SlideShare a Scribd company logo

The Future of Service Mesh

All Things Open
All Things Open

Presented at Spacewalk 2023 Presented by Christian Posta, solo.io Title: The Future of Service Mesh Abstract: Service mesh is a powerful way to solve cross-cutting application-networking concerns, such as load balancing, service resilience, observability, and security. Adopting a mesh for your services can save hundreds of hours of developer time and reduce the burden placed on operations. In this talk we'll explore some common use cases for service mesh, look at some case studies, and then dig into innovation happening in this space such as "sidecar-less" service mesh.

Technology
1 of 44
Download to read offline
The Future of Service Mesh
2 | Copyright © 2022 CHRISTIAN POSTA VP, Global Field CTO, Solo.io @christianposta christian@solo.io
3 | Copyright © 2022 Solo.io Modern Application Networking Cloud Native 1.0 Private Cloud | Public Cloud | Kubernetes | Containers Cloud Native 2.0 Modernize API Management Microservice Applications | DevSecOps | GitOps Service Mesh Zero-Trust | Observability Scale Microservices Multi-Clusters Serverless | GraphQL
4 | Copyright © 2022 Solo.io - The Next Step in Your Cloud Journey Well Funded ($135M), $1B Valuation Satisfied Customers (120% Renewals) Cloud-native Technology Leadership Cloud-native Education Leadership The Service Mesh and API Platform for Kubernetes | Zero-Trust | Microservices
5 | Copyright © 2022 Solo Gloo Platform - Enabling Cloud-Native 2.0 Cloud Native 1.0 Private Cloud | Public Cloud | Kubernetes | Containers Cloud Native 2.0 Modernize API Management Microservice Applications | DevSecOps | GitOps Service Mesh Zero-Trust | Observability Scale Microservices Multi-Clusters Serverless | GraphQL
6 | Copyright © 2022 Istio Leadership
7 | Copyright © 2022 Application Networking
8 | Copyright © 2022 What is application networking? Challenges ● Service discovery ● Load balancing ● Timeouts ● Retry / Budgets ● Circuit breaking ● Tracing, observability ● Secure transport ● Extension
9 | Copyright © 2022 What is application networking? ● Example: when svc A calls svc B, svc A should retry up to 3 times, with 0.5s timeouts and total up to 2.0s timeouts, but should not exceed retry budgets ● Example: when exposing svc A on the network, we should be able to quickly understand which services call it and restrict callers to only svc B and svc C ● Example: when svc A calls svc B and svc B is failing, try another locality/zone/cluster ● Example: svc A can call svc B 100 times per hour, but if a customer representing a “platinum” customer, then svc A can call svc B 1000 times per hour ● Example: when svc A calls svc B, and svc B exists in a different line of business, svc A’s request must be re-authenticated/verified before proceeding ● Example: any untrusted traffic coming into a set of applications must be authenticated and authorized at call time using potentially different types of auth before allowing to go upstream
10 | Copyright © 2022 What is application networking?
11 | Copyright © 2022 Application Networking
12 | Copyright © 2022
13 | Copyright © 2022 Additional Network Hops ● Typically expensive load balancers ● More single points of failure ● Difficult to trace/debug ● Additional expense (cloud load balancers, egress/ingress costs, etc) ● Not built for modern, dynamic, ephemeral architectures ● Typically overprovisioned, bloated operational deployments ● Does not fit into GitOps, self-serve model ● Lack of isolation mechanisms (noisy neighbor problems) ● Central team, use tickets to coordinate to make changes Problems with current approaches Outdated Technology Doesn’t Scale
14 | Copyright © 2022 Application Networking
15 | Copyright © 2022 Application Networking
