SlideShare a Scribd company logo
1 | Copyright © 2019
Service-mesh options with Linkerd,
Consul, Istio and AppMesh
Christian Posta
Global Field CTO, Solo.io
Craft Conf 2019
2 | Copyright © 2019
CHRISTIAN POSTA
• Field CTO @ solo.io
• Author of a few books
• Contributor to many open-source projects
• Architect, blogger, speaker, mentor, leader
https://bit.ly/istio-in-action
@christianposta
christian@solo.io
https://blog.christianposta.com
https://slideshare.net/ceposta
3 | Copyright © 2019
Flow of talk
• What’s the problem we’re addressing with a service mesh?
• What is a service mesh? Previous approaches / pros / cons
• Generic service-mesh architecture
• Explore service-mesh implementations
• Guidance for service-mesh adoption
4 | Copyright © 2019
Move fast, safely
https://puppet.com/resources/whitepaper/state-of-devops-report
5 | Copyright © 2019
Come on… how hard can it be!?
6 | Copyright © 2019
7 | Copyright © 2019
8 | Copyright © 2019
As we move to services architectures,
we push the complexity to the space
between our services.
9 | Copyright © 2019
Challenges in a cloudy world
• Service discovery
• Retries
• Timeouts
• Load balancing
• Rate limiting
• Thread bulk heading
• Circuit breaking
• Security
10 | Copyright © 2019
…Continued…
• Routing between services (adaptive, zone-aware)
• Deadlines
• Back pressure
• Outlier detection
• Health checking
• Traffic shaping
• Request shadowing
11 | Copyright © 2019
…Continued…
• Edge/DMZ routing
• Surgical / fine / per-request routing
• A/B rollout
• Internal releases / dark launches
• Fault injection
• Stats, metric, collection
• Logging
• Tracing
12 | Copyright © 2019
• Netflix Hystrix (circuit breaking / bulk heading)
• Netflix Zuul (edge router)
• Netflix Ribbon (client-side service discovery / load balance)
• Netflix Eureka (service discovery registry)
• Brave / Zipkin (tracing)
• Netflix spectator / atlas (metrics)
Microservices Patterns
13 | Copyright © 2019
But I’m using Spring!
• spring-cloud-netflix-hystrix
• spring-cloud-netflix-zuul
• spring-cloud-netflix-eureka-client
• spring-cloud-netflix-ribbon
• spring-cloud-netflix-atlas
• spring-cloud-netflix-spectator
• spring-cloud-netflix-hystrix-stream
• …..
• @Enable....150differentThings
14 | Copyright © 2019
But I’m using Vert.x!
• vertx-circuit-breaker
• vertx-service-discovery
• vertx-dropwizard-metrics
• vertx-zipkin?
• …..
• ......
15 | Copyright © 2019
Screw Java - I’m using NodeJS!
JavaScript is for rookies, I use Go!
But python is so pretty!
I prefer unreadability… Perl for me!
16 | Copyright © 2019
• Require specific language to bring in new services
• A single language doesn’t fit for all use cases
• How do you patch/upgrade/manage lifecycle?
• Need strict control over application library choices
Some drawbacks to this approach?
17 | Copyright © 2019
Let’s abstract this functionality and apply to all
services out of process
• Allow heterogeneous architectures
• Remove application-specific implementations of this
functionality
• Consistently enforce these properties
• Correctly enforce these properties
• Opt-in as well as safety nets
18 | Copyright © 201918 | Copyright © 2019
Foundation for a solution
19 | Copyright © 2019
Meet Envoy Proxy
http://envoyproxy.io
20 | Copyright © 2019
Envoy Proxy:
• written in C++, highly parallel, non-blocking
• L4 / L7 service proxy (HTTP1, HTTP2, gRPC, Kafka, Redis, Mongo, Dynamo, etc)
• zone aware, least request load balancing
• circuit breaking / outlier detection
• retries, retry policies
• timeout (including budgets)
• traffic shadowing
• rate limiting
• access logging, statistics collection
• dynamic configuration through standard interfaces
21 | Copyright © 2019
22 | Copyright © 2019
23 | Copyright © 2019
Deployed as a service proxy:
24 | Copyright © 2019
A service mesh is decentralized application-
networking infrastructure between your services
that provides resiliency, security, observability,
and routing control.
25 | Copyright © 201925 | Copyright © 2019
Service-mesh architecture
26 | Copyright © 2019
27 | Copyright © 2019
28 | Copyright © 2019
29 | Copyright © 2019
Service mesh technologies typically provide:
• Service discovery / Load balancing
• Secure service-to-service communication
• Traffic control / shaping / shifting
• Policy / Intention based access control
• Traffic metric collection
• Service resilience
• API / programmable interface
30 | Copyright © 201930 | Copyright © 2019
Exploring service-mesh implementations
31 | Copyright © 2019
Meet Linkerd
http://linkerd.io
32 | Copyright © 2019
Linkerd2
• Backed by Buoyant / CNCF
• Kubernetes specific
• Control plane (go) / custom data plane (rust)
• Latest release 2.3
• Strong focus on observing top-level network metrics
• Resilience, timeouts, retry budgets
• Always-on mTLS
33 | Copyright © 2019
34 | Copyright © 2019
Linkerd2
• Purpose built, Kubernetes only
• Uses CRD for configurations
• High performance characteristics
• Great user/getting-started experience
• Open, welcoming community
• Observability, basic resilience
• Secure by default
• Deployed transparently to app
Strengths
• Limited feature set (at the moment…
more to come)
• Missing traffic routing, policy
enforcement, circuit breakers
• Kubernetes-only
• Relatively new, evolving networking
stack
