Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

WTF Do We Need a Service Mesh? By Anton Weiss.

97 views

Published on

Service meshes are all the buzz in cloud-native world.
How come only yesterday we didn't know such a thing existed and now everybody seems to want one?
If you're already running a microservice-based system or only starting out with one, you may be asking yourself : "Do I also need a mesh?"
In this session we'll try to answer what the mesh is good for, what problem it solves, what new questions it poses.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

WTF Do We Need a Service Mesh? By Anton Weiss.

  1. 1. @antweiss WTF Do We Need A Service Mesh? Ant Weiss, Otomato Software
  2. 2. @antweiss whoami: Anton (Ant) Weiss @antweiss Otomato Software Delivery http://otomato.link
  3. 3. @antweiss A Long Long Time Ago... https://linkerd.io/2016/02/18/linkerd-twitter-style-operability-for-microservices/
  4. 4. @antweiss A Long Long Time Ago...
  5. 5. @antweiss A Long Long Time Ago...
  6. 6. @antweiss Today: ● Istio 1.3 (managed service on GKE)
  7. 7. @antweiss Today: ● Istio 1.3 (managed service on GKE) ● Linkerd 2.0 (instead of Conduit)
  8. 8. @antweiss Today: ● Istio 1.3 (managed service on GKE) ● Linkerd 2.0 (instead of Conduit) ● Consul Connect + Envoy sidecar-proxy
  9. 9. @antweiss Today: ● Istio 1.3 (managed service on GKE) ● Linkerd 2.0 (instead of Conduit) ● Consul Connect + Envoy sidecar-proxy ● Maesh (from Containous)
  10. 10. @antweiss Today: ● Istio 1.3 (managed service on GKE) ● Linkerd 2.0 (instead of Conduit) ● Consul Connect + Envoy sidecar-proxy ● Maesh (from Containous) ● Kuma (from Kong)
  11. 11. @antweiss Today: ● Istio 1.3 (managed service on GKE) ● Linkerd 2.0 (instead of Conduit) ● Consul Connect + Envoy sidecar-proxy ● Maesh (from Containous) ● Kuma (from Kong) ● NSM
  12. 12. @antweiss Today: ● AWS App Mesh ● Aspen Mesh ● Octarine ● Grey Matter ● A10 Secure Service Mesh ● VMWare NSX ● Glasnostic
  13. 13. @antweiss Questions:
  14. 14. @antweiss Questions: ● What’s a Service Mesh?
  15. 15. @antweiss Questions: ● What’s a Service Mesh? ● WTF Do We Need a Service Mesh?
  16. 16. @antweiss Questions: ● What’s a Service Mesh? ● WTF Do We Need a Service Mesh? ● Which Mesh To Choose?
  17. 17. @antweiss Questions: ● What’s a Service Mesh? ● WTF Do We Need a Service Mesh? ● Which Mesh To Choose? ● What Will It Cost Us?
  18. 18. @antweiss WHAT?
  19. 19. @antweiss MEsh vs Gateway
  20. 20. @antweiss SMI - the Service Mesh Interface Total CRD-ization for Service Meshes
  21. 21. @antweiss SMI - the Service Mesh Interface Traffic Spec - what does the traffic look like? apiVersion: specs.smi-spec.io/v1alpha1 kind: HTTPRouteGroup metadata: name: the-routes matches: - name: metrics pathRegex: "/metrics" methods: - GET - name: health pathRegex: "/healthz" methods: ["*"]
  22. 22. @antweiss SMI - the Service Mesh Interface Traffic Access Control - Who can and who should talk to whom? kind: TrafficTarget apiVersion: access.smi-spec.io/v1alpha1 metadata: name: path-specific destination: kind: ServiceAccount name: service-a port: 8080 specs: - kind: HTTPRouteGroup name: the-routes matches: - metrics sources: - kind: ServiceAccount name: prometheus namespace: default
  23. 23. @antweiss SMI - the Service Mesh Interface Traffic Split - Divide and Conquer! apiVersion: split.smi-spec.io/v1alpha1 kind: TrafficSplit metadata: name: my-app-split spec: # The root service that clients request service: my-app # Services inside the namespace with their own selectors,etc backends: - service: my-app-v1 weight: 50 - service: my-app-v2 weight: 50
  24. 24. @antweiss SMI - the Service Mesh Interface Traffic Metrics - Let’s Measure Stuff apiVersion: metrics.smi-spec.io/v1alpha1 kind: TrafficMetrics resource: name: foo-775b9cbd88-ntxsl namespace: foobar kind: Pod edge: direction: to resource: name: baz-577db7d977-lsk2q namespace: foobar kind: Pod
