Service meshes are all the buzz in cloud-native world.
How come only yesterday we didn't know such a thing existed and now everybody seems to want one?
If you're already running a microservice-based system or only starting out with one — you may be asking yourself: "Do I also need a mesh?"
In this session we'll try to answer what the mesh is good for, what problems it solves, what new questions it poses.
More specifically we will:
explore the SMI Spec;
understand why everybody wants a mesh;
see how the mesh helps with progressive delivery;
discuss if it's time for you to get into the mesh.
Modern application architectures are embracing public clouds, microservices, and container schedulers like Kubernetes and Nomad. These bring complex service-to-service communication patterns, increased scale, dynamic IP addresses, ephemeral infrastructure, and higher failure rates. These changes require a new approach for service discovery, configuration, and segmentation. Service discovery enables services to find and communicate with each other. Service configuration allows us to dynamically configure applications at runtime. Service segmentations lets us secure our microservices architectures by limiting access. In this talk, we cover these challenges and how to solve them with Consul providing as a service mesh.
About the webinar
The use of an API gateway and the move to microservices are two of the most important trends in application development. But are they similar, or different; complementary, or contradictory? In this webinar, we discuss the advantages of an API gateway, the advantages of microservices development, and how and when they can work together.
The NGINX Microservices Reference Architecture (MRA) uses three different network architectures, with service mesh as a fourth. We describe how an API gateway relates to each of these network architectures and how to reduce rework if your application needs to evolve from one architecture to another.
Speakers:
Charles Pretzer, Technical Architect, NGINX, Inc.
Floyd Smith, Director of Content Marketing, NGINX, Inc.
Stop reinventing the wheel with Istio by Mete Atamel (Google)Codemotion
#Codemotion Rome 2018 - Containers provide a consistent environment to run services. Kubernetes help us to manage and scale our container cluster. Good start for a loosely coupled microservices architecture but not enough. How do you control the flow of traffic & enforce policies between services? How do you visualize service dependencies & identify issues? How can you provide verifiable service identities, test for failures? You can implement your own custom solutions or you can rely on Istio, an open platform to connect, manage and secure microservices.
Multi-Clusters Made Easy with Liqo: Getting Rid of Your Clusters Keeping Them...KCDItaly
Many companies are experiencing a dramatic increase in the number of their Kubernetes clusters, for
reasons such as geographical/legislative constraints, data/service replication, etc.
However, when the number of clusters increases, the complexity of deploying apps, managing the entire
multi-cluster infrastructure, and keeping its state under control, becomes rapidly an unmanageable
problem.
A possible solution is Liqo, an open-source project that simplifies the creation of multi-cluster topologies
by replicating the Kubernetes “cattle” model also to clusters.
Liqo creates a virtual cluster that spans multiple real clusters, either on-prem or managed (AKS, EKS,
GKE), and instantiates the desired applications seamlessly in the appropriate cluster.
This talk will discuss the potentials and roadblocks of this vision and highlight how Liqo brings multi-
cluster transparency to the users.
Kubernetes Ingress to Service Mesh (and beyond!)Christian Posta
Kubernetes users need to allow traffic to flow into and within the cluster. Treating the application traffic separately from the business logic allows presents new possibilities in how service to service traffic is served, controlled and observed — and provides a transition to intra cluster networking like Service Mesh. With microservices, there is a concept of both North / South traffic (incoming requests from end users to the cluster) and East / West (intra cluster) communication between the services. In this talk we will explain how Envoy Proxy works in Kubernetes as a proxy for both of these traffic directions and how it can be leveraged to do things like traffic shaping, security, and integrate the north/south to east/west behavior.
Christian Posta (@christianposta) is Global Field CTO at Solo.io, former Chief Architect at Red Hat, and well known in the community for being an author (Istio in Action, Manning, Istio Service Mesh, O'Reilly 2018, Microservices for Java Developers, O’Reilly 2016), frequent blogger, speaker, open-source enthusiast and committer on various open-source projects including Istio, Kubernetes, and many others. Christian has spent time at both enterprises as well as web-scale companies and now helps companies create and deploy large-scale, cloud-native resilient, distributed architectures. He enjoys mentoring, training and leading teams to be successful with distributed systems concepts, microservices, devops, and cloud-native application design.
