SlideShare a Scribd company logo
1 of 32
1 | Copyright © 2019
The Truth About the
Service Mesh Data Plane
Christian Posta
@christianposta
Global Field CTO – Solo.io
2 | Copyright © 2019 @christianposta
CHRISTIAN POSTA
• Field CTO @ Solo.io
• Author of a few books
• Contributor to many open-source projects
• Architect, blogger, speaker, mentor, leader
@christianposta
christian@solo.io
https://blog.christianposta.com
https://slideshare.net/ceposta
3 | Copyright © 2019 @christianposta
MY BOOKS
https://bit.ly/istio-in-action
https://www.manning.com/dotd
50% off code:
dotd111819au
4 | Copyright © 2019 @christianposta
HIGHLY RECOMMENDED
5 | Copyright © 2019
The Service Mesh Journey with Solo.io
Solo.io connects and manages the world’s applications
with APIs and service mesh across any infrastructure.
Announcements coming today 
6 | Copyright © 20196 | Copyright © 2019
Challenges of adopting a service mesh
7 | Copyright © 2019 @christianposta
• Do you have a mix of application languages or frameworks?
• Large deployment of microservices on cloud infrastructure?
• Struggling to implement application interaction observability?
• Have you mastered your existing infrastructure stack?
Do you need a service mesh?
https://speakerdeck.com/thockin/weve-made-quite-a-mesh
Check out talk from @thockin:
8 | Copyright © 2019 @christianposta
• Which one to choose?
• Who's going to support it?
• Multi-tenancy issues within a single cluster?
• No good way to manage multiple clusters?
• Fitting with existing services (sidecar lifecycle, race conditions, etc)
• What's the delineation between developers and operations?
• Non container environments / hybrid env?
• Centralization vs decentralization
Challenges of adoption
9 | Copyright © 2019 @christianposta
• Start at the edge
• Start with one proxy, grow to more
• Pick a subset of traffic/applications
• Get demonstrable value from it
• Continue with measurable iterations
• Data plane matters!
A sensible way to start with service mesh:
learn your data plane!
10 | Copyright © 201910 | Copyright © 2019
Confusion in the data plane
11 | Copyright © 2019 @christianposta
• API Gateway vs service mesh?
• North/south vs east/west
• Sidecar vs shared proxy?
• Envoy vs nginx vs linkerd proxy vs others?
• What needs to go into my code?
What do I pick? They seem to overlap!?
12 | Copyright © 201912 | Copyright © 2019
The truth about the data plane
13 | Copyright © 2019 @christianposta
Service mesh gives a nice API into application networking.
14 | Copyright © 2019 @christianposta
How that API gets implemented will vary.
15 | Copyright © 2019 @christianposta
Data plane as a spectrum
Implemented
in code
Out of process
sidecar proxy
Shared gateway
per domain
Single centralized
gateway
16 | Copyright © 2019 @christianposta
• Performance is paramount, cannot use sidecar proxy
• Need fine-grained circuit breaking or other resilience
measures
• More complicated load balancing involving business logic
• Cannot deploy a sidecar
Implemented as code
When to do
Watch out for:
• Tightly intertwined with your application
• Can be difficult to change
• Trying to maintain multiple language implementations
17 | Copyright © 2019 @christianposta
Implemented as code: example, Consul Service Mesh
func main() {
client, _ := api.NewClient(api.DefaultConfig())
svc, _ := connect.NewService("my-service", client)
defer svc.Close()
// Get an HTTP client
httpClient := svc.HTTPClient()
// Perform a request, then use the standard response
resp, _ := httpClient.Get("https://userinfo.service.consul/")
}
18 | Copyright © 2019 @christianposta
Implemented as “sidecar” proxy
• Cannot modify applications
• Have multiple languages/frameworks
• Overhead is minimal relative to the app
• Need a high level of decentralization
When to do
Watch out for:
• Not understanding underlying proxy technology
• Race conditions when starting alongside app
• Updating when making changes
• Leaking proxy-specific information (ie, headers, etc)
19 | Copyright © 2019 @christianposta
Sidecar example: Linkerd
Service
Code
Service
Code
20 | Copyright © 2019 @christianposta
Implemented as shared domain gateway
• Cannot use or not ready for sidecar
• Provide a single entry point for group of related services
• Enforce boundaries
• Decoupling of API
When to do
Watch out for:
• Extra hops
• Insecure communication last mile
• Noisy neighbor
21 | Copyright © 2019 @christianposta
Shared gateway example: Istio ingress-gateway
22 | Copyright © 2019 @christianposta
Shared gateway example: Gloo
23 | Copyright © 2019 @christianposta
Implemented as central gateway
• When just starting out
• Expect a single central point of ingress/egress
• Operational complexity of other approaches too high for
current situation
When to do
Watch out for:
• Workflow bottleneck
• Insecure communication last mile
• Noisy neighbor
24 | Copyright © 2019 @christianposta
Implemented
in code
Out of process
sidecar proxy
Shared gateway
per domain
Single centralized
gateway
Data plane API
CNCF Working Group: Unified Data Plane API
25 | Copyright © 2019 @christianposta
• Universal, cross-client/server data plane management API
• CNCF governed working group; UDPA-WG
• Mailing list: udpa-wg@lists.cncf.io
• Charter and future development work:
https://github.com/cncf/udpa
• Development work Q1-Q3 2020, intercept the Envoy v4 xDS
API EOY 2020
Universal Data Plane API
26 | Copyright © 201926 | Copyright © 2019
Things at the data plane heating up!
27 | Copyright © 2019 @christianposta
Data plane getting very interesting…
28 | Copyright © 2019 @christianposta
Data plane getting very interesting…
https://github.com/envoyproxy/envoy-wasm
29 | Copyright © 2019 @christianposta
Now with beta Web Assembly support!
Data plane getting very interesting…
https://gloo.solo.io
30 | Copyright © 2019 @christianposta
The service mesh API matters!
Implemented
in code
Out of process
sidecar proxy
Shared gateway
per domain
Single shared
gateway
Control plane
API API API API API
31 | Copyright © 2019 @christianposta
What do you do with an API?
32 | Copyright © 2019
Check out our booth for multi-cluster
service mesh management demo.
Idit Levine’s talk today at 2:20p
My KubeCon workshop:
“Service mesh for the developer workflow”
Thursday 2:25p

