SlideShare a Scribd company logo

Kuma + Kong

A
AvinashUpadhyaya3

Slides from the talk on Introduction to Kuma Service Mesh by Pavan Keshavamurthy at Kong Bengaluru meetup

Technology
1 of 16
Download to read offline
Kuma Workshop Presented at Kong Meetup – 23 Feb 2023 @ Microsoft Reactor, Bangalore
Agenda ➔ Theory ◆ Service mesh 101 for dummies ◆ The state of the service mesh landscape ◆ Deep Dive on Kuma ➔ Demo & Interactive workshop ◆ Installation (including auto sidecar injection) ◆ Zero trust security with mTLS ◆ Routing, Canary deployments, Circuit Breaking, Load Shedding ◆ Traffic Shadowing ◆ Observability / Opentracing
Speaker Info ● Platform engineer @ platformatory.io ● Kong Champion ● Occasional open source contributor to Cloud Native projects (k8s, ArgoCD, Tekton, Litmus, etc) ● Local meetup organizer for Kong, Grafana and Docker ● Cofounder @ platformatory.io ● OSS contribs → Envoy, Apache Kafka, Kong (amongst others) ● Distributed systems, Himalayas, Music ● https://in.linkedin.com/in/pavankmurthy ● https://grahana.net | https://twitter.com/p6
Microservices: A web of complex, distributed, network & people-bound problems - Polyglot services, you-build-it, you-run-it operating model - Autonomous (silo’d?) Teams, Reduced centralized control, capital G- governance - A new form of dependency hell: APIs, Service versions - Proliferation of endpoints with new data formats and interface standards (and therefore not just endpoint but holistic security) - Troubleshooting & debugging is now an expansive problem cutting across service boundaries - Deployments in a new emerging breed of hybrid infrastructure across public cloud, edge, on-premise
The evolution of microservices journey: At first, there were only SOA Monoliths SOA legacy On-pre mise VM Security Mediation Traffic Management Observability
…and then came some microservices & containers legacy Team Boundary Team Boundary On-pre mise VM Public Cloud K8S Private/ Edge K8S Security Mediation Traffic Management Observability Security Mediation Traffic Management Observability Security Mediation Traffic Management Observability
“Enter”Prise API Management legacy {External API Gateway| Enterprise API Management} Team Boundary Team Boundary Security Mediation Traffic Management Observability On-pre mise VM Public Cloud K8S Private/ Edge K8S
–with-microgateways legacy {External API Gateway| Enterprise API Management} Team Boundary Team Boundary Security Mediation Traffic Management Observability On-pre mise VM Public Cloud K8S Private/ Edge K8S Microgateway Microgateway
And finally the world of service meshes legacy {External API Gateway} Team Boundary Team Boundary Security Mediation Traffic Management Observability On-pre mise VM Public Cloud K8S Private/ Edge K8S {Unified, Global Control Plane} Mesh Gateway Mesh Gateway
- Born @ Lyft - Written in C++ - High performance L4-L7 Interception - A ton of capabilities - HTTP/2, gRPC - Service Discovery - Zone-aware load Balancing - Observability - ..and much more - Extendable, Programmable - Ideal for light-weight out of process (typically sidecar container) to handle all network concerns What made it all possible: The de-facto data plane
The Service Mesh Landscape (of mostly Envoy based service meshes)
Emerging standardization: Vendor neutrality and ecosystem interfaces to service mesh
● From Kong ○ Donated to CNCF ● SimplifiedMulti-mode support ○ Multi-zone ○ standalone ● Truly Universal ○ First class support for both K8s & VMs ● Adjacent to Kong ○ Blazing fast API-gw (useful for delegated gateway mode support / ingress) ● A beautiful API with abstractions and granular, attribute based selection ○ Mesh ○ TrafficPermission ○ TrafficRoute ○ TrafficTrace ○ TrafficLog ○ FaultInjection ○ HealthCheck ○ CircuitBreaker ○ ProxyTemplate ○ ExternalService ○ Retry ○ TimeOut ○ RateLImit ○ VirtualOutbound An overview of Kuma ● MeshGateway ● MeshGatewayRoute ● MeshCircuitBreaker ● MeshFaultInjection ● MeshAccessLog ● MeshHealthCheck ● MeshHttpRoute ● MeshProxyPatch ● MeshRateLimit ● MeshRetry ● MeshTimeOut ● MeshTrace ● MeshTrafficPermission
A simplified global deployment architecture: abstracting zone, control plane, network (and tenancy models thereof)
- Bounded context & tenant resources - Mesh per domain / BC for E-W - Gateway per domain - While exerting centralized governance - API Catalog - And shared services - Monitoring, observability for SRE / Platform Teams - Scale to enterprise requirements Opportunities in modern architecture
<<DEMO>> 1. Zero trust security with mutual TLS 2. Observability: OpenTracing (Zipkin) with Kuma, Jaeger; 3. Traffic Routing: Canary deployments (with weighted traffic configurations) 4. Traffic Mirroring: Send shadow traffic to services

