2. Agenda ➔ Theory
◆ Service mesh 101 for dummies
◆ The state of the service mesh
landscape
◆ Deep Dive on Kuma
➔ Demo & Interactive workshop
◆ Installation (including auto sidecar
injection)
◆ Zero trust security with mTLS
◆ Routing, Canary deployments,
Circuit Breaking, Load Shedding
◆ Traffic Shadowing
◆ Observability / Opentracing
3. Speaker Info
● Platform engineer @ platformatory.io
● Kong Champion
● Occasional open source contributor to Cloud Native
projects (k8s, ArgoCD, Tekton, Litmus, etc)
● Local meetup organizer for Kong, Grafana and
Docker
● Cofounder @ platformatory.io
● OSS contribs → Envoy, Apache Kafka, Kong
(amongst others)
● Distributed systems, Himalayas, Music
● https://in.linkedin.com/in/pavankmurthy
● https://grahana.net | https://twitter.com/p6
4. Microservices: A web of complex, distributed, network & people-bound problems
- Polyglot services, you-build-it, you-run-it operating
model
- Autonomous (silo’d?) Teams, Reduced centralized
control, capital G- governance
- A new form of dependency hell: APIs, Service
versions
- Proliferation of endpoints with new data formats and
interface standards (and therefore not just endpoint
but holistic security)
- Troubleshooting & debugging is now an expansive
problem cutting across service boundaries
- Deployments in a new emerging breed of hybrid
infrastructure across public cloud, edge, on-premise
5. The evolution of microservices journey: At first, there were only SOA Monoliths
SOA
legacy
On-pre
mise
VM
Security
Mediation
Traffic Management
Observability
6. …and then came some microservices & containers
legacy Team
Boundary
Team
Boundary
On-pre
mise
VM
Public
Cloud
K8S
Private/
Edge
K8S
Security
Mediation
Traffic
Management
Observability
Security
Mediation
Traffic
Management
Observability
Security
Mediation
Traffic
Management
Observability
7. “Enter”Prise API Management
legacy
{External API Gateway| Enterprise API Management}
Team
Boundary
Team
Boundary
Security
Mediation
Traffic Management
Observability
On-pre
mise
VM
Public
Cloud
K8S
Private/
Edge
K8S
8. –with-microgateways
legacy
{External API Gateway| Enterprise API Management}
Team
Boundary
Team
Boundary
Security
Mediation
Traffic Management
Observability
On-pre
mise
VM
Public
Cloud
K8S
Private/
Edge
K8S
Microgateway
Microgateway
9. And finally the world of service meshes
legacy
{External API Gateway}
Team
Boundary
Team
Boundary
Security
Mediation
Traffic Management
Observability
On-pre
mise
VM
Public
Cloud
K8S
Private/
Edge
K8S
{Unified, Global Control Plane}
Mesh
Gateway
Mesh
Gateway
10. - Born @ Lyft
- Written in C++
- High performance L4-L7
Interception
- A ton of capabilities
- HTTP/2, gRPC
- Service Discovery
- Zone-aware load Balancing
- Observability
- ..and much more
- Extendable, Programmable
- Ideal for light-weight out of
process (typically sidecar
container) to handle all network
concerns
What made it all
possible: The
de-facto data plane
11. The Service Mesh Landscape (of mostly Envoy based service meshes)
13. ● From Kong
○ Donated to CNCF
● SimplifiedMulti-mode support
○ Multi-zone
○ standalone
● Truly Universal
○ First class support for both K8s & VMs
● Adjacent to Kong
○ Blazing fast API-gw (useful for delegated gateway mode support / ingress)
● A beautiful API with abstractions and granular, attribute based selection
○ Mesh
○ TrafficPermission
○ TrafficRoute
○ TrafficTrace
○ TrafficLog
○ FaultInjection
○ HealthCheck
○ CircuitBreaker
○ ProxyTemplate
○ ExternalService
○ Retry
○ TimeOut
○ RateLImit
○ VirtualOutbound
An overview of Kuma
● MeshGateway
● MeshGatewayRoute
● MeshCircuitBreaker
● MeshFaultInjection
● MeshAccessLog
● MeshHealthCheck
● MeshHttpRoute
● MeshProxyPatch
● MeshRateLimit
● MeshRetry
● MeshTimeOut
● MeshTrace
● MeshTrafficPermission
14. A simplified global deployment architecture: abstracting zone, control plane, network (and tenancy models
thereof)
15. - Bounded context & tenant resources
- Mesh per domain / BC for E-W
- Gateway per domain
- While exerting centralized governance
- API Catalog
- And shared services
- Monitoring, observability for SRE / Platform
Teams
- Scale to enterprise requirements
Opportunities in
modern
architecture
16. <<DEMO>>
1. Zero trust security with mutual TLS
2. Observability: OpenTracing (Zipkin) with Kuma, Jaeger;
3. Traffic Routing: Canary deployments (with weighted traffic configurations)
4. Traffic Mirroring: Send shadow traffic to services