More Related Content

What's hot

What's hot (20)

Dapr - A 10x Developer Framework for Any Language
Dapr - A 10x Developer Framework for Any LanguageDapr - A 10x Developer Framework for Any Language
Dapr - A 10x Developer Framework for Any Language
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
 
Exploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on KubernetesExploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on Kubernetes
 
FinOps for private cloud
FinOps for private cloudFinOps for private cloud
FinOps for private cloud
 
Cluster-as-code. The Many Ways towards Kubernetes
Cluster-as-code. The Many Ways towards KubernetesCluster-as-code. The Many Ways towards Kubernetes
Cluster-as-code. The Many Ways towards Kubernetes
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOps
 
Full Isolation in Multi-Tenant SaaS with Kubernetes and Istio
Full Isolation in Multi-Tenant SaaS with Kubernetes and IstioFull Isolation in Multi-Tenant SaaS with Kubernetes and Istio
Full Isolation in Multi-Tenant SaaS with Kubernetes and Istio
 
[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS[KubeCon EU 2022] Running containerd and k3s on macOS
[KubeCon EU 2022] Running containerd and k3s on macOS
 
Migrating from IBM API Connect v5 to v2018
Migrating from IBM API Connect v5 to v2018Migrating from IBM API Connect v5 to v2018
Migrating from IBM API Connect v5 to v2018
 
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
 
What is Platform as a Product? Clues from Team Topologies @ DevOps Porto meet...
What is Platform as a Product? Clues from Team Topologies @ DevOps Porto meet...What is Platform as a Product? Clues from Team Topologies @ DevOps Porto meet...
What is Platform as a Product? Clues from Team Topologies @ DevOps Porto meet...
 
