SlideShare a Scribd company logo

Advanced Observability & Security

F
Fabian Hardt

In distributed system architectures, a service mesh can help to make service communication more secure, reliable, and traceable. Along with the service mesh concept we may often think of concepts like microservices, containers or Kubernetes. Moreover, a modern service mesh also offers to integrate legacy workloads, for example on VMs. Even more so, it is possible to define a service mesh in such a way that it spans across multiple clusters or networks, e.g. in a multi-cloud setup, or in a mix of on-premises and cloud. A service mesh, however, possesses even more capabilities such as observability and security. This session will focus on these areas and how in today's heterogeneous world a service mesh can help to address complex challenges here. Scenarios from real-world projects will be presented and individual aspects will be highlighted in a demo.

Technology
1 of 32
© OPITZ CONSULTING 2023 / Öffentlich Advanced Observability & Security for your Kubernetes with a modern Service Mesh 1 Berlin, 2023-06-13 Philipp Kürsten, Fabian Hardt ADVANCED OBSERVABILITY & SECURITY FOR YOUR KUBERNETES WITH A MODERN SERVICE MESH
© OPITZ CONSULTING 2023 / Öffentlich Advanced Observability & Security for your Kubernetes with a modern Service Mesh 2 WHY SERVICE MESH? 01 KUMA 02 CONCLUSION 04 DEMO 03
© OPITZ CONSULTING 2023 / Öffentlich OPITZ CONSULTING Advanced Observability & Security for your Kubernetes with a modern Service Mesh 3 „Wir erreichen Kundennähe vor Ort und durch moderne Delivery-Modelle auch auf Entfernung!“ Peter Menne, GF Essen Bad Homburg Stuttgart München Nürnberg Gummersbach Berlin Hamburg Kraków
© OPITZ CONSULTING 2023 / Öffentlich MODERN IT-Modernisierung „Nachhaltiges Business durch flexible, dynamikrobuste Lösungen für die digitale Welt von morgen“ #MEHRWERT Advanced Observability & Security for your Kubernetes with a modern Service Mesh 4 AUTO- MATISIERT SICHER INTEGRIERT Security „Sichere IT-Lösungen und Infrastrukturen als Basis für Geschäftsmodelle in dynamischen Märkten“ Systemintegration „Eine integrierte IT-Landschaft als Grundlage für ein #ZUKUNFTSWIRKSAMES Business“ Intelligent Automation „Effizienterer Ressourceneinsatz durch die Automatisierung von Business-Prozessen mit dem Einsatz von KI-Technologien“
© OPITZ CONSULTING 2023 / Öffentlich #TECHNOLOGIE & KOMPETENZEN Advanced Observability & Security for your Kubernetes with a modern Service Mesh 5 CONSULTING nachhaltig-langfristig- erfolgreich APPLICATIONS innovativ-herausragend- benutzerfreundlich INTEGRATION flexibel-automatisiert- performt ANALYTICS smart-intelligent- verlässlich INFRASTRUCTURE cloud-hybrid- elastisch CHANGE nachhaltig-achtsam- verbindlich  Serverless Microservices  DevOps  Modernisierung  Entkopplung  API first  Bi-Modal  UX-Design  Lifecycle  Cloud Based Integration  Sensor Data  IoT / Industrie 4.0  API-Management  Integration Third Party Apps  Process Integration  Application Integration  Data Lakes  Big Data & Fast Data  AI & Machine Learning  Intelligent Automation  Analytics für IoT  Data Labs  Data Governance  Open Data  Hybride Architekturen  Infrastructure as Code  Cloud Consumption  Multi-Cloud Management  Sicherheit der Cloud  Shared Cloud Services  Compliance  Managed Services  Vision & Sinn  Rolle und Identität  Werte & Glaubenssätze  Umwelt  Fähigkeiten und Verhalten  Culture Gardening  Digital Awareness  Digitalisierungsstrategie  Digitale Transformation  Innovation  Digitale Roadmap  Governance  Lizenzberatung DIGITALE PLATTFORM basierend auf dynamikrobusten Architekturen der Digitalisierung Künstliche Intelligenz mit dem Fokus auf Automatisierung & Entscheidungsvorbereitung
© OPITZ CONSULTING 2023 / Öffentlich Advanced Observability & Security for your Kubernetes with a modern Service Mesh 6 WHY SERVICE MESH? 01
© OPITZ CONSULTING 2023 / Öffentlich TREND TOWARDS DISTRIBUTED APPLICATION ARCHITECTURES Advanced Observability & Security for your Kubernetes with a modern Service Mesh 7 Centralized STATIC ON-PREM MONOLITH VIRTUAL MACHINES MANUAL CHANGE PROCESS Decentralized DYNAMIC CLOUD / MULTI-CLOUD MICROSERVICES / SERVERLESS CONTAINERS, KUBERNETES AUTOMATED CI/CD TOOL CHAIN # Services & APIs CONTROL AND VISIBILITY
© OPITZ CONSULTING 2023 / Öffentlich INCREASED COMPLEXITY AND COGNITIVE LOAD ON DEVS Advanced Observability & Security for your Kubernetes with a modern Service Mesh 8 Security Security Logging Logging Security Tracing Metrics Routing Metrics Tracing Application AuthN/ Z Rate-Limiting Routing Caching Organization Application AuthN/ Z Versioning Versioning Rate-Limiting
© OPITZ CONSULTING 2023 / Öffentlich WHAT’S A SERVICE MESH? Advanced Observability & Security for your Kubernetes with a modern Service Mesh 10  Efficient implementation of cross-cutting concerns with respect to service integration challenges  Everything is a service!  Cloud-native apps deployed to Kubernetes  Non Cloud-native workloads  Should be independent of  Architecture (e.g. Monolithic or µService)  Platform (e.g. VMs, Containers, Kubernetes) Dedicated infrastructure layer that makes service-to-service communication more reliable, secure and observable
© OPITZ CONSULTING 2023 / Öffentlich E2E SERVICE CONNECTIVITY WITH GATEWAY AND MESH Advanced Observability & Security for your Kubernetes with a modern Service Mesh 12  Increased Developer experience  Consistent security  Seamless observability  Reliable connectivity  Resilience  Flexibility GW DP CLIENT PUBLIC TRAFFIC GW DP MESH CP MESH 1 MESH 2
© OPITZ CONSULTING 2023 / Öffentlich SERVICE-MESH IMPLEMENTATIONS Advanced Observability & Security for your Kubernetes with a modern Service Mesh 13  Kuma  Istio  Consul  Linkerd  GlooMesh
© OPITZ CONSULTING 2023 / Öffentlich Advanced Observability & Security for your Kubernetes with a modern Service Mesh 14 KUMA 02