• Multi-cluster support
Opportunities
35 | Copyright © 2019
Meet Consul Connect
http://consul.io
36 | Copyright © 2019
Consul Connect
• Backed by HashiCorp
• Control plane (consul server) / data plane (proxies/app)
• Part of Consul 1.2 release, June 2018 (latest is 1.4)
• Strong focus on L4 Identity (SPIFFE)
• Easy to configure transport encryption (mTLS)
• Service segmentation, intention-based ACL policy
• Optional use of Envoy Proxy
• Native app integration for latency/performance sensitive apps
37 | Copyright © 2019
38 | Copyright © 2019
Consul Connect
• Built on Consul: stable, critical piece
of software
• Solves the identity management
challenges in dynamic applications
• Hybrid environment support
• Optional Envoy Proxy
• Multi-cluster/site foundations
• Vault support for certificate
management
Strengths
• Application config/code impact (not
transparent to app, cannot use k8s dns)
• No L7 (routing, matching, observability,
policy, traffic control)..yet
• Have to manage separate CP data
store
• does not use CRDs on k8s
• No distributed tracing
Opportunities
39 | Copyright © 2019
Meet Istio.io
http://istio.io
40 | Copyright © 2019
Istio
• Control plane / data plane (Envoy Proxy)
• 1.1 March 2019
• Collaboration between Google, IBM, Lyft, VMWare, Red Hat, et al.
• Based on Envoy proxy
• mTLS, policy based ACL, resilience, observability, traffic control
• Kubernetes native with other platform support
• Large community
41 | Copyright © 2019
42 | Copyright © 2019
Istio
• Large, vibrant community
• Backed by Google, et. al.
• Large feature set
• Based on Envoy
• Flexible deployment options
• Out of the box Ingress
• Multi-cluster support
Strengths
• Performance / overhead improvements
• Architecture improvements
• Focus on iterative adoption
• Continue improvement to
documentation
• Reduce magic
Opportunities
43 | Copyright © 2019
Meet AWS App Mesh
https://aws.amazon.com/app-mesh/
44 | Copyright © 2019
AWS App Mesh
• Backed by AWS
• Control plane (managed) / data plane (Envoy Proxy)
• Announced Nov 2018, GA March 2019
• Main functionality is around weighted traffic routing
• Supported across deployment platforms
• Continuing to add more features
45 | Copyright © 2019
46 | Copyright © 2019
AWS App Mesh
• Managed control plane
• Built on Envoy Proxy
• Supports multiple deployment
platforms (EC2, ECS, EKS,
Kubernetes)
• Focus on basic traffic shifting
• Ties in with rest of AWS infrastructure
• Free to use on AWS
Strengths
• AWS Only
• Very limited control-plane capabilities
• No visibility to control plane behavior
• No mTLS, Policy, enforcement fine-
grained traffic control
• Manually configure Envoy for metrics-
collection/CloudWatch integration
Opportunities
47 | Copyright © 201947 | Copyright © 2019
Comparisons
48 | Copyright © 2019
Anecdotal comparisons:
Benchmarking Istio and Linkerd CPU:
https://medium.com/@michael_87395/benchmarking-istio-linkerd-cpu-c36287e32781
Benchmarking Istio and Linkerd at Scale (follow up)
https://medium.com/@michael_87395/benchmarking-istio-linkerd-cpu-at-scale-5f2cfc97c7fa
49 | Copyright © 2019
Wrapping up - Ignore comparisons and anecdotes.
Focus on:
• Service mesh approach is the right approach, implementations still evolving
• Solve today’s pain with as little technology as you can
• Invest in the data plane (Envoy proxy)
• Ingress-first approach: API Gateways (like Gloo, built on Envoy) can give you service-
mesh-like capabilities with a fraction of the complexity and risk
• Iteratively adopt service-mesh capabilities (and commensurate deployment footprint)
• Abstract service-mesh implementation details, configuration, opinions
50 | Copyright © 2019
Easiest way to get started with service mesh is with…
https://supergloo.solo.io
51 | Copyright © 2019
https://supergloo.solo.io
52 | Copyright © 2019
Exploring service mesh implementations
“I used SuperGloo because it was super simple to get both services meshes
bootstrapped quickly, with almost no effort on my part. We’re not using SuperGloo
in production, but it was perfect for a task like this. It was literally two commands
per mesh. I used two clusters for isolation— one for Istio, and one for Linkerd.”
https://medium.com/@michael_87395/benchmarking-istio-linkerd-cpu-c36287e32781
53 | Copyright © 2019
Additional reading
• Istio the easy way
https://medium.com/solo-io/istio-the-easy-way-de66e6eba4a1
• Linkerd vs Istio
https://medium.com/solo-io/linkerd-or-istio-6fcd2aad6e42
• SuperGloo Open API and Service Mesh Orchestration
https://medium.com/solo-io/https-medium-com-solo-io-supergloo-ff2aae1fb96f
• Follow up: Benchmarking Istio and Linkerd at Scale
• https://medium.com/@michael_87395/benchmarking-istio-linkerd-cpu-at-scale-
5f2cfc97c7fa
• Linkerd April 2019 Community Meeting
https://buoyant.io/resources/april-2019-linkerd-community-meeting-recap/
• AWS AppMesh FAQ
https://aws.amazon.com/app-mesh/faqs/
• Consul Connect Intro
https://www.hashicorp.com/resources/consul-connect-announcement-mitchell-hashimoto
• Consul Connect Roadmap
https://www.hashicorp.com/blog/roadmap-preview-what-s-next-for-consul-service-mesh
54 | Copyright © 2019
CHRISTIAN POSTA
@christianposta
christian@solo.io
https://blog.christianposta.com
https://slideshare.net/ceposta
55 | Copyright © 201955 | Copyright © 2019
@soloio_inc