16 | Copyright © 2022 Application Networking
17 | Copyright © 2022 Application Networking
18 | Copyright © 2022 Application Networking
19 | Copyright © 2022 Istio - Open Source Service Mesh 2017 Istio Launched Data Plane Enhancements 2019-20 7 New Community Releases 1000s Production Users ~ 1000 Community Contributors 2022 CNCF 2019-2022
20 | Copyright © 2022 Top Use Cases and Drivers for Service Mesh
21 | Copyright © 2020 Business Drivers for Adopting Istio Observability Resiliency Security
22 | Copyright © 2020 Network Security in Kubernetes Default State !!! Desired State “Zero Trust Security”
23 | Copyright © 2020 DIY … Whoops! 81% of companies experienced a certificate-related outage in the past two years 65% are concerned about the increased workload and risk of outages caused by shorter SSL/TLS certificate lifespans. Human error was a major contributing factor in 95% of breaches
24 | Copyright © 2020 Istio to the Rescue!
25 | Copyright © 2020 Observability - Insights That Drive Competitive Advantage Building a Uniform Approach ● Understand traffic patterns ● Determine service health ● Anticipate outages ● Detect dangerous activity ● Audit access
26 | Copyright © 2020 Istio - Metrics and Access Logging [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default metrics
27 | Copyright © 2020 Resiliency - There Will Be Failures Common Mitigations ● Waiting indefinitely is bad ● Trying again is good ● Degrade gracefully when services are overwhelmed
28 | Copyright © 2020 Timeouts - Don’t Wait Indefinitely
29 | Copyright © 2020 Retries - Trying Again Is Good 👍
30 | Copyright © 2020 Circuit Breaker - Degrade gracefully when services are overwhelmed
31 | Copyright © 2020 Drive everything through GitOps!
32 | Copyright © 2022 Can this be improved?
33 | Copyright © 2022 Istio Data Plane https://www.solo.io/blog/ebpf-for-service-mesh/
34 | Copyright © 2022 Istio Data Plane https://www.solo.io/blog/ebpf-for-service-mesh/
35 | Copyright © 2022 Istio Data Plane https://www.solo.io/blog/ebpf-for-service-mesh/
36 | Copyright © 2022 Introducing Istio Ambient Mesh A new, open source contribution to the Istio project, that defines a new sidecar-less data plane. Improve Performance Simplify Operations Cost Reduction https://istio.io/latest/blog/2022/introducing-ambient-mesh/
37 | Copyright © 2022 How does it work? ● Separate mesh capabilities into L4 and L7 ● Adopt only the capabilities you need ● Remove the data plane from the workload Pods ● Leverage more capabilities in the CNI ● Reduce attack surface of data plane
38 | Copyright © 2022 How does it work?
39 | Copyright © 2022 How does it work?
40 | Copyright © 2022 Benefits ● No more race conditions between workload containers and sidecar/init-container, etc ● Don’t need to inject Pods / alter deployment resources ● Upgrades/patching are out of band / transparent from the application ● Limited risk profile for opting into mesh features ● Reduced blast radius of application vulnerabilities ● Cost savings with reduced data plane components ● Maintain isolated tenancy, customization, configuration ● Maintain the foundations of zero-trust network security ● Improved performance
41 | Copyright © 2022 Demo (link) https://bit.ly/ambient-demo-video
42 | Copyright © 2022 VP, Global Field CTO @christianposta christian@solo.io Additional Resources ● https://www.solo.io/events/upcoming/ ● https://academy.solo.io ● https://lp.solo.io/white-paper-zero-trust ● https://lp.solo.io/istio-ambient-mesh-explained ● https://istio.io
43 | Copyright © 2022 Manage APIs Data Access API Gateway | Kubernetes Ingress Microservices, Security, Observability Kubernetes CNI, Network Policy Application Networking Federation | GraphQL Server
Thank You!