Modern application architectures are embracing public clouds, microservices, and container schedulers like Kubernetes and Nomad. These bring complex service-to-service communication patterns, increased scale, dynamic IP addresses, ephemeral infrastructure, and higher failure rates. These changes require a new approach for service discovery, configuration, and segmentation. Service discovery enables services to find and communicate with each other. Service configuration allows us to dynamically configure applications at runtime. Service segmentations lets us secure our microservices architectures by limiting access. In this talk, we cover these challenges and how to solve them with Consul providing as a service mesh.
About the webinar
The use of an API gateway and the move to microservices are two of the most important trends in application development. But are they similar, or different; complementary, or contradictory? In this webinar, we discuss the advantages of an API gateway, the advantages of microservices development, and how and when they can work together.
The NGINX Microservices Reference Architecture (MRA) uses three different network architectures, with service mesh as a fourth. We describe how an API gateway relates to each of these network architectures and how to reduce rework if your application needs to evolve from one architecture to another.
Speakers:
Charles Pretzer, Technical Architect, NGINX, Inc.
Floyd Smith, Director of Content Marketing, NGINX, Inc.
Stop reinventing the wheel with Istio by Mete Atamel (Google)Codemotion
#Codemotion Rome 2018 - Containers provide a consistent environment to run services. Kubernetes help us to manage and scale our container cluster. Good start for a loosely coupled microservices architecture but not enough. How do you control the flow of traffic & enforce policies between services? How do you visualize service dependencies & identify issues? How can you provide verifiable service identities, test for failures? You can implement your own custom solutions or you can rely on Istio, an open platform to connect, manage and secure microservices.
Multi-Clusters Made Easy with Liqo: Getting Rid of Your Clusters Keeping Them...KCDItaly
Many companies are experiencing a dramatic increase in the number of their Kubernetes clusters, for
reasons such as geographical/legislative constraints, data/service replication, etc.
However, when the number of clusters increases, the complexity of deploying apps, managing the entire
multi-cluster infrastructure, and keeping its state under control, becomes rapidly an unmanageable
problem.
A possible solution is Liqo, an open-source project that simplifies the creation of multi-cluster topologies
by replicating the Kubernetes “cattle” model also to clusters.
Liqo creates a virtual cluster that spans multiple real clusters, either on-prem or managed (AKS, EKS,
GKE), and instantiates the desired applications seamlessly in the appropriate cluster.
This talk will discuss the potentials and roadblocks of this vision and highlight how Liqo brings multi-
cluster transparency to the users.
Kubernetes Ingress to Service Mesh (and beyond!)Christian Posta
Kubernetes users need to allow traffic to flow into and within the cluster. Treating the application traffic separately from the business logic allows presents new possibilities in how service to service traffic is served, controlled and observed — and provides a transition to intra cluster networking like Service Mesh. With microservices, there is a concept of both North / South traffic (incoming requests from end users to the cluster) and East / West (intra cluster) communication between the services. In this talk we will explain how Envoy Proxy works in Kubernetes as a proxy for both of these traffic directions and how it can be leveraged to do things like traffic shaping, security, and integrate the north/south to east/west behavior.
Christian Posta (@christianposta) is Global Field CTO at Solo.io, former Chief Architect at Red Hat, and well known in the community for being an author (Istio in Action, Manning, Istio Service Mesh, O'Reilly 2018, Microservices for Java Developers, O’Reilly 2016), frequent blogger, speaker, open-source enthusiast and committer on various open-source projects including Istio, Kubernetes, and many others. Christian has spent time at both enterprises as well as web-scale companies and now helps companies create and deploy large-scale, cloud-native resilient, distributed architectures. He enjoys mentoring, training and leading teams to be successful with distributed systems concepts, microservices, devops, and cloud-native application design.
This presentation was made by Mangesh Patankar (Developer Advocate - IBM Cloud) as part of Container Conference 2018: www.containerconf.in.
"How do we make microservices resilient and fault-tolerant? How do we enforce policy decisions, such as fine-grained access control and rate limits? How do we enable timeouts/retries, health checks, etc.?
A service-mesh architecture attempts to resolve these issues by extracting the common resiliency features needed by a microservices framework away from the applications and frameworks and into the platform itself. Istio provides an easy way to create this service mesh."
