SlideShare a Scribd company logo

apidays Paris 2022 - The Magic of Service Mesh, Charly Molter, Kong

apidays
apidays

apidays Paris 2022 - APIs the next 10 years: Software, Society, Sovereignty, Sustainability December 14, 15 & 16, 2022 The Magic of Service Mesh: Everything Your Sidecar Does for You Charly Molter, Engineering Manager at Kong ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/ Deep dive into the API industry with our reports: https://www.apidays.global/industry-reports/ Subscribe to our global newsletter: https://apidays.typeform.com/to/i1MPEW

Data & Analytics
1 of 20
Download to read offline
THE CLOUDCONNECTIVITYCOMPANY 1 © Kong Inc. THE CLOUD CONNECTIVITYCOMPANY Charly Molter ApiDays Paris- DECEMBER 2022 The Magic of Service Mesh What your sidecar does for You
2023 SERIES OF EVENT New York May 16&17 Australia October 11&12 Singapore April 12&13 Helsinki & North June 5&6 Paris SEPTEMBER London November 15&16 June 28-30 SILICON VALLEY March 14&15 Dubai & Middle East February 22&23
THE CLOUDCONNECTIVITYCOMPANY 2 © Kong Inc. - Sidecars are amazing you’ll see! - It’s fun to understand how a service mesh works - As a user it’s useful to understand how things work - Learn how to troubleshoot and leverage some Kuma tools Why this Talk?
THE CLOUDCONNECTIVITYCOMPANY 3 © Kong Inc. 3 Engineering manager of the mesh team @ Kong Worked on many infrastructure projects Twitter @moltch
THE CLOUDCONNECTIVITYCOMPANY 4 © Kong Inc. 4 Service Mesh architecture
THE CLOUDCONNECTIVITYCOMPANY 5 © Kong Inc. 5
THE CLOUDCONNECTIVITYCOMPANY 6 © Kong Inc. 6 Focused architecture
THE CLOUDCONNECTIVITYCOMPANY 7 © Kong Inc. - Simple security model - Containers did a lot of work to achieve multi -tenancy - Great failure isolation (you crash your sidecar, only your pod loses connectivity) - Your sidecar scales like your app does - Upgrading your sidecar is like upgrading your app , something you already do right?! Why a sidecar? For more: https://thenewstack.io/ebpf-or-not-sidecars-are-the-future-of-the-service-mesh/
THE CLOUDCONNECTIVITYCOMPANY 8 © Kong Inc. Control Plane and Sidecars
THE CLOUDCONNECTIVITYCOMPANY 9 © Kong Inc. - Envoy has a very complete admin api exposed on 127.0.0.1:9901 - Use kumactl or GUI to access it - policies : list policies that apply to your dataplane - config -dump: get the full envoy config dump - stats: show stats of the proxy - clusters: show information about envoy clusters and endpoints. What happens under the hood Inspecting your sidecar
THE CLOUDCONNECTIVITYCOMPANY 10 © Kong Inc. - Control-plane issue a certificate per sidecar - Sidecar info are added in the SAN of the cert as spiffe ids. .e.g: spiffe://default/demo-app_kuma-demo_svc_5000 - Server leverages spiffe ids to identify clients - Cert is renewed by the Control-plane before expiration What happens under the hood Mutual TLS and Certificate rotation
THE CLOUDCONNECTIVITYCOMPANY 11 © Kong Inc. - Envoy will issue 1 certificate for each sidecar - Control-plane regenerates when at 4/5 of the expiration time - Envoy will use this new certificate - Dataplane tags are added in the SAN of the cert as spiffe ids. .e.g: spiffe://default/demo-app_kuma-demo_svc_5000 What happens under the hood Mutual TLS and Certificate rotation
THE CLOUDCONNECTIVITYCOMPANY 12 © Kong Inc. - Control-plane will issue new certificates using the “enabledBacked” for all dataplanes - All sidecars will have both CAs to allow clients with old and new cert - Once all sidecars are on the new CA you can delete the old backend What happens under the hood CA Rotation is Almost as Easy
THE CLOUDCONNECTIVITYCOMPANY 13 © Kong Inc. - Envoy will expose metrics on :5670 - The sidecar can also scrape your application metrics on :5000 - Application metrics and sidecar metrics are all exposed with a common set of labels regardless of where they run (kubernetes or elsewhere). - No need to expose your application metrics port to scrape metrics What happens under the hood How About Metrics?
THE CLOUDCONNECTIVITYCOMPANY 14 © Kong Inc. - Whenever a pod is added/removed or goes unhealthy the CP recomputes the configuration of all of the service’s clients - All this usually happens in < 1 second - Load balancing algorithm is configurable What happens under the hood Endpoint discovery / load balancing
THE CLOUDCONNECTIVITYCOMPANY 15 © Kong Inc. - Exclude endpoints for some time if the failure rate jumps over a threshold - When setting it to 15% we see the endpoint that has 81%success won’t receive requests What happens under the hood Outlier detection
THE CLOUDCONNECTIVITYCOMPANY 16 © Kong Inc. - Raising the threshold to 5% - Now 2 endpoints are outliers and won’t receive requests What happens under the hood Lowering the threshold
THE CLOUDCONNECTIVITYCOMPANY 17 © Kong Inc. - When playing with endpoint health always set fail safe to avoid ending with too few endpoints. - In this case maxEjectionPercent does this. If less than 50% of the endpoints are outliers consider no-one as an outlier What happens under the hood Avoiding Shooting Yourself in the Foot
THE CLOUDCONNECTIVITYCOMPANY 18 © Kong Inc. - Sidecars implement complex algorithms - Envoy is very mature so you can trust these algorithms - Whenever evaluating the overhead of the mesh take into account the features it brings - Use kumactl inspect (or the UI) to figure out how things work What happens under the hood Conclusion
THE CLOUDCONNECTIVITYCOMPANY 19 © Kong Inc. 1 9 Scan To Get Kong Mesh Thanks! Please ask me any questions