More Related Content

What's hot

Why kubernetes matters
Why kubernetes mattersWhy kubernetes matters
Why kubernetes matters
Platform9
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)
Weaveworks
 
Gain Better Observability with OpenTelemetry and InfluxDB
Gain Better Observability with OpenTelemetry and InfluxDB Gain Better Observability with OpenTelemetry and InfluxDB
Gain Better Observability with OpenTelemetry and InfluxDB
InfluxData
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)
Megan O'Keefe
 
Microservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsMicroservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native Apps
Araf Karsh Hamid
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 
Introduction to microservices
Introduction to microservicesIntroduction to microservices
Introduction to microservices
Paulo Gandra de Sousa
 
Introduction to helm
Introduction to helmIntroduction to helm
Introduction to helm
Jeeva Chelladhurai
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and Introduction
Stefan Schimanski
 
Building Stream Infrastructure across Multiple Data Centers with Apache Kafka
Building Stream Infrastructure across Multiple Data Centers with Apache KafkaBuilding Stream Infrastructure across Multiple Data Centers with Apache Kafka
Building Stream Infrastructure across Multiple Data Centers with Apache Kafka
Guozhang Wang
 
Grafana.pptx
Grafana.pptxGrafana.pptx
Grafana.pptx
Bhushan Rane
 
Using eBPF for High-Performance Networking in Cilium
Using eBPF for High-Performance Networking in CiliumUsing eBPF for High-Performance Networking in Cilium
Using eBPF for High-Performance Networking in Cilium
ScyllaDB
 
Container Performance Analysis
Container Performance AnalysisContainer Performance Analysis
Container Performance Analysis
Brendan Gregg
 
Grafana introduction
Grafana introductionGrafana introduction
Grafana introduction
Rico Chen
 
Quick introduction to Kubernetes
Quick introduction to KubernetesQuick introduction to Kubernetes
Quick introduction to Kubernetes
Eduardo Garcia Moyano
 
Intro to kubernetes
Intro to kubernetesIntro to kubernetes
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes Networking
Sreenivas Makam
 
Chill, Distill, No Overkill: Best Practices to Stress Test Kafka with Siva Ku...
Chill, Distill, No Overkill: Best Practices to Stress Test Kafka with Siva Ku...Chill, Distill, No Overkill: Best Practices to Stress Test Kafka with Siva Ku...
Chill, Distill, No Overkill: Best Practices to Stress Test Kafka with Siva Ku...
HostedbyConfluent
 
KEDA Overview
KEDA OverviewKEDA Overview
KEDA Overview
Jeff Hollan
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
Suresh Kumar
 

What's hot (20)

Why kubernetes matters
Why kubernetes mattersWhy kubernetes matters
Why kubernetes matters
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)
 
Gain Better Observability with OpenTelemetry and InfluxDB
Gain Better Observability with OpenTelemetry and InfluxDB Gain Better Observability with OpenTelemetry and InfluxDB
Gain Better Observability with OpenTelemetry and InfluxDB
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)
 
Microservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsMicroservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native Apps
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
Introduction to microservices
Introduction to microservicesIntroduction to microservices
Introduction to microservices
 
Introduction to helm
Introduction to helmIntroduction to helm
Introduction to helm
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and Introduction
 
Building Stream Infrastructure across Multiple Data Centers with Apache Kafka
Building Stream Infrastructure across Multiple Data Centers with Apache KafkaBuilding Stream Infrastructure across Multiple Data Centers with Apache Kafka
Building Stream Infrastructure across Multiple Data Centers with Apache Kafka
 
Grafana.pptx
Grafana.pptxGrafana.pptx
Grafana.pptx
 
Using eBPF for High-Performance Networking in Cilium
Using eBPF for High-Performance Networking in CiliumUsing eBPF for High-Performance Networking in Cilium
Using eBPF for High-Performance Networking in Cilium
 
Container Performance Analysis
Container Performance AnalysisContainer Performance Analysis
Container Performance Analysis
 
Grafana introduction
Grafana introductionGrafana introduction
Grafana introduction
 
Quick introduction to Kubernetes
Quick introduction to KubernetesQuick introduction to Kubernetes
Quick introduction to Kubernetes
 
Intro to kubernetes
Intro to kubernetesIntro to kubernetes
Intro to kubernetes
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes Networking
 
Chill, Distill, No Overkill: Best Practices to Stress Test Kafka with Siva Ku...
Chill, Distill, No Overkill: Best Practices to Stress Test Kafka with Siva Ku...Chill, Distill, No Overkill: Best Practices to Stress Test Kafka with Siva Ku...
Chill, Distill, No Overkill: Best Practices to Stress Test Kafka with Siva Ku...
 
KEDA Overview
KEDA OverviewKEDA Overview
KEDA Overview
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
 

Similar to Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh

Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Christian Posta
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
Christian Posta
 
The Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data PlaneThe Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data Plane
Christian Posta
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?
NGINX, Inc.
 
Extending The Power Of Anypoint Platform Using Anypoint Service Mesh
Extending The Power Of Anypoint Platform Using Anypoint Service MeshExtending The Power Of Anypoint Platform Using Anypoint Service Mesh
Extending The Power Of Anypoint Platform Using Anypoint Service Mesh
AaronLieberman5
 
Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)
Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)
Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)
VMware Tanzu
 
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipCloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
VMware Tanzu
 
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipCloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Matt Stine
 
SYN207: Newest and coolest NetScaler features you should be jazzed about
SYN207: Newest and coolest NetScaler features you should be jazzed aboutSYN207: Newest and coolest NetScaler features you should be jazzed about
SYN207: Newest and coolest NetScaler features you should be jazzed about
Citrix
 
Istio as an enabler for migrating to microservices (edition 2022)
Istio as an enabler for migrating to microservices (edition 2022)Istio as an enabler for migrating to microservices (edition 2022)
Istio as an enabler for migrating to microservices (edition 2022)
Ahmed Misbah
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptx
PINGXIONG3
 
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overviewEnabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
Cisco DevNet
 
Kubernetes And Istio and Azure AKS DevOps
Kubernetes And Istio and Azure AKS DevOpsKubernetes And Istio and Azure AKS DevOps
Kubernetes And Istio and Azure AKS DevOps
Ofir Makmal
 
Serverless: Market Overview and Investment Opportunities
Serverless: Market Overview and Investment OpportunitiesServerless: Market Overview and Investment Opportunities
Serverless: Market Overview and Investment Opportunities
Underscore VC
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
MyNOG
 
#dbhouseparty - Should I be building Microservices?
#dbhouseparty - Should I be building Microservices?#dbhouseparty - Should I be building Microservices?
#dbhouseparty - Should I be building Microservices?
Tammy Bednar
 
NUS-ISS Learning Day 2018- Designing software to make the most of cloud platf...
NUS-ISS Learning Day 2018- Designing software to make the most of cloud platf...NUS-ISS Learning Day 2018- Designing software to make the most of cloud platf...
NUS-ISS Learning Day 2018- Designing software to make the most of cloud platf...
NUS-ISS
 
Cloud Foundry Technical Overview at IBM Interconnect 2016
Cloud Foundry Technical Overview at IBM Interconnect 2016Cloud Foundry Technical Overview at IBM Interconnect 2016
Cloud Foundry Technical Overview at IBM Interconnect 2016
Stormy Peters
 
INTERFACE, by apidays - Challenges of exposing and connecting microservices
INTERFACE, by apidays - Challenges of exposing and connecting microservicesINTERFACE, by apidays - Challenges of exposing and connecting microservices
INTERFACE, by apidays - Challenges of exposing and connecting microservices
apidays
 
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
Kim Kao
 

Similar to Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh (20)

Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and LinkerdNavigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
 
The Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data PlaneThe Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data Plane
 
Do You Need A Service Mesh?
Do You Need A Service Mesh?Do You Need A Service Mesh?
Do You Need A Service Mesh?
 
