SlideShare a Scribd company logo

Kuma + Kong

A
AvinashUpadhyaya3

Slides from the talk on Introduction to Kuma Service Mesh by Pavan Keshavamurthy at Kong Bengaluru meetup

Technology
1 of 16
Download to read offline
Kuma Workshop Presented at Kong Meetup – 23 Feb 2023 @ Microsoft Reactor, Bangalore
Agenda ➔ Theory ◆ Service mesh 101 for dummies ◆ The state of the service mesh landscape ◆ Deep Dive on Kuma ➔ Demo & Interactive workshop ◆ Installation (including auto sidecar injection) ◆ Zero trust security with mTLS ◆ Routing, Canary deployments, Circuit Breaking, Load Shedding ◆ Traffic Shadowing ◆ Observability / Opentracing
Speaker Info ● Platform engineer @ platformatory.io ● Kong Champion ● Occasional open source contributor to Cloud Native projects (k8s, ArgoCD, Tekton, Litmus, etc) ● Local meetup organizer for Kong, Grafana and Docker ● Cofounder @ platformatory.io ● OSS contribs → Envoy, Apache Kafka, Kong (amongst others) ● Distributed systems, Himalayas, Music ● https://in.linkedin.com/in/pavankmurthy ● https://grahana.net | https://twitter.com/p6
Microservices: A web of complex, distributed, network & people-bound problems - Polyglot services, you-build-it, you-run-it operating model - Autonomous (silo’d?) Teams, Reduced centralized control, capital G- governance - A new form of dependency hell: APIs, Service versions - Proliferation of endpoints with new data formats and interface standards (and therefore not just endpoint but holistic security) - Troubleshooting & debugging is now an expansive problem cutting across service boundaries - Deployments in a new emerging breed of hybrid infrastructure across public cloud, edge, on-premise
The evolution of microservices journey: At first, there were only SOA Monoliths SOA legacy On-pre mise VM Security Mediation Traffic Management Observability
…and then came some microservices & containers legacy Team Boundary Team Boundary On-pre mise VM Public Cloud K8S Private/ Edge K8S Security Mediation Traffic Management Observability Security Mediation Traffic Management Observability Security Mediation Traffic Management Observability
“Enter”Prise API Management legacy {External API Gateway| Enterprise API Management} Team Boundary Team Boundary Security Mediation Traffic Management Observability On-pre mise VM Public Cloud K8S Private/ Edge K8S
–with-microgateways legacy {External API Gateway| Enterprise API Management} Team Boundary Team Boundary Security Mediation Traffic Management Observability On-pre mise VM Public Cloud K8S Private/ Edge K8S Microgateway Microgateway
And finally the world of service meshes legacy {External API Gateway} Team Boundary Team Boundary Security Mediation Traffic Management Observability On-pre mise VM Public Cloud K8S Private/ Edge K8S {Unified, Global Control Plane} Mesh Gateway Mesh Gateway
- Born @ Lyft - Written in C++ - High performance L4-L7 Interception - A ton of capabilities - HTTP/2, gRPC - Service Discovery - Zone-aware load Balancing - Observability - ..and much more - Extendable, Programmable - Ideal for light-weight out of process (typically sidecar container) to handle all network concerns What made it all possible: The de-facto data plane
The Service Mesh Landscape (of mostly Envoy based service meshes)
Emerging standardization: Vendor neutrality and ecosystem interfaces to service mesh
● From Kong ○ Donated to CNCF ● SimplifiedMulti-mode support ○ Multi-zone ○ standalone ● Truly Universal ○ First class support for both K8s & VMs ● Adjacent to Kong ○ Blazing fast API-gw (useful for delegated gateway mode support / ingress) ● A beautiful API with abstractions and granular, attribute based selection ○ Mesh ○ TrafficPermission ○ TrafficRoute ○ TrafficTrace ○ TrafficLog ○ FaultInjection ○ HealthCheck ○ CircuitBreaker ○ ProxyTemplate ○ ExternalService ○ Retry ○ TimeOut ○ RateLImit ○ VirtualOutbound An overview of Kuma ● MeshGateway ● MeshGatewayRoute ● MeshCircuitBreaker ● MeshFaultInjection ● MeshAccessLog ● MeshHealthCheck ● MeshHttpRoute ● MeshProxyPatch ● MeshRateLimit ● MeshRetry ● MeshTimeOut ● MeshTrace ● MeshTrafficPermission
A simplified global deployment architecture: abstracting zone, control plane, network (and tenancy models thereof)
- Bounded context & tenant resources - Mesh per domain / BC for E-W - Gateway per domain - While exerting centralized governance - API Catalog - And shared services - Monitoring, observability for SRE / Platform Teams - Scale to enterprise requirements Opportunities in modern architecture
<<DEMO>> 1. Zero trust security with mutual TLS 2. Observability: OpenTracing (Zipkin) with Kuma, Jaeger; 3. Traffic Routing: Canary deployments (with weighted traffic configurations) 4. Traffic Mirroring: Send shadow traffic to services