Recommended

Kong Mesh入門編
Kong Mesh入門編Kong Mesh入門編
Kong Mesh入門編
WenhanShi1
 
What's new in Performance Vision version 2.18
What's new in Performance Vision version 2.18What's new in Performance Vision version 2.18
What's new in Performance Vision version 2.18
PerformanceVision (previously SecurActive)
 
Real World Problem Solving Using Application Performance Management 10
Real World Problem Solving Using Application Performance Management 10Real World Problem Solving Using Application Performance Management 10
Real World Problem Solving Using Application Performance Management 10
CA Technologies
 
Kong Academyを日本語でお届け!#3 ”はじめてのKong”オンラインミートアップ
Kong Academyを日本語でお届け!#3 ”はじめてのKong”オンラインミートアップKong Academyを日本語でお届け!#3 ”はじめてのKong”オンラインミートアップ
Kong Academyを日本語でお届け!#3 ”はじめてのKong”オンラインミートアップ
Junji Nishihara
 
PLNOG15: The Power of the Open Standards SDN API’s - Mikael Holmberg
PLNOG15: The Power of the Open Standards SDN API’s - Mikael Holmberg PLNOG15: The Power of the Open Standards SDN API’s - Mikael Holmberg
PLNOG15: The Power of the Open Standards SDN API’s - Mikael Holmberg
PROIDEA
 
Selective blackholing - how to use & implement
Selective blackholing - how to use & implementSelective blackholing - how to use & implement
Selective blackholing - how to use & implement
APNIC
 
Why Splunk Chose Pulsar_Karthik Ramasamy
Why Splunk Chose Pulsar_Karthik RamasamyWhy Splunk Chose Pulsar_Karthik Ramasamy
Why Splunk Chose Pulsar_Karthik Ramasamy
StreamNative
 
Pulsar summit-keynote-final
Pulsar summit-keynote-finalPulsar summit-keynote-final
Pulsar summit-keynote-final
Karthik Ramasamy
 

Recommended

Kong Mesh入門編
Kong Mesh入門編Kong Mesh入門編
Kong Mesh入門編
WenhanShi1
 
What's new in Performance Vision version 2.18
What's new in Performance Vision version 2.18What's new in Performance Vision version 2.18
What's new in Performance Vision version 2.18
PerformanceVision (previously SecurActive)
 
Real World Problem Solving Using Application Performance Management 10
Real World Problem Solving Using Application Performance Management 10Real World Problem Solving Using Application Performance Management 10
Real World Problem Solving Using Application Performance Management 10
CA Technologies
 