Extending The Power Of Anypoint Platform Using Anypoint Service Mesh
Extending The Power Of Anypoint Platform Using Anypoint Service MeshExtending The Power Of Anypoint Platform Using Anypoint Service Mesh
Extending The Power Of Anypoint Platform Using Anypoint Service Mesh
 
Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)
Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)
Keynote: Architecting for Continuous Delivery (Pivotal Cloud Platform Roadshow)
 
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipCloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
 
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipCloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
 
SYN207: Newest and coolest NetScaler features you should be jazzed about
SYN207: Newest and coolest NetScaler features you should be jazzed aboutSYN207: Newest and coolest NetScaler features you should be jazzed about
SYN207: Newest and coolest NetScaler features you should be jazzed about
 
Istio as an enabler for migrating to microservices (edition 2022)
Istio as an enabler for migrating to microservices (edition 2022)Istio as an enabler for migrating to microservices (edition 2022)
Istio as an enabler for migrating to microservices (edition 2022)
 
Do I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptxDo I Need A Service Mesh.pptx
Do I Need A Service Mesh.pptx
 
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overviewEnabling Fast IT using Containers, Microservices and DAVROS models: an overview
Enabling Fast IT using Containers, Microservices and DAVROS models: an overview
 
Kubernetes And Istio and Azure AKS DevOps
Kubernetes And Istio and Azure AKS DevOpsKubernetes And Istio and Azure AKS DevOps
Kubernetes And Istio and Azure AKS DevOps
 
Serverless: Market Overview and Investment Opportunities
Serverless: Market Overview and Investment OpportunitiesServerless: Market Overview and Investment Opportunities
Serverless: Market Overview and Investment Opportunities
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
 
#dbhouseparty - Should I be building Microservices?
#dbhouseparty - Should I be building Microservices?#dbhouseparty - Should I be building Microservices?
#dbhouseparty - Should I be building Microservices?
 
NUS-ISS Learning Day 2018- Designing software to make the most of cloud platf...
NUS-ISS Learning Day 2018- Designing software to make the most of cloud platf...NUS-ISS Learning Day 2018- Designing software to make the most of cloud platf...
NUS-ISS Learning Day 2018- Designing software to make the most of cloud platf...
 
Cloud Foundry Technical Overview at IBM Interconnect 2016
Cloud Foundry Technical Overview at IBM Interconnect 2016Cloud Foundry Technical Overview at IBM Interconnect 2016
Cloud Foundry Technical Overview at IBM Interconnect 2016
 
INTERFACE, by apidays - Challenges of exposing and connecting microservices
INTERFACE, by apidays - Challenges of exposing and connecting microservicesINTERFACE, by apidays - Challenges of exposing and connecting microservices
INTERFACE, by apidays - Challenges of exposing and connecting microservices
 
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
2019 04-25-agile communitymeetup-essentialcapabilitiesbehindmicroservices
 

More from Christian Posta

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
Christian Posta
 
Understanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload IdentityUnderstanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload Identity
Christian Posta
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
Christian Posta
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo Mesh
Christian Posta
 
Multi-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMeshMulti-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMesh
Christian Posta
 
Multicluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh PatternsMulticluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh Patterns
Christian Posta
 
Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service Mesh
Christian Posta
 
Deep Dive: Building external auth plugins for Gloo Enterprise
Deep Dive: Building external auth plugins for Gloo EnterpriseDeep Dive: Building external auth plugins for Gloo Enterprise
Deep Dive: Building external auth plugins for Gloo Enterprise
Christian Posta
 
Role of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoptionRole of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoption
Christian Posta
 
Chaos Debugging for Microservices
Chaos Debugging for MicroservicesChaos Debugging for Microservices
Chaos Debugging for Microservices
Christian Posta
 
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Christian Posta
 
Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1
Christian Posta
 
API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisis
Christian Posta
 
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
Christian Posta
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh Landscape
Christian Posta
 
Intro to Knative
Intro to KnativeIntro to Knative
Intro to Knative
Christian Posta
 
API World: The service-mesh landscape
API World: The service-mesh landscapeAPI World: The service-mesh landscape
API World: The service-mesh landscape
Christian Posta
 
Making sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverlessMaking sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverless
Christian Posta
 
Evolution of integration and microservices patterns with service mesh
Evolution of integration and microservices patterns with service meshEvolution of integration and microservices patterns with service mesh
Evolution of integration and microservices patterns with service mesh
Christian Posta
 
Come for the traffic management, stay for the security
Come for the traffic management, stay for the securityCome for the traffic management, stay for the security
Come for the traffic management, stay for the security
Christian Posta
 

