SlideShare a Scribd company logo

The Truth About the Service Mesh Data Plane

Download as PPTX, PDF
Christian Posta
Christian Posta

The exploration of service mesh for any organization comes with some serious questions. What data plane should I use? How does this tie in with my existing API infrastructure? What kind of overhead do sidecar proxies demand? As I've seen in my work with various organizations over the years "if you have a successful microservices deployment, then you have a service mesh whether it’s explicitly optimized as one or not." In this talk, we seek to understand the role of the data plane and how to pick the right component for the problem context. We start off by establishing the spectrum of data-plane components from shared gateways to in-code libraries with service proxies being along that spectrum. We clearly identify which scenarios would benefit from which part of the data-plane spectrum and show how modern service meshes including Istio, Linkerd, and Consul enable these optimizations.

Technology
1 of 32
1 | Copyright © 2019 The Truth About the Service Mesh Data Plane Christian Posta @christianposta Global Field CTO – Solo.io
2 | Copyright © 2019 @christianposta CHRISTIAN POSTA • Field CTO @ Solo.io • Author of a few books • Contributor to many open-source projects • Architect, blogger, speaker, mentor, leader @christianposta christian@solo.io https://blog.christianposta.com https://slideshare.net/ceposta
3 | Copyright © 2019 @christianposta MY BOOKS https://bit.ly/istio-in-action https://www.manning.com/dotd 50% off code: dotd111819au
4 | Copyright © 2019 @christianposta HIGHLY RECOMMENDED
5 | Copyright © 2019 The Service Mesh Journey with Solo.io Solo.io connects and manages the world’s applications with APIs and service mesh across any infrastructure. Announcements coming today 
6 | Copyright © 20196 | Copyright © 2019 Challenges of adopting a service mesh
7 | Copyright © 2019 @christianposta • Do you have a mix of application languages or frameworks? • Large deployment of microservices on cloud infrastructure? • Struggling to implement application interaction observability? • Have you mastered your existing infrastructure stack? Do you need a service mesh? https://speakerdeck.com/thockin/weve-made-quite-a-mesh Check out talk from @thockin:
8 | Copyright © 2019 @christianposta • Which one to choose? • Who's going to support it? • Multi-tenancy issues within a single cluster? • No good way to manage multiple clusters? • Fitting with existing services (sidecar lifecycle, race conditions, etc) • What's the delineation between developers and operations? • Non container environments / hybrid env? • Centralization vs decentralization Challenges of adoption
9 | Copyright © 2019 @christianposta • Start at the edge • Start with one proxy, grow to more • Pick a subset of traffic/applications • Get demonstrable value from it • Continue with measurable iterations • Data plane matters! A sensible way to start with service mesh: learn your data plane!
10 | Copyright © 201910 | Copyright © 2019 Confusion in the data plane
11 | Copyright © 2019 @christianposta • API Gateway vs service mesh? • North/south vs east/west • Sidecar vs shared proxy? • Envoy vs nginx vs linkerd proxy vs others? • What needs to go into my code? What do I pick? They seem to overlap!?
12 | Copyright © 201912 | Copyright © 2019 The truth about the data plane
13 | Copyright © 2019 @christianposta Service mesh gives a nice API into application networking.
14 | Copyright © 2019 @christianposta How that API gets implemented will vary.
15 | Copyright © 2019 @christianposta Data plane as a spectrum Implemented in code Out of process sidecar proxy Shared gateway per domain Single centralized gateway
16 | Copyright © 2019 @christianposta • Performance is paramount, cannot use sidecar proxy • Need fine-grained circuit breaking or other resilience measures • More complicated load balancing involving business logic • Cannot deploy a sidecar Implemented as code When to do Watch out for: • Tightly intertwined with your application • Can be difficult to change • Trying to maintain multiple language implementations
17 | Copyright © 2019 @christianposta Implemented as code: example, Consul Service Mesh func main() { client, _ := api.NewClient(api.DefaultConfig()) svc, _ := connect.NewService("my-service", client) defer svc.Close() // Get an HTTP client httpClient := svc.HTTPClient() // Perform a request, then use the standard response resp, _ := httpClient.Get("https://userinfo.service.consul/") }
18 | Copyright © 2019 @christianposta Implemented as “sidecar” proxy • Cannot modify applications • Have multiple languages/frameworks • Overhead is minimal relative to the app • Need a high level of decentralization When to do Watch out for: • Not understanding underlying proxy technology • Race conditions when starting alongside app • Updating when making changes • Leaking proxy-specific information (ie, headers, etc)
19 | Copyright © 2019 @christianposta Sidecar example: Linkerd Service Code Service Code
20 | Copyright © 2019 @christianposta Implemented as shared domain gateway • Cannot use or not ready for sidecar • Provide a single entry point for group of related services • Enforce boundaries • Decoupling of API When to do Watch out for: • Extra hops • Insecure communication last mile • Noisy neighbor
21 | Copyright © 2019 @christianposta Shared gateway example: Istio ingress-gateway
22 | Copyright © 2019 @christianposta Shared gateway example: Gloo
23 | Copyright © 2019 @christianposta Implemented as central gateway • When just starting out • Expect a single central point of ingress/egress • Operational complexity of other approaches too high for current situation When to do Watch out for: • Workflow bottleneck • Insecure communication last mile • Noisy neighbor
24 | Copyright © 2019 @christianposta Implemented in code Out of process sidecar proxy Shared gateway per domain Single centralized gateway Data plane API CNCF Working Group: Unified Data Plane API
25 | Copyright © 2019 @christianposta • Universal, cross-client/server data plane management API • CNCF governed working group; UDPA-WG • Mailing list: udpa-wg@lists.cncf.io • Charter and future development work: https://github.com/cncf/udpa • Development work Q1-Q3 2020, intercept the Envoy v4 xDS API EOY 2020 Universal Data Plane API
26 | Copyright © 201926 | Copyright © 2019 Things at the data plane heating up!
27 | Copyright © 2019 @christianposta Data plane getting very interesting…
28 | Copyright © 2019 @christianposta Data plane getting very interesting… https://github.com/envoyproxy/envoy-wasm
29 | Copyright © 2019 @christianposta Now with beta Web Assembly support! Data plane getting very interesting… https://gloo.solo.io
30 | Copyright © 2019 @christianposta The service mesh API matters! Implemented in code Out of process sidecar proxy Shared gateway per domain Single shared gateway Control plane API API API API API
31 | Copyright © 2019 @christianposta What do you do with an API?
32 | Copyright © 2019 Check out our booth for multi-cluster service mesh management demo. Idit Levine’s talk today at 2:20p My KubeCon workshop: “Service mesh for the developer workflow” Thursday 2:25p