© OPITZ CONSULTING 2023 / Öffentlich KUMA INTRODUCTION Advanced Observability & Security for your Kubernetes with a modern Service Mesh 15  Initially invented by Kong and donated to CNCF in 2020  Provides a modern distributed Control Plane  Completely Envoy-based Data Plane proxies  Platform agnostic open-source control plane for Service Mesh  Hence Kuma is  Universal  Simple  Scalable  Flexible deployment options  Standalone deployment  Multi-Zone deployment Source: https://tinyurl.com/xb57bhx5
© OPITZ CONSULTING 2023 / Öffentlich KUMA STANDALONE ARCHITECTURE Advanced Observability & Security for your Kubernetes with a modern Service Mesh 16
© OPITZ CONSULTING 2023 / Öffentlich KUMA MULTI-CLUSTER ARCHITECTURE Advanced Observability & Security for your Kubernetes with a modern Service Mesh 17  One mesh can be deployed over multiple clusters (=> Zone)  All traffic enters cluster over zone ingress  One Remote (Zone) Control Plane in each cluster
© OPITZ CONSULTING 2023 / Öffentlich KUMA NETWORKING / CNI Advanced Observability & Security for your Kubernetes with a modern Service Mesh 18  Installed as DaemonSet on all Nodes  Injects label on Pods - k8s.v1.cni.cncf.io/networks: kuma-cni  CNI enables Transparent Proxying – redirects all traffic through Data Plane
© OPITZ CONSULTING 2023 / Öffentlich KUMA NETWORKING / INIT-CONTAINER Advanced Observability & Security for your Kubernetes with a modern Service Mesh 19  Injected to Pod and started individually before Data Plane  Configures iptables / network routing
© OPITZ CONSULTING 2023 / Öffentlich SERVICE MESH DNS Advanced Observability & Security for your Kubernetes with a modern Service Mesh 20  Local DNS resolution directly in Data Plane (Envoy)  Names are not resolvable in complete cluster, just inside service mesh (Envoy)  Resolves “.mesh“ address to pre-defined service mesh IP address  IP in other zone / cluster is routed over Kuma Zone Ingress
© OPITZ CONSULTING 2023 / Öffentlich ZONE EGRESS Advanced Observability & Security for your Kubernetes with a modern Service Mesh 21  Special Data Plane instance – like Zone Ingress  All outgoing traffic is routed through this instance  Usage of External Services just possible with deployed Zone Egress in the future
© OPITZ CONSULTING 2023 / Öffentlich INTEGRATION OF LEGACY WORKLOAD Advanced Observability & Security for your Kubernetes with a modern Service Mesh 22  Integration of vm and bare metal workload  Local Data Plane instance connecting to Control Plane  Seamless and secure commuication between vm and Kubernetes workload
© OPITZ CONSULTING 2023 / Öffentlich Advanced Observability & Security for your Kubernetes with a modern Service Mesh 23 DEMO 03
© OPITZ CONSULTING 2023 / Öffentlich ARCHITECTURE OVERVIEW Advanced Observability & Security for your Kubernetes with a modern Service Mesh 24
© OPITZ CONSULTING 2023 / Öffentlich ANALYZING AND MONITORING THE DATA Advanced Observability & Security for your Kubernetes with a modern Service Mesh  Using Grafana Stack to create a 360-degree view  Component usage:  Visualization: Grafana  Logging: Loki (Log Shipping: FluentD / FluentBit / Promtail)  Metrics: Prometheus  Tracing: Jaeger or Tempo  Alerting: Prometheus Alert Manager  Operating models  Self-managed (e.g. on-prem)  Grafana SaaS offering 25
© OPITZ CONSULTING 2023 / Öffentlich ARCHITECTURE OBSERVABILITY Advanced Observability & Security for your Kubernetes with a modern Service Mesh 26
© OPITZ CONSULTING 2023 / Öffentlich Advanced Observability & Security for your Kubernetes with a modern Service Mesh 27 DEMO
© OPITZ CONSULTING 2023 / Öffentlich ASPECTS COVERED Advanced Observability & Security for your Kubernetes with a modern Service Mesh 28  Mesh Management (Kuma UI)  Managing Apps within the Mesh  Locality Awareness  Advanced Routing  Security  Mesh observability  Metrics  Logs  Traces
© OPITZ CONSULTING 2023 / Öffentlich Advanced Observability & Security for your Kubernetes with a modern Service Mesh 29 CONCLUSION 04
© OPITZ CONSULTING 2023 / Öffentlich SERVICE MESH BENEFITS Advanced Observability & Security for your Kubernetes with a modern Service Mesh 30  Zero-trust security  mTLS, Traffic Permissions  Increased Developers productivity  Crosscutting concerns (AuthN & AuthZ, …)  Self-service network management  Multi-Tenancy over multiple clouds  Reliable connectivity  Circuit Breaker, Traffic Routes, …  Observability  Metrics, Tracing, Logs
© OPITZ CONSULTING 2023 / Öffentlich KEY TAKEAWAYS Advanced Observability & Security for your Kubernetes with a modern Service Mesh 31  Service Mesh is essential to build and managing multi-cloud apps efficiently  Kuma as mesh implementation provides  Agnostic approach (independent of architecture or platform)  Modern, flexible architecture supporting hybrid, multi-cloud scenarios  Multi-zone  Multi-cluster  Multi-mesh  Seamless CI / CD integration (GitOps)  Intuitive design  Spanning a mesh over multiple clusters and clouds can be done easily
© OPITZ CONSULTING 2023 / Öffentlich MATERIALS Advanced Observability & Security for your Kubernetes with a modern Service Mesh 32  Demo Source: https://github.com/KongChampions/kuma-multi-zone-mesh  Kuma docs: https://kuma.io/docs/2.2.x/  Kuma Counter Demo: https://github.com/kumahq/kuma-counter-demo  Kuma introduction – Meetup recording “Service integration made easy with OpenSource Kuma”: https://www.youtube.com/watch?v=f3GeuKzYrsA&t=1s  Demo “Service integration made easy with OpenSource Kuma”: https://github.com/svenbernhardt/service-integration-made-easy  Kong / Kuma and friends (k3d)– https://github.com/FabianHardt/k3d-bootstrap-cluster
© OPITZ CONSULTING 2023 / Öffentlich Advanced Observability & Security for your Kubernetes with a modern Service Mesh 33 Q & A https://opitzcloud.canto.global/b/H0EMG
© OPITZ CONSULTING 2023 / Öffentlich Advanced Observability & Security for your Kubernetes with a modern Service Mesh 34 www.opitz-consulting.com KONTAKT Philipp Kürsten Senior Consultant Philipp.Kürsten@opitz-consulting.com +49 173 7279570 https://www.xing.com/profile/Philipp_Kuersten/ https://www.linkedin.com/in/philipp-kuersten/ Fabian Hardt Solution Architect Fabian.Hardt@opitz-consulting.com https://twitter.com/fabian_hardt https://www.xing.com/profile/Fabian_Hardt https://www.linkedin.com/in/fabian-hardt/