More from Christian Posta (20)

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Understanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload IdentityUnderstanding Wireguard, TLS and Workload Identity
Understanding Wireguard, TLS and Workload Identity
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo Mesh
 
Multi-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMeshMulti-cluster service mesh with GlooMesh
Multi-cluster service mesh with GlooMesh
 
Multicluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh PatternsMulticluster Kubernetes and Service Mesh Patterns
Multicluster Kubernetes and Service Mesh Patterns
 
Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service Mesh
 
Deep Dive: Building external auth plugins for Gloo Enterprise
Deep Dive: Building external auth plugins for Gloo EnterpriseDeep Dive: Building external auth plugins for Gloo Enterprise
Deep Dive: Building external auth plugins for Gloo Enterprise
 
Role of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoptionRole of edge gateways in relation to service mesh adoption
Role of edge gateways in relation to service mesh adoption
 
Chaos Debugging for Microservices
Chaos Debugging for MicroservicesChaos Debugging for Microservices
Chaos Debugging for Microservices
 
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
 
Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1Intro Istio and what's new Istio 1.1
Intro Istio and what's new Istio 1.1
 
API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisis
 
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh Landscape
 
Intro to Knative
Intro to KnativeIntro to Knative
Intro to Knative
 
API World: The service-mesh landscape
API World: The service-mesh landscapeAPI World: The service-mesh landscape
API World: The service-mesh landscape
 
Making sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverlessMaking sense of microservices, service mesh, and serverless
Making sense of microservices, service mesh, and serverless
 
Evolution of integration and microservices patterns with service mesh
Evolution of integration and microservices patterns with service meshEvolution of integration and microservices patterns with service mesh
Evolution of integration and microservices patterns with service mesh
 
Come for the traffic management, stay for the security
Come for the traffic management, stay for the securityCome for the traffic management, stay for the security
Come for the traffic management, stay for the security
 

Recently uploaded

Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
marufrahmanstratejm
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms  calicut university B. sc Cs 4th sem.pdfdbms  calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 

Recently uploaded (20)

Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms  calicut university B. sc Cs 4th sem.pdfdbms  calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 

Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh

  • 1. 1 | Copyright © 2019 Service-mesh options with Linkerd, Consul, Istio and AppMesh Christian Posta Global Field CTO, Solo.io Craft Conf 2019
  • 2. 2 | Copyright © 2019 CHRISTIAN POSTA • Field CTO @ solo.io • Author of a few books • Contributor to many open-source projects • Architect, blogger, speaker, mentor, leader https://bit.ly/istio-in-action @christianposta christian@solo.io https://blog.christianposta.com https://slideshare.net/ceposta
  • 3. 3 | Copyright © 2019 Flow of talk • What’s the problem we’re addressing with a service mesh? • What is a service mesh? Previous approaches / pros / cons • Generic service-mesh architecture • Explore service-mesh implementations • Guidance for service-mesh adoption
  • 4. 4 | Copyright © 2019 Move fast, safely https://puppet.com/resources/whitepaper/state-of-devops-report
  • 5. 5 | Copyright © 2019 Come on… how hard can it be!?
  • 6. 6 | Copyright © 2019
  • 7. 7 | Copyright © 2019
  • 8. 8 | Copyright © 2019 As we move to services architectures, we push the complexity to the space between our services.
  • 9. 9 | Copyright © 2019 Challenges in a cloudy world • Service discovery • Retries • Timeouts • Load balancing • Rate limiting • Thread bulk heading • Circuit breaking • Security
  • 10. 10 | Copyright © 2019 …Continued… • Routing between services (adaptive, zone-aware) • Deadlines • Back pressure • Outlier detection • Health checking • Traffic shaping • Request shadowing
  • 11. 11 | Copyright © 2019 …Continued… • Edge/DMZ routing • Surgical / fine / per-request routing • A/B rollout • Internal releases / dark launches • Fault injection • Stats, metric, collection • Logging • Tracing
  • 12. 12 | Copyright © 2019 • Netflix Hystrix (circuit breaking / bulk heading) • Netflix Zuul (edge router) • Netflix Ribbon (client-side service discovery / load balance) • Netflix Eureka (service discovery registry) • Brave / Zipkin (tracing) • Netflix spectator / atlas (metrics) Microservices Patterns
  • 13. 13 | Copyright © 2019 But I’m using Spring! • spring-cloud-netflix-hystrix • spring-cloud-netflix-zuul • spring-cloud-netflix-eureka-client • spring-cloud-netflix-ribbon • spring-cloud-netflix-atlas • spring-cloud-netflix-spectator • spring-cloud-netflix-hystrix-stream • ….. • @Enable....150differentThings
  • 14. 14 | Copyright © 2019 But I’m using Vert.x! • vertx-circuit-breaker • vertx-service-discovery • vertx-dropwizard-metrics • vertx-zipkin? • ….. • ......
  • 15. 15 | Copyright © 2019 Screw Java - I’m using NodeJS! JavaScript is for rookies, I use Go! But python is so pretty! I prefer unreadability… Perl for me!
  • 16. 16 | Copyright © 2019 • Require specific language to bring in new services • A single language doesn’t fit for all use cases • How do you patch/upgrade/manage lifecycle? • Need strict control over application library choices Some drawbacks to this approach?
  • 17. 17 | Copyright © 2019 Let’s abstract this functionality and apply to all services out of process • Allow heterogeneous architectures • Remove application-specific implementations of this functionality • Consistently enforce these properties • Correctly enforce these properties • Opt-in as well as safety nets
  • 18. 18 | Copyright © 201918 | Copyright © 2019 Foundation for a solution
  • 19. 19 | Copyright © 2019 Meet Envoy Proxy http://envoyproxy.io
  • 20. 20 | Copyright © 2019 Envoy Proxy: • written in C++, highly parallel, non-blocking • L4 / L7 service proxy (HTTP1, HTTP2, gRPC, Kafka, Redis, Mongo, Dynamo, etc) • zone aware, least request load balancing • circuit breaking / outlier detection • retries, retry policies • timeout (including budgets) • traffic shadowing • rate limiting • access logging, statistics collection • dynamic configuration through standard interfaces
  • 21. 21 | Copyright © 2019
  • 22. 22 | Copyright © 2019
  • 23. 23 | Copyright © 2019 Deployed as a service proxy:
  • 24. 24 | Copyright © 2019 A service mesh is decentralized application- networking infrastructure between your services that provides resiliency, security, observability, and routing control.
  • 25. 25 | Copyright © 201925 | Copyright © 2019 Service-mesh architecture
  • 26. 26 | Copyright © 2019
  • 27. 27 | Copyright © 2019
  • 28. 28 | Copyright © 2019
  • 29. 29 | Copyright © 2019 Service mesh technologies typically provide: • Service discovery / Load balancing • Secure service-to-service communication • Traffic control / shaping / shifting • Policy / Intention based access control • Traffic metric collection • Service resilience • API / programmable interface
  • 30. 30 | Copyright © 201930 | Copyright © 2019 Exploring service-mesh implementations
  • 31. 31 | Copyright © 2019 Meet Linkerd http://linkerd.io
  • 32. 32 | Copyright © 2019 Linkerd2 • Backed by Buoyant / CNCF • Kubernetes specific • Control plane (go) / custom data plane (rust) • Latest release 2.3 • Strong focus on observing top-level network metrics • Resilience, timeouts, retry budgets • Always-on mTLS
  • 33. 33 | Copyright © 2019
  • 34. 34 | Copyright © 2019 Linkerd2 • Purpose built, Kubernetes only • Uses CRD for configurations • High performance characteristics • Great user/getting-started experience • Open, welcoming community • Observability, basic resilience • Secure by default • Deployed transparently to app Strengths • Limited feature set (at the moment… more to come) • Missing traffic routing, policy enforcement, circuit breakers • Kubernetes-only • Relatively new, evolving networking stack • Multi-cluster support Opportunities
  • 35. 35 | Copyright © 2019 Meet Consul Connect http://consul.io
  • 36. 36 | Copyright © 2019 Consul Connect • Backed by HashiCorp • Control plane (consul server) / data plane (proxies/app) • Part of Consul 1.2 release, June 2018 (latest is 1.4) • Strong focus on L4 Identity (SPIFFE) • Easy to configure transport encryption (mTLS) • Service segmentation, intention-based ACL policy • Optional use of Envoy Proxy • Native app integration for latency/performance sensitive apps
  • 37. 37 | Copyright © 2019