Recommended

Azure kubernetes service (aks)
Azure kubernetes service (aks)Azure kubernetes service (aks)
Azure kubernetes service (aks)Akash Agrawal
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdChristian Posta
 
Introduction to Streaming Analytics
Introduction to Streaming AnalyticsIntroduction to Streaming Analytics
Introduction to Streaming AnalyticsGuido Schmutz
 
Container Security
Container SecurityContainer Security
Container SecurityAmazon Web Services
 
Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Jean-François LOMBARDO
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWSAmazon Web Services
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKSAmazon Web Services
 
Docker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker, Inc.
 

Recommended

Azure kubernetes service (aks)
Azure kubernetes service (aks)Azure kubernetes service (aks)
Azure kubernetes service (aks)Akash Agrawal
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdChristian Posta
 
Introduction to Streaming Analytics
Introduction to Streaming AnalyticsIntroduction to Streaming Analytics
Introduction to Streaming AnalyticsGuido Schmutz
 
Container Security
Container SecurityContainer Security
Container SecurityAmazon Web Services
 
Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Jean-François LOMBARDO
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWSAmazon Web Services
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKSAmazon Web Services
 
Docker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker, Inc.
 
Introduction to Helm
Introduction to HelmIntroduction to Helm
Introduction to HelmHarshal Shah
 
Service Mesh - Observability
Service Mesh - ObservabilityService Mesh - Observability
Service Mesh - ObservabilityAraf Karsh Hamid
 
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017Amazon Web Services
 
Building Kubernetes images at scale with Tanzu Build Service
Building Kubernetes images at scale with Tanzu Build ServiceBuilding Kubernetes images at scale with Tanzu Build Service
Building Kubernetes images at scale with Tanzu Build ServiceVMware Tanzu
 
AKS
AKSAKS
AKSgirish goudar
 
An overview of the Kubernetes architecture
An overview of the Kubernetes architectureAn overview of the Kubernetes architecture
An overview of the Kubernetes architectureIgor Sfiligoi
 