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...Red Hat Developers
Apache Kafka is taking the world by storm and is rapidly becoming the de-facto event bus for event-driven and streaming applications that respond to events and data in real time. OpenShift Streams for Apache Kafka is Red Hat's fully hosted and managed Apache Kafka service targeting development teams that want to incorporate streaming data and scalable messaging in their applications, without the burden of setting up and maintaining a Kafka cluster infrastructure.
In this session you will discover how Apache Kafka can be used in an IoT scenario to ingest data from devices and make them available in real-time to other applications.
More specifically you will learn how to:
Simulate devices that send MQTT messages to a MQTT broker
Use Apache Camel and Camel-K to bridge MQTT with Apache Kafka
Use Kafka Streams in a Quarkus application to process the device messages
Query the state of the devices using GraphQ
In this WebHack talk I shared my experience about microservices, Docker, Kubernetes and Kong, an API gateway by Mashape. Since they are based on a real working system, this slides is majorly for how to build the whole thing up, not about detailed internal implementation. Although I included some details and reference in order to make it more comprehensive.
Cloud Native Spring - The role of Spring Cloud after Kubernetes became a main...Orkhan Gasimov
Presentation of my talk about Spring Cloud features that can integrate with AWS, GCP and Azure turning Spring Cloud into a distributed platform that is capable to work with different environments like Kubernetes, Cloud or Local with adoption of Spring abstractions.
Event-driven Applications with Kafka, Micronaut, and AWS Lambda | Dave Klein,...HostedbyConfluent
One of the great things about running applications in the cloud is that you only pay for the resources that you use. But that also makes it more important than ever for our applications to be resource-efficient. This becomes even more critical when we use serverless functions.
Micronaut is an application framework that provides dependency injection, developer productivity features, and excellent support for Apache Kafka. By performing dependency injection, AOP, and other productivity-enhancing magic at compile time, Micronaut allows us to build smaller, more efficient microservices and serverless functions.
In this session, we'll explore the ways that Apache Kafka and Micronaut work together to enable us to build fast, efficient, event-driven applications. Then we'll see it in action, using the AWS Lambda Sink Connector for Confluent Cloud.
How to build 1000 microservices with Kafka and thriveNatan Silnitsky
This talk is about the Wix ecosystem for event driven architecture on top of Kafka.
I share the best practices, SDKs and tools we have created in order to be able to scale our distributed system to more than 1000 microservices.
Flexible, hybrid API-led software architectures with KongSven Bernhardt
Kong is a lightweight, cloud-native API solution that makes it easier and faster than ever to connect APIs and microservices in today’s hybrid, multi-cloud environments. With its agnostic, flexible deployment approach, Kong can be used in today’s heterogeneous IT system landscapes to integrate a wide variety of data and systems – even across company boundaries – using APIs. In addition to REST APIs, Kong also offers support for gRPC and GraphQL, which broadens the possibilities to implement modern application architectures.
In this presentation, we will discuss deployment patterns and use cases for Kong to demonstrate the flexibility of the platform. Using a practical example, aspects of the API development and deployment process as well as the integration in existing software development processes will be discussed.
Microservices with Spring Cloud and Netflix OSSDenis Danov
The presentation will introduce the audience to microservice architecture and how it is different from a monolithic one. It will focus on the different components that are necessary for a microservice architecture such as discovery service, configuration service, api gateway and others. For each one of the components will be highlighted why they are important for this type of architecture and how to implement them with Spring Boot and Netflix stack.
Encrypting Kafka messages at rest to secure applications | Robert Barnes, Has...HostedbyConfluent
Whilst Kafka has the ability to encrypt data in transit, it does not have the functionality out of the box to encrypt data at rest. This places the responsibility of encryption of data placed on message queues on developers. Implementing cryptography correctly in our applications is challenging and time consuming.
In this demo-driven talk, I will show you how you can use HashiCorp Vault’s API to implement a simple workflow that offsets the complexity of cryptography to Vault. In just a few lines of code, I will demonstrate how message producers will be able to encrypt its data, whilst message consumers can decrypt message payloads with minimal development effort. I will also show how to troubleshoot common errors from the API.
By the end of this talk, you will learn how to implement symmetric and asymmetric encryption of your application data before placing it on Kafka message queues. You will also learn how to implement this workflow using Format Preserving Encryption (FPE).