Recommended

CNCF Singapore - Introduction to Envoy
CNCF Singapore - Introduction to EnvoyCNCF Singapore - Introduction to Envoy
CNCF Singapore - Introduction to EnvoyHarish
 
Osnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxOsnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxM.Qasim Arham
 
Gateway Design with Eclipse Kura - Taking Kura to heights
Gateway Design with Eclipse Kura - Taking Kura to heightsGateway Design with Eclipse Kura - Taking Kura to heights
Gateway Design with Eclipse Kura - Taking Kura to heightsRajesh Sola
 
linkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service Meshlinkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service MeshDario Simonetti
 
Service Meshes with Istio
Service Meshes with IstioService Meshes with Istio
Service Meshes with IstioRandyGupta
 
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...Ambassador Labs
 
Introducing Moonbeam: A Smart Contract Parachain with Ethereum Compatibility
Introducing Moonbeam: A Smart Contract Parachain with Ethereum CompatibilityIntroducing Moonbeam: A Smart Contract Parachain with Ethereum Compatibility
Introducing Moonbeam: A Smart Contract Parachain with Ethereum CompatibilityPureStake
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric OverviewMichelle Holley
 

Recommended

CNCF Singapore - Introduction to Envoy
CNCF Singapore - Introduction to EnvoyCNCF Singapore - Introduction to Envoy
CNCF Singapore - Introduction to EnvoyHarish
 
Osnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxOsnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxM.Qasim Arham
 
Gateway Design with Eclipse Kura - Taking Kura to heights
Gateway Design with Eclipse Kura - Taking Kura to heightsGateway Design with Eclipse Kura - Taking Kura to heights
Gateway Design with Eclipse Kura - Taking Kura to heightsRajesh Sola
 
linkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service Meshlinkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service MeshDario Simonetti
 
Service Meshes with Istio
Service Meshes with IstioService Meshes with Istio
Service Meshes with IstioRandyGupta
 
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...Ambassador Labs
 
Introducing Moonbeam: A Smart Contract Parachain with Ethereum Compatibility
Introducing Moonbeam: A Smart Contract Parachain with Ethereum CompatibilityIntroducing Moonbeam: A Smart Contract Parachain with Ethereum Compatibility
Introducing Moonbeam: A Smart Contract Parachain with Ethereum CompatibilityPureStake
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric OverviewMichelle Holley
 
Xpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyXpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyDenys Vasyliev
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersMirantis
 
Edge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesEdge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesCloudify Community
 
Zou Layered VO PDCAT2008 V0.5 Concise
Zou Layered VO PDCAT2008 V0.5 ConciseZou Layered VO PDCAT2008 V0.5 Concise
Zou Layered VO PDCAT2008 V0.5 Conciseyongqiangzou
 
5G-USA-Telemetry
5G-USA-Telemetry5G-USA-Telemetry
5G-USA-Telemetrysnrism
 
Queue Type on Mikrotik
Queue Type on MikrotikQueue Type on Mikrotik
Queue Type on MikrotikGLC Networks
 
Kong Workshop.pdf
Kong Workshop.pdfKong Workshop.pdf
Kong Workshop.pdfAvinashUpadhyaya3
 
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computingPulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computingTimothy Spann
 
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthUSENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthNicolas Brousse
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for MicroservicesNGINX, Inc.
 
KrakenD API Gateway
KrakenD API GatewayKrakenD API Gateway
KrakenD API GatewayAlbert Lombarte
 
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...APNIC
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Bangladesh Network Operators Group
 
Why sdn
Why sdnWhy sdn
Why sdnlz1dsb
 
Docker microservices and the service mesh
Docker microservices and the service meshDocker microservices and the service mesh
Docker microservices and the service meshDocker, Inc.
 