Recommended

Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 
Anthos
AnthosAnthos
Anthos
Meena Sambamurthy
 
CI-CD Jenkins, GitHub Actions, Tekton
CI-CD Jenkins, GitHub Actions, Tekton CI-CD Jenkins, GitHub Actions, Tekton
CI-CD Jenkins, GitHub Actions, Tekton
Araf Karsh Hamid
 
Service mesh
Service meshService mesh
Service mesh
Arnab Mitra
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17
Ryan Jarvinen
 
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Hello Cloud
 
Cloud Native Engineering with SRE and GitOps
Cloud Native Engineering with SRE and GitOpsCloud Native Engineering with SRE and GitOps
Cloud Native Engineering with SRE and GitOps
Weaveworks
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOps
Weaveworks
 

Recommended

Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 
Anthos
AnthosAnthos
Anthos
Meena Sambamurthy
 
CI-CD Jenkins, GitHub Actions, Tekton
CI-CD Jenkins, GitHub Actions, Tekton CI-CD Jenkins, GitHub Actions, Tekton
CI-CD Jenkins, GitHub Actions, Tekton
Araf Karsh Hamid
 
Service mesh
Service meshService mesh
Service mesh
Arnab Mitra
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17
Ryan Jarvinen
 
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Hello Cloud
 
Cloud Native Engineering with SRE and GitOps
Cloud Native Engineering with SRE and GitOpsCloud Native Engineering with SRE and GitOps
Cloud Native Engineering with SRE and GitOps
Weaveworks
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOps
Weaveworks
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
Eueung Mulyana
 
OpenShift Introduction
OpenShift IntroductionOpenShift Introduction
OpenShift Introduction
Red Hat Developers
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
Weaveworks
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
dotCloud
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes Workshop
Bob Killen
 
Kubernetes for Beginners: An Introductory Guide
Kubernetes for Beginners: An Introductory GuideKubernetes for Beginners: An Introductory Guide
Kubernetes for Beginners: An Introductory Guide
Bytemark
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
Martin Danielsson
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Crevise Technologies
 
Service Mesh - Why? How? What?
Service Mesh - Why? How? What?Service Mesh - Why? How? What?
Service Mesh - Why? How? What?
Orkhan Gasimov
 
Gitops: the kubernetes way
Gitops: the kubernetes wayGitops: the kubernetes way
Gitops: the kubernetes way
sparkfabrik
 
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Edureka!
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Weaveworks
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)
Megan O'Keefe
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
Paris Apostolopoulos
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Huy Vo
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and Introduction
Stefan Schimanski
 
Using Azure DevOps to continuously build, test, and deploy containerized appl...
Using Azure DevOps to continuously build, test, and deploy containerized appl...Using Azure DevOps to continuously build, test, and deploy containerized appl...
Using Azure DevOps to continuously build, test, and deploy containerized appl...
Adrian Todorov
 
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftKubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
DevOps.com
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
Amazon Web Services
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Jacopo Nardiello
 
Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service Mesh
Christian Posta
 
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannotapidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays
 

More Related Content

What's hot

Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Weaveworks
 
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftKubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
DevOps.com
 

What's hot (20)

Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
 
OpenShift Introduction
OpenShift IntroductionOpenShift Introduction
OpenShift Introduction
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes Workshop
 
Kubernetes for Beginners: An Introductory Guide
Kubernetes for Beginners: An Introductory GuideKubernetes for Beginners: An Introductory Guide
Kubernetes for Beginners: An Introductory Guide
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
Service Mesh - Why? How? What?
Service Mesh - Why? How? What?Service Mesh - Why? How? What?
Service Mesh - Why? How? What?
 
Gitops: the kubernetes way
Gitops: the kubernetes wayGitops: the kubernetes way
Gitops: the kubernetes way
 
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and Introduction
 
Using Azure DevOps to continuously build, test, and deploy containerized appl...
Using Azure DevOps to continuously build, test, and deploy containerized appl...Using Azure DevOps to continuously build, test, and deploy containerized appl...
Using Azure DevOps to continuously build, test, and deploy containerized appl...
 