Recommended

CNCF Singapore - Introduction to Envoy
CNCF Singapore - Introduction to EnvoyCNCF Singapore - Introduction to Envoy
CNCF Singapore - Introduction to Envoy
Harish
 
Osnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxOsnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptx
M.Qasim Arham
 
Gateway Design with Eclipse Kura - Taking Kura to heights
Gateway Design with Eclipse Kura - Taking Kura to heightsGateway Design with Eclipse Kura - Taking Kura to heights
Gateway Design with Eclipse Kura - Taking Kura to heights
Rajesh Sola
 
linkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service Meshlinkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service Mesh
Dario Simonetti
 
Service Meshes with Istio
Service Meshes with IstioService Meshes with Istio
Service Meshes with Istio
RandyGupta
 
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
Ambassador Labs
 
Introducing Moonbeam: A Smart Contract Parachain with Ethereum Compatibility
Introducing Moonbeam: A Smart Contract Parachain with Ethereum CompatibilityIntroducing Moonbeam: A Smart Contract Parachain with Ethereum Compatibility
Introducing Moonbeam: A Smart Contract Parachain with Ethereum Compatibility
PureStake
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
Michelle Holley
 

Recommended

CNCF Singapore - Introduction to Envoy
CNCF Singapore - Introduction to EnvoyCNCF Singapore - Introduction to Envoy
CNCF Singapore - Introduction to Envoy
Harish
 
Osnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxOsnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptx
M.Qasim Arham
 
Gateway Design with Eclipse Kura - Taking Kura to heights
Gateway Design with Eclipse Kura - Taking Kura to heightsGateway Design with Eclipse Kura - Taking Kura to heights
Gateway Design with Eclipse Kura - Taking Kura to heights
Rajesh Sola
 
linkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service Meshlinkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service Mesh
Dario Simonetti
 
Service Meshes with Istio
Service Meshes with IstioService Meshes with Istio
Service Meshes with Istio
RandyGupta
 
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
Ambassador Labs
 
Introducing Moonbeam: A Smart Contract Parachain with Ethereum Compatibility
Introducing Moonbeam: A Smart Contract Parachain with Ethereum CompatibilityIntroducing Moonbeam: A Smart Contract Parachain with Ethereum Compatibility
Introducing Moonbeam: A Smart Contract Parachain with Ethereum Compatibility
PureStake
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
Michelle Holley
 
Xpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyXpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case Study
Denys Vasyliev
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M users
Mirantis
 
Edge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesEdge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different Pieces
Cloudify Community
 
Zou Layered VO PDCAT2008 V0.5 Concise
Zou Layered VO PDCAT2008 V0.5 ConciseZou Layered VO PDCAT2008 V0.5 Concise
Zou Layered VO PDCAT2008 V0.5 Concise
yongqiangzou
 
5G-USA-Telemetry
5G-USA-Telemetry5G-USA-Telemetry
5G-USA-Telemetry
snrism
 
Queue Type on Mikrotik
Queue Type on MikrotikQueue Type on Mikrotik
Queue Type on Mikrotik
GLC Networks
 
Kong Workshop.pdf
Kong Workshop.pdfKong Workshop.pdf
Kong Workshop.pdf
AvinashUpadhyaya3
 
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computingPulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
Timothy Spann
 
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthUSENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
Nicolas Brousse
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for Microservices
NGINX, Inc.
 
KrakenD API Gateway
KrakenD API GatewayKrakenD API Gateway
KrakenD API Gateway
Albert Lombarte
 
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
APNIC
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
Bangladesh Network Operators Group
 
Why sdn
Why sdnWhy sdn
Why sdn
lz1dsb
 
Docker microservices and the service mesh
Docker microservices and the service meshDocker microservices and the service mesh
Docker microservices and the service mesh
Docker, Inc.
 