Netflix Global Cloud Architecture
Netflix Global Cloud ArchitectureNetflix Global Cloud Architecture
Netflix Global Cloud ArchitectureAdrian Cockcroft
 
Introduction to Incident Response on AWS
Introduction to Incident Response on AWSIntroduction to Incident Response on AWS
Introduction to Incident Response on AWSAmazon Web Services
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
Monitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusMonitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusGrafana Labs
 
Best Practices for Middleware and Integration Architecture Modernization with...
Best Practices for Middleware and Integration Architecture Modernization with...Best Practices for Middleware and Integration Architecture Modernization with...
Best Practices for Middleware and Integration Architecture Modernization with...Claus Ibsen
 
Overview of kubernetes network functions
Overview of kubernetes network functionsOverview of kubernetes network functions
Overview of kubernetes network functionsHungWei Chiu
 
Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service MeshNatanael Fonseca
 
Exposing services with Azure API Management
Exposing services with Azure API ManagementExposing services with Azure API Management
Exposing services with Azure API ManagementCallon Campbell
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice ArchitectureNguyen Tung
 
Terraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeTerraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeMartin Schütte
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture ApproachMaganathin Veeraragaloo
 
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshService-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshChristian Posta
 
Role of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoptionRole of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoptionChristian Posta
 

More Related Content

What's hot

Introduction to Helm
Introduction to HelmIntroduction to Helm
Introduction to HelmHarshal Shah
 
Service Mesh - Observability
Service Mesh - ObservabilityService Mesh - Observability
Service Mesh - ObservabilityAraf Karsh Hamid
 
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017Amazon Web Services
 
Building Kubernetes images at scale with Tanzu Build Service
Building Kubernetes images at scale with Tanzu Build ServiceBuilding Kubernetes images at scale with Tanzu Build Service
Building Kubernetes images at scale with Tanzu Build ServiceVMware Tanzu
 
An overview of the Kubernetes architecture
An overview of the Kubernetes architectureAn overview of the Kubernetes architecture
An overview of the Kubernetes architectureIgor Sfiligoi
 
Netflix Global Cloud Architecture
Netflix Global Cloud ArchitectureNetflix Global Cloud Architecture
Netflix Global Cloud ArchitectureAdrian Cockcroft
 
Introduction to Incident Response on AWS
Introduction to Incident Response on AWSIntroduction to Incident Response on AWS
Introduction to Incident Response on AWSAmazon Web Services
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
Monitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusMonitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusGrafana Labs
 
Best Practices for Middleware and Integration Architecture Modernization with...
Best Practices for Middleware and Integration Architecture Modernization with...Best Practices for Middleware and Integration Architecture Modernization with...
Best Practices for Middleware and Integration Architecture Modernization with...Claus Ibsen
 
Overview of kubernetes network functions
Overview of kubernetes network functionsOverview of kubernetes network functions
Overview of kubernetes network functionsHungWei Chiu
 
Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service MeshNatanael Fonseca
 
Exposing services with Azure API Management
Exposing services with Azure API ManagementExposing services with Azure API Management
Exposing services with Azure API ManagementCallon Campbell
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice ArchitectureNguyen Tung
 
Terraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeTerraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeMartin Schütte
 

What's hot (20)

Introduction to Helm
Introduction to HelmIntroduction to Helm
Introduction to Helm
 
Service Mesh - Observability
Service Mesh - ObservabilityService Mesh - Observability
Service Mesh - Observability
 
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
 
Building Kubernetes images at scale with Tanzu Build Service
Building Kubernetes images at scale with Tanzu Build ServiceBuilding Kubernetes images at scale with Tanzu Build Service
Building Kubernetes images at scale with Tanzu Build Service
 
AKS
AKSAKS
AKS
 
An overview of the Kubernetes architecture
An overview of the Kubernetes architectureAn overview of the Kubernetes architecture
An overview of the Kubernetes architecture
 
Netflix Global Cloud Architecture
Netflix Global Cloud ArchitectureNetflix Global Cloud Architecture
Netflix Global Cloud Architecture
 
Introduction to Incident Response on AWS
Introduction to Incident Response on AWSIntroduction to Incident Response on AWS
Introduction to Incident Response on AWS
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for Kubernetes
 
Monitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusMonitoring Kubernetes with Prometheus
Monitoring Kubernetes with Prometheus
 
Best Practices for Middleware and Integration Architecture Modernization with...
Best Practices for Middleware and Integration Architecture Modernization with...Best Practices for Middleware and Integration Architecture Modernization with...
Best Practices for Middleware and Integration Architecture Modernization with...
 