Putting Microservices on a Diet: with Istio!QAware GmbH
JavaLand 2019, Brühl: Talk by Mario-Leander Reimer (@LeanderReimer, Principal Software Architect at QAware)
=== Please download slides if blurred! ===
Abstract:
Building microservice architectures is complex. Modern platforms such as Kubernetes address a lot of the complexity, they handle resource isolation and utilization, networking and deployments nicely. But still, handling the remaining complexities, like circuit breaking, rate limiting, observability or transport security, is usually left up to the development teams to implement. Using open source components to address these challenges is an option, but this quickly leads to excessive library bloat and suddenly your microservices are not quite so micro anymore.
Now, all this might seem acceptable if you are on a single, consistent development stack like Java EE or Spring Boot. But tackling these complexities becomes even more challenging if you are dealing with multiple stacks and multiple frameworks. Or you might even deal with legacy applications that you can't modify to retrofit these requirements.
Istio to the rescue. It is a so called service mesh that addresses many of the cross-cutting communication concerns in a microservice architecture. Think of Istio as AOP (aspect oriented programming) for microservice communication. Instead of implementing everything directly within your services, Istio transparently injects and decorates the desired concerns into the individual communication channels.
This session provides an overview of the Istio system and how it addresses the inherent complexities in microservice architectures. We will briefly discuss the conceptual architecture and the main building blocks of Istio. Then we will dive right into several showcases that are deployed on a Kubernetes cluster to demonstrate the different traffic management features, as well as diagnosability and security.
What is a Service Mesh and what can it do for your MicroservicesMatt Turner
e’ll explore what a service mesh is and what it can do for your microservices. Are the claims of observability, resiliency, and WAF features real? Are they useful during development, production, or both? Using pictures and demos, we’ll find out!
This session will also briefly cover how a service mesh works, giving us a mental model with which to explore and evaluate after the talk. Matt will show a simple installation and demo, giving us all the knowledge to go home and try for ourself.
This presentation was made by Mangesh Patankar (Developer Advocate - IBM Cloud) as part of Container Conference 2018: www.containerconf.in.
"How do we make microservices resilient and fault-tolerant? How do we enforce policy decisions, such as fine-grained access control and rate limits? How do we enable timeouts/retries, health checks, etc.?
A service-mesh architecture attempts to resolve these issues by extracting the common resiliency features needed by a microservices framework away from the applications and frameworks and into the platform itself. Istio provides an easy way to create this service mesh."
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...Red Hat Developers
Apache Kafka is taking the world by storm and is rapidly becoming the de-facto event bus for event-driven and streaming applications that respond to events and data in real time. OpenShift Streams for Apache Kafka is Red Hat's fully hosted and managed Apache Kafka service targeting development teams that want to incorporate streaming data and scalable messaging in their applications, without the burden of setting up and maintaining a Kafka cluster infrastructure.
In this session you will discover how Apache Kafka can be used in an IoT scenario to ingest data from devices and make them available in real-time to other applications.
More specifically you will learn how to:
Simulate devices that send MQTT messages to a MQTT broker
Use Apache Camel and Camel-K to bridge MQTT with Apache Kafka
Use Kafka Streams in a Quarkus application to process the device messages
Query the state of the devices using GraphQ
In this WebHack talk I shared my experience about microservices, Docker, Kubernetes and Kong, an API gateway by Mashape. Since they are based on a real working system, this slides is majorly for how to build the whole thing up, not about detailed internal implementation. Although I included some details and reference in order to make it more comprehensive.
Cloud Native Spring - The role of Spring Cloud after Kubernetes became a main...Orkhan Gasimov
Presentation of my talk about Spring Cloud features that can integrate with AWS, GCP and Azure turning Spring Cloud into a distributed platform that is capable to work with different environments like Kubernetes, Cloud or Local with adoption of Spring abstractions.
Event-driven Applications with Kafka, Micronaut, and AWS Lambda | Dave Klein,...HostedbyConfluent
One of the great things about running applications in the cloud is that you only pay for the resources that you use. But that also makes it more important than ever for our applications to be resource-efficient. This becomes even more critical when we use serverless functions.
Micronaut is an application framework that provides dependency injection, developer productivity features, and excellent support for Apache Kafka. By performing dependency injection, AOP, and other productivity-enhancing magic at compile time, Micronaut allows us to build smaller, more efficient microservices and serverless functions.
In this session, we'll explore the ways that Apache Kafka and Micronaut work together to enable us to build fast, efficient, event-driven applications. Then we'll see it in action, using the AWS Lambda Sink Connector for Confluent Cloud.