Recommended

Advanced Observability & Security
Advanced Observability & SecurityAdvanced Observability & Security
Advanced Observability & SecurityFabian Hardt
 
Build and Manage Multi-Cloud Applications Using Kuma
Build and Manage Multi-Cloud Applications Using KumaBuild and Manage Multi-Cloud Applications Using Kuma
Build and Manage Multi-Cloud Applications Using KumaSven Bernhardt
 
Service integration made easy with Open Source Kuma
Service integration made easy with Open Source KumaService integration made easy with Open Source Kuma
Service integration made easy with Open Source KumaSven Bernhardt
 
Service Mesh Advanced Use Cases
Service Mesh Advanced Use CasesService Mesh Advanced Use Cases
Service Mesh Advanced Use CasesSven Bernhardt
 
Architecture Room Stuttgart - "Cloud-native ist nur ein Teil des Spiels!"
Architecture Room Stuttgart - "Cloud-native ist nur ein Teil des Spiels!"Architecture Room Stuttgart - "Cloud-native ist nur ein Teil des Spiels!"
Architecture Room Stuttgart - "Cloud-native ist nur ein Teil des Spiels!"OPITZ CONSULTING Deutschland
 
Service Mesh Advanced Use Cases
Service Mesh Advanced Use CasesService Mesh Advanced Use Cases
Service Mesh Advanced Use CasesFabian Hardt
 
Build and Manage Multi-Cloud Applications Using Kuma
Build and Manage Multi-Cloud Applications Using KumaBuild and Manage Multi-Cloud Applications Using Kuma
Build and Manage Multi-Cloud Applications Using KumaSven Bernhardt
 
Innovate everywhere - SUSE edge
Innovate everywhere - SUSE edgeInnovate everywhere - SUSE edge
Innovate everywhere - SUSE edgeSUSE
 

Recommended

Advanced Observability & Security
Advanced Observability & SecurityAdvanced Observability & Security
Advanced Observability & SecurityFabian Hardt
 
Build and Manage Multi-Cloud Applications Using Kuma
Build and Manage Multi-Cloud Applications Using KumaBuild and Manage Multi-Cloud Applications Using Kuma
Build and Manage Multi-Cloud Applications Using KumaSven Bernhardt
 
Service integration made easy with Open Source Kuma
Service integration made easy with Open Source KumaService integration made easy with Open Source Kuma
Service integration made easy with Open Source KumaSven Bernhardt
 
Service Mesh Advanced Use Cases
Service Mesh Advanced Use CasesService Mesh Advanced Use Cases
Service Mesh Advanced Use CasesSven Bernhardt
 
Architecture Room Stuttgart - "Cloud-native ist nur ein Teil des Spiels!"
Architecture Room Stuttgart - "Cloud-native ist nur ein Teil des Spiels!"Architecture Room Stuttgart - "Cloud-native ist nur ein Teil des Spiels!"
Architecture Room Stuttgart - "Cloud-native ist nur ein Teil des Spiels!"OPITZ CONSULTING Deutschland
 
Service Mesh Advanced Use Cases
Service Mesh Advanced Use CasesService Mesh Advanced Use Cases
Service Mesh Advanced Use CasesFabian Hardt
 
Build and Manage Multi-Cloud Applications Using Kuma
Build and Manage Multi-Cloud Applications Using KumaBuild and Manage Multi-Cloud Applications Using Kuma
Build and Manage Multi-Cloud Applications Using KumaSven Bernhardt
 
Innovate everywhere - SUSE edge
Innovate everywhere - SUSE edgeInnovate everywhere - SUSE edge
Innovate everywhere - SUSE edgeSUSE
 
Mobile Edge Computing
Mobile Edge ComputingMobile Edge Computing
Mobile Edge ComputingM2M Alliance e.V.
 