Overview of kubernetes network functions
Overview of kubernetes network functionsOverview of kubernetes network functions
Overview of kubernetes network functions
 
Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service Mesh
 
Exposing services with Azure API Management
Exposing services with Azure API ManagementExposing services with Azure API Management
Exposing services with Azure API Management
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice Architecture
 
Terraform -- Infrastructure as Code
Terraform -- Infrastructure as CodeTerraform -- Infrastructure as Code
Terraform -- Infrastructure as Code
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture Approach
 

Similar to The Truth About the Service Mesh Data Plane

Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshService-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshChristian Posta
 
Role of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoptionRole of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoptionChristian Posta
 
Service Mesh in the Real World [Raleigh NC Meetup]
Service Mesh in the Real World [Raleigh NC Meetup]Service Mesh in the Real World [Raleigh NC Meetup]
Service Mesh in the Real World [Raleigh NC Meetup]Solo.io
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Christian Posta
 
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Christian Posta
 
MuleSoft Meetup Valletta 1.0
MuleSoft Meetup Valletta 1.0MuleSoft Meetup Valletta 1.0
MuleSoft Meetup Valletta 1.0Anastasiia Linnas
 
Jenkins World 2019 - Integrating jenkins x with your business
Jenkins World 2019 - Integrating jenkins x with your businessJenkins World 2019 - Integrating jenkins x with your business
Jenkins World 2019 - Integrating jenkins x with your businessMauricio (Salaboy) Salatino
 
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservicesKim Kao
 
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservicessolidkim
 
2019 03-23-2nd-meetup-essential capabilities behind microservices
2019 03-23-2nd-meetup-essential capabilities behind microservices2019 03-23-2nd-meetup-essential capabilities behind microservices
2019 03-23-2nd-meetup-essential capabilities behind microservicesKim Kao
 
Why reinvent the wheel at Criteo?
Why reinvent the wheel at Criteo? Why reinvent the wheel at Criteo?
Why reinvent the wheel at Criteo? Criteolabs
 
Running Consul on Kubernetes and Beyond
Running Consul on Kubernetes and BeyondRunning Consul on Kubernetes and Beyond
Running Consul on Kubernetes and BeyondMitchell Pronschinske
 
Transforming Software Architecture for the 21st Century (September 2009)
Transforming Software Architecture for the 21st Century (September 2009)Transforming Software Architecture for the 21st Century (September 2009)
Transforming Software Architecture for the 21st Century (September 2009)Dion Hinchcliffe
 
Integrating Postgres with ActiveMQ and Camel
Integrating Postgres with ActiveMQ and CamelIntegrating Postgres with ActiveMQ and Camel
Integrating Postgres with ActiveMQ and CamelJustin Reock
 
IX-API: An application programming interface to provision on IXs by Henk Stee...
IX-API: An application programming interface to provision on IXs by Henk Stee...IX-API: An application programming interface to provision on IXs by Henk Stee...
IX-API: An application programming interface to provision on IXs by Henk Stee...MyNOG
 
Twelve-Factor application pattern with Spring Framework
Twelve-Factor application pattern with Spring FrameworkTwelve-Factor application pattern with Spring Framework
Twelve-Factor application pattern with Spring Frameworkdinkar thakur
 
Chaos Debugging for Microservices
Chaos Debugging for MicroservicesChaos Debugging for Microservices
Chaos Debugging for MicroservicesChristian Posta
 
Engage 2020-nerd-for-move-on-from-x pages
Engage 2020-nerd-for-move-on-from-x pagesEngage 2020-nerd-for-move-on-from-x pages
Engage 2020-nerd-for-move-on-from-x pagesHeiko Voigt
 
Akachain Hyperledger Fabric best practices
Akachain Hyperledger Fabric best practicesAkachain Hyperledger Fabric best practices
Akachain Hyperledger Fabric best practicesEledra Nguyen
 
Crossing the chasm with cloud native
Crossing the chasm with cloud nativeCrossing the chasm with cloud native
Crossing the chasm with cloud nativeCheryl Hung
 

Similar to The Truth About the Service Mesh Data Plane (20)

Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshService-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
 