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftKubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 

Similar to The Future of Service Mesh

Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service Mesh
Christian Posta
 
Oracle Open World 2018 - Cloud Lift Accelerator Suite
Oracle Open World 2018 - Cloud Lift Accelerator SuiteOracle Open World 2018 - Cloud Lift Accelerator Suite
Oracle Open World 2018 - Cloud Lift Accelerator Suite
Ike Aniagoh
 
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.ioapidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
Christian Posta
 
StampedeCon 2015 Keynote
StampedeCon 2015 KeynoteStampedeCon 2015 Keynote
StampedeCon 2015 Keynote
Ken Owens
 
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
StampedeCon
 
Rethinking the Database in the IoT Era
Rethinking the Database in the IoT EraRethinking the Database in the IoT Era
Rethinking the Database in the IoT Era
InfluxData
 

Similar to The Future of Service Mesh (20)

Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service Mesh
 
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannotapidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
 
Oracle Open World 2018 - Cloud Lift Accelerator Suite
Oracle Open World 2018 - Cloud Lift Accelerator SuiteOracle Open World 2018 - Cloud Lift Accelerator Suite
Oracle Open World 2018 - Cloud Lift Accelerator Suite
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
 
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.ioapidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
 
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on AzureMigrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
 
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdfCNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
 
Patrick Kerpan's CSA EMEA Congress presentation "Overlay Networks: Connecting...
Patrick Kerpan's CSA EMEA Congress presentation "Overlay Networks: Connecting...Patrick Kerpan's CSA EMEA Congress presentation "Overlay Networks: Connecting...
Patrick Kerpan's CSA EMEA Congress presentation "Overlay Networks: Connecting...
 
Api observability
Api observability Api observability
Api observability
 
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdfQuebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
 
StampedeCon 2015 Keynote
StampedeCon 2015 KeynoteStampedeCon 2015 Keynote
StampedeCon 2015 Keynote
 
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
 
Rethinking the Database in the IoT Era
Rethinking the Database in the IoT EraRethinking the Database in the IoT Era
Rethinking the Database in the IoT Era
 
The rise of microservices
The rise of microservicesThe rise of microservices
The rise of microservices
 
Service mesh from linkerd to conduit (cloud native taiwan meetup)
Service mesh from linkerd to conduit (cloud native taiwan meetup)Service mesh from linkerd to conduit (cloud native taiwan meetup)
Service mesh from linkerd to conduit (cloud native taiwan meetup)
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service Mesh
 

More from All Things Open

Open Source and Public Policy
Open Source and Public PolicyOpen Source and Public Policy
Open Source and Public Policy
All Things Open
 
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
All Things Open
 
The State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil NashThe State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil Nash
All Things Open
 
Total ReDoS: The dangers of regex in JavaScript
Total ReDoS: The dangers of regex in JavaScriptTotal ReDoS: The dangers of regex in JavaScript
Total ReDoS: The dangers of regex in JavaScript
All Things Open
 
What Does Real World Mass Adoption of Decentralized Tech Look Like?
What Does Real World Mass Adoption of Decentralized Tech Look Like?What Does Real World Mass Adoption of Decentralized Tech Look Like?
What Does Real World Mass Adoption of Decentralized Tech Look Like?
All Things Open
 
How to Write & Deploy a Smart Contract
How to Write & Deploy a Smart ContractHow to Write & Deploy a Smart Contract
How to Write & Deploy a Smart Contract
All Things Open
 
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
All Things Open
 
DEI Challenges and Success
DEI Challenges and SuccessDEI Challenges and Success
DEI Challenges and Success
All Things Open
 
Scaling Web Applications with Background
Scaling Web Applications with BackgroundScaling Web Applications with Background
Scaling Web Applications with Background
All Things Open
 
Supercharging tutorials with WebAssembly
Supercharging tutorials with WebAssemblySupercharging tutorials with WebAssembly
Supercharging tutorials with WebAssembly
All Things Open
 
Using SQL to Find Needles in Haystacks
Using SQL to Find Needles in HaystacksUsing SQL to Find Needles in Haystacks
Using SQL to Find Needles in Haystacks
All Things Open
 