How to build 1000 microservices with Kafka and thriveNatan Silnitsky
This talk is about the Wix ecosystem for event driven architecture on top of Kafka.
I share the best practices, SDKs and tools we have created in order to be able to scale our distributed system to more than 1000 microservices.
Flexible, hybrid API-led software architectures with KongSven Bernhardt
Kong is a lightweight, cloud-native API solution that makes it easier and faster than ever to connect APIs and microservices in today’s hybrid, multi-cloud environments. With its agnostic, flexible deployment approach, Kong can be used in today’s heterogeneous IT system landscapes to integrate a wide variety of data and systems – even across company boundaries – using APIs. In addition to REST APIs, Kong also offers support for gRPC and GraphQL, which broadens the possibilities to implement modern application architectures.
In this presentation, we will discuss deployment patterns and use cases for Kong to demonstrate the flexibility of the platform. Using a practical example, aspects of the API development and deployment process as well as the integration in existing software development processes will be discussed.
Microservices with Spring Cloud and Netflix OSSDenis Danov
The presentation will introduce the audience to microservice architecture and how it is different from a monolithic one. It will focus on the different components that are necessary for a microservice architecture such as discovery service, configuration service, api gateway and others. For each one of the components will be highlighted why they are important for this type of architecture and how to implement them with Spring Boot and Netflix stack.
Encrypting Kafka messages at rest to secure applications | Robert Barnes, Has...HostedbyConfluent
Whilst Kafka has the ability to encrypt data in transit, it does not have the functionality out of the box to encrypt data at rest. This places the responsibility of encryption of data placed on message queues on developers. Implementing cryptography correctly in our applications is challenging and time consuming.
In this demo-driven talk, I will show you how you can use HashiCorp Vault’s API to implement a simple workflow that offsets the complexity of cryptography to Vault. In just a few lines of code, I will demonstrate how message producers will be able to encrypt its data, whilst message consumers can decrypt message payloads with minimal development effort. I will also show how to troubleshoot common errors from the API.
By the end of this talk, you will learn how to implement symmetric and asymmetric encryption of your application data before placing it on Kafka message queues. You will also learn how to implement this workflow using Format Preserving Encryption (FPE).
Putting Microservices on a Diet: with Istio!QAware GmbH
JavaLand 2019, Brühl: Talk by Mario-Leander Reimer (@LeanderReimer, Principal Software Architect at QAware)
=== Please download slides if blurred! ===
Abstract:
Building microservice architectures is complex. Modern platforms such as Kubernetes address a lot of the complexity, they handle resource isolation and utilization, networking and deployments nicely. But still, handling the remaining complexities, like circuit breaking, rate limiting, observability or transport security, is usually left up to the development teams to implement. Using open source components to address these challenges is an option, but this quickly leads to excessive library bloat and suddenly your microservices are not quite so micro anymore.
Now, all this might seem acceptable if you are on a single, consistent development stack like Java EE or Spring Boot. But tackling these complexities becomes even more challenging if you are dealing with multiple stacks and multiple frameworks. Or you might even deal with legacy applications that you can't modify to retrofit these requirements.
Istio to the rescue. It is a so called service mesh that addresses many of the cross-cutting communication concerns in a microservice architecture. Think of Istio as AOP (aspect oriented programming) for microservice communication. Instead of implementing everything directly within your services, Istio transparently injects and decorates the desired concerns into the individual communication channels.
This session provides an overview of the Istio system and how it addresses the inherent complexities in microservice architectures. We will briefly discuss the conceptual architecture and the main building blocks of Istio. Then we will dive right into several showcases that are deployed on a Kubernetes cluster to demonstrate the different traffic management features, as well as diagnosability and security.
What is a Service Mesh and what can it do for your MicroservicesMatt Turner
e’ll explore what a service mesh is and what it can do for your microservices. Are the claims of observability, resiliency, and WAF features real? Are they useful during development, production, or both? Using pictures and demos, we’ll find out!
This session will also briefly cover how a service mesh works, giving us a mental model with which to explore and evaluate after the talk. Matt will show a simple installation and demo, giving us all the knowledge to go home and try for ourself.