  • 38. 38 | Copyright © 2019 Consul Connect • Built on Consul: stable, critical piece of software • Solves the identity management challenges in dynamic applications • Hybrid environment support • Optional Envoy Proxy • Multi-cluster/site foundations • Vault support for certificate management Strengths • Application config/code impact (not transparent to app, cannot use k8s dns) • No L7 (routing, matching, observability, policy, traffic control)..yet • Have to manage separate CP data store • does not use CRDs on k8s • No distributed tracing Opportunities
  • 39. 39 | Copyright © 2019 Meet Istio.io http://istio.io
  • 40. 40 | Copyright © 2019 Istio • Control plane / data plane (Envoy Proxy) • 1.1 March 2019 • Collaboration between Google, IBM, Lyft, VMWare, Red Hat, et al. • Based on Envoy proxy • mTLS, policy based ACL, resilience, observability, traffic control • Kubernetes native with other platform support • Large community
  • 41. 41 | Copyright © 2019
  • 42. 42 | Copyright © 2019 Istio • Large, vibrant community • Backed by Google, et. al. • Large feature set • Based on Envoy • Flexible deployment options • Out of the box Ingress • Multi-cluster support Strengths • Performance / overhead improvements • Architecture improvements • Focus on iterative adoption • Continue improvement to documentation • Reduce magic Opportunities
  • 43. 43 | Copyright © 2019 Meet AWS App Mesh https://aws.amazon.com/app-mesh/
  • 44. 44 | Copyright © 2019 AWS App Mesh • Backed by AWS • Control plane (managed) / data plane (Envoy Proxy) • Announced Nov 2018, GA March 2019 • Main functionality is around weighted traffic routing • Supported across deployment platforms • Continuing to add more features
  • 45. 45 | Copyright © 2019
  • 46. 46 | Copyright © 2019 AWS App Mesh • Managed control plane • Built on Envoy Proxy • Supports multiple deployment platforms (EC2, ECS, EKS, Kubernetes) • Focus on basic traffic shifting • Ties in with rest of AWS infrastructure • Free to use on AWS Strengths • AWS Only • Very limited control-plane capabilities • No visibility to control plane behavior • No mTLS, Policy, enforcement fine- grained traffic control • Manually configure Envoy for metrics- collection/CloudWatch integration Opportunities
  • 47. 47 | Copyright © 201947 | Copyright © 2019 Comparisons
  • 48. 48 | Copyright © 2019 Anecdotal comparisons: Benchmarking Istio and Linkerd CPU: https://medium.com/@michael_87395/benchmarking-istio-linkerd-cpu-c36287e32781 Benchmarking Istio and Linkerd at Scale (follow up) https://medium.com/@michael_87395/benchmarking-istio-linkerd-cpu-at-scale-5f2cfc97c7fa
  • 49. 49 | Copyright © 2019 Wrapping up - Ignore comparisons and anecdotes. Focus on: • Service mesh approach is the right approach, implementations still evolving • Solve today’s pain with as little technology as you can • Invest in the data plane (Envoy proxy) • Ingress-first approach: API Gateways (like Gloo, built on Envoy) can give you service- mesh-like capabilities with a fraction of the complexity and risk • Iteratively adopt service-mesh capabilities (and commensurate deployment footprint) • Abstract service-mesh implementation details, configuration, opinions
  • 50. 50 | Copyright © 2019 Easiest way to get started with service mesh is with… https://supergloo.solo.io
  • 51. 51 | Copyright © 2019 https://supergloo.solo.io
  • 52. 52 | Copyright © 2019 Exploring service mesh implementations “I used SuperGloo because it was super simple to get both services meshes bootstrapped quickly, with almost no effort on my part. We’re not using SuperGloo in production, but it was perfect for a task like this. It was literally two commands per mesh. I used two clusters for isolation— one for Istio, and one for Linkerd.” https://medium.com/@michael_87395/benchmarking-istio-linkerd-cpu-c36287e32781
  • 53. 53 | Copyright © 2019 Additional reading • Istio the easy way https://medium.com/solo-io/istio-the-easy-way-de66e6eba4a1 • Linkerd vs Istio https://medium.com/solo-io/linkerd-or-istio-6fcd2aad6e42 • SuperGloo Open API and Service Mesh Orchestration https://medium.com/solo-io/https-medium-com-solo-io-supergloo-ff2aae1fb96f • Follow up: Benchmarking Istio and Linkerd at Scale • https://medium.com/@michael_87395/benchmarking-istio-linkerd-cpu-at-scale- 5f2cfc97c7fa • Linkerd April 2019 Community Meeting https://buoyant.io/resources/april-2019-linkerd-community-meeting-recap/ • AWS AppMesh FAQ https://aws.amazon.com/app-mesh/faqs/ • Consul Connect Intro https://www.hashicorp.com/resources/consul-connect-announcement-mitchell-hashimoto • Consul Connect Roadmap https://www.hashicorp.com/blog/roadmap-preview-what-s-next-for-consul-service-mesh
  • 54. 54 | Copyright © 2019 CHRISTIAN POSTA @christianposta christian@solo.io https://blog.christianposta.com https://slideshare.net/ceposta
  • 55. 55 | Copyright © 201955 | Copyright © 2019 @soloio_inc

Editor's Notes

  1. …… new challenge….. Let’s come back to that…..
  2. One large database! We should focus on how we design our data models so that they can be sharded and distributed…. Focus on transactions, etc not 2PC
  3. One large database! We should focus on how we design our data models so that they can be sharded and distributed…. Focus on transactions, etc not 2PC
  4. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  5. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  6. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  7. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  8. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  9. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  10. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  11. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  12. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  13. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  14. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  15. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  16. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  17. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  18. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  19. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  20. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  21. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  22. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
  23. Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.