Kong Academyを日本語でお届け!#3 ”はじめてのKong”オンラインミートアップ
Kong Academyを日本語でお届け!#3 ”はじめてのKong”オンラインミートアップKong Academyを日本語でお届け!#3 ”はじめてのKong”オンラインミートアップ
Kong Academyを日本語でお届け!#3 ”はじめてのKong”オンラインミートアップ
Junji Nishihara
 
PLNOG15: The Power of the Open Standards SDN API’s - Mikael Holmberg
PLNOG15: The Power of the Open Standards SDN API’s - Mikael Holmberg PLNOG15: The Power of the Open Standards SDN API’s - Mikael Holmberg
PLNOG15: The Power of the Open Standards SDN API’s - Mikael Holmberg
PROIDEA
 
Selective blackholing - how to use & implement
Selective blackholing - how to use & implementSelective blackholing - how to use & implement
Selective blackholing - how to use & implement
APNIC
 
Why Splunk Chose Pulsar_Karthik Ramasamy
Why Splunk Chose Pulsar_Karthik RamasamyWhy Splunk Chose Pulsar_Karthik Ramasamy
Why Splunk Chose Pulsar_Karthik Ramasamy
StreamNative
 
Pulsar summit-keynote-final
Pulsar summit-keynote-finalPulsar summit-keynote-final
Pulsar summit-keynote-final
Karthik Ramasamy
 
CA Unified Infrastructure Management Network Performance Management Capabili...
CA Unified Infrastructure Management Network Performance Management Capabili... CA Unified Infrastructure Management Network Performance Management Capabili...
CA Unified Infrastructure Management Network Performance Management Capabili...
CA Technologies
 
Solace PubSub+ MuleSoft Connector for Mule 4
Solace PubSub+ MuleSoft Connector for Mule 4Solace PubSub+ MuleSoft Connector for Mule 4
Solace PubSub+ MuleSoft Connector for Mule 4
Manish Kumar Yadav
 
Microservices: What's Missing - O'Reilly Software Architecture New York
Microservices: What's Missing - O'Reilly Software Architecture New YorkMicroservices: What's Missing - O'Reilly Software Architecture New York
Microservices: What's Missing - O'Reilly Software Architecture New York
Adrian Cockcroft
 
CA Spectrum® Just Keeps Getting Better and Better
CA Spectrum® Just Keeps Getting Better and BetterCA Spectrum® Just Keeps Getting Better and Better
CA Spectrum® Just Keeps Getting Better and Better
CA Technologies
 
Final ams power_point_slides-------newwww
Final ams power_point_slides-------newwwwFinal ams power_point_slides-------newwww
Final ams power_point_slides-------newwww
vivekmsmech
 
Bringing M2M to the web with Paho: Connecting Java Devices and online dashboa...
Bringing M2M to the web with Paho: Connecting Java Devices and online dashboa...Bringing M2M to the web with Paho: Connecting Java Devices and online dashboa...
Bringing M2M to the web with Paho: Connecting Java Devices and online dashboa...
Dominik Obermaier
 
"はじめてのKong Konnect" APIゲートウェイと Service Meshについて学ぼう!
"はじめてのKong Konnect" APIゲートウェイと Service Meshについて学ぼう! "はじめてのKong Konnect" APIゲートウェイと Service Meshについて学ぼう!
"はじめてのKong Konnect" APIゲートウェイと Service Meshについて学ぼう!
Junji Nishihara
 
EXTENT-2016: Network Instrumentation Challenges and Solutions
EXTENT-2016: Network Instrumentation Challenges and SolutionsEXTENT-2016: Network Instrumentation Challenges and Solutions
EXTENT-2016: Network Instrumentation Challenges and Solutions
Iosif Itkin
 
Hands-On Lab: Managing and Monitoring Node.js Made Easy with CA Application P...
Hands-On Lab: Managing and Monitoring Node.js Made Easy with CA Application P...Hands-On Lab: Managing and Monitoring Node.js Made Easy with CA Application P...
Hands-On Lab: Managing and Monitoring Node.js Made Easy with CA Application P...
CA Technologies
 
Apache Pulsar @Splunk
Apache Pulsar @SplunkApache Pulsar @Splunk
Apache Pulsar @Splunk
Karthik Ramasamy
 
Kong Academyを日本語でお届け!#4 ”はじめてのKong”オンラインミートアップKong Developer Portal編
Kong Academyを日本語でお届け!#4 ”はじめてのKong”オンラインミートアップKong Developer Portal編Kong Academyを日本語でお届け!#4 ”はじめてのKong”オンラインミートアップKong Developer Portal編
Kong Academyを日本語でお届け!#4 ”はじめてのKong”オンラインミートアップKong Developer Portal編
Junji Nishihara
 