Putting microservices on a diet with IstioQAware GmbH
Software Architecture Conference 2018, London (UK): Talk by Mario-Leander Reimer (@LeanderReimer, Principal Software Architect at QAware)
=== Please download slides if blurred! ===
Abstract:
In a microservice world, things become more complex. Platforms such as Kubernetes address a lot of the complexity; they handle resource isolation and utilization, networking, and deployments nicely. But a lot of the involved complexity such as load balancing, rollout scenarios, circuit breaking, retries, rate limiting, observability, tracing and transport security is still left up to the development teams.
Of course, you can address all of these challenges in your microservices programmatically using popular open-source components such as Hystrix, Ribbon, Eureka, the EFK Stack, Prometheus or Jaeger. But, unfortunately, this approach can quickly lead to excessive library bloat and suddenly your microservices are not quite so micro anymore.
All this might seem acceptable if you’re on a single, consistent development stack like Java EE or Spring Boot. But tackling these complexities becomes even more challenging if you’re dealing with multiple stacks and multiple frameworks, to say nothing about dealing with legacy applications that you can’t modify to retrofit these requirements.
In comes Istio to the rescue. It is a so-called service mesh that addresses many of the cross-cutting communication concerns in a microservice architecture. Think of Istio as AOP (aspect-oriented programming) for microservice communication. Instead of implementing everything directly within your services, Istio transparently injects and decorates the desired concerns into the individual communication channels.
Mario-Leander Reimer offers an overview of Istio and explains how it addresses the inherent complexities in microservice architectures. He briefly discusses the conceptual architecture and the main building blocks of Istio before diving into several examples deployed on a live Kubernetes cluster to demonstrate the different traffic management features, as well as diagnosability and security.
Putting microservices on a diet with istioQAware GmbH
CodeDays 2019, Munich: Talk by Mario-Leander Reimer (@LeanderReimer, Principal Software Architect at QAware)
=== Please download slides if blurred! ===
Abstract:
Building microservice architectures is complex. Handling the involved complexities, like circuit breaking, rate limiting, observability or transport security, is usually left up to the development teams to implement. Using open source components to address these challenges is an option, but this quickly leads to excessive library bloat in our microservices. So let's put them on a diet: with Istio.
The concept of service mesh is one of the new technologies that have grown up around the container and micro-service model over the last couple of years, and Istio is the latest entry into this space. As Istio was recently included as an incubated project in the CNCF, many companies are now looking to it to provide a set of key functions to accelerate their micro-service application management model. Istio enables bi-directional authentication and security of service communication via TLS based authentication and encryption, and at the same time is able to capture application level communication statistics, improving the application development team's visibility into the otherwise difficult to track communication patterns. In this way, Istio acts like an application level network, riding across the underlying capabilities of Kubernetes CNI based networks and network policy. We will implement Istio on a GKE kubernetes cluster, and instrument a simple application to get better insight into how Istio provides its capabilities.
Speaker Bio:
With over 20 years of experience as a systems reliability engineer, and a focus on automating not only application deployments but the underlying infrastructure as well, Robert Starmer brings a wealth of knowledge to the full application enablement stack. He has applied this knowledge in fields from high-performance computing to high-frequency trading environments, and everything in between. Robert also holds patents in network, data center, and application performance and scale enhancements. He is a Founder and the CTO at Kumulus Technologies, a DevOps, Systems Reliability Engineering and cloud computing consultancy. Additionally, Robert is an incurable photography nerd and has been known to stay up until dawn in remote locations to capture celestial time-lapses.
Managing microservices with Istio Service MeshRafik HARABI
Developing and managing hundreds (or maybe thousands) of microservices at scale is a challenge for both development and operations teams.
We have seen over the last years the appearance of new frameworks dedicated to deliver ‘Cloud Native’ applications by providing a set of (out of box) building blocks. Most of these frameworks integrate microservices concerns at the code level.
Recently, we have seen the emerging of a new pattern known as sidecar or proxy promoting to push all these common concerns outside of the business code and provides them on the edge by integrate a new layer to the underlying platform called Service Mesh.
Istio is one of the leading Service Mesh implementing sidecar pattern.
We will go during the presentation throw the core concepts behind Istio, the capabilities that provides to manage, secure and observe microservices and how it gives a new breath for both developers and operations.
The presentation will be guided by a sequence of demo exposing Istio capabilities.