Migrate to Microservices Judiciously!
Migrate to Microservices Judiciously!Migrate to Microservices Judiciously!
Migrate to Microservices Judiciously!
pflueras
 
IOT and System Platform From Concepts to Code
IOT and System Platform From Concepts to CodeIOT and System Platform From Concepts to Code
IOT and System Platform From Concepts to Code
Andy Robinson
 
OpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayOpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech day
Arthur Berezin
 
PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services. PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services.
yeung2000
 
Distributed Clouds and Software Defined Networking
Distributed Clouds and Software Defined NetworkingDistributed Clouds and Software Defined Networking
Distributed Clouds and Software Defined Networking
US-Ignite
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 

More Related Content

Similar to Kuma + Kong

Xpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyXpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case Study
Denys Vasyliev
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M users
Mirantis
 
Edge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesEdge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different Pieces
Cloudify Community
 
Zou Layered VO PDCAT2008 V0.5 Concise
Zou Layered VO PDCAT2008 V0.5 ConciseZou Layered VO PDCAT2008 V0.5 Concise
Zou Layered VO PDCAT2008 V0.5 Concise
yongqiangzou
 
5G-USA-Telemetry
5G-USA-Telemetry5G-USA-Telemetry
5G-USA-Telemetry
snrism
 
Queue Type on Mikrotik
Queue Type on MikrotikQueue Type on Mikrotik
Queue Type on Mikrotik
GLC Networks
 
Kong Workshop.pdf
Kong Workshop.pdfKong Workshop.pdf
Kong Workshop.pdf
AvinashUpadhyaya3
 
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computingPulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
Timothy Spann
 
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthUSENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
Nicolas Brousse
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for Microservices
NGINX, Inc.
 
KrakenD API Gateway
KrakenD API GatewayKrakenD API Gateway
KrakenD API Gateway
Albert Lombarte
 
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
APNIC
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
Bangladesh Network Operators Group
 
Why sdn
Why sdnWhy sdn
Why sdn
lz1dsb
 
Docker microservices and the service mesh
Docker microservices and the service meshDocker microservices and the service mesh
Docker microservices and the service mesh
Docker, Inc.
 
Migrate to Microservices Judiciously!
Migrate to Microservices Judiciously!Migrate to Microservices Judiciously!
Migrate to Microservices Judiciously!
pflueras
 
IOT and System Platform From Concepts to Code
IOT and System Platform From Concepts to CodeIOT and System Platform From Concepts to Code
IOT and System Platform From Concepts to Code
Andy Robinson
 
OpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayOpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech day
Arthur Berezin
 
PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services. PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services.
yeung2000
 
Distributed Clouds and Software Defined Networking
Distributed Clouds and Software Defined NetworkingDistributed Clouds and Software Defined Networking
Distributed Clouds and Software Defined Networking
US-Ignite
 

Similar to Kuma + Kong (20)

Xpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyXpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case Study
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M usersUsing Kubernetes to make cellular data plans cheaper for 50M users
Using Kubernetes to make cellular data plans cheaper for 50M users
 
Edge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different PiecesEdge Computing: A Unified Infrastructure for all the Different Pieces
Edge Computing: A Unified Infrastructure for all the Different Pieces
 
Zou Layered VO PDCAT2008 V0.5 Concise
Zou Layered VO PDCAT2008 V0.5 ConciseZou Layered VO PDCAT2008 V0.5 Concise
Zou Layered VO PDCAT2008 V0.5 Concise
 
5G-USA-Telemetry
5G-USA-Telemetry5G-USA-Telemetry
5G-USA-Telemetry
 
Queue Type on Mikrotik
Queue Type on MikrotikQueue Type on Mikrotik
Queue Type on Mikrotik
 
Kong Workshop.pdf
Kong Workshop.pdfKong Workshop.pdf
Kong Workshop.pdf
 
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computingPulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
 
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthUSENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for Microservices
 
KrakenD API Gateway
KrakenD API GatewayKrakenD API Gateway
KrakenD API Gateway
 
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
Why sdn
Why sdnWhy sdn
Why sdn
 
Docker microservices and the service mesh
Docker microservices and the service meshDocker microservices and the service mesh
Docker microservices and the service mesh
 
Migrate to Microservices Judiciously!
Migrate to Microservices Judiciously!Migrate to Microservices Judiciously!
Migrate to Microservices Judiciously!
 
IOT and System Platform From Concepts to Code
IOT and System Platform From Concepts to CodeIOT and System Platform From Concepts to Code
IOT and System Platform From Concepts to Code
 
OpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayOpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech day
 
PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services. PacketCloud: an Open Platform for Elastic In-network Services.
PacketCloud: an Open Platform for Elastic In-network Services.
 
