WTF Do We Need a Service Mesh? By Anton Weiss.

WTF Do We Need a Service Mesh? By Anton Weiss.
@antweiss WTF Do We Need A Service Mesh? Ant Weiss, Otomato Software
@antweiss whoami: Anton (Ant) Weiss @antweiss Otomato Software Delivery http://otomato.link
@antweiss A Long Long Time Ago... https://linkerd.io/2016/02/18/linkerd-twitter-style-operability-for-microservices/
@antweiss A Long Long Time Ago...
@antweiss A Long Long Time Ago...
@antweiss Today: ● Istio 1.3 (managed service on GKE)
@antweiss Today: ● Istio 1.3 (managed service on GKE) ● Linkerd 2.0 (instead of Conduit)
@antweiss Today: ● Istio 1.3 (managed service on GKE) ● Linkerd 2.0 (instead of Conduit) ● Consul Connect + Envoy sidecar-proxy
@antweiss Today: ● Istio 1.3 (managed service on GKE) ● Linkerd 2.0 (instead of Conduit) ● Consul Connect + Envoy sidecar-proxy ● Maesh (from Containous)
@antweiss Today: ● Istio 1.3 (managed service on GKE) ● Linkerd 2.0 (instead of Conduit) ● Consul Connect + Envoy sidecar-proxy ● Maesh (from Containous) ● Kuma (from Kong)
@antweiss Today: ● Istio 1.3 (managed service on GKE) ● Linkerd 2.0 (instead of Conduit) ● Consul Connect + Envoy sidecar-proxy ● Maesh (from Containous) ● Kuma (from Kong) ● NSM
@antweiss Today: ● AWS App Mesh ● Aspen Mesh ● Octarine ● Grey Matter ● A10 Secure Service Mesh ● VMWare NSX ● Glasnostic
@antweiss Questions:
@antweiss Questions: ● What’s a Service Mesh?
@antweiss Questions: ● What’s a Service Mesh? ● WTF Do We Need a Service Mesh?
@antweiss Questions: ● What’s a Service Mesh? ● WTF Do We Need a Service Mesh? ● Which Mesh To Choose?
@antweiss Questions: ● What’s a Service Mesh? ● WTF Do We Need a Service Mesh? ● Which Mesh To Choose? ● What Will It Cost Us?
@antweiss WHAT?
@antweiss MEsh vs Gateway
@antweiss SMI - the Service Mesh Interface Total CRD-ization for Service Meshes
@antweiss SMI - the Service Mesh Interface Traffic Spec - what does the traffic look like? apiVersion: specs.smi-spec.io/v1alpha1 kind: HTTPRouteGroup metadata: name: the-routes matches: - name: metrics pathRegex: "/metrics" methods: - GET - name: health pathRegex: "/healthz" methods: ["*"]
@antweiss SMI - the Service Mesh Interface Traffic Access Control - Who can and who should talk to whom? kind: TrafficTarget apiVersion: access.smi-spec.io/v1alpha1 metadata: name: path-specific destination: kind: ServiceAccount name: service-a port: 8080 specs: - kind: HTTPRouteGroup name: the-routes matches: - metrics sources: - kind: ServiceAccount name: prometheus namespace: default
@antweiss SMI - the Service Mesh Interface Traffic Split - Divide and Conquer! apiVersion: split.smi-spec.io/v1alpha1 kind: TrafficSplit metadata: name: my-app-split spec: # The root service that clients request service: my-app # Services inside the namespace with their own selectors,etc backends: - service: my-app-v1 weight: 50 - service: my-app-v2 weight: 50
@antweiss SMI - the Service Mesh Interface Traffic Metrics - Let’s Measure Stuff apiVersion: metrics.smi-spec.io/v1alpha1 kind: TrafficMetrics resource: name: foo-775b9cbd88-ntxsl namespace: foobar kind: Pod edge: direction: to resource: name: baz-577db7d977-lsk2q namespace: foobar kind: Pod
@antweiss SMI - the Service Mesh Interface apiVersion: metrics.smi-spec.io/v1alpha1 kind: TrafficMetrics resource: name: foo-775b9cbd88-ntxsl namespace: foobar kind: Pod edge: direction: from resource: name: baz-577db7d977-lsk2q namespace: foobar kind: Pod Traffic Metrics - Let’s Measure Stuff
@antweiss SMI - the Service Mesh Interface kind: TrafficMetrics spec: … timestamp: 2019-04-08T22:25:55Z window: 30s metrics: - name: p99_response_latency unit: seconds value: 10m - name: p90_response_latency unit: seconds value: 10m - name: p50_response_latency unit: seconds value: 10m - name: success_count value: 100 - name: failure_count value: 100 Traffic Metrics - Let’s Measure Stuff