Best of .conf21 Session Recommendations
Best of .conf21 Session RecommendationsBest of .conf21 Session Recommendations
Best of .conf21 Session Recommendations
Splunk
 
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
Aruba, a Hewlett Packard Enterprise company
 
Serverless integration anatomy
Serverless integration anatomyServerless integration anatomy
Serverless integration anatomy
Christina Lin
 
Pre-Con Ed: Upgrading UUJMA (CA 7 Agent) to CA Workload Automation System Agent
Pre-Con Ed: Upgrading UUJMA (CA 7 Agent) to CA Workload Automation System AgentPre-Con Ed: Upgrading UUJMA (CA 7 Agent) to CA Workload Automation System Agent
Pre-Con Ed: Upgrading UUJMA (CA 7 Agent) to CA Workload Automation System Agent
CA Technologies
 
CCNA R&S-11-Troubleshooting Ethernet LANs
CCNA R&S-11-Troubleshooting Ethernet LANsCCNA R&S-11-Troubleshooting Ethernet LANs
CCNA R&S-11-Troubleshooting Ethernet LANs
Amir Jafari
 
Performance vision Version 2.15 news
Performance vision Version 2.15 newsPerformance vision Version 2.15 news
Performance vision Version 2.15 news
PerformanceVision (previously SecurActive)
 
Technology Primer: Monitor Microservices, Containers, Cloud Foundry and Node ...
Technology Primer: Monitor Microservices, Containers, Cloud Foundry and Node ...Technology Primer: Monitor Microservices, Containers, Cloud Foundry and Node ...
Technology Primer: Monitor Microservices, Containers, Cloud Foundry and Node ...
CA Technologies
 
IRJET- Real Time Fault Detection System for Steam Condenser by using PLC SCADA
IRJET- Real Time Fault Detection System for Steam Condenser by using PLC SCADAIRJET- Real Time Fault Detection System for Steam Condenser by using PLC SCADA
IRJET- Real Time Fault Detection System for Steam Condenser by using PLC SCADA
IRJET Journal
 
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
Henning Jacobs
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
 

More Related Content

Similar to apidays Paris 2022 - The Magic of Service Mesh, Charly Molter, Kong

CA Unified Infrastructure Management Network Performance Management Capabili...
CA Unified Infrastructure Management Network Performance Management Capabili... CA Unified Infrastructure Management Network Performance Management Capabili...
CA Unified Infrastructure Management Network Performance Management Capabili...
CA Technologies
 
Solace PubSub+ MuleSoft Connector for Mule 4
Solace PubSub+ MuleSoft Connector for Mule 4Solace PubSub+ MuleSoft Connector for Mule 4
Solace PubSub+ MuleSoft Connector for Mule 4
Manish Kumar Yadav
 
Bringing M2M to the web with Paho: Connecting Java Devices and online dashboa...
Bringing M2M to the web with Paho: Connecting Java Devices and online dashboa...Bringing M2M to the web with Paho: Connecting Java Devices and online dashboa...
Bringing M2M to the web with Paho: Connecting Java Devices and online dashboa...
Dominik Obermaier
 
"はじめてのKong Konnect" APIゲートウェイと Service Meshについて学ぼう!
"はじめてのKong Konnect" APIゲートウェイと Service Meshについて学ぼう! "はじめてのKong Konnect" APIゲートウェイと Service Meshについて学ぼう!
"はじめてのKong Konnect" APIゲートウェイと Service Meshについて学ぼう!
Junji Nishihara
 
Kong Academyを日本語でお届け!#4 ”はじめてのKong”オンラインミートアップKong Developer Portal編
Kong Academyを日本語でお届け!#4 ”はじめてのKong”オンラインミートアップKong Developer Portal編Kong Academyを日本語でお届け!#4 ”はじめてのKong”オンラインミートアップKong Developer Portal編
Kong Academyを日本語でお届け!#4 ”はじめてのKong”オンラインミートアップKong Developer Portal編
Junji Nishihara
 
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
Aruba, a Hewlett Packard Enterprise company
 
Technology Primer: Monitor Microservices, Containers, Cloud Foundry and Node ...
Technology Primer: Monitor Microservices, Containers, Cloud Foundry and Node ...Technology Primer: Monitor Microservices, Containers, Cloud Foundry and Node ...
Technology Primer: Monitor Microservices, Containers, Cloud Foundry and Node ...
CA Technologies
 
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
Henning Jacobs
 

Similar to apidays Paris 2022 - The Magic of Service Mesh, Charly Molter, Kong (20)

CA Unified Infrastructure Management Network Performance Management Capabili...
CA Unified Infrastructure Management Network Performance Management Capabili... CA Unified Infrastructure Management Network Performance Management Capabili...
CA Unified Infrastructure Management Network Performance Management Capabili...
 