Migrate to Microservices Judiciously!
Migrate to Microservices Judiciously!Migrate to Microservices Judiciously!
Migrate to Microservices Judiciously!pflueras
 
IOT and System Platform From Concepts to Code
IOT and System Platform From Concepts to CodeIOT and System Platform From Concepts to Code
IOT and System Platform From Concepts to CodeAndy Robinson
 
OpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayOpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayArthur Berezin
 
PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services. PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services. yeung2000
 
Distributed Clouds and Software Defined Networking
Distributed Clouds and Software Defined NetworkingDistributed Clouds and Software Defined Networking
Distributed Clouds and Software Defined NetworkingUS-Ignite
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

More Related Content

Similar to Kuma + Kong

Xpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyXpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyDenys Vasyliev
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersMirantis
 
Edge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesEdge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesCloudify Community
 
Zou Layered VO PDCAT2008 V0.5 Concise
Zou Layered VO PDCAT2008 V0.5 ConciseZou Layered VO PDCAT2008 V0.5 Concise
Zou Layered VO PDCAT2008 V0.5 Conciseyongqiangzou
 
5G-USA-Telemetry
5G-USA-Telemetry5G-USA-Telemetry
5G-USA-Telemetrysnrism
 
Queue Type on Mikrotik
Queue Type on MikrotikQueue Type on Mikrotik
Queue Type on MikrotikGLC Networks
 
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computingPulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computingTimothy Spann
 
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthUSENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthNicolas Brousse
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for MicroservicesNGINX, Inc.
 
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...APNIC
 
Why sdn
Why sdnWhy sdn
Why sdnlz1dsb
 
Docker microservices and the service mesh
Docker microservices and the service meshDocker microservices and the service mesh
Docker microservices and the service meshDocker, Inc.
 
Migrate to Microservices Judiciously!
Migrate to Microservices Judiciously!Migrate to Microservices Judiciously!
Migrate to Microservices Judiciously!pflueras
 
IOT and System Platform From Concepts to Code
IOT and System Platform From Concepts to CodeIOT and System Platform From Concepts to Code
IOT and System Platform From Concepts to CodeAndy Robinson
 
OpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayOpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayArthur Berezin
 
PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services. PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services. yeung2000
 
Distributed Clouds and Software Defined Networking
Distributed Clouds and Software Defined NetworkingDistributed Clouds and Software Defined Networking
Distributed Clouds and Software Defined NetworkingUS-Ignite
 

Similar to Kuma + Kong (20)

Xpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyXpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case Study
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M users
 
Edge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesEdge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different Pieces
 
Zou Layered VO PDCAT2008 V0.5 Concise
Zou Layered VO PDCAT2008 V0.5 ConciseZou Layered VO PDCAT2008 V0.5 Concise
Zou Layered VO PDCAT2008 V0.5 Concise
 
5G-USA-Telemetry
5G-USA-Telemetry5G-USA-Telemetry
5G-USA-Telemetry
 
Queue Type on Mikrotik
Queue Type on MikrotikQueue Type on Mikrotik
Queue Type on Mikrotik
 
Kong Workshop.pdf
Kong Workshop.pdfKong Workshop.pdf
Kong Workshop.pdf
 
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computingPulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
 
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthUSENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for Microservices
 
KrakenD API Gateway
KrakenD API GatewayKrakenD API Gateway
KrakenD API Gateway
 
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
Why sdn
Why sdnWhy sdn
Why sdn
 
Docker microservices and the service mesh
Docker microservices and the service meshDocker microservices and the service mesh
Docker microservices and the service mesh
 
Migrate to Microservices Judiciously!
Migrate to Microservices Judiciously!Migrate to Microservices Judiciously!
Migrate to Microservices Judiciously!
 
IOT and System Platform From Concepts to Code
IOT and System Platform From Concepts to CodeIOT and System Platform From Concepts to Code
IOT and System Platform From Concepts to Code
 
OpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayOpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech day
 
PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services. PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services.
 
Distributed Clouds and Software Defined Networking
Distributed Clouds and Software Defined NetworkingDistributed Clouds and Software Defined Networking
Distributed Clouds and Software Defined Networking
 