@antweiss WTF? Manageability
@antweiss WTF? Manageability Observability
@antweiss WTF? Manageability Observability Reliability
@antweiss WTF? Manageability Observability Reliability Security
@antweiss WTF? Manageability Observability Reliability Security Progressive Delivery
What Mesh to Choose?
@antweiss ● The Reference Implementation Istio
@antweiss ● The Reference Implementation ● Hybrid Configs and Topologies (?) Istio
@antweiss ● The Reference Implementation ● Hybrid Configs and Topologies (?) ● Sidecar-proxy: Envoy Istio
@antweiss ● The Reference Implementation ● Hybrid Configs and Topologies (?) ● Sidecar-proxy: Envoy ● Performance Issues Istio
@antweiss ● The Reference Implementation ● Hybrid Configs and Topologies (?) ● Sidecar-proxy: Envoy ● Performance Issues ● Complexity ( going down - 20 CRDs in version 1.3.1) Istio
@antweiss ● The Reference Implementation ● Hybrid Configs and Topologies (?) ● Sidecar-proxy: Envoy ● Performance Issues ● Complexity ( going down - 20 CRDs in version 1.3.1) ● Modularity Istio
@antweiss ● The Reference Implementation ● Hybrid Configs and Topologies (?) ● Sidecar-proxy: Envoy ● Performance Issues ● Complexity ( going down - 20 CRDs in version 1.3.1) ● Modularity ● OpenTracing Support (with adapter) Istio
@antweiss ● The Reference Implementation ● Hybrid Configs and Topologies (?) ● Sidecar-proxy: Envoy ● Performance Issues ● Complexity ( going down - 20 CRDs in version 1.3.1) ● Modularity ● OpenTracing Support (with adapter) ● Prometheus Integration (with adapter) Istio
@antweiss LinkerD 2.0 ● From the Service Mesh Pioneers
@antweiss LinkerD 2.0 ● From the Service Mesh Pioneers ● Kubernetes Only
@antweiss LinkerD 2.0 ● From the Service Mesh Pioneers ● Kubernetes Only ● Sidecar-proxy: Linkerd (Rust)
@antweiss LinkerD 2.0 ● From the Service Mesh Pioneers ● Kubernetes Only ● Sidecar-proxy: Linkerd (Rust) ● Minimum Config
@antweiss LinkerD 2.0 ● From the Service Mesh Pioneers ● Kubernetes Only ● Sidecar-proxy: Linkerd (Rust) ● Minimum Config ● Telemetry Built-in
@antweiss LinkerD 2.0 ● From the Service Mesh Pioneers ● Kubernetes Only ● Sidecar-proxy: Linkerd (Rust) ● Minimum Config ● Telemetry Built-in ● High Performance
@antweiss LinkerD 2.0 ● From the Service Mesh Pioneers ● Kubernetes Only ● Sidecar-proxy: Linkerd (Rust) ● Minimum Config ● Telemetry Built-in ● High Performance ● Simplicity
@antweiss ● Battle-tested Tooling Consul Connect
@antweiss ● Battle-tested Tooling ● Heterogeneous Environments Consul Connect
@antweiss ● Battle-tested Tooling ● Heterogeneous Environments ● Sidecar-proxy: Envoy Consul Connect
@antweiss ● Battle-tested Tooling ● Heterogeneous Environments ● Sidecar-proxy: Envoy ● Consul Agent on every Node Consul Connect
@antweiss ● Battle-tested Tooling ● Heterogeneous Environments ● Sidecar-proxy: Envoy ● Consul Agent on every Node ● HCL/json/UI instead of YAML Consul Connect
@antweiss ● Battle-tested Tooling ● Heterogeneous Environments ● Sidecar-proxy: Envoy ● Consul Agent on every Node ● HCL/json/UI instead of YAML ● Telemetry - directly from proxies Consul Connect
@antweiss ● Battle-tested Tooling ● Heterogeneous Environments ● Sidecar-proxy: Envoy ● Consul Agent on every Node ● HCL/json/UI instead of YAML ● Telemetry - directly from proxies ● SMI - Traffic Access only Consul Connect
@antweiss Maesh ● Kubernetes Only
@antweiss Maesh ● Kubernetes Only ● Proxy: Traefik
@antweiss Maesh ● Kubernetes Only ● Proxy: Traefik ● Look Ma, No Sidecars!
@antweiss Maesh ● Kubernetes Only ● Proxy: Traefik ● Look Ma, No Sidecars! ● SMI compliant (implements Spec, Acces, Split)