Solace PubSub+ MuleSoft Connector for Mule 4
Solace PubSub+ MuleSoft Connector for Mule 4Solace PubSub+ MuleSoft Connector for Mule 4
Solace PubSub+ MuleSoft Connector for Mule 4
 
Microservices: What's Missing - O'Reilly Software Architecture New York
Microservices: What's Missing - O'Reilly Software Architecture New YorkMicroservices: What's Missing - O'Reilly Software Architecture New York
Microservices: What's Missing - O'Reilly Software Architecture New York
 
CA Spectrum® Just Keeps Getting Better and Better
CA Spectrum® Just Keeps Getting Better and BetterCA Spectrum® Just Keeps Getting Better and Better
CA Spectrum® Just Keeps Getting Better and Better
 
Final ams power_point_slides-------newwww
Final ams power_point_slides-------newwwwFinal ams power_point_slides-------newwww
Final ams power_point_slides-------newwww
 
Bringing M2M to the web with Paho: Connecting Java Devices and online dashboa...
Bringing M2M to the web with Paho: Connecting Java Devices and online dashboa...Bringing M2M to the web with Paho: Connecting Java Devices and online dashboa...
Bringing M2M to the web with Paho: Connecting Java Devices and online dashboa...
 
"はじめてのKong Konnect" APIゲートウェイと Service Meshについて学ぼう!
"はじめてのKong Konnect" APIゲートウェイと Service Meshについて学ぼう! "はじめてのKong Konnect" APIゲートウェイと Service Meshについて学ぼう!
"はじめてのKong Konnect" APIゲートウェイと Service Meshについて学ぼう!
 
EXTENT-2016: Network Instrumentation Challenges and Solutions
EXTENT-2016: Network Instrumentation Challenges and SolutionsEXTENT-2016: Network Instrumentation Challenges and Solutions
EXTENT-2016: Network Instrumentation Challenges and Solutions
 
Hands-On Lab: Managing and Monitoring Node.js Made Easy with CA Application P...
Hands-On Lab: Managing and Monitoring Node.js Made Easy with CA Application P...Hands-On Lab: Managing and Monitoring Node.js Made Easy with CA Application P...
Hands-On Lab: Managing and Monitoring Node.js Made Easy with CA Application P...
 
Apache Pulsar @Splunk
Apache Pulsar @SplunkApache Pulsar @Splunk
Apache Pulsar @Splunk
 
Kong Academyを日本語でお届け!#4 ”はじめてのKong”オンラインミートアップKong Developer Portal編
Kong Academyを日本語でお届け!#4 ”はじめてのKong”オンラインミートアップKong Developer Portal編Kong Academyを日本語でお届け!#4 ”はじめてのKong”オンラインミートアップKong Developer Portal編
Kong Academyを日本語でお届け!#4 ”はじめてのKong”オンラインミートアップKong Developer Portal編
 
Best of .conf21 Session Recommendations
Best of .conf21 Session RecommendationsBest of .conf21 Session Recommendations
Best of .conf21 Session Recommendations
 
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
 
Serverless integration anatomy
Serverless integration anatomyServerless integration anatomy
Serverless integration anatomy
 
Pre-Con Ed: Upgrading UUJMA (CA 7 Agent) to CA Workload Automation System Agent
Pre-Con Ed: Upgrading UUJMA (CA 7 Agent) to CA Workload Automation System AgentPre-Con Ed: Upgrading UUJMA (CA 7 Agent) to CA Workload Automation System Agent
Pre-Con Ed: Upgrading UUJMA (CA 7 Agent) to CA Workload Automation System Agent
 
CCNA R&S-11-Troubleshooting Ethernet LANs
CCNA R&S-11-Troubleshooting Ethernet LANsCCNA R&S-11-Troubleshooting Ethernet LANs
CCNA R&S-11-Troubleshooting Ethernet LANs
 
Performance vision Version 2.15 news
Performance vision Version 2.15 newsPerformance vision Version 2.15 news
Performance vision Version 2.15 news
 
Technology Primer: Monitor Microservices, Containers, Cloud Foundry and Node ...
Technology Primer: Monitor Microservices, Containers, Cloud Foundry and Node ...Technology Primer: Monitor Microservices, Containers, Cloud Foundry and Node ...
Technology Primer: Monitor Microservices, Containers, Cloud Foundry and Node ...
 
