Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

PHX DevOps Days: Service Mesh Landscape

Service-mesh technology promises to deliver a lot of value to a cloud-native application, but it doesn't come without some hype. In this talk, we'll look at what is a "service mesh", how it compares to similar technology (Netflix OSS, API Management, ESBs, etc) and what options for service mesh exist today.

  • Login to see the comments

PHX DevOps Days: Service Mesh Landscape

  1. 1. The service-mesh landscape @christianposta
  2. 2. Christian Posta Chief Architect, cloud application development Twitter: @christianposta Blog: http://blog.christianposta.com Slides: http://slideshare.net/ceposta • Author multiple books, latest Istio in Action • Committer/contributor lots of open-source projects • Blogger, speaker, mentor, leader
  3. 3. https://www.manning.com/books/istio-in-action
  4. 4. Microservice A highly distracting word that serves to confuse developers, architects, and IT leaders into believing that we can actually have a utopian application architecture. @christianposta
  5. 5. Microservice A highly distracting word that serves to confuse developers, architects, and IT leaders into believing that we can actually have a utopian application architecture. An architecture optimization that treats the modules of an application as independently owned and deployed services for the purposes of increasing an organization’s velocity @christianposta
  6. 6. @christianposta Microservices
  7. 7. @christianposta Our services need to connect to each other to provide overall business value.
  8. 8. @christianposta https://puppet.com/resources/whitepaper/state-of-devops-report
  9. 9. @christianposta Come on… how hard can it be!?
  10. 10. @christianposta
  11. 11. @christianposta
  12. 12. @christianposta
  13. 13. As we move to services architectures, we push the complexity to the space between our services. @christianposta
  14. 14. New challenges in a cloudy, services world • Service discovery • Retries • Timeouts • Load balancing • Rate limiting • Thread bulk heading • Circuit breaking @christianposta
  15. 15. …continued • Routing between services (adaptive, zone-aware) • Deadlines • Back pressure • Outlier detection • Health checking • Traffic shaping • Request shadowing @christianposta
  16. 16. …continued • Edge/DMZ routing • Surgical / fine / per-request routing • A/B rollout • Internal releases / dark launches • Fault injection • Stats, metric, collection • Logging • Tracing
  17. 17. Oh yah... And.... Security
  18. 18. • Netflix Hystrix (circuit breaking / bulk heading) • Netflix Zuul (edge router) • Netflix Ribbon (client-side service discovery / load balance) • Netflix Eureka (service discovery registry) • Brave / Zipkin (tracing) • Netflix spectator / atlas (metrics) “Microservices” patterns
  19. 19. But I’m using Spring! • spring-cloud-netflix-hystrix • spring-cloud-netflix-zuul • spring-cloud-netflix-eureka-client • spring-cloud-netflix-ribbon • spring-cloud-netflix-atlas • spring-cloud-netflix-spectator • spring-cloud-netflix-hystrix-stream • ….. • ...... • @Enable....150differentThings
  20. 20. But I’m using Vert.x! • vertx-circuit-breaker • vertx-service-discovery • vertx-dropwizard-metrics • vertx-zipkin? • ….. • ......
  21. 21. Screw Java - I’m using NodeJS! JavaScript is for rookies, I use Go! But python is so pretty! I prefer unreadability… Perl for me!
  22. 22. • Require specific language to bring in new services • A single language doesn’t fit for all use cases • How do you patch/upgrade/manage lifecycle? • Need strict control over application library choices • Inconsistent implementations • Incorrect implementations Some drawbacks to this approach? @christianposta
  23. 23. Let’s abstract this functionality to a single binary and apply to all services. • Allow heterogeneous architectures • Remove application-specific implementations of this functionality • Consistently enforce these properties • Correctly enforce these properties • Opt-in as well as safety nets @christianposta
  24. 24. @christianposta
  25. 25. @christianposta
  26. 26. A service mesh is decentralized, application-agnostic, networking infrastructure between your services that can be programmed to provide more resilient and observable service to service communication @christianposta Time for definitions:
  27. 27. Service mesh technologies typically provide: • Service discovery / Load balancing • Secure service-to-service communication • Traffic control / shaping / shifting • Policy / Intention based access control • Traffic metric collection • Service resilience @christianposta
  28. 28. Three open-sourced, service-mesh projects
  29. 29. Meet Linkerd http://linkerd.io
  30. 30. Linkerd2 • Kubernetes specific • Control plane / data plane constructs • Originally introduced in December 2017 as “Conduit” • Collect top-level metrics • Resilience, timeouts, retry budgets • Experimental TLS
  31. 31. Meet Consul Connect http://consul.io
  32. 32. Consul Connect • Beta status • Control plane (consul server) / data plane (proxies/app) • Part of Consul 1.2 release, June 2018 (latest is 1.3) • Secure, mTLS communication • Builds on Consul’s discovery and configuration capabilities • Service segmentation, intention-based ACL policy • Optional use of Envoy Proxy • Native app integration for latency/performance sensitive apps
  33. 33. Meet Istio.io http://istio.io
  34. 34. Istio • Control plane / data plane (Envoy Proxy) • 1.0 GA July 2018 • Collaboration between Google, IBM, Lyft, VMWare, Red Hat, et al. • Based on Envoy proxy • mTLS, policy based ACL, resilience, observability, traffic control • Kubernetes native • Deployment platform agnostic (experimental)
  35. 35. Demo? http://bit.ly/istio-tutorial
  36. 36. Thanks! BTW: Hand drawn diagrams made with Paper by FiftyThree.com  Twitter: @christianposta Blog: http://blog.christianposta.com Email: christian@redhat.com Slides: http://slideshare.net/cepostaFollow up links: • http://blog.christianposta.com • http://istio.io • http://envoyproxy.io • http://linkerd.io • http://consul.io • http://bit.ly/istio-tutorial • http://blog.christianposta.com/istio-workshop/slides/

×