Role of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoptionRole of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoption
 
Service Mesh in the Real World [Raleigh NC Meetup]
Service Mesh in the Real World [Raleigh NC Meetup]Service Mesh in the Real World [Raleigh NC Meetup]
Service Mesh in the Real World [Raleigh NC Meetup]
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
 
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
 
MuleSoft Meetup Valletta 1.0
MuleSoft Meetup Valletta 1.0MuleSoft Meetup Valletta 1.0
MuleSoft Meetup Valletta 1.0
 
Jenkins World 2019 - Integrating jenkins x with your business
Jenkins World 2019 - Integrating jenkins x with your businessJenkins World 2019 - Integrating jenkins x with your business
Jenkins World 2019 - Integrating jenkins x with your business
 
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
 
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
 
2019 03-23-2nd-meetup-essential capabilities behind microservices
2019 03-23-2nd-meetup-essential capabilities behind microservices2019 03-23-2nd-meetup-essential capabilities behind microservices
2019 03-23-2nd-meetup-essential capabilities behind microservices
 
Why reinvent the wheel at Criteo?
Why reinvent the wheel at Criteo? Why reinvent the wheel at Criteo?
Why reinvent the wheel at Criteo?
 
Running Consul on Kubernetes and Beyond
Running Consul on Kubernetes and BeyondRunning Consul on Kubernetes and Beyond
Running Consul on Kubernetes and Beyond
 
Transforming Software Architecture for the 21st Century (September 2009)
Transforming Software Architecture for the 21st Century (September 2009)Transforming Software Architecture for the 21st Century (September 2009)
Transforming Software Architecture for the 21st Century (September 2009)
 
Integrating Postgres with ActiveMQ and Camel
Integrating Postgres with ActiveMQ and CamelIntegrating Postgres with ActiveMQ and Camel
Integrating Postgres with ActiveMQ and Camel
 
IX-API: An application programming interface to provision on IXs by Henk Stee...
IX-API: An application programming interface to provision on IXs by Henk Stee...IX-API: An application programming interface to provision on IXs by Henk Stee...
IX-API: An application programming interface to provision on IXs by Henk Stee...
 
Twelve-Factor application pattern with Spring Framework
Twelve-Factor application pattern with Spring FrameworkTwelve-Factor application pattern with Spring Framework
Twelve-Factor application pattern with Spring Framework
 
Chaos Debugging for Microservices
Chaos Debugging for MicroservicesChaos Debugging for Microservices
Chaos Debugging for Microservices
 
Engage 2020-nerd-for-move-on-from-x pages
Engage 2020-nerd-for-move-on-from-x pagesEngage 2020-nerd-for-move-on-from-x pages
Engage 2020-nerd-for-move-on-from-x pages
 
Akachain Hyperledger Fabric best practices
Akachain Hyperledger Fabric best practicesAkachain Hyperledger Fabric best practices
Akachain Hyperledger Fabric best practices
 
Crossing the chasm with cloud native
Crossing the chasm with cloud nativeCrossing the chasm with cloud native
Crossing the chasm with cloud native
 

More from Christian Posta

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Understanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload IdentityUnderstanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload IdentityChristian Posta
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshChristian Posta
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshChristian Posta
 
Multi-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMeshMulti-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMeshChristian Posta
 
Multicluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh PatternsMulticluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh PatternsChristian Posta
 
Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshChristian Posta
 
Deep Dive: Building external auth plugins for Gloo Enterprise
Deep Dive: Building external auth plugins for Gloo EnterpriseDeep Dive: Building external auth plugins for Gloo Enterprise
Deep Dive: Building external auth plugins for Gloo EnterpriseChristian Posta
 
Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1Christian Posta
 
API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisisChristian Posta
 
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...Christian Posta
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapeChristian Posta
 
API World: The service-mesh landscape
API World: The service-mesh landscapeAPI World: The service-mesh landscape
API World: The service-mesh landscapeChristian Posta
 
Making sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverlessMaking sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverlessChristian Posta
 
Evolution of integration and microservices patterns with service mesh
Evolution of integration and microservices patterns with service meshEvolution of integration and microservices patterns with service mesh
Evolution of integration and microservices patterns with service meshChristian Posta
 
Come for the traffic management, stay for the security
Come for the traffic management, stay for the securityCome for the traffic management, stay for the security
Come for the traffic management, stay for the securityChristian Posta
 