IRJET- Real Time Fault Detection System for Steam Condenser by using PLC SCADA
IRJET- Real Time Fault Detection System for Steam Condenser by using PLC SCADAIRJET- Real Time Fault Detection System for Steam Condenser by using PLC SCADA
IRJET- Real Time Fault Detection System for Steam Condenser by using PLC SCADA
 
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
Why Kubernetes? Cloud Native and Developer Experience at Zalando - OWL Tech &...
 

More from apidays

Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
apidays
 

More from apidays (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
 
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
 
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
 
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
 
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
 
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
 
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
 
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
 
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
 

Recently uploaded

sourabh vyas1222222222222222222244444444
sourabh vyas1222222222222222222244444444sourabh vyas1222222222222222222244444444
sourabh vyas1222222222222222222244444444
saurabvyas476
 
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
yulianti213969
 
Abortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotec
Abortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotecAbortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotec
Abortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotec
Abortion pills in Riyadh +966572737505 get cytotec
 
Displacement, Velocity, Acceleration, and Second Derivatives
Displacement, Velocity, Acceleration, and Second DerivativesDisplacement, Velocity, Acceleration, and Second Derivatives
Displacement, Velocity, Acceleration, and Second Derivatives
23050636
 
Abortion pills in Doha {{ QATAR }} +966572737505) Get Cytotec
Abortion pills in Doha {{ QATAR }} +966572737505) Get CytotecAbortion pills in Doha {{ QATAR }} +966572737505) Get Cytotec
Abortion pills in Doha {{ QATAR }} +966572737505) Get Cytotec
Abortion pills in Riyadh +966572737505 get cytotec
 
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
wsppdmt
 
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get CytotecAbortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Riyadh +966572737505 get cytotec
 
Jual Obat Aborsi Bandung (Asli No.1) Wa 082134680322 Klinik Obat Penggugur Ka...
Jual Obat Aborsi Bandung (Asli No.1) Wa 082134680322 Klinik Obat Penggugur Ka...Jual Obat Aborsi Bandung (Asli No.1) Wa 082134680322 Klinik Obat Penggugur Ka...
Jual Obat Aborsi Bandung (Asli No.1) Wa 082134680322 Klinik Obat Penggugur Ka...
Klinik Aborsi
 
Abortion Clinic in Kempton Park +27791653574 WhatsApp Abortion Clinic Service...
Abortion Clinic in Kempton Park +27791653574 WhatsApp Abortion Clinic Service...Abortion Clinic in Kempton Park +27791653574 WhatsApp Abortion Clinic Service...
Abortion Clinic in Kempton Park +27791653574 WhatsApp Abortion Clinic Service...
mikehavy0
 
如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
acoha1
 

Recently uploaded (20)

SCI8-Q4-MOD11.pdfwrwujrrjfaajerjrajrrarj
SCI8-Q4-MOD11.pdfwrwujrrjfaajerjrajrrarjSCI8-Q4-MOD11.pdfwrwujrrjfaajerjrajrrarj
SCI8-Q4-MOD11.pdfwrwujrrjfaajerjrajrrarj
 
Case Study 4 Where the cry of rebellion happen?
Case Study 4 Where the cry of rebellion happen?Case Study 4 Where the cry of rebellion happen?
Case Study 4 Where the cry of rebellion happen?
 
sourabh vyas1222222222222222222244444444
sourabh vyas1222222222222222222244444444sourabh vyas1222222222222222222244444444
sourabh vyas1222222222222222222244444444
 
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
obat aborsi Tarakan wa 081336238223 jual obat aborsi cytotec asli di Tarakan9...
 