Recently uploaded

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Kuma + Kong

  • 1. Kuma Workshop Presented at Kong Meetup – 23 Feb 2023 @ Microsoft Reactor, Bangalore
  • 2. Agenda ➔ Theory ◆ Service mesh 101 for dummies ◆ The state of the service mesh landscape ◆ Deep Dive on Kuma ➔ Demo & Interactive workshop ◆ Installation (including auto sidecar injection) ◆ Zero trust security with mTLS ◆ Routing, Canary deployments, Circuit Breaking, Load Shedding ◆ Traffic Shadowing ◆ Observability / Opentracing
  • 3. Speaker Info ● Platform engineer @ platformatory.io ● Kong Champion ● Occasional open source contributor to Cloud Native projects (k8s, ArgoCD, Tekton, Litmus, etc) ● Local meetup organizer for Kong, Grafana and Docker ● Cofounder @ platformatory.io ● OSS contribs → Envoy, Apache Kafka, Kong (amongst others) ● Distributed systems, Himalayas, Music ● https://in.linkedin.com/in/pavankmurthy ● https://grahana.net | https://twitter.com/p6
  • 4. Microservices: A web of complex, distributed, network & people-bound problems - Polyglot services, you-build-it, you-run-it operating model - Autonomous (silo’d?) Teams, Reduced centralized control, capital G- governance - A new form of dependency hell: APIs, Service versions - Proliferation of endpoints with new data formats and interface standards (and therefore not just endpoint but holistic security) - Troubleshooting & debugging is now an expansive problem cutting across service boundaries - Deployments in a new emerging breed of hybrid infrastructure across public cloud, edge, on-premise
  • 5. The evolution of microservices journey: At first, there were only SOA Monoliths SOA legacy On-pre mise VM Security Mediation Traffic Management Observability
  • 6. …and then came some microservices & containers legacy Team Boundary Team Boundary On-pre mise VM Public Cloud K8S Private/ Edge K8S Security Mediation Traffic Management Observability Security Mediation Traffic Management Observability Security Mediation Traffic Management Observability
  • 7. “Enter”Prise API Management legacy {External API Gateway| Enterprise API Management} Team Boundary Team Boundary Security Mediation Traffic Management Observability On-pre mise VM Public Cloud K8S Private/ Edge K8S
  • 8. –with-microgateways legacy {External API Gateway| Enterprise API Management} Team Boundary Team Boundary Security Mediation Traffic Management Observability On-pre mise VM Public Cloud K8S Private/ Edge K8S Microgateway Microgateway
  • 9. And finally the world of service meshes legacy {External API Gateway} Team Boundary Team Boundary Security Mediation Traffic Management Observability On-pre mise VM Public Cloud K8S Private/ Edge K8S {Unified, Global Control Plane} Mesh Gateway Mesh Gateway
  • 10. - Born @ Lyft - Written in C++ - High performance L4-L7 Interception - A ton of capabilities - HTTP/2, gRPC - Service Discovery - Zone-aware load Balancing - Observability - ..and much more - Extendable, Programmable - Ideal for light-weight out of process (typically sidecar container) to handle all network concerns What made it all possible: The de-facto data plane
  • 11. The Service Mesh Landscape (of mostly Envoy based service meshes)
  • 12. Emerging standardization: Vendor neutrality and ecosystem interfaces to service mesh
  • 13. ● From Kong ○ Donated to CNCF ● SimplifiedMulti-mode support ○ Multi-zone ○ standalone ● Truly Universal ○ First class support for both K8s & VMs ● Adjacent to Kong ○ Blazing fast API-gw (useful for delegated gateway mode support / ingress) ● A beautiful API with abstractions and granular, attribute based selection ○ Mesh ○ TrafficPermission ○ TrafficRoute ○ TrafficTrace ○ TrafficLog ○ FaultInjection ○ HealthCheck ○ CircuitBreaker ○ ProxyTemplate ○ ExternalService ○ Retry ○ TimeOut ○ RateLImit ○ VirtualOutbound An overview of Kuma ● MeshGateway ● MeshGatewayRoute ● MeshCircuitBreaker ● MeshFaultInjection ● MeshAccessLog ● MeshHealthCheck ● MeshHttpRoute ● MeshProxyPatch ● MeshRateLimit ● MeshRetry ● MeshTimeOut ● MeshTrace ● MeshTrafficPermission
  • 14. A simplified global deployment architecture: abstracting zone, control plane, network (and tenancy models thereof)
  • 15. - Bounded context & tenant resources - Mesh per domain / BC for E-W - Gateway per domain - While exerting centralized governance - API Catalog - And shared services - Monitoring, observability for SRE / Platform Teams - Scale to enterprise requirements Opportunities in modern architecture
  • 16. <<DEMO>> 1. Zero trust security with mutual TLS 2. Observability: OpenTracing (Zipkin) with Kuma, Jaeger; 3. Traffic Routing: Canary deployments (with weighted traffic configurations) 4. Traffic Mirroring: Send shadow traffic to services