A microservices journey - Round 2
A microservices journey - Round 2A microservices journey - Round 2
A microservices journey - Round 2Christian Posta
 
An eventful tour from enterprise integration to serverless and functions
An eventful tour from enterprise integration to serverless and functionsAn eventful tour from enterprise integration to serverless and functions
An eventful tour from enterprise integration to serverless and functionsChristian Posta
 
Lowering the risk of monolith to microservices
Lowering the risk of monolith to microservicesLowering the risk of monolith to microservices
Lowering the risk of monolith to microservicesChristian Posta
 

More from Christian Posta (20)

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Understanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload IdentityUnderstanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload Identity
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo Mesh
 
Multi-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMeshMulti-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMesh
 
Multicluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh PatternsMulticluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh Patterns
 
Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service Mesh
 
Deep Dive: Building external auth plugins for Gloo Enterprise
Deep Dive: Building external auth plugins for Gloo EnterpriseDeep Dive: Building external auth plugins for Gloo Enterprise
Deep Dive: Building external auth plugins for Gloo Enterprise
 
Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1
 
API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisis
 
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh Landscape
 
Intro to Knative
Intro to KnativeIntro to Knative
Intro to Knative
 
API World: The service-mesh landscape
API World: The service-mesh landscapeAPI World: The service-mesh landscape
API World: The service-mesh landscape
 
Making sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverlessMaking sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverless
 
Evolution of integration and microservices patterns with service mesh
Evolution of integration and microservices patterns with service meshEvolution of integration and microservices patterns with service mesh
Evolution of integration and microservices patterns with service mesh
 
Come for the traffic management, stay for the security
Come for the traffic management, stay for the securityCome for the traffic management, stay for the security
Come for the traffic management, stay for the security
 
A microservices journey - Round 2
A microservices journey - Round 2A microservices journey - Round 2
A microservices journey - Round 2
 
An eventful tour from enterprise integration to serverless and functions
An eventful tour from enterprise integration to serverless and functionsAn eventful tour from enterprise integration to serverless and functions
An eventful tour from enterprise integration to serverless and functions
 
Lowering the risk of monolith to microservices
Lowering the risk of monolith to microservicesLowering the risk of monolith to microservices
Lowering the risk of monolith to microservices
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 