Configuration Security as a Game of Pursuit Intercept
Configuration Security as a Game of Pursuit InterceptConfiguration Security as a Game of Pursuit Intercept
Configuration Security as a Game of Pursuit Intercept
All Things Open
 
Scaling an Open Source Sponsorship Program
Scaling an Open Source Sponsorship ProgramScaling an Open Source Sponsorship Program
Scaling an Open Source Sponsorship Program
All Things Open
 
Build Developer Experience Teams for Open Source
Build Developer Experience Teams for Open SourceBuild Developer Experience Teams for Open Source
Build Developer Experience Teams for Open Source
All Things Open
 
Deploying Models at Scale with Apache Beam
Deploying Models at Scale with Apache BeamDeploying Models at Scale with Apache Beam
Deploying Models at Scale with Apache Beam
All Things Open
 
Sudo – Giving access while staying in control
Sudo – Giving access while staying in controlSudo – Giving access while staying in control
Sudo – Giving access while staying in control
All Things Open
 
Fortifying the Future: Tackling Security Challenges in AI/ML Applications
Fortifying the Future: Tackling Security Challenges in AI/ML ApplicationsFortifying the Future: Tackling Security Challenges in AI/ML Applications
Fortifying the Future: Tackling Security Challenges in AI/ML Applications
All Things Open
 
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
All Things Open
 

More from All Things Open (20)

Building Reliability - The Realities of Observability
Building Reliability - The Realities of ObservabilityBuilding Reliability - The Realities of Observability
Building Reliability - The Realities of Observability
 
Modern Database Best Practices
Modern Database Best PracticesModern Database Best Practices
Modern Database Best Practices
 
Open Source and Public Policy
Open Source and Public PolicyOpen Source and Public Policy
Open Source and Public Policy
 
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
 
The State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil NashThe State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil Nash
 
Total ReDoS: The dangers of regex in JavaScript
Total ReDoS: The dangers of regex in JavaScriptTotal ReDoS: The dangers of regex in JavaScript
Total ReDoS: The dangers of regex in JavaScript
 
What Does Real World Mass Adoption of Decentralized Tech Look Like?
What Does Real World Mass Adoption of Decentralized Tech Look Like?What Does Real World Mass Adoption of Decentralized Tech Look Like?
What Does Real World Mass Adoption of Decentralized Tech Look Like?
 
How to Write & Deploy a Smart Contract
How to Write & Deploy a Smart ContractHow to Write & Deploy a Smart Contract
How to Write & Deploy a Smart Contract
 
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
 
DEI Challenges and Success
DEI Challenges and SuccessDEI Challenges and Success
DEI Challenges and Success
 
Scaling Web Applications with Background
Scaling Web Applications with BackgroundScaling Web Applications with Background
Scaling Web Applications with Background
 
Supercharging tutorials with WebAssembly
Supercharging tutorials with WebAssemblySupercharging tutorials with WebAssembly
Supercharging tutorials with WebAssembly
 
Using SQL to Find Needles in Haystacks
Using SQL to Find Needles in HaystacksUsing SQL to Find Needles in Haystacks
Using SQL to Find Needles in Haystacks
 
Configuration Security as a Game of Pursuit Intercept
Configuration Security as a Game of Pursuit InterceptConfiguration Security as a Game of Pursuit Intercept
Configuration Security as a Game of Pursuit Intercept
 
Scaling an Open Source Sponsorship Program
Scaling an Open Source Sponsorship ProgramScaling an Open Source Sponsorship Program
Scaling an Open Source Sponsorship Program
 
Build Developer Experience Teams for Open Source
Build Developer Experience Teams for Open SourceBuild Developer Experience Teams for Open Source
Build Developer Experience Teams for Open Source
 
Deploying Models at Scale with Apache Beam
Deploying Models at Scale with Apache BeamDeploying Models at Scale with Apache Beam
Deploying Models at Scale with Apache Beam
 
Sudo – Giving access while staying in control
Sudo – Giving access while staying in controlSudo – Giving access while staying in control
Sudo – Giving access while staying in control
 
