service/pod IP endpoints)
• “Traffic management for containers”

9. | ©2020 F5
10
L7 Logic (Ingress)
L3-L4 Networking
L3 – L7 Network
Management ==
Service Mesh
An Overly Simplified Picture

10. | ©2020 F5
11
Do you use a Service Mesh in production?
1. No, and I’m not planning to use one yet
2. No, but I’m actively evaluating
3. Yes – Istio in production
4. Yes – a different mesh in production (share in the comments)
5. I don’t know

11. | ©2020 F5
12
Risks of adopting a mesh too early…
Complexity
Complexity
Complexity
Preparing for a Mesh

12. | ©2020 F5
13

13. | ©2020 F5
14

14. | ©2020 F5
15

15. | ©2020 F5
16

16. | ©2020 F5
17

17. | ©2020 F5
18

18. | ©2020 F5
19
IT DEPENDS…
Selecting a Service Mesh
Why are you looking for a service mesh?
(what are your use cases?)

19. | ©2020 F5
20
NGINX Service Mesh Use Cases
Secure Traffic
End-to-end encryption (Mutual TLS / mTLS), ACLs
Manage All Service Traffic
Load Balance, Circuit breaker, B|G, Rate Limiting…
Orchestration
Injection and sidecar management, K8s API integration
Visualize Traffic
Generate transaction traces and real-time monitoring
Enterprise ADC sidecar with
NGINX Plus
Small/efficient control plane
and developer friendly
Enterprise ADC sidecar with
NGINX Plus
SMI spec, open ecosystem
key differentiator

20. | ©2020 F5
21
IT DEPENDS…
Selecting a Service Mesh
Why are you looking for a service mesh?
(what are your use cases?)
How will you use the service mesh?

21. | ©2020 F5
22
Developers
Do you plan to add security to a legacy app that
is moving into Kubernetes?
Are you going to incorporate security as you
refactor an app into a native Kubernetes app?
Platform/Infrastructure Team
Are you going to add the service mesh into your
CI/CD pipeline so that it’s automatically deployed
and configured with every new cluster and
available when a developer spins up a new
instance?
How will you use the service mesh?
IT DEPENDS WHO YOU ARE

22. | ©2020 F5
23
IT DEPENDS…
Selecting a Service Mesh
Why are you looking for a service mesh?
(what are your use cases?)
How will you use the service mesh?
What factors influence your selection?

23. | ©2020 F5
24
Data Plane Matters

24. | ©2020 F5
25
1. Your “first mile” at the edge.
2. Your ”last mile” at the application layer.
3. Resiliency of your application delivery in Kubernetes.
4. Security enforcement point.
5. Metrics and monitoring for visibility.
FOCUS ON CONTROL PLANE IS CRITICAL, BUT DON’T FORGET ABOUT THE DATA
Data Plane Handles…
E
F

25. | ©2020 F5
26
• Data plane is all Kubernetes traffic
• Ingress and egress traffic treated as E/W
S2S traffic
• Full integration with control plane
• Resiliency, security, high availability all
matters for N/S
• Egress becoming more and more critical
CONFIDENTIAL
Don’t Forget N/S Ingress/Egress Data Plane

26. | ©2020 F5
27
• Accepts traffic from outside the Kubernetes
platform, and load-balances it to pods
(containers) running inside the platform
• Configured using the Kubernetes API, with
objects called ‘Ingress Resources’
• Monitors the pods running in Kubernetes, and
automatically updates the load balancing rules if,
for example, pods are added or removed from a
service
The Ingress Controller
Internal
Network
Users
Ingress
Controller
A specialized load balancer for Kubernetes environments:

27. | ©2020 F5
28
Which Ingress controller(s) do you use?
1. Default Kubernetes Ingress Controller
2. NGINX Ingress Controller
3. Public Cloud (e.g. from AWS, Azure, Google)
4. F5 Container Ingress Services
5. Something else (share in the comments)
6. I don’t know

28. | ©2020 F5
29
Developer-Friendly: Self-service and so easy to
use that it doesn’t require an infrastructure team to
deploy and manage it. No manual configurations,
built on native Kubernetes tooling and open
source tools.
Powerful and Efficient: The fastest, lightest way to
get mTLS and traffic management in your
microservices environment.
No sidecar injected into NGINX Ingress Controller.
NGINX Plus Sidecars: A fully integrated, high
performance data plane for highly available and
scalable containerized environments.
Why you might like

29. | ©2020 F5
32
DEMO

30. | ©2020 F5
33
Q&A

31. | ©2020 F5
34 CONFIDENTIAL
And try it with our other K8s traffic management solutions
Download for free