Open Source Networking Days- Service MeshCloudOps2005
At the Linux Foundation's 2018 Open Source Networking Days, Syed Ahmed compared service mesh options (Istio, Linkerd, and Consul Connect) and spoke about how they diverge from many complications traditionally found in monolithic applications.
An introduction to KrakenD, the ultra-high performance API Gateway with middlewares. An opensource tool built using go that is currently serving traffic in major european sites.
Service Mesh - kilometer 30 in a microservice marathonMichael Hofmann
Distributed applications like microservices shift some of their complexities into the interaction of services. Such a service mesh, which can have hundreds of runtime instances, is very difficult to manage. You will be concerned with some of the following questions: Which service will be requested by which other services in which version and how often depending on the request content? How can you test the interaction and how can you replace single services with new ones?
These and other questions will be discussed in this session. Tools to make your live easier with a service mesh will also be introduced.
Dynamically Testing Individual Microservice Releases In ProductionMatt Turner
A lot of us test new versions of services in our Production environment, since it’s the best way to get representative, reliable results. If the new service is “on the edge” of the topology then hitting it is easy, as the test clients can directly call it. But if it’s in the middle of a chain of services, then calling the current versions of all of them, except one beta version in the middle of the chain, is the dream.
This kind of advanced traffic control is possible with a Service Mesh like Istio. But the configuration needed to enable this for all versions of all services is complex and error-prone. In this session Matt will show you how to use an Operator which auto-generates the necessary config. We’ll see how just deploying a new version results in all the necessary config for sophisticated “override-based testing”. Matt will walk through the technique, the underlying config, and the operator that generates it from Deployments.
The microservice architecture approach has been very popular in the recent years. There is a big hype around it and a large swarm of open source tools to facilitate each aspect of this architecture. The purpose of this talk is to identify the main components of a microservice architecture. After that we compare different open source tools that fits into each area. At the end we’ll have a good understanding what a microservice architecture based on OSS looks like.
Cloud Native Night, April 2018, Mainz: Workshop led by Jörg Schad (@joerg_schad, Technical Community Lead / Developer at Mesosphere)
Join our Meetup: https://www.meetup.com/de-DE/Cloud-Native-Night/
PLEASE NOTE:
During this workshop, Jörg showed many demos and the audience could participate on their laptops. Unfortunately, we can't provide these demos. Nevertheless, Jörg's slides give a deep dive into the topic.
DETAILS ABOUT THE WORKSHOP:
Kubernetes has been one of the topics in 2017 and will probably remain so in 2018. In this hands-on technical workshop you will learn how best to deploy, operate and scale Kubernetes clusters from one to hundreds of nodes using DC/OS. You will learn how to integrate and run Kubernetes alongside traditional applications and fast data services of your choice (e.g. Apache Cassandra, Apache Kafka, Apache Spark, TensorFlow and more) on any infrastructure.
This workshop best suits operators focussed on keeping their apps and services up and running in production and developers focussed on quickly delivering internal and customer facing apps into production.
You will learn how to:
- Introduction to Kubernetes and DC/OS (including the differences between both)
- Deploy Kubernetes on DC/OS in a secure, highly available, and fault-tolerant manner
- Solve operational challenges of running a large/multiple Kubernetes cluster
- One-click deploy big data stateful and stateless services alongside a Kubernetes cluster
Using Istio to Secure & Monitor Your ServicesAlcide
Good observability in a microservice architecture is not easy. Istio can help to remove the complexity from developers and leave the work to the operator. Learn how to gain a deeper understanding of using Istio for monitoring tasks, while using Istio security features to secure your microservices and spot security anomalies.
For the recorded webinar: https://bit.ly/2KNaGmc
An introductory look at Kubernetes and how it leverages AWS IaaS features to provide its own virtual clustering, and demonstration of some of the behaviour inside the cluster that makes Kubernetes a popular choice for microservice deployments.
An introduction to Kubernetes and a look at how it leverages AWS IaaS features to provide its own virtual clustering, and demonstration of some of the behaviour inside the cluster that makes Kubernetes a popular choice for microservice deployments.
In the last decade multiple IT organizations jumped head first into CI - in an utopian belief that with enough time and investment the CI pipeline will take them straight into the promised land of CD. But things rarely go as expected. The reality is that until now most of us can't continuously and safely deploy to production - if it's because of lack of confidence, security concerns or contractual obligations. The number of outages caused by production updates is growing and the ever-increasing observability of our systems doesn't make SRE work any less stressful. Cloud native technologies are supposed to make operating complex distributed systems easier - but the CD gap is still not closed.