Fortifying the Future: Tackling Security Challenges in AI/ML Applications
Fortifying the Future: Tackling Security Challenges in AI/ML ApplicationsFortifying the Future: Tackling Security Challenges in AI/ML Applications
Fortifying the Future: Tackling Security Challenges in AI/ML Applications
 
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
 

Recently uploaded

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Recently uploaded (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

The Future of Service Mesh

  • 1. The Future of Service Mesh
  • 2. 2 | Copyright © 2022 CHRISTIAN POSTA VP, Global Field CTO, Solo.io @christianposta christian@solo.io
  • 3. 3 | Copyright © 2022 Solo.io Modern Application Networking Cloud Native 1.0 Private Cloud | Public Cloud | Kubernetes | Containers Cloud Native 2.0 Modernize API Management Microservice Applications | DevSecOps | GitOps Service Mesh Zero-Trust | Observability Scale Microservices Multi-Clusters Serverless | GraphQL
  • 4. 4 | Copyright © 2022 Solo.io - The Next Step in Your Cloud Journey Well Funded ($135M), $1B Valuation Satisfied Customers (120% Renewals) Cloud-native Technology Leadership Cloud-native Education Leadership The Service Mesh and API Platform for Kubernetes | Zero-Trust | Microservices
  • 5. 5 | Copyright © 2022 Solo Gloo Platform - Enabling Cloud-Native 2.0 Cloud Native 1.0 Private Cloud | Public Cloud | Kubernetes | Containers Cloud Native 2.0 Modernize API Management Microservice Applications | DevSecOps | GitOps Service Mesh Zero-Trust | Observability Scale Microservices Multi-Clusters Serverless | GraphQL
  • 6. 6 | Copyright © 2022 Istio Leadership
  • 7. 7 | Copyright © 2022 Application Networking
  • 8. 8 | Copyright © 2022 What is application networking? Challenges ● Service discovery ● Load balancing ● Timeouts ● Retry / Budgets ● Circuit breaking ● Tracing, observability ● Secure transport ● Extension
  • 9. 9 | Copyright © 2022 What is application networking? ● Example: when svc A calls svc B, svc A should retry up to 3 times, with 0.5s timeouts and total up to 2.0s timeouts, but should not exceed retry budgets ● Example: when exposing svc A on the network, we should be able to quickly understand which services call it and restrict callers to only svc B and svc C ● Example: when svc A calls svc B and svc B is failing, try another locality/zone/cluster ● Example: svc A can call svc B 100 times per hour, but if a customer representing a “platinum” customer, then svc A can call svc B 1000 times per hour ● Example: when svc A calls svc B, and svc B exists in a different line of business, svc A’s request must be re-authenticated/verified before proceeding ● Example: any untrusted traffic coming into a set of applications must be authenticated and authorized at call time using potentially different types of auth before allowing to go upstream
  • 10. 10 | Copyright © 2022 What is application networking?
  • 11. 11 | Copyright © 2022 Application Networking
  • 12. 12 | Copyright © 2022
  • 13. 13 | Copyright © 2022 Additional Network Hops ● Typically expensive load balancers ● More single points of failure ● Difficult to trace/debug ● Additional expense (cloud load balancers, egress/ingress costs, etc) ● Not built for modern, dynamic, ephemeral architectures ● Typically overprovisioned, bloated operational deployments ● Does not fit into GitOps, self-serve model ● Lack of isolation mechanisms (noisy neighbor problems) ● Central team, use tickets to coordinate to make changes Problems with current approaches Outdated Technology Doesn’t Scale
  • 14. 14 | Copyright © 2022 Application Networking
  • 15. 15 | Copyright © 2022 Application Networking
  • 16. 16 | Copyright © 2022 Application Networking
  • 17. 17 | Copyright © 2022 Application Networking