社内勉強会資料_Object Recognition as Next Token Prediction
社内勉強会資料_Object Recognition as Next Token Prediction社内勉強会資料_Object Recognition as Next Token Prediction
社内勉強会資料_Object Recognition as Next Token Prediction
 
Abortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotec
Abortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotecAbortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotec
Abortion pills in Riyadh Saudi Arabia (+966572737505 buy cytotec
 
Displacement, Velocity, Acceleration, and Second Derivatives
Displacement, Velocity, Acceleration, and Second DerivativesDisplacement, Velocity, Acceleration, and Second Derivatives
Displacement, Velocity, Acceleration, and Second Derivatives
 
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
 
Ranking and Scoring Exercises for Research
Ranking and Scoring Exercises for ResearchRanking and Scoring Exercises for Research
Ranking and Scoring Exercises for Research
 
DS Lecture-1 about discrete structure .ppt
DS Lecture-1 about discrete structure .pptDS Lecture-1 about discrete structure .ppt
DS Lecture-1 about discrete structure .ppt
 
Introduction to Statistics Presentation.pptx
Introduction to Statistics Presentation.pptxIntroduction to Statistics Presentation.pptx
Introduction to Statistics Presentation.pptx
 
Identify Customer Segments to Create Customer Offers for Each Segment - Appli...
Identify Customer Segments to Create Customer Offers for Each Segment - Appli...Identify Customer Segments to Create Customer Offers for Each Segment - Appli...
Identify Customer Segments to Create Customer Offers for Each Segment - Appli...
 
Pentesting_AI and security challenges of AI
Pentesting_AI and security challenges of AIPentesting_AI and security challenges of AI
Pentesting_AI and security challenges of AI
 
Northern New England Tableau User Group (TUG) May 2024
Northern New England Tableau User Group (TUG) May 2024Northern New England Tableau User Group (TUG) May 2024
Northern New England Tableau User Group (TUG) May 2024
 
Abortion pills in Doha {{ QATAR }} +966572737505) Get Cytotec
Abortion pills in Doha {{ QATAR }} +966572737505) Get CytotecAbortion pills in Doha {{ QATAR }} +966572737505) Get Cytotec
Abortion pills in Doha {{ QATAR }} +966572737505) Get Cytotec
 
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
 
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get CytotecAbortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get Cytotec
 
Jual Obat Aborsi Bandung (Asli No.1) Wa 082134680322 Klinik Obat Penggugur Ka...
Jual Obat Aborsi Bandung (Asli No.1) Wa 082134680322 Klinik Obat Penggugur Ka...Jual Obat Aborsi Bandung (Asli No.1) Wa 082134680322 Klinik Obat Penggugur Ka...
Jual Obat Aborsi Bandung (Asli No.1) Wa 082134680322 Klinik Obat Penggugur Ka...
 
Abortion Clinic in Kempton Park +27791653574 WhatsApp Abortion Clinic Service...
Abortion Clinic in Kempton Park +27791653574 WhatsApp Abortion Clinic Service...Abortion Clinic in Kempton Park +27791653574 WhatsApp Abortion Clinic Service...
Abortion Clinic in Kempton Park +27791653574 WhatsApp Abortion Clinic Service...
 
如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
如何办理(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单本科硕士学位证留信学历认证
 

apidays Paris 2022 - The Magic of Service Mesh, Charly Molter, Kong

  • 1. THE CLOUDCONNECTIVITYCOMPANY 1 © Kong Inc. THE CLOUD CONNECTIVITYCOMPANY Charly Molter ApiDays Paris- DECEMBER 2022 The Magic of Service Mesh What your sidecar does for You
  • 2. 2023 SERIES OF EVENT New York May 16&17 Australia October 11&12 Singapore April 12&13 Helsinki & North June 5&6 Paris SEPTEMBER London November 15&16 June 28-30 SILICON VALLEY March 14&15 Dubai & Middle East February 22&23
  • 3. THE CLOUDCONNECTIVITYCOMPANY 2 © Kong Inc. - Sidecars are amazing you’ll see! - It’s fun to understand how a service mesh works - As a user it’s useful to understand how things work - Learn how to troubleshoot and leverage some Kuma tools Why this Talk?
  • 4. THE CLOUDCONNECTIVITYCOMPANY 3 © Kong Inc. 3 Engineering manager of the mesh team @ Kong Worked on many infrastructure projects Twitter @moltch
  • 5. THE CLOUDCONNECTIVITYCOMPANY 4 © Kong Inc. 4 Service Mesh architecture
  • 7. THE CLOUDCONNECTIVITYCOMPANY 6 © Kong Inc. 6 Focused architecture
  • 8. THE CLOUDCONNECTIVITYCOMPANY 7 © Kong Inc. - Simple security model - Containers did a lot of work to achieve multi -tenancy - Great failure isolation (you crash your sidecar, only your pod loses connectivity) - Your sidecar scales like your app does - Upgrading your sidecar is like upgrading your app , something you already do right?! Why a sidecar? For more: https://thenewstack.io/ebpf-or-not-sidecars-are-the-future-of-the-service-mesh/
  • 9. THE CLOUDCONNECTIVITYCOMPANY 8 © Kong Inc. Control Plane and Sidecars
  • 10. THE CLOUDCONNECTIVITYCOMPANY 9 © Kong Inc. - Envoy has a very complete admin api exposed on 127.0.0.1:9901 - Use kumactl or GUI to access it - policies : list policies that apply to your dataplane - config -dump: get the full envoy config dump - stats: show stats of the proxy - clusters: show information about envoy clusters and endpoints. What happens under the hood Inspecting your sidecar
  • 11. THE CLOUDCONNECTIVITYCOMPANY 10 © Kong Inc. - Control-plane issue a certificate per sidecar - Sidecar info are added in the SAN of the cert as spiffe ids. .e.g: spiffe://default/demo-app_kuma-demo_svc_5000 - Server leverages spiffe ids to identify clients - Cert is renewed by the Control-plane before expiration What happens under the hood Mutual TLS and Certificate rotation
  • 12. THE CLOUDCONNECTIVITYCOMPANY 11 © Kong Inc. - Envoy will issue 1 certificate for each sidecar - Control-plane regenerates when at 4/5 of the expiration time - Envoy will use this new certificate - Dataplane tags are added in the SAN of the cert as spiffe ids. .e.g: spiffe://default/demo-app_kuma-demo_svc_5000 What happens under the hood Mutual TLS and Certificate rotation
  • 13. THE CLOUDCONNECTIVITYCOMPANY 12 © Kong Inc. - Control-plane will issue new certificates using the “enabledBacked” for all dataplanes - All sidecars will have both CAs to allow clients with old and new cert - Once all sidecars are on the new CA you can delete the old backend What happens under the hood CA Rotation is Almost as Easy
  • 14. THE CLOUDCONNECTIVITYCOMPANY 13 © Kong Inc. - Envoy will expose metrics on :5670 - The sidecar can also scrape your application metrics on :5000 - Application metrics and sidecar metrics are all exposed with a common set of labels regardless of where they run (kubernetes or elsewhere). - No need to expose your application metrics port to scrape metrics What happens under the hood How About Metrics?
  • 15. THE CLOUDCONNECTIVITYCOMPANY 14 © Kong Inc. - Whenever a pod is added/removed or goes unhealthy the CP recomputes the configuration of all of the service’s clients - All this usually happens in < 1 second - Load balancing algorithm is configurable What happens under the hood Endpoint discovery / load balancing
  • 16. THE CLOUDCONNECTIVITYCOMPANY 15 © Kong Inc. - Exclude endpoints for some time if the failure rate jumps over a threshold - When setting it to 15% we see the endpoint that has 81%success won’t receive requests What happens under the hood Outlier detection
  • 17. THE CLOUDCONNECTIVITYCOMPANY 16 © Kong Inc. - Raising the threshold to 5% - Now 2 endpoints are outliers and won’t receive requests What happens under the hood Lowering the threshold
  • 18. THE CLOUDCONNECTIVITYCOMPANY 17 © Kong Inc. - When playing with endpoint health always set fail safe to avoid ending with too few endpoints. - In this case maxEjectionPercent does this. If less than 50% of the endpoints are outliers consider no-one as an outlier What happens under the hood Avoiding Shooting Yourself in the Foot
  • 19. THE CLOUDCONNECTIVITYCOMPANY 18 © Kong Inc. - Sidecars implement complex algorithms - Envoy is very mature so you can trust these algorithms - Whenever evaluating the overhead of the mesh take into account the features it brings - Use kumactl inspect (or the UI) to figure out how things work What happens under the hood Conclusion
  • 20. THE CLOUDCONNECTIVITYCOMPANY 19 © Kong Inc. 1 9 Scan To Get Kong Mesh Thanks! Please ask me any questions