  25. 25. @antweiss SMI - the Service Mesh Interface apiVersion: metrics.smi-spec.io/v1alpha1 kind: TrafficMetrics resource: name: foo-775b9cbd88-ntxsl namespace: foobar kind: Pod edge: direction: from resource: name: baz-577db7d977-lsk2q namespace: foobar kind: Pod Traffic Metrics - Let’s Measure Stuff
  26. 26. @antweiss SMI - the Service Mesh Interface kind: TrafficMetrics spec: … timestamp: 2019-04-08T22:25:55Z window: 30s metrics: - name: p99_response_latency unit: seconds value: 10m - name: p90_response_latency unit: seconds value: 10m - name: p50_response_latency unit: seconds value: 10m - name: success_count value: 100 - name: failure_count value: 100 Traffic Metrics - Let’s Measure Stuff
  27. 27. @antweiss WTF? Manageability
  28. 28. @antweiss WTF? Manageability Observability
  29. 29. @antweiss WTF? Manageability Observability Reliability
  30. 30. @antweiss WTF? Manageability Observability Reliability Security
  31. 31. @antweiss WTF? Manageability Observability Reliability Security Progressive Delivery
  32. 32. What Mesh to Choose?
  33. 33. @antweiss ● The Reference Implementation Istio
  34. 34. @antweiss ● The Reference Implementation ● Hybrid Configs and Topologies (?) Istio
  35. 35. @antweiss ● The Reference Implementation ● Hybrid Configs and Topologies (?) ● Sidecar-proxy: Envoy Istio
  36. 36. @antweiss ● The Reference Implementation ● Hybrid Configs and Topologies (?) ● Sidecar-proxy: Envoy ● Performance Issues Istio
  37. 37. @antweiss ● The Reference Implementation ● Hybrid Configs and Topologies (?) ● Sidecar-proxy: Envoy ● Performance Issues ● Complexity ( going down - 20 CRDs in version 1.3.1) Istio
  38. 38. @antweiss ● The Reference Implementation ● Hybrid Configs and Topologies (?) ● Sidecar-proxy: Envoy ● Performance Issues ● Complexity ( going down - 20 CRDs in version 1.3.1) ● Modularity Istio
  39. 39. @antweiss ● The Reference Implementation ● Hybrid Configs and Topologies (?) ● Sidecar-proxy: Envoy ● Performance Issues ● Complexity ( going down - 20 CRDs in version 1.3.1) ● Modularity ● OpenTracing Support (with adapter) Istio
  40. 40. @antweiss ● The Reference Implementation ● Hybrid Configs and Topologies (?) ● Sidecar-proxy: Envoy ● Performance Issues ● Complexity ( going down - 20 CRDs in version 1.3.1) ● Modularity ● OpenTracing Support (with adapter) ● Prometheus Integration (with adapter) Istio
  41. 41. @antweiss LinkerD 2.0 ● From the Service Mesh Pioneers
  42. 42. @antweiss LinkerD 2.0 ● From the Service Mesh Pioneers ● Kubernetes Only
  43. 43. @antweiss LinkerD 2.0 ● From the Service Mesh Pioneers ● Kubernetes Only ● Sidecar-proxy: Linkerd (Rust)
  44. 44. @antweiss LinkerD 2.0 ● From the Service Mesh Pioneers ● Kubernetes Only ● Sidecar-proxy: Linkerd (Rust) ● Minimum Config
  45. 45. @antweiss LinkerD 2.0 ● From the Service Mesh Pioneers ● Kubernetes Only ● Sidecar-proxy: Linkerd (Rust) ● Minimum Config ● Telemetry Built-in
  46. 46. @antweiss LinkerD 2.0 ● From the Service Mesh Pioneers ● Kubernetes Only ● Sidecar-proxy: Linkerd (Rust) ● Minimum Config ● Telemetry Built-in ● High Performance
  47. 47. @antweiss LinkerD 2.0 ● From the Service Mesh Pioneers ● Kubernetes Only ● Sidecar-proxy: Linkerd (Rust) ● Minimum Config ● Telemetry Built-in ● High Performance ● Simplicity
  48. 48. @antweiss ● Battle-tested Tooling Consul Connect
  49. 49. @antweiss ● Battle-tested Tooling ● Heterogeneous Environments Consul Connect
  50. 50. @antweiss ● Battle-tested Tooling ● Heterogeneous Environments ● Sidecar-proxy: Envoy Consul Connect
  51. 51. @antweiss ● Battle-tested Tooling ● Heterogeneous Environments ● Sidecar-proxy: Envoy ● Consul Agent on every Node Consul Connect
  52. 52. @antweiss ● Battle-tested Tooling ● Heterogeneous Environments ● Sidecar-proxy: Envoy ● Consul Agent on every Node ● HCL/json/UI instead of YAML Consul Connect
  53. 53. @antweiss ● Battle-tested Tooling ● Heterogeneous Environments ● Sidecar-proxy: Envoy ● Consul Agent on every Node ● HCL/json/UI instead of YAML ● Telemetry - directly from proxies Consul Connect