Presentation data center virtualization –setting the foundation
Presentation data center virtualization –setting the foundationPresentation data center virtualization –setting the foundation
Presentation data center virtualization –setting the foundationxKinAnx
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...NETSCOUT
 
Architecting Ultra-Low Latency Applications with AWS & 5G
Architecting Ultra-Low Latency Applications with AWS & 5GArchitecting Ultra-Low Latency Applications with AWS & 5G
Architecting Ultra-Low Latency Applications with AWS & 5GGabriel Paredes Loza
 
Necos keynote ii_mobislice
Necos keynote ii_mobisliceNecos keynote ii_mobislice
Necos keynote ii_mobisliceAugusto Neto
 
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureModernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureMitchell Pronschinske
 
Integration architectures based on Microservices, APIs and events
Integration architectures based on Microservices, APIs and eventsIntegration architectures based on Microservices, APIs and events
Integration architectures based on Microservices, APIs and eventsSven Bernhardt
 
Declarative observability management for Microservice architectures
Declarative observability management for Microservice architecturesDeclarative observability management for Microservice architectures
Declarative observability management for Microservice architecturesSven Bernhardt
 
Iisrt zzz satyabrata khatua
Iisrt zzz satyabrata khatuaIisrt zzz satyabrata khatua
Iisrt zzz satyabrata khatuaIISRT
 
Speed5G Workshop London presentation of 5G Monarch
Speed5G Workshop London presentation of 5G MonarchSpeed5G Workshop London presentation of 5G Monarch
Speed5G Workshop London presentation of 5G MonarchKlaus Moessner
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:Cisco Canada
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...NETSCOUT
 
Cloud-native is just part of the game
Cloud-native is just part of the gameCloud-native is just part of the game
Cloud-native is just part of the gameSven Bernhardt
 
Designing IBM MQ deployments for the cloud generation
Designing IBM MQ deployments for the cloud generationDesigning IBM MQ deployments for the cloud generation
Designing IBM MQ deployments for the cloud generationDavid Ware
 
Edge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesEdge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesCloudify Community
 
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingGain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingCisco Canada
 
Accelerating 5G enterprise networks with edge computing and latency assurance
Accelerating 5G enterprise networks with edge computing and latency assuranceAccelerating 5G enterprise networks with edge computing and latency assurance
Accelerating 5G enterprise networks with edge computing and latency assuranceADVA
 
Ericsson Technology Review: Creating the next-generation edge-cloud ecosystem
Ericsson Technology Review: Creating the next-generation edge-cloud ecosystemEricsson Technology Review: Creating the next-generation edge-cloud ecosystem
Ericsson Technology Review: Creating the next-generation edge-cloud ecosystemEricsson
 
Case studies in achieving resilient timing in mission-critical networks
Case studies in achieving resilient timing in mission-critical networksCase studies in achieving resilient timing in mission-critical networks
Case studies in achieving resilient timing in mission-critical networksAdtran
 
Colt Optical SDN Innovation
Colt Optical SDN InnovationColt Optical SDN Innovation
Colt Optical SDN InnovationColt Technology Services
 
Mit APIs auf der Überholspur zur produktorientierten Organisation
Mit APIs auf der Überholspur zur produktorientierten OrganisationMit APIs auf der Überholspur zur produktorientierten Organisation
Mit APIs auf der Überholspur zur produktorientierten OrganisationFabian Hardt
 
Data Mesh und Domain Driven Design - rücken Analytics und SD nun doch näher z...
Data Mesh und Domain Driven Design - rücken Analytics und SD nun doch näher z...Data Mesh und Domain Driven Design - rücken Analytics und SD nun doch näher z...
Data Mesh und Domain Driven Design - rücken Analytics und SD nun doch näher z...Fabian Hardt
 

More Related Content

Similar to Advanced Observability & Security

Presentation data center virtualization –setting the foundation
Presentation data center virtualization –setting the foundationPresentation data center virtualization –setting the foundation
Presentation data center virtualization –setting the foundationxKinAnx
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...NETSCOUT
 
Architecting Ultra-Low Latency Applications with AWS & 5G
Architecting Ultra-Low Latency Applications with AWS & 5GArchitecting Ultra-Low Latency Applications with AWS & 5G
Architecting Ultra-Low Latency Applications with AWS & 5GGabriel Paredes Loza
 
Necos keynote ii_mobislice
Necos keynote ii_mobisliceNecos keynote ii_mobislice
Necos keynote ii_mobisliceAugusto Neto
 
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureModernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureMitchell Pronschinske
 
Integration architectures based on Microservices, APIs and events
Integration architectures based on Microservices, APIs and eventsIntegration architectures based on Microservices, APIs and events
Integration architectures based on Microservices, APIs and eventsSven Bernhardt
 
Declarative observability management for Microservice architectures
Declarative observability management for Microservice architecturesDeclarative observability management for Microservice architectures
Declarative observability management for Microservice architecturesSven Bernhardt
 
Iisrt zzz satyabrata khatua
Iisrt zzz satyabrata khatuaIisrt zzz satyabrata khatua
Iisrt zzz satyabrata khatuaIISRT
 
Speed5G Workshop London presentation of 5G Monarch
Speed5G Workshop London presentation of 5G MonarchSpeed5G Workshop London presentation of 5G Monarch
Speed5G Workshop London presentation of 5G MonarchKlaus Moessner
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:Cisco Canada
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...NETSCOUT
 
Cloud-native is just part of the game
Cloud-native is just part of the gameCloud-native is just part of the game
Cloud-native is just part of the gameSven Bernhardt
 
Designing IBM MQ deployments for the cloud generation
Designing IBM MQ deployments for the cloud generationDesigning IBM MQ deployments for the cloud generation
Designing IBM MQ deployments for the cloud generationDavid Ware
 
Edge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesEdge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesCloudify Community
 
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingGain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingCisco Canada
 
Accelerating 5G enterprise networks with edge computing and latency assurance
Accelerating 5G enterprise networks with edge computing and latency assuranceAccelerating 5G enterprise networks with edge computing and latency assurance
Accelerating 5G enterprise networks with edge computing and latency assuranceADVA
 
Ericsson Technology Review: Creating the next-generation edge-cloud ecosystem
Ericsson Technology Review: Creating the next-generation edge-cloud ecosystemEricsson Technology Review: Creating the next-generation edge-cloud ecosystem
Ericsson Technology Review: Creating the next-generation edge-cloud ecosystemEricsson
 
Case studies in achieving resilient timing in mission-critical networks
Case studies in achieving resilient timing in mission-critical networksCase studies in achieving resilient timing in mission-critical networks
Case studies in achieving resilient timing in mission-critical networksAdtran
 

Similar to Advanced Observability & Security (20)

Mobile Edge Computing
Mobile Edge ComputingMobile Edge Computing
Mobile Edge Computing
 
Presentation data center virtualization –setting the foundation
Presentation data center virtualization –setting the foundationPresentation data center virtualization –setting the foundation
Presentation data center virtualization –setting the foundation
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
 
Architecting Ultra-Low Latency Applications with AWS & 5G
Architecting Ultra-Low Latency Applications with AWS & 5GArchitecting Ultra-Low Latency Applications with AWS & 5G
Architecting Ultra-Low Latency Applications with AWS & 5G
 
Necos keynote ii_mobislice
Necos keynote ii_mobisliceNecos keynote ii_mobislice
Necos keynote ii_mobislice
 
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureModernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
 
Integration architectures based on Microservices, APIs and events
Integration architectures based on Microservices, APIs and eventsIntegration architectures based on Microservices, APIs and events
Integration architectures based on Microservices, APIs and events
 
Declarative observability management for Microservice architectures
Declarative observability management for Microservice architecturesDeclarative observability management for Microservice architectures
Declarative observability management for Microservice architectures
 
Iisrt zzz satyabrata khatua
Iisrt zzz satyabrata khatuaIisrt zzz satyabrata khatua
Iisrt zzz satyabrata khatua
 
Speed5G Workshop London presentation of 5G Monarch
Speed5G Workshop London presentation of 5G MonarchSpeed5G Workshop London presentation of 5G Monarch
Speed5G Workshop London presentation of 5G Monarch
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
 
Cloud-native is just part of the game
Cloud-native is just part of the gameCloud-native is just part of the game
Cloud-native is just part of the game
 
Designing IBM MQ deployments for the cloud generation
Designing IBM MQ deployments for the cloud generationDesigning IBM MQ deployments for the cloud generation
Designing IBM MQ deployments for the cloud generation
 
Edge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesEdge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different Pieces
 
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC NetworkingGain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC Networking
 
Accelerating 5G enterprise networks with edge computing and latency assurance
Accelerating 5G enterprise networks with edge computing and latency assuranceAccelerating 5G enterprise networks with edge computing and latency assurance
Accelerating 5G enterprise networks with edge computing and latency assurance
 
Ericsson Technology Review: Creating the next-generation edge-cloud ecosystem
Ericsson Technology Review: Creating the next-generation edge-cloud ecosystemEricsson Technology Review: Creating the next-generation edge-cloud ecosystem
Ericsson Technology Review: Creating the next-generation edge-cloud ecosystem
 
Case studies in achieving resilient timing in mission-critical networks
Case studies in achieving resilient timing in mission-critical networksCase studies in achieving resilient timing in mission-critical networks
Case studies in achieving resilient timing in mission-critical networks
 
Colt Optical SDN Innovation
Colt Optical SDN InnovationColt Optical SDN Innovation
Colt Optical SDN Innovation
 

More from Fabian Hardt

Mit APIs auf der Überholspur zur produktorientierten Organisation
Mit APIs auf der Überholspur zur produktorientierten OrganisationMit APIs auf der Überholspur zur produktorientierten Organisation
Mit APIs auf der Überholspur zur produktorientierten OrganisationFabian Hardt
 
Data Mesh und Domain Driven Design - rücken Analytics und SD nun doch näher z...
Data Mesh und Domain Driven Design - rücken Analytics und SD nun doch näher z...Data Mesh und Domain Driven Design - rücken Analytics und SD nun doch näher z...
Data Mesh und Domain Driven Design - rücken Analytics und SD nun doch näher z...Fabian Hardt
 
Analytics meets Integration – Modern Development mit Data APIs
Analytics meets Integration – Modern Development mit Data APIsAnalytics meets Integration – Modern Development mit Data APIs
Analytics meets Integration – Modern Development mit Data APIsFabian Hardt
 
How Service Mesh Fits into the Modern Data Stack
How Service Mesh Fits into the Modern Data StackHow Service Mesh Fits into the Modern Data Stack
How Service Mesh Fits into the Modern Data StackFabian Hardt
 
Modern Data Stack – Buzzword oder echter Game-Changer?
Modern Data Stack – Buzzword oder echter Game-Changer?Modern Data Stack – Buzzword oder echter Game-Changer?
Modern Data Stack – Buzzword oder echter Game-Changer?Fabian Hardt
 
Persönliche Filmtipps mittels Recommender System und Chatbot
Persönliche Filmtipps mittels Recommender System und ChatbotPersönliche Filmtipps mittels Recommender System und Chatbot
Persönliche Filmtipps mittels Recommender System und ChatbotFabian Hardt
 
Automatisierte Provisionierung einer Data Lab Umgebung für Data Scientists
Automatisierte Provisionierung einer Data Lab Umgebung für Data ScientistsAutomatisierte Provisionierung einer Data Lab Umgebung für Data Scientists
Automatisierte Provisionierung einer Data Lab Umgebung für Data ScientistsFabian Hardt
 
Augmented Analytics mit Amazon Alexa
Augmented Analytics mit Amazon AlexaAugmented Analytics mit Amazon Alexa
Augmented Analytics mit Amazon AlexaFabian Hardt
 

More from Fabian Hardt (8)

Mit APIs auf der Überholspur zur produktorientierten Organisation
Mit APIs auf der Überholspur zur produktorientierten OrganisationMit APIs auf der Überholspur zur produktorientierten Organisation
Mit APIs auf der Überholspur zur produktorientierten Organisation
 
Data Mesh und Domain Driven Design - rücken Analytics und SD nun doch näher z...
Data Mesh und Domain Driven Design - rücken Analytics und SD nun doch näher z...Data Mesh und Domain Driven Design - rücken Analytics und SD nun doch näher z...
Data Mesh und Domain Driven Design - rücken Analytics und SD nun doch näher z...
 
Analytics meets Integration – Modern Development mit Data APIs
Analytics meets Integration – Modern Development mit Data APIsAnalytics meets Integration – Modern Development mit Data APIs
Analytics meets Integration – Modern Development mit Data APIs
 
How Service Mesh Fits into the Modern Data Stack
How Service Mesh Fits into the Modern Data StackHow Service Mesh Fits into the Modern Data Stack
How Service Mesh Fits into the Modern Data Stack
 
Modern Data Stack – Buzzword oder echter Game-Changer?
Modern Data Stack – Buzzword oder echter Game-Changer?Modern Data Stack – Buzzword oder echter Game-Changer?
Modern Data Stack – Buzzword oder echter Game-Changer?
 
Persönliche Filmtipps mittels Recommender System und Chatbot
Persönliche Filmtipps mittels Recommender System und ChatbotPersönliche Filmtipps mittels Recommender System und Chatbot
Persönliche Filmtipps mittels Recommender System und Chatbot
 
Automatisierte Provisionierung einer Data Lab Umgebung für Data Scientists
Automatisierte Provisionierung einer Data Lab Umgebung für Data ScientistsAutomatisierte Provisionierung einer Data Lab Umgebung für Data Scientists
Automatisierte Provisionierung einer Data Lab Umgebung für Data Scientists
 
Augmented Analytics mit Amazon Alexa
Augmented Analytics mit Amazon AlexaAugmented Analytics mit Amazon Alexa
Augmented Analytics mit Amazon Alexa
 

Recently uploaded

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 

Recently uploaded (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 

Advanced Observability & Security

  • 1. © OPITZ CONSULTING 2023 / Öffentlich Advanced Observability & Security for your Kubernetes with a modern Service Mesh 1 Berlin, 2023-06-13 Philipp Kürsten, Fabian Hardt ADVANCED OBSERVABILITY & SECURITY FOR YOUR KUBERNETES WITH A MODERN SERVICE MESH
  • 2. © OPITZ CONSULTING 2023 / Öffentlich Advanced Observability & Security for your Kubernetes with a modern Service Mesh 2 WHY SERVICE MESH? 01 KUMA 02 CONCLUSION 04 DEMO 03
  • 3. © OPITZ CONSULTING 2023 / Öffentlich OPITZ CONSULTING Advanced Observability & Security for your Kubernetes with a modern Service Mesh 3 „Wir erreichen Kundennähe vor Ort und durch moderne Delivery-Modelle auch auf Entfernung!“ Peter Menne, GF Essen Bad Homburg Stuttgart München Nürnberg Gummersbach Berlin Hamburg Kraków
  • 4. © OPITZ CONSULTING 2023 / Öffentlich MODERN IT-Modernisierung „Nachhaltiges Business durch flexible, dynamikrobuste Lösungen für die digitale Welt von morgen“ #MEHRWERT Advanced Observability & Security for your Kubernetes with a modern Service Mesh 4 AUTO- MATISIERT SICHER INTEGRIERT Security „Sichere IT-Lösungen und Infrastrukturen als Basis für Geschäftsmodelle in dynamischen Märkten“ Systemintegration „Eine integrierte IT-Landschaft als Grundlage für ein #ZUKUNFTSWIRKSAMES Business“ Intelligent Automation „Effizienterer Ressourceneinsatz durch die Automatisierung von Business-Prozessen mit dem Einsatz von KI-Technologien“
  • 5. © OPITZ CONSULTING 2023 / Öffentlich #TECHNOLOGIE & KOMPETENZEN Advanced Observability & Security for your Kubernetes with a modern Service Mesh 5 CONSULTING nachhaltig-langfristig- erfolgreich APPLICATIONS innovativ-herausragend- benutzerfreundlich INTEGRATION flexibel-automatisiert- performt ANALYTICS smart-intelligent- verlässlich INFRASTRUCTURE cloud-hybrid- elastisch CHANGE nachhaltig-achtsam- verbindlich  Serverless Microservices  DevOps  Modernisierung  Entkopplung  API first  Bi-Modal  UX-Design  Lifecycle  Cloud Based Integration  Sensor Data  IoT / Industrie 4.0  API-Management  Integration Third Party Apps  Process Integration  Application Integration  Data Lakes  Big Data & Fast Data  AI & Machine Learning  Intelligent Automation  Analytics für IoT  Data Labs  Data Governance  Open Data  Hybride Architekturen  Infrastructure as Code  Cloud Consumption  Multi-Cloud Management  Sicherheit der Cloud  Shared Cloud Services  Compliance  Managed Services  Vision & Sinn  Rolle und Identität  Werte & Glaubenssätze  Umwelt  Fähigkeiten und Verhalten  Culture Gardening  Digital Awareness  Digitalisierungsstrategie  Digitale Transformation  Innovation  Digitale Roadmap  Governance  Lizenzberatung DIGITALE PLATTFORM basierend auf dynamikrobusten Architekturen der Digitalisierung Künstliche Intelligenz mit dem Fokus auf Automatisierung & Entscheidungsvorbereitung
  • 6. © OPITZ CONSULTING 2023 / Öffentlich Advanced Observability & Security for your Kubernetes with a modern Service Mesh 6 WHY SERVICE MESH? 01
  • 7. © OPITZ CONSULTING 2023 / Öffentlich TREND TOWARDS DISTRIBUTED APPLICATION ARCHITECTURES Advanced Observability & Security for your Kubernetes with a modern Service Mesh 7 Centralized STATIC ON-PREM MONOLITH VIRTUAL MACHINES MANUAL CHANGE PROCESS Decentralized DYNAMIC CLOUD / MULTI-CLOUD MICROSERVICES / SERVERLESS CONTAINERS, KUBERNETES AUTOMATED CI/CD TOOL CHAIN # Services & APIs CONTROL AND VISIBILITY
  • 8. © OPITZ CONSULTING 2023 / Öffentlich INCREASED COMPLEXITY AND COGNITIVE LOAD ON DEVS Advanced Observability & Security for your Kubernetes with a modern Service Mesh 8 Security Security Logging Logging Security Tracing Metrics Routing Metrics Tracing Application AuthN/ Z Rate-Limiting Routing Caching Organization Application AuthN/ Z Versioning Versioning Rate-Limiting
  • 9. © OPITZ CONSULTING 2023 / Öffentlich WHAT’S A SERVICE MESH? Advanced Observability & Security for your Kubernetes with a modern Service Mesh 10  Efficient implementation of cross-cutting concerns with respect to service integration challenges  Everything is a service!  Cloud-native apps deployed to Kubernetes  Non Cloud-native workloads  Should be independent of  Architecture (e.g. Monolithic or µService)  Platform (e.g. VMs, Containers, Kubernetes) Dedicated infrastructure layer that makes service-to-service communication more reliable, secure and observable
  • 10. © OPITZ CONSULTING 2023 / Öffentlich E2E SERVICE CONNECTIVITY WITH GATEWAY AND MESH Advanced Observability & Security for your Kubernetes with a modern Service Mesh 12  Increased Developer experience  Consistent security  Seamless observability  Reliable connectivity  Resilience  Flexibility GW DP CLIENT PUBLIC TRAFFIC GW DP MESH CP MESH 1 MESH 2
  • 11. © OPITZ CONSULTING 2023 / Öffentlich SERVICE-MESH IMPLEMENTATIONS Advanced Observability & Security for your Kubernetes with a modern Service Mesh 13  Kuma  Istio  Consul  Linkerd  GlooMesh
  • 12. © OPITZ CONSULTING 2023 / Öffentlich Advanced Observability & Security for your Kubernetes with a modern Service Mesh 14 KUMA 02
  • 13. © OPITZ CONSULTING 2023 / Öffentlich KUMA INTRODUCTION Advanced Observability & Security for your Kubernetes with a modern Service Mesh 15  Initially invented by Kong and donated to CNCF in 2020  Provides a modern distributed Control Plane  Completely Envoy-based Data Plane proxies  Platform agnostic open-source control plane for Service Mesh  Hence Kuma is  Universal  Simple  Scalable  Flexible deployment options  Standalone deployment  Multi-Zone deployment Source: https://tinyurl.com/xb57bhx5
  • 14. © OPITZ CONSULTING 2023 / Öffentlich KUMA STANDALONE ARCHITECTURE Advanced Observability & Security for your Kubernetes with a modern Service Mesh 16
  • 15. © OPITZ CONSULTING 2023 / Öffentlich KUMA MULTI-CLUSTER ARCHITECTURE Advanced Observability & Security for your Kubernetes with a modern Service Mesh 17  One mesh can be deployed over multiple clusters (=> Zone)  All traffic enters cluster over zone ingress  One Remote (Zone) Control Plane in each cluster
  • 16. © OPITZ CONSULTING 2023 / Öffentlich KUMA NETWORKING / CNI Advanced Observability & Security for your Kubernetes with a modern Service Mesh 18  Installed as DaemonSet on all Nodes  Injects label on Pods - k8s.v1.cni.cncf.io/networks: kuma-cni  CNI enables Transparent Proxying – redirects all traffic through Data Plane
  • 17. © OPITZ CONSULTING 2023 / Öffentlich KUMA NETWORKING / INIT-CONTAINER Advanced Observability & Security for your Kubernetes with a modern Service Mesh 19  Injected to Pod and started individually before Data Plane  Configures iptables / network routing
  • 18. © OPITZ CONSULTING 2023 / Öffentlich SERVICE MESH DNS Advanced Observability & Security for your Kubernetes with a modern Service Mesh 20  Local DNS resolution directly in Data Plane (Envoy)  Names are not resolvable in complete cluster, just inside service mesh (Envoy)  Resolves “.mesh“ address to pre-defined service mesh IP address  IP in other zone / cluster is routed over Kuma Zone Ingress
  • 19. © OPITZ CONSULTING 2023 / Öffentlich ZONE EGRESS Advanced Observability & Security for your Kubernetes with a modern Service Mesh 21  Special Data Plane instance – like Zone Ingress  All outgoing traffic is routed through this instance  Usage of External Services just possible with deployed Zone Egress in the future
  • 20. © OPITZ CONSULTING 2023 / Öffentlich INTEGRATION OF LEGACY WORKLOAD Advanced Observability & Security for your Kubernetes with a modern Service Mesh 22  Integration of vm and bare metal workload  Local Data Plane instance connecting to Control Plane  Seamless and secure commuication between vm and Kubernetes workload
  • 21. © OPITZ CONSULTING 2023 / Öffentlich Advanced Observability & Security for your Kubernetes with a modern Service Mesh 23 DEMO 03
  • 22. © OPITZ CONSULTING 2023 / Öffentlich ARCHITECTURE OVERVIEW Advanced Observability & Security for your Kubernetes with a modern Service Mesh 24
  • 23. © OPITZ CONSULTING 2023 / Öffentlich ANALYZING AND MONITORING THE DATA Advanced Observability & Security for your Kubernetes with a modern Service Mesh  Using Grafana Stack to create a 360-degree view  Component usage:  Visualization: Grafana  Logging: Loki (Log Shipping: FluentD / FluentBit / Promtail)  Metrics: Prometheus  Tracing: Jaeger or Tempo  Alerting: Prometheus Alert Manager  Operating models  Self-managed (e.g. on-prem)  Grafana SaaS offering 25
  • 24. © OPITZ CONSULTING 2023 / Öffentlich ARCHITECTURE OBSERVABILITY Advanced Observability & Security for your Kubernetes with a modern Service Mesh 26
  • 25. © OPITZ CONSULTING 2023 / Öffentlich Advanced Observability & Security for your Kubernetes with a modern Service Mesh 27 DEMO
  • 26. © OPITZ CONSULTING 2023 / Öffentlich ASPECTS COVERED Advanced Observability & Security for your Kubernetes with a modern Service Mesh 28  Mesh Management (Kuma UI)  Managing Apps within the Mesh  Locality Awareness  Advanced Routing  Security  Mesh observability  Metrics  Logs  Traces
  • 27. © OPITZ CONSULTING 2023 / Öffentlich Advanced Observability & Security for your Kubernetes with a modern Service Mesh 29 CONCLUSION 04
  • 28. © OPITZ CONSULTING 2023 / Öffentlich SERVICE MESH BENEFITS Advanced Observability & Security for your Kubernetes with a modern Service Mesh 30  Zero-trust security  mTLS, Traffic Permissions  Increased Developers productivity  Crosscutting concerns (AuthN & AuthZ, …)  Self-service network management  Multi-Tenancy over multiple clouds  Reliable connectivity  Circuit Breaker, Traffic Routes, …  Observability  Metrics, Tracing, Logs
  • 29. © OPITZ CONSULTING 2023 / Öffentlich KEY TAKEAWAYS Advanced Observability & Security for your Kubernetes with a modern Service Mesh 31  Service Mesh is essential to build and managing multi-cloud apps efficiently  Kuma as mesh implementation provides  Agnostic approach (independent of architecture or platform)  Modern, flexible architecture supporting hybrid, multi-cloud scenarios  Multi-zone  Multi-cluster  Multi-mesh  Seamless CI / CD integration (GitOps)  Intuitive design  Spanning a mesh over multiple clusters and clouds can be done easily
  • 30. © OPITZ CONSULTING 2023 / Öffentlich MATERIALS Advanced Observability & Security for your Kubernetes with a modern Service Mesh 32  Demo Source: https://github.com/KongChampions/kuma-multi-zone-mesh  Kuma docs: https://kuma.io/docs/2.2.x/  Kuma Counter Demo: https://github.com/kumahq/kuma-counter-demo  Kuma introduction – Meetup recording “Service integration made easy with OpenSource Kuma”: https://www.youtube.com/watch?v=f3GeuKzYrsA&t=1s  Demo “Service integration made easy with OpenSource Kuma”: https://github.com/svenbernhardt/service-integration-made-easy  Kong / Kuma and friends (k3d)– https://github.com/FabianHardt/k3d-bootstrap-cluster
  • 31. © OPITZ CONSULTING 2023 / Öffentlich Advanced Observability & Security for your Kubernetes with a modern Service Mesh 33 Q & A https://opitzcloud.canto.global/b/H0EMG
  • 32. © OPITZ CONSULTING 2023 / Öffentlich Advanced Observability & Security for your Kubernetes with a modern Service Mesh 34 www.opitz-consulting.com KONTAKT Philipp Kürsten Senior Consultant Philipp.Kürsten@opitz-consulting.com +49 173 7279570 https://www.xing.com/profile/Philipp_Kuersten/ https://www.linkedin.com/in/philipp-kuersten/ Fabian Hardt Solution Architect Fabian.Hardt@opitz-consulting.com https://twitter.com/fabian_hardt https://www.xing.com/profile/Fabian_Hardt https://www.linkedin.com/in/fabian-hardt/

Editor's Notes

  1. Achtung: Hier muss!!!! Der Sprechtext sitzen, weil hier unser Angebot formuliert wird.
  2. Pfeile
  3. Global Control Plane (AKS, Fabian) Zone 1: OKE (Sven mit Data API) Zone 2: AKS (Fabian)
  4. Reliable connectivity No longer Developer’s responsibility Consistent, declarative management at infrastructure level Self-service network management Developer defines communication rules (traffic permissions) No longer need to also involve network teams (firewall rules) Zero-trust security Secure communication via mTLS Automated certificate management Service Discovery