@antweiss Maesh ● Kubernetes Only ● Proxy: Traefik ● Look Ma, No Sidecars! ● SMI compliant (implements Spec, Acces, Split) ● Config: by annotations on K8S objects
@antweiss Maesh ● Kubernetes Only ● Proxy: Traefik ● Look Ma, No Sidecars! ● SMI compliant (implements Spec, Acces, Split) ● Config: by annotations on K8S objects ● Access to services through <service>.<namespace>.maesh
@antweiss Kuma (Kong Mesh) ● Universal Service Mesh
@antweiss Kuma (Kong Mesh) ● Universal Service Mesh ● Sidecar-proxy: Envoy
@antweiss Kuma (Kong Mesh) ● Universal Service Mesh ● Sidecar-proxy: Envoy ● Platform-agnostic (Universal and Kubernetes-native)
@antweiss Kuma (Kong Mesh) ● Universal Service Mesh ● Sidecar-proxy: Envoy ● Platform-agnostic (Universal and Kubernetes-native) ● No SMI Compliance
@antweiss Kuma (Kong Mesh) ● Universal Service Mesh ● Sidecar-proxy: Envoy ● Platform-agnostic (Universal and Kubernetes-native) ● No SMI Compliance ● Kong Integration for Ingress
@antweiss Kuma (Kong Mesh) ● Universal Service Mesh ● Sidecar-proxy: Envoy ● Platform-agnostic (Universal and Kubernetes-native) ● No SMI Compliance ● Kong Integration for Ingress ● For Enterprise (?)
@antweiss NSM - Network Service Mesh ● L2/3
@antweiss NSM - Network Service Mesh ● L2/3 ● Hybrid and Multi-Cloud Scenarios
@antweiss NSM - Network Service Mesh ● L2/3 ● Hybrid and Multi-Cloud Scenarios ● Connecting Containers in Different Clusters
@antweiss NSM - Network Service Mesh ● L2/3 ● Hybrid and Multi-Cloud Scenarios ● Connecting Containers in Different Clusters ● Support for Exotic Protocols
@antweiss NSM - Network Service Mesh ● L2/3 ● Hybrid and Multi-Cloud Scenarios ● Connecting Containers in Different Clusters ● Support for Exotic Protocols ● Tunnels as First-Class Citizens
@antweiss NSM - Network Service Mesh ● L2/3 ● Hybrid and Multi-Cloud Scenarios ● Connecting Containers in Different Clusters ● Support for Exotic Protocols ● Tunnels as First-Class Citizens ● Dynamic Network Interface Allocation
@antweiss NSM - Network Service Mesh ● L2/3 ● Hybrid and Multi-Cloud Scenarios ● Connecting Containers in Different Clusters ● Support for Exotic Protocols ● Tunnels as First-Class Citizens ● Dynamic Network Interface Allocation ● NFV Platform for Cloud Native
@antweiss EcoSystem!
@antweiss EcoSystem! ● Landscape ● Playground ● Performance Benchmarks https://layer5.io/ https://meshery.io/
@antweiss EcoSystem! https://github.com/istio-ecosystem dns-discovery
@antweiss BenchMarks - Kinvolk’s service mesh benchmark suite : https://github.com/kinvolk/service-mesh-benchmark Istio vs. Linkerd 2.0 : https://kinvolk.io/blog/2019/05/performance-benchmark-analysis- of-istio-and-linkerd/ - Layer5 Service Mesh Performance Benchmark Spec : https://github.com/layer5io/service-mesh-benchmark-spec
@antweiss BenchMarks
@antweiss Otomators https://github.com/otomato-gh/birdwatch-otomator https://github.com/weaveworks/flagger https://github.com/solo-io/glooshot
@antweiss For ServerLess Istio PLONK! linkerd
@antweiss Get Into The Mesh ● Start With Ingress ● Initial: Bypass + Telemetry ● Bring on Chaos (GlooShot) ● Single Namespace ● Think of : authz, authn, CA, change control, troubleshooting, upgrade path ● One Cluster ● The Whole World is One Big Mesh
@antweiss Thank You! @antweiss @otomato_sw https://otomato.link https://devopstrain.pro

WTF Do We Need a Service Mesh? By Anton Weiss.

Check these out next

WTF Do We Need a Service Mesh? By Anton Weiss.

Recommended

More Related Content

Slideshows for you(20)

Similar to WTF Do We Need a Service Mesh? By Anton Weiss.(20)

More from Cloud Native Day Tel Aviv(20)

Recently uploaded(20)

WTF Do We Need a Service Mesh? By Anton Weiss.