  54. 54. @antweiss ● Battle-tested Tooling ● Heterogeneous Environments ● Sidecar-proxy: Envoy ● Consul Agent on every Node ● HCL/json/UI instead of YAML ● Telemetry - directly from proxies ● SMI - Traffic Access only Consul Connect
  55. 55. @antweiss Maesh ● Kubernetes Only
  56. 56. @antweiss Maesh ● Kubernetes Only ● Proxy: Traefik
  57. 57. @antweiss Maesh ● Kubernetes Only ● Proxy: Traefik ● Look Ma, No Sidecars!
  58. 58. @antweiss Maesh ● Kubernetes Only ● Proxy: Traefik ● Look Ma, No Sidecars! ● SMI compliant (implements Spec, Acces, Split)
  59. 59. @antweiss Maesh ● Kubernetes Only ● Proxy: Traefik ● Look Ma, No Sidecars! ● SMI compliant (implements Spec, Acces, Split) ● Config: by annotations on K8S objects
  60. 60. @antweiss Maesh ● Kubernetes Only ● Proxy: Traefik ● Look Ma, No Sidecars! ● SMI compliant (implements Spec, Acces, Split) ● Config: by annotations on K8S objects ● Access to services through <service>.<namespace>.maesh
  61. 61. @antweiss Kuma (Kong Mesh) ● Universal Service Mesh
  62. 62. @antweiss Kuma (Kong Mesh) ● Universal Service Mesh ● Sidecar-proxy: Envoy
  63. 63. @antweiss Kuma (Kong Mesh) ● Universal Service Mesh ● Sidecar-proxy: Envoy ● Platform-agnostic (Universal and Kubernetes-native)
  64. 64. @antweiss Kuma (Kong Mesh) ● Universal Service Mesh ● Sidecar-proxy: Envoy ● Platform-agnostic (Universal and Kubernetes-native) ● No SMI Compliance
  65. 65. @antweiss Kuma (Kong Mesh) ● Universal Service Mesh ● Sidecar-proxy: Envoy ● Platform-agnostic (Universal and Kubernetes-native) ● No SMI Compliance ● Kong Integration for Ingress
  66. 66. @antweiss Kuma (Kong Mesh) ● Universal Service Mesh ● Sidecar-proxy: Envoy ● Platform-agnostic (Universal and Kubernetes-native) ● No SMI Compliance ● Kong Integration for Ingress ● For Enterprise (?)
  67. 67. @antweiss NSM - Network Service Mesh ● L2/3
  68. 68. @antweiss NSM - Network Service Mesh ● L2/3 ● Hybrid and Multi-Cloud Scenarios
  69. 69. @antweiss NSM - Network Service Mesh ● L2/3 ● Hybrid and Multi-Cloud Scenarios ● Connecting Containers in Different Clusters
  70. 70. @antweiss NSM - Network Service Mesh ● L2/3 ● Hybrid and Multi-Cloud Scenarios ● Connecting Containers in Different Clusters ● Support for Exotic Protocols
  71. 71. @antweiss NSM - Network Service Mesh ● L2/3 ● Hybrid and Multi-Cloud Scenarios ● Connecting Containers in Different Clusters ● Support for Exotic Protocols ● Tunnels as First-Class Citizens
  72. 72. @antweiss NSM - Network Service Mesh ● L2/3 ● Hybrid and Multi-Cloud Scenarios ● Connecting Containers in Different Clusters ● Support for Exotic Protocols ● Tunnels as First-Class Citizens ● Dynamic Network Interface Allocation
  73. 73. @antweiss NSM - Network Service Mesh ● L2/3 ● Hybrid and Multi-Cloud Scenarios ● Connecting Containers in Different Clusters ● Support for Exotic Protocols ● Tunnels as First-Class Citizens ● Dynamic Network Interface Allocation ● NFV Platform for Cloud Native
  74. 74. @antweiss EcoSystem!
  75. 75. @antweiss EcoSystem! ● Landscape ● Playground ● Performance Benchmarks https://layer5.io/ https://meshery.io/
  76. 76. @antweiss EcoSystem! https://github.com/istio-ecosystem dns-discovery
  77. 77. @antweiss BenchMarks - Kinvolk’s service mesh benchmark suite : https://github.com/kinvolk/service-mesh-benchmark Istio vs. Linkerd 2.0 : https://kinvolk.io/blog/2019/05/performance-benchmark-analysis- of-istio-and-linkerd/ - Layer5 Service Mesh Performance Benchmark Spec : https://github.com/layer5io/service-mesh-benchmark-spec
  78. 78. @antweiss BenchMarks
  79. 79. @antweiss Otomators https://github.com/otomato-gh/birdwatch-otomator https://github.com/weaveworks/flagger https://github.com/solo-io/glooshot
  80. 80. @antweiss For ServerLess Istio PLONK! linkerd
  81. 81. @antweiss Get Into The Mesh ● Start With Ingress ● Initial: Bypass + Telemetry ● Bring on Chaos (GlooShot) ● Single Namespace ● Think of : authz, authn, CA, change control, troubleshooting, upgrade path ● One Cluster ● The Whole World is One Big Mesh
  82. 82. @antweiss Thank You! @antweiss @otomato_sw https://otomato.link https://devopstrain.pro

×