New approaches such as GitOps and Progressive Delivery strategies are getting more widely known but are still hard to pull off for anyone but the most technologically advanced teams.
We at Canarian and Otomato believe CD doesn't have to be so hard. In the last 4 years we've helped a number of orgs with their continuous deployment effort - both for SaaS and enterprise systems. We clearly see the need for better tooling and semantic change management that will allow us to modify information systems with heightened agility, stability and built-in support for continuous experimentation.
I the talk I outline the CD solution we are working on, explain what features it brings to the table and how this will revolutionize software delivery in the cloud native world.
Escaping the Jungle - Migrating to Cloud Native CI/CDAnton Weiss
In the last 2 years Otomato has been helping a number of software companies to migrate their complex systems to Cloud Native infrastructure. This included rebuilding the CI/CD processes and tooling based on Cloud Native concepts and tooling. In this talk Anton will present the challenges organisations face when switching to modern approaches in software delivery. We will cover the topics of:
- Providing unified kubernetes-based CI/CD infrastructure
- Scalable CI/CD Pipelines and Environments
- Component and Contract testing vs. End-to-End testing
- Managing Deployments with Helm
- Evaluating Service Meshes
- Making the switch to GitOps
Envoy is a lightweight modern network proxy written in C++. It has quickly become the base component in most existing service mesh implementations. With such popularity - a new, safer, more scalable extensibility model was needed.
Much to our excitement - now one can extend Envoy network filtering with WebAssembly modules written (among other languages) in Rust.
We'll see a live demo of building and deploying such a filter.
Heralding change - How to Get Engineers On Board the DevOps ShipAnton Weiss
Anyone who has been involved with a DevOps transformation realizes that changing the mindset is the hardest part. Effective collaboration starts with trust. In this talk I've presented the challenges with winning engineers' trust and how we've tackled this in large enterprise organizations.
The Road to a Hybrid, Transparent PipelineAnton Weiss
The talk I originally gave at DevCon TLV X.
Abstract: CI/CD pipelines are all about communication patterns in an organisation. Integrated solutions don't scale because Continuous Delivery is not a commodity. Opt for a hybrid, modular pipeline and make all information visible to tackle complexity.
Openstack is one of the largest OSS projects today with hundreds of commits flowing in daily. This high rate of change requires an advanced CI infrastructure. The purpose of the talk is to provide an overview of this infrastructure, explaining the role of each tool and the pipelines along which changes have to travel before they find their way into the approved Openstack codebase.
Talk delivered at Openstack Day Israel 2016 : http://www.openstack-israel.org/#!agenda/cjg9
How the use of Groovy language can help you manage your Jenkins instance and extend its functionality. Presentation given at Jenkins User Conference Israel 2015
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Strategies for Successful Data Migration Tools.pptxvarshanayak241
Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload.
Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
52. @antweiss
● Battle-tested Tooling
● Heterogeneous Environments
● Sidecar-proxy: Envoy
● Consul Agent on every Node
● HCL/json/UI instead of YAML
Consul Connect
53. @antweiss
● Battle-tested Tooling
● Heterogeneous Environments
● Sidecar-proxy: Envoy
● Consul Agent on every Node
● HCL/json/UI instead of YAML
● Telemetry - directly from proxies
Consul Connect
54. @antweiss
● Battle-tested Tooling
● Heterogeneous Environments
● Sidecar-proxy: Envoy
● Consul Agent on every Node
● HCL/json/UI instead of YAML
● Telemetry - directly from proxies
● SMI - Traffic Access only
Consul Connect
63. @antweiss
Kuma (Kong Mesh)
● Universal Service Mesh
● Sidecar-proxy: Envoy
● Platform-agnostic (Universal and Kubernetes-native)
64. @antweiss
Kuma (Kong Mesh)
● Universal Service Mesh
● Sidecar-proxy: Envoy
● Platform-agnostic (Universal and Kubernetes-native)
● No SMI Compliance
65. @antweiss
Kuma (Kong Mesh)
● Universal Service Mesh
● Sidecar-proxy: Envoy
● Platform-agnostic (Universal and Kubernetes-native)
● No SMI Compliance
● Kong Integration for Ingress
66. @