This document discusses service mesh advanced use cases and Kuma mesh. It introduces service meshes as providing reliable connectivity and managing cross-cutting concerns for microservices. Kuma mesh is presented as a platform-agnostic open source control plane that provides networking, security and observability features. The document demonstrates Kuma's multi-cluster architecture and shows how it provides consistent connectivity across clusters and edges.

1. © OPITZ CONSULTING 2022 / Öffentlich
Service mesh advanced Use Cases 1
Nuremberg, 2022-09-22
Sven Bernhardt , Fabian Hardt
SERVICE MESH ADVANCED USE CASES

2. © OPITZ CONSULTING 2022 / Öffentlich
Service mesh advanced Use Cases 2
SERVICE MESH BASICS
01

3. © OPITZ CONSULTING 2022 / Öffentlich
MODERN SOFTWARE ARCHITECTURES ARE LOOSLEY COUPLED AND
DISTRIBUTED
Service mesh advanced Use Cases 3
¢ Single Deployment unit
¢ Single execution process
¢ Shared database
¢ Local, app-internal communication only
¢ Multiple Deployment units
¢ Exclusive execution process per service
¢ Database per Service (usually)
¢ Remote, inter-service communication
UI
Business
Logic
Persistence
Traditional software architecture Modern software architecture

4. © OPITZ CONSULTING 2022 / Öffentlich
CONNECTIVITY IS THE BACKBONE OF DIGITAL ORGANIZATIONS
Service mesh advanced Use Cases 4
Centralized
STATIC
ON-PREM
MONOLITH
VIRTUAL MACHINES
MANUAL CHANGE PROCESS
Decentralized
DYNAMIC
CLOUD / MULTI-CLOUD
MICROSERVICES / SERVERLESS
CONTAINERS, KUBERNETES
AUTOMATED CI/CD TOOL CHAIN
# Services & APIs
CONTROL AND VISIBILITY

5. © OPITZ CONSULTING 2022 / Öffentlich
WHAT’S END-TO-END SERVICE CONNECTIVITY?
Service mesh advanced Use Cases 5
¢ Between applications
¢ Within applications
¢ At the edge
EDGE
Monolithic back
end service
Microservices
based app
Microservices exposed at edge
for external consumption

6. © OPITZ CONSULTING 2022 / Öffentlich
RELIABLE CONNECTIVITY IS A MULTIDIMENSIONAL PROBLEM
Service mesh advanced Use Cases 7
App App App
App
Edge Cross-App In-App
Monolith Services Microservices Serverless …

7. © OPITZ CONSULTING 2022 / Öffentlich
INCREASED COMPLEXITY AND CHALLENGES WITH RESPECT TO
DEVELOPMENT CONSISTENCY
Service mesh advanced Use Cases 8
Security Security
Logging Logging
Security
Tracing
Metrics Routing
Metrics Tracing
Application
AuthN/Z
Rate-Limiting
Routing
Caching
Organization
Application
AuthN/Z
Versioning
Versioning
Rate-Limiting

8. © OPITZ CONSULTING 2022 / Öffentlich
WHAT’S A SERVICE MESH?
Service mesh advanced Use Cases 9
¢ Efficient implementation of cross-cutting
concerns with respect to service
integration challenges
¢ Everything is a service!
¢ Cloud-native apps deployed to Kubernetes
¢ Non Cloud-native workloads
¢ Should be independent of
¢ Architecture (e.g. Monolithic or µService)
¢ Platform (e.g. VMs, Containers, Kubernetes)
Dedicated infrastructure layer that
makes service-to-service communication
more reliable, secure and observable

9. © OPITZ CONSULTING 2022 / Öffentlich
WHAT CAN SERVICE MESH HELP YOU WITH?
Service mesh advanced Use Cases 10
API Gateway

10. © OPITZ CONSULTING 2022 / Öffentlich
CONSISTENCE FROM THE EDGE TO THE TARGET SERVICE
Service mesh advanced Use Cases 11
¢ External Clients access an organization’s
services through the API Gateway (Single
Point of entry)
¢ API Gateway is integrated in the Mesh
¢ Is just another service
¢ Gateway proxy just handles outbound traffic
¢ Internal traffic routing is handeled by the
Mesh

11. © OPITZ CONSULTING 2022 / Öffentlich
Service mesh advanced Use Cases 12
KUMA MESH
02

12. © OPITZ CONSULTING 2022 / Öffentlich
KUMA MESH
Service mesh advanced Use Cases 13
¢ Initally invented by Kong and donated to CNCF in 2020
¢ Provides a modern distributed Control Plane
¢ Completely Envoy-based Data Plane proxies
¢ Platform agnostic open-source control plane for Service Mesh
¢ Hence Kuma is
¢ Universal
¢ Simple
¢ Scalable
¢ Flexible deployment options
¢ Standalone deployment
¢ Multi-Zone deployment
Source: https://tinyurl.com/xb57bhx5