Intro to Helm for Kubernetes
Intro to Helm for KubernetesIntro to Helm for Kubernetes
Intro to Helm for Kubernetes
 
Improve Developer Experience with Developer Portal
Improve Developer Experience with Developer PortalImprove Developer Experience with Developer Portal
Improve Developer Experience with Developer Portal
 
apidays Paris 2022 - API design best practices, Ryan Clifford & Ros Bennis, F...
apidays Paris 2022 - API design best practices, Ryan Clifford & Ros Bennis, F...apidays Paris 2022 - API design best practices, Ryan Clifford & Ros Bennis, F...
apidays Paris 2022 - API design best practices, Ryan Clifford & Ros Bennis, F...
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
 
Apache Flink: Real-World Use Cases for Streaming Analytics
Apache Flink: Real-World Use Cases for Streaming AnalyticsApache Flink: Real-World Use Cases for Streaming Analytics
Apache Flink: Real-World Use Cases for Streaming Analytics
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo Mesh
 
Introduction to Istio on Kubernetes
Introduction to Istio on KubernetesIntroduction to Istio on Kubernetes
Introduction to Istio on Kubernetes
 
IBM MQ Update, including 9.1.2 CD
IBM MQ Update, including 9.1.2 CDIBM MQ Update, including 9.1.2 CD
IBM MQ Update, including 9.1.2 CD
 
Build Your Own CaaS (Container as a Service)
Build Your Own CaaS (Container as a Service)Build Your Own CaaS (Container as a Service)
Build Your Own CaaS (Container as a Service)
 

Similar to The Truth About the Service Mesh Data Plane

Role of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoptionRole of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoption
Christian Posta
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
Christian Posta
 

Similar to The Truth About the Service Mesh Data Plane (20)

Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMeshService-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
 
Role of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoptionRole of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoption
 
Service Mesh in the Real World [Raleigh NC Meetup]
Service Mesh in the Real World [Raleigh NC Meetup]Service Mesh in the Real World [Raleigh NC Meetup]
Service Mesh in the Real World [Raleigh NC Meetup]
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
 
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
 
MuleSoft Meetup Valletta 1.0
MuleSoft Meetup Valletta  1.0MuleSoft Meetup Valletta  1.0
MuleSoft Meetup Valletta 1.0
 
Jenkins World 2019 - Integrating jenkins x with your business
Jenkins World 2019 - Integrating jenkins x with your businessJenkins World 2019 - Integrating jenkins x with your business
Jenkins World 2019 - Integrating jenkins x with your business
 
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
 
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
 
2019 03-23-2nd-meetup-essential capabilities behind microservices
2019 03-23-2nd-meetup-essential capabilities behind microservices2019 03-23-2nd-meetup-essential capabilities behind microservices
2019 03-23-2nd-meetup-essential capabilities behind microservices
 
Why reinvent the wheel at Criteo?
Why reinvent the wheel at Criteo? Why reinvent the wheel at Criteo?
Why reinvent the wheel at Criteo?
 
Running Consul on Kubernetes and Beyond
Running Consul on Kubernetes and BeyondRunning Consul on Kubernetes and Beyond
Running Consul on Kubernetes and Beyond
 
Transforming Software Architecture for the 21st Century (September 2009)
Transforming Software Architecture for the 21st Century (September 2009)Transforming Software Architecture for the 21st Century (September 2009)
Transforming Software Architecture for the 21st Century (September 2009)
 
Integrating Postgres with ActiveMQ and Camel
Integrating Postgres with ActiveMQ and CamelIntegrating Postgres with ActiveMQ and Camel
Integrating Postgres with ActiveMQ and Camel
 
IX-API: An application programming interface to provision on IXs by Henk Stee...
IX-API: An application programming interface to provision on IXs by Henk Stee...IX-API: An application programming interface to provision on IXs by Henk Stee...
IX-API: An application programming interface to provision on IXs by Henk Stee...
 
Twelve-Factor application pattern with Spring Framework
Twelve-Factor application pattern with Spring FrameworkTwelve-Factor application pattern with Spring Framework
Twelve-Factor application pattern with Spring Framework
 
Chaos Debugging for Microservices
Chaos Debugging for MicroservicesChaos Debugging for Microservices
Chaos Debugging for Microservices
 
Engage 2020-nerd-for-move-on-from-x pages
Engage 2020-nerd-for-move-on-from-x pagesEngage 2020-nerd-for-move-on-from-x pages
Engage 2020-nerd-for-move-on-from-x pages
 
Akachain Hyperledger Fabric best practices
Akachain Hyperledger Fabric best practicesAkachain Hyperledger Fabric best practices
Akachain Hyperledger Fabric best practices
 
Crossing the chasm with cloud native
Crossing the chasm with cloud nativeCrossing the chasm with cloud native
Crossing the chasm with cloud native
 