  • 18. 18 | Copyright © 2022 Application Networking
  • 19. 19 | Copyright © 2022 Istio - Open Source Service Mesh 2017 Istio Launched Data Plane Enhancements 2019-20 7 New Community Releases 1000s Production Users ~ 1000 Community Contributors 2022 CNCF 2019-2022
  • 20. 20 | Copyright © 2022 Top Use Cases and Drivers for Service Mesh
  • 21. 21 | Copyright © 2020 Business Drivers for Adopting Istio Observability Resiliency Security
  • 22. 22 | Copyright © 2020 Network Security in Kubernetes Default State !!! Desired State “Zero Trust Security”
  • 23. 23 | Copyright © 2020 DIY … Whoops! 81% of companies experienced a certificate-related outage in the past two years 65% are concerned about the increased workload and risk of outages caused by shorter SSL/TLS certificate lifespans. Human error was a major contributing factor in 95% of breaches
  • 24. 24 | Copyright © 2020 Istio to the Rescue!
  • 25. 25 | Copyright © 2020 Observability - Insights That Drive Competitive Advantage Building a Uniform Approach ● Understand traffic patterns ● Determine service health ● Anticipate outages ● Detect dangerous activity ● Audit access
  • 26. 26 | Copyright © 2020 Istio - Metrics and Access Logging [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default metrics
  • 27. 27 | Copyright © 2020 Resiliency - There Will Be Failures Common Mitigations ● Waiting indefinitely is bad ● Trying again is good ● Degrade gracefully when services are overwhelmed
  • 28. 28 | Copyright © 2020 Timeouts - Don’t Wait Indefinitely
  • 29. 29 | Copyright © 2020 Retries - Trying Again Is Good 👍
  • 30. 30 | Copyright © 2020 Circuit Breaker - Degrade gracefully when services are overwhelmed
  • 31. 31 | Copyright © 2020 Drive everything through GitOps!
  • 32. 32 | Copyright © 2022 Can this be improved?
  • 33. 33 | Copyright © 2022 Istio Data Plane https://www.solo.io/blog/ebpf-for-service-mesh/
  • 34. 34 | Copyright © 2022 Istio Data Plane https://www.solo.io/blog/ebpf-for-service-mesh/
  • 35. 35 | Copyright © 2022 Istio Data Plane https://www.solo.io/blog/ebpf-for-service-mesh/
  • 36. 36 | Copyright © 2022 Introducing Istio Ambient Mesh A new, open source contribution to the Istio project, that defines a new sidecar-less data plane. Improve Performance Simplify Operations Cost Reduction https://istio.io/latest/blog/2022/introducing-ambient-mesh/
  • 37. 37 | Copyright © 2022 How does it work? ● Separate mesh capabilities into L4 and L7 ● Adopt only the capabilities you need ● Remove the data plane from the workload Pods ● Leverage more capabilities in the CNI ● Reduce attack surface of data plane
  • 38. 38 | Copyright © 2022 How does it work?
  • 39. 39 | Copyright © 2022 How does it work?
  • 40. 40 | Copyright © 2022 Benefits ● No more race conditions between workload containers and sidecar/init-container, etc ● Don’t need to inject Pods / alter deployment resources ● Upgrades/patching are out of band / transparent from the application ● Limited risk profile for opting into mesh features ● Reduced blast radius of application vulnerabilities ● Cost savings with reduced data plane components ● Maintain isolated tenancy, customization, configuration ● Maintain the foundations of zero-trust network security ● Improved performance
  • 41. 41 | Copyright © 2022 Demo (link) https://bit.ly/ambient-demo-video
  • 42. 42 | Copyright © 2022 VP, Global Field CTO @christianposta christian@solo.io Additional Resources ● https://www.solo.io/events/upcoming/ ● https://academy.solo.io ● https://lp.solo.io/white-paper-zero-trust ● https://lp.solo.io/istio-ambient-mesh-explained ● https://istio.io
  • 43. 43 | Copyright © 2022 Manage APIs Data Access API Gateway | Kubernetes Ingress Microservices, Security, Observability Kubernetes CNI, Network Policy Application Networking Federation | GraphQL Server