13. © OPITZ CONSULTING 2022 / Öffentlich
KUMA STANDALONE ARCHITECTURE
Service mesh advanced Use Cases 14

14. © OPITZ CONSULTING 2022 / Öffentlich
KUMA MULTI-CLUSTER ARCHITECTURE
Service mesh advanced Use Cases 15
¢ One zone can be deployed over multiple clusters
¢ All traffic enters cluster over zone ingress
¢ One Remote (Zone) Control Plane in each cluster

15. © OPITZ CONSULTING 2022 / Öffentlich
KUMA NETWORKING / CNI
Service mesh advanced Use Cases 16
¢ Installed as DaemonSet on all Nodes
¢ Injects label on Pods - k8s.v1.cni.cncf.io/networks: kuma-cni
¢ CNI enables Transparent Proxying – redirects all traffic through Data Plane

16. © OPITZ CONSULTING 2022 / Öffentlich
KUMA NETWORKING / INIT-CONTAINER
Service mesh advanced Use Cases 17
¢ Injected to Pod and started individually before Data Plane
¢ Configures iptables / network routing

17. © OPITZ CONSULTING 2022 / Öffentlich
SERVICE MESH DNS
Service mesh advanced Use Cases 18
¢ Local DNS resolution directly in Data Plane (Envoy)
¢ Names are not resolvable in complete cluster, just inside service mesh (Envoy)
¢ Resolves “.mesh“ address to pre-defined service mesh IP address
¢ IP in other zone / cluster is routed over Kuma Zone Ingress

18. © OPITZ CONSULTING 2022 / Öffentlich
ZONE EGRESS
Service mesh advanced Use Cases 19
¢ Special Data Plane instance – like Zone Ingress
¢ All outgoing traffic is routed through this instance
¢ Usage of External Services just possible with deployed Zone Egress in the future

19. © OPITZ CONSULTING 2022 / Öffentlich
Service mesh advanced Use Cases 20
DEMO
03

20. © OPITZ CONSULTING 2022 / Öffentlich
DEMO: MULTI-CLOUD / MULTI-CLUSTER MESH
Service mesh advanced Use Cases 21

21. © OPITZ CONSULTING 2022 / Öffentlich
ORACLE CONTAINER ENGINE FOR KUBERNETES (OKE)
Service mesh advanced Use Cases 22
Based on IaaS Oracle
Compute Cloud Service
Worker Nodes: VM
Master Node:
•Managed and maintained by Oracle
•Not visible for the end user
•Master nodes are free of charge
Auto-scaling capabilities
using Worker-Node Pools
Can be provisioned using
OCI Cloud Console
OCI Cloud Shell
OCI CLI
Terraform (OCI Resource Manager)

22. © OPITZ CONSULTING 2022 / Öffentlich
Service mesh advanced Use Cases 23
CONCLUSION
06

23. © OPITZ CONSULTING 2022 / Öffentlich
SERVICE MESH BENEFITS
Service mesh advanced Use Cases 24
¢ Increased Developers productivity
¢ Self-service network management
¢ Reliable connectivity
¢ Zero-trust security
¢ Service Discovery
¢ Observability

24. © OPITZ CONSULTING 2022 / Öffentlich
KEY TAKEAWAYS
Service mesh advanced Use Cases 25
¢ Service Mesh is essential for modern software architectures to tackle basic service
integration challenges independent of:
¢ Level
¢ Architecture
¢ Platform
¢ Kuma as a mesh implementation provides
¢ Agnostic approach (indepent of architecture or platform)
¢ Modern, flexible architecture supporting hybrid, multi-cloud scenarios
¢ Standalone
¢ Multi-zone
¢ Multi-mesh
¢ Seamless CI / CD integration (GitOps)

25. © OPITZ CONSULTING 2022 / Öffentlich
Service mesh advanced Use Cases 26
Q & A
https://opitzcloud.canto.global/b/H0EMG

26. © OPITZ CONSULTING 2022 / Öffentlich
Analytics meets Integration – Modern Development mit Data APIs 27
www.opitz-consulting.com
KONTAKT
Sven Bernhardt
Senior Manager Corporate Development
Sven.Bernhardt@opitz-consulting.com
+49 172 2193529
https://www.xing.com/profile/Sven_Bernhardt/
https://www.linkedin.com/in/sven-bernhardt-0570b823/
Fabian Hardt
Solution Architect
Fabian.Hardt@opitz-consulting.com
https://twitter.com/fabian_hardt
https://www.xing.com/profile/Fabian_Hardt
https://www.linkedin.com/in/fabian-hardt-0956b1b1