1. Photo by Markos Mant on Unsplash
The Crazy Service
Mesh Ecosystem Lin Sun
Senior Technical Staff Member, IBM
Twitter: @linsun_unc
Koto Feja / Getty Images
3. IBM Cloud
try {
HttpResponse response = httpClient.get(
“http://secretsauce.internal/recipe”);
cook(response.body);
} catch (NetworkError ne) {
fixmePleaseOMG(ne);
}
Credit to Louis Ryan for this fun example
4. IBM Cloud
try {
// Load balancing
IP ip = DNS.lookupSRV(“secretsauce.internal”).pickOne();
HttpResponse response = httpClient.open(ip).get(
“http://secretsauce.internal/recipe”);
cook(response.body);
} catch (NetworkError ne) {
fixmePleaseOMG(ne);
}
Credit to Louis Ryan for this fun example
5. IBM Cloud
for (int i = 0; i < 3; i++) { // Retry
try {
IP ip = DNS.lookupSRV(“secretsauce.internal”).pickOne();
HttpResponse response = httpClient.open(ip).get(
“http://secretsauce.internal/recipe”);
cook(response.body);
} catch (NetworkError ne) {
if (i == 2) fixmePleaseOMG(ne);
else Thread.sleep(random(5) * 1000);
}
}
Credit to Louis Ryan for this fun example
6. IBM Cloud
Secret key = new Secret(new File(“/somewhere/safe/key”);
for (int i = 0; i < 3; i++) {
try {
IP ip = DNS.lookupSRV(“secretsauce.internal”).pickOne();
HttpResponse response = httpClient.open(ip)
.setHeader(“Authorization”, key.toString())
.get(“http://secretsauce.internal/recipe”);
cook(response.body);
} catch (NetworkError ne) {
if (i == 2) fixmePleaseOMG(ne);
else Thread.sleep(random(5) * 1000);
}
}
Credit to Louis Ryan for this fun example
7. IBM Cloud
Secret key = new Secret(new File(“/somewhere/safe/key”);
for (int i = 0; i < 3; i++) {
try {
IP ip = DNS.lookupSRV(“secretsauce.internal”).pickOne();
HttpResponse response = httpClient.open(ip)
.setHeader(“Authorization”, key.toString())
.get(“http://secretsauce.internal/recipe”);
log(“Success”);
cook(response.body);
} catch (NetworkError ne) {
log(“Failed”);
if (i == 2) fixmePleaseOMG(ne);
else Thread.sleep(random(5) * 1000);
}
}
Credit to Louis Ryan for this fun example
18. IBM Cloud
Key Benefits
- Provides language neutral standard attachment to
your application container
- Provides user interfaces to configure policies for the
attachment, without redeploying your application
- Enables clear separation from the application (Dev)
and attachment (Ops)
20. IBM Cloud
Navigate the Ecosystem
- Is it an open-source project governed by a diverse
contributor base?
- Does it use a proprietary proxy?
- Is the project part of a foundation?
- Does it contain the feature set you need?
- Does it integrate well with the existing system you
have?
21. IBM Cloud
Key Service Mesh Players
- Envoy
- Istio
- Linkerd
- Consul Connect
- AWS App Mesh
- Kong Kuma
- AspenMesh
- Service Mesh Interface
22. IBM Cloud
Envoy
- Created at Lyft
- Graduated CNCF Project
- Written in C++
- Out of process architecture
- Advanced load balancing
- APIs for config mgmt
- Observability
24. IBM Cloud
Istio
- Co-founded by IBM, Google and Lyft
- Use Envoy as sidecar
- Open service mesh platform
- Very rich feature sets
- Knative built on top of Istio
26. IBM Cloud
Linkerd
- CNCF incubating project
- Use home grown sidecar written in Rust
- mTLS among services, observability, traffic shifting
- Focus on Kubernetes
- Known for simple UX and zero config
29. IBM Cloud
Consul Connect
- Developed by Hashicorp
- Open-source project
- Extends existing Consul offering
- Use Envoy as sidecar
- Integrate with Vault to manage security
certificates
- mTLS among microservices, observability & L7
traffic management
30. IBM Cloud
App Mesh
- Cloud service hosted by AWS
- Not open source
- Support for all compute services in AWS
- Use envoy as sidecar proxy
- Similar control plane as Istio’s
- Focus on traffic routing and telemetry
31. IBM Cloud
Kong Kuma
- Universal open-source control plane
- Use envoy as sidecar proxy
- Run natively across Kubernetes and VM
- mTLS among services, observability, proxy config
templating
- Multi-tenancy
32. IBM Cloud
AspenMesh
- A supported distribution of the Istio project
- UI/Dashboard to view and manage Istio resources
- Istio Vet
- Interesting business model
34. IBM Cloud
Service Mesh Interface
- Relatively New, announced KubeCon EU 2019
- Microsoft, partnered with Solo.io, Linkerd, Hashicorp
and Vmware etc.
- Attempt to find a common ground for service mesh
on Kubernetes