Recently uploaded (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

The Truth About the Service Mesh Data Plane

  • 1. 1 | Copyright © 2019 The Truth About the Service Mesh Data Plane Christian Posta @christianposta Global Field CTO – Solo.io
  • 2. 2 | Copyright © 2019 @christianposta CHRISTIAN POSTA • Field CTO @ Solo.io • Author of a few books • Contributor to many open-source projects • Architect, blogger, speaker, mentor, leader @christianposta christian@solo.io https://blog.christianposta.com https://slideshare.net/ceposta
  • 3. 3 | Copyright © 2019 @christianposta MY BOOKS https://bit.ly/istio-in-action https://www.manning.com/dotd 50% off code: dotd111819au
  • 4. 4 | Copyright © 2019 @christianposta HIGHLY RECOMMENDED
  • 5. 5 | Copyright © 2019 The Service Mesh Journey with Solo.io Solo.io connects and manages the world’s applications with APIs and service mesh across any infrastructure. Announcements coming today 
  • 6. 6 | Copyright © 20196 | Copyright © 2019 Challenges of adopting a service mesh
  • 7. 7 | Copyright © 2019 @christianposta • Do you have a mix of application languages or frameworks? • Large deployment of microservices on cloud infrastructure? • Struggling to implement application interaction observability? • Have you mastered your existing infrastructure stack? Do you need a service mesh? https://speakerdeck.com/thockin/weve-made-quite-a-mesh Check out talk from @thockin:
  • 8. 8 | Copyright © 2019 @christianposta • Which one to choose? • Who's going to support it? • Multi-tenancy issues within a single cluster? • No good way to manage multiple clusters? • Fitting with existing services (sidecar lifecycle, race conditions, etc) • What's the delineation between developers and operations? • Non container environments / hybrid env? • Centralization vs decentralization Challenges of adoption
  • 9. 9 | Copyright © 2019 @christianposta • Start at the edge • Start with one proxy, grow to more • Pick a subset of traffic/applications • Get demonstrable value from it • Continue with measurable iterations • Data plane matters! A sensible way to start with service mesh: learn your data plane!
  • 10. 10 | Copyright © 201910 | Copyright © 2019 Confusion in the data plane
  • 11. 11 | Copyright © 2019 @christianposta • API Gateway vs service mesh? • North/south vs east/west • Sidecar vs shared proxy? • Envoy vs nginx vs linkerd proxy vs others? • What needs to go into my code? What do I pick? They seem to overlap!?
  • 12. 12 | Copyright © 201912 | Copyright © 2019 The truth about the data plane
  • 13. 13 | Copyright © 2019 @christianposta Service mesh gives a nice API into application networking.
  • 14. 14 | Copyright © 2019 @christianposta How that API gets implemented will vary.
  • 15. 15 | Copyright © 2019 @christianposta Data plane as a spectrum Implemented in code Out of process sidecar proxy Shared gateway per domain Single centralized gateway
  • 16. 16 | Copyright © 2019 @christianposta • Performance is paramount, cannot use sidecar proxy • Need fine-grained circuit breaking or other resilience measures • More complicated load balancing involving business logic • Cannot deploy a sidecar Implemented as code When to do Watch out for: • Tightly intertwined with your application • Can be difficult to change • Trying to maintain multiple language implementations
  • 17. 17 | Copyright © 2019 @christianposta Implemented as code: example, Consul Service Mesh func main() { client, _ := api.NewClient(api.DefaultConfig()) svc, _ := connect.NewService("my-service", client) defer svc.Close() // Get an HTTP client httpClient := svc.HTTPClient() // Perform a request, then use the standard response resp, _ := httpClient.Get("https://userinfo.service.consul/") }
  • 18. 18 | Copyright © 2019 @christianposta Implemented as “sidecar” proxy • Cannot modify applications • Have multiple languages/frameworks • Overhead is minimal relative to the app • Need a high level of decentralization When to do Watch out for: • Not understanding underlying proxy technology • Race conditions when starting alongside app • Updating when making changes • Leaking proxy-specific information (ie, headers, etc)
  • 19. 19 | Copyright © 2019 @christianposta Sidecar example: Linkerd Service Code Service Code
  • 20. 20 | Copyright © 2019 @christianposta Implemented as shared domain gateway • Cannot use or not ready for sidecar • Provide a single entry point for group of related services • Enforce boundaries • Decoupling of API When to do Watch out for: • Extra hops • Insecure communication last mile • Noisy neighbor
  • 21. 21 | Copyright © 2019 @christianposta Shared gateway example: Istio ingress-gateway
  • 22. 22 | Copyright © 2019 @christianposta Shared gateway example: Gloo
  • 23. 23 | Copyright © 2019 @christianposta Implemented as central gateway • When just starting out • Expect a single central point of ingress/egress • Operational complexity of other approaches too high for current situation When to do Watch out for: • Workflow bottleneck • Insecure communication last mile • Noisy neighbor
  • 24. 24 | Copyright © 2019 @christianposta Implemented in code Out of process sidecar proxy Shared gateway per domain Single centralized gateway Data plane API CNCF Working Group: Unified Data Plane API
  • 25. 25 | Copyright © 2019 @christianposta • Universal, cross-client/server data plane management API • CNCF governed working group; UDPA-WG • Mailing list: udpa-wg@lists.cncf.io • Charter and future development work: https://github.com/cncf/udpa • Development work Q1-Q3 2020, intercept the Envoy v4 xDS API EOY 2020 Universal Data Plane API
  • 26. 26 | Copyright © 201926 | Copyright © 2019 Things at the data plane heating up!
  • 27. 27 | Copyright © 2019 @christianposta Data plane getting very interesting…
  • 28. 28 | Copyright © 2019 @christianposta Data plane getting very interesting… https://github.com/envoyproxy/envoy-wasm
  • 29. 29 | Copyright © 2019 @christianposta Now with beta Web Assembly support! Data plane getting very interesting… https://gloo.solo.io
  • 30. 30 | Copyright © 2019 @christianposta The service mesh API matters! Implemented in code Out of process sidecar proxy Shared gateway per domain Single shared gateway Control plane API API API API API
  • 31. 31 | Copyright © 2019 @christianposta What do you do with an API?
  • 32. 32 | Copyright © 2019 Check out our booth for multi-cluster service mesh management demo. Idit Levine’s talk today at 2:20p My KubeCon workshop: “Service mesh for the developer workflow” Thursday 2:25p