Distributed Clouds and Software Defined Networking
Distributed Clouds and Software Defined NetworkingDistributed Clouds and Software Defined Networking
Distributed Clouds and Software Defined Networking
 

Recently uploaded

Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 

Recently uploaded (20)

Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 

Kuma + Kong

  • 1. Kuma Workshop Presented at Kong Meetup – 23 Feb 2023 @ Microsoft Reactor, Bangalore
  • 2. Agenda ➔ Theory ◆ Service mesh 101 for dummies ◆ The state of the service mesh landscape ◆ Deep Dive on Kuma ➔ Demo & Interactive workshop ◆ Installation (including auto sidecar injection) ◆ Zero trust security with mTLS ◆ Routing, Canary deployments, Circuit Breaking, Load Shedding ◆ Traffic Shadowing ◆ Observability / Opentracing
  • 3. Speaker Info ● Platform engineer @ platformatory.io ● Kong Champion ● Occasional open source contributor to Cloud Native projects (k8s, ArgoCD, Tekton, Litmus, etc) ● Local meetup organizer for Kong, Grafana and Docker ● Cofounder @ platformatory.io ● OSS contribs → Envoy, Apache Kafka, Kong (amongst others) ● Distributed systems, Himalayas, Music ● https://in.linkedin.com/in/pavankmurthy ● https://grahana.net | https://twitter.com/p6
  • 4. Microservices: A web of complex, distributed, network & people-bound problems - Polyglot services, you-build-it, you-run-it operating model - Autonomous (silo’d?) Teams, Reduced centralized control, capital G- governance - A new form of dependency hell: APIs, Service versions - Proliferation of endpoints with new data formats and interface standards (and therefore not just endpoint but holistic security) - Troubleshooting & debugging is now an expansive problem cutting across service boundaries - Deployments in a new emerging breed of hybrid infrastructure across public cloud, edge, on-premise
  • 5. The evolution of microservices journey: At first, there were only SOA Monoliths SOA legacy On-pre mise VM Security Mediation Traffic Management Observability
  • 6. …and then came some microservices & containers legacy Team Boundary Team Boundary On-pre mise VM Public Cloud K8S Private/ Edge K8S Security Mediation Traffic Management Observability Security Mediation Traffic Management Observability Security Mediation Traffic Management Observability
  • 7. “Enter”Prise API Management legacy {External API Gateway| Enterprise API Management} Team Boundary Team Boundary Security Mediation Traffic Management Observability On-pre mise VM Public Cloud K8S Private/ Edge K8S
  • 8. –with-microgateways legacy {External API Gateway| Enterprise API Management} Team Boundary Team Boundary Security Mediation Traffic Management Observability On-pre mise VM Public Cloud K8S Private/ Edge K8S Microgateway Microgateway
  • 9. And finally the world of service meshes legacy {External API Gateway} Team Boundary Team Boundary Security Mediation Traffic Management Observability On-pre mise VM Public Cloud K8S Private/ Edge K8S {Unified, Global Control Plane} Mesh Gateway Mesh Gateway
  • 10. - Born @ Lyft - Written in C++ - High performance L4-L7 Interception - A ton of capabilities - HTTP/2, gRPC - Service Discovery - Zone-aware load Balancing - Observability - ..and much more - Extendable, Programmable - Ideal for light-weight out of process (typically sidecar container) to handle all network concerns What made it all possible: The de-facto data plane
  • 11. The Service Mesh Landscape (of mostly Envoy based service meshes)
  • 12. Emerging standardization: Vendor neutrality and ecosystem interfaces to service mesh
  • 13. ● From Kong ○ Donated to CNCF ● SimplifiedMulti-mode support ○ Multi-zone ○ standalone ● Truly Universal ○ First class support for both K8s & VMs ● Adjacent to Kong ○ Blazing fast API-gw (useful for delegated gateway mode support / ingress) ● A beautiful API with abstractions and granular, attribute based selection ○ Mesh ○ TrafficPermission ○ TrafficRoute ○ TrafficTrace ○ TrafficLog ○ FaultInjection ○ HealthCheck ○ CircuitBreaker ○ ProxyTemplate ○ ExternalService ○ Retry ○ TimeOut ○ RateLImit ○ VirtualOutbound An overview of Kuma ● MeshGateway ● MeshGatewayRoute ● MeshCircuitBreaker ● MeshFaultInjection ● MeshAccessLog ● MeshHealthCheck ● MeshHttpRoute ● MeshProxyPatch ● MeshRateLimit ● MeshRetry ● MeshTimeOut ● MeshTrace ● MeshTrafficPermission
  • 14. A simplified global deployment architecture: abstracting zone, control plane, network (and tenancy models thereof)
  • 15. - Bounded context & tenant resources - Mesh per domain / BC for E-W - Gateway per domain - While exerting centralized governance - API Catalog - And shared services - Monitoring, observability for SRE / Platform Teams - Scale to enterprise requirements Opportunities in modern architecture
  • 16. <<DEMO>> 1. Zero trust security with mutual TLS 2. Observability: OpenTracing (Zipkin) with Kuma, Jaeger; 3. Traffic Routing: Canary deployments (with weighted traffic configurations) 4. Traffic Mirroring: Send shadow traffic to services