More from Christian Posta

API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisis
Christian Posta
 
Evolution of integration and microservices patterns with service mesh
Evolution of integration and microservices patterns with service meshEvolution of integration and microservices patterns with service mesh
Evolution of integration and microservices patterns with service mesh
Christian Posta
 

More from Christian Posta (20)

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Understanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload IdentityUnderstanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload Identity
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
 
Multi-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMeshMulti-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMesh
 
Multicluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh PatternsMulticluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh Patterns
 
Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service Mesh
 
Deep Dive: Building external auth plugins for Gloo Enterprise
Deep Dive: Building external auth plugins for Gloo EnterpriseDeep Dive: Building external auth plugins for Gloo Enterprise
Deep Dive: Building external auth plugins for Gloo Enterprise
 
Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1
 
API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisis
 
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh Landscape
 
Intro to Knative
Intro to KnativeIntro to Knative
Intro to Knative
 
API World: The service-mesh landscape
API World: The service-mesh landscapeAPI World: The service-mesh landscape
API World: The service-mesh landscape
 
Making sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverlessMaking sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverless
 
Evolution of integration and microservices patterns with service mesh
Evolution of integration and microservices patterns with service meshEvolution of integration and microservices patterns with service mesh
Evolution of integration and microservices patterns with service mesh
 
Come for the traffic management, stay for the security
Come for the traffic management, stay for the securityCome for the traffic management, stay for the security
Come for the traffic management, stay for the security
 
A microservices journey - Round 2
A microservices journey - Round 2A microservices journey - Round 2
A microservices journey - Round 2
 
An eventful tour from enterprise integration to serverless and functions
An eventful tour from enterprise integration to serverless and functionsAn eventful tour from enterprise integration to serverless and functions
An eventful tour from enterprise integration to serverless and functions
 
Lowering the risk of monolith to microservices
Lowering the risk of monolith to microservicesLowering the risk of monolith to microservices
Lowering the risk of monolith to microservices
 
Istio: solving challenges of hybrid cloud
Istio: solving challenges of hybrid cloudIstio: solving challenges of hybrid cloud
Istio: solving challenges of hybrid cloud
 

Recently uploaded

Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
UK Journal
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 

Recently uploaded (20)

Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
 
Your enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jYour enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4j
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 

The Truth About the Service Mesh Data Plane

  • 1. 1 | Copyright © 2019 The Truth About the Service Mesh Data Plane Christian Posta @christianposta Global Field CTO – Solo.io
  • 2. 2 | Copyright © 2019 @christianposta CHRISTIAN POSTA • Field CTO @ Solo.io • Author of a few books • Contributor to many open-source projects • Architect, blogger, speaker, mentor, leader @christianposta christian@solo.io https://blog.christianposta.com https://slideshare.net/ceposta
  • 3. 3 | Copyright © 2019 @christianposta MY BOOKS https://bit.ly/istio-in-action https://www.manning.com/dotd 50% off code: dotd111819au
  • 4. 4 | Copyright © 2019 @christianposta HIGHLY RECOMMENDED
  • 5. 5 | Copyright © 2019 The Service Mesh Journey with Solo.io Solo.io connects and manages the world’s applications with APIs and service mesh across any infrastructure. Announcements coming today 
  • 6. 6 | Copyright © 20196 | Copyright © 2019 Challenges of adopting a service mesh
  • 7. 7 | Copyright © 2019 @christianposta • Do you have a mix of application languages or frameworks? • Large deployment of microservices on cloud infrastructure? • Struggling to implement application interaction observability? • Have you mastered your existing infrastructure stack? Do you need a service mesh? https://speakerdeck.com/thockin/weve-made-quite-a-mesh Check out talk from @thockin:
  • 8. 8 | Copyright © 2019 @christianposta • Which one to choose? • Who's going to support it? • Multi-tenancy issues within a single cluster? • No good way to manage multiple clusters? • Fitting with existing services (sidecar lifecycle, race conditions, etc) • What's the delineation between developers and operations? • Non container environments / hybrid env? • Centralization vs decentralization Challenges of adoption
  • 9. 9 | Copyright © 2019 @christianposta • Start at the edge • Start with one proxy, grow to more • Pick a subset of traffic/applications • Get demonstrable value from it • Continue with measurable iterations • Data plane matters! A sensible way to start with service mesh: learn your data plane!
  • 10. 10 | Copyright © 201910 | Copyright © 2019 Confusion in the data plane
  • 11. 11 | Copyright © 2019 @christianposta • API Gateway vs service mesh? • North/south vs east/west • Sidecar vs shared proxy? • Envoy vs nginx vs linkerd proxy vs others? • What needs to go into my code? What do I pick? They seem to overlap!?
  • 12. 12 | Copyright © 201912 | Copyright © 2019 The truth about the data plane
  • 13. 13 | Copyright © 2019 @christianposta Service mesh gives a nice API into application networking.
  • 14. 14 | Copyright © 2019 @christianposta How that API gets implemented will vary.
  • 15. 15 | Copyright © 2019 @christianposta Data plane as a spectrum Implemented in code Out of process sidecar proxy Shared gateway per domain Single centralized gateway
  • 16. 16 | Copyright © 2019 @christianposta • Performance is paramount, cannot use sidecar proxy • Need fine-grained circuit breaking or other resilience measures • More complicated load balancing involving business logic • Cannot deploy a sidecar Implemented as code When to do Watch out for: • Tightly intertwined with your application • Can be difficult to change • Trying to maintain multiple language implementations
  • 17. 17 | Copyright © 2019 @christianposta Implemented as code: example, Consul Service Mesh func main() { client, _ := api.NewClient(api.DefaultConfig()) svc, _ := connect.NewService("my-service", client) defer svc.Close() // Get an HTTP client httpClient := svc.HTTPClient() // Perform a request, then use the standard response resp, _ := httpClient.Get("https://userinfo.service.consul/") }
  • 18. 18 | Copyright © 2019 @christianposta Implemented as “sidecar” proxy • Cannot modify applications • Have multiple languages/frameworks • Overhead is minimal relative to the app • Need a high level of decentralization When to do Watch out for: • Not understanding underlying proxy technology • Race conditions when starting alongside app • Updating when making changes • Leaking proxy-specific information (ie, headers, etc)
  • 19. 19 | Copyright © 2019 @christianposta Sidecar example: Linkerd Service Code Service Code
  • 20. 20 | Copyright © 2019 @christianposta Implemented as shared domain gateway • Cannot use or not ready for sidecar • Provide a single entry point for group of related services • Enforce boundaries • Decoupling of API When to do Watch out for: • Extra hops • Insecure communication last mile • Noisy neighbor
  • 21. 21 | Copyright © 2019 @christianposta Shared gateway example: Istio ingress-gateway
  • 22. 22 | Copyright © 2019 @christianposta Shared gateway example: Gloo
  • 23. 23 | Copyright © 2019 @christianposta Implemented as central gateway • When just starting out • Expect a single central point of ingress/egress • Operational complexity of other approaches too high for current situation When to do Watch out for: • Workflow bottleneck • Insecure communication last mile • Noisy neighbor
  • 24. 24 | Copyright © 2019 @christianposta Implemented in code Out of process sidecar proxy Shared gateway per domain Single centralized gateway Data plane API CNCF Working Group: Unified Data Plane API
  • 25. 25 | Copyright © 2019 @christianposta • Universal, cross-client/server data plane management API • CNCF governed working group; UDPA-WG • Mailing list: udpa-wg@lists.cncf.io • Charter and future development work: https://github.com/cncf/udpa • Development work Q1-Q3 2020, intercept the Envoy v4 xDS API EOY 2020 Universal Data Plane API
  • 26. 26 | Copyright © 201926 | Copyright © 2019 Things at the data plane heating up!
  • 27. 27 | Copyright © 2019 @christianposta Data plane getting very interesting…
  • 28. 28 | Copyright © 2019 @christianposta Data plane getting very interesting… https://github.com/envoyproxy/envoy-wasm
  • 29. 29 | Copyright © 2019 @christianposta Now with beta Web Assembly support! Data plane getting very interesting… https://gloo.solo.io
  • 30. 30 | Copyright © 2019 @christianposta The service mesh API matters! Implemented in code Out of process sidecar proxy Shared gateway per domain Single shared gateway Control plane API API API API API
  • 31. 31 | Copyright © 2019 @christianposta What do you do with an API?
  • 32. 32 | Copyright © 2019 Check out our booth for multi-cluster service mesh management demo. Idit Levine’s talk today at 2:20p My KubeCon workshop: “Service mesh for the developer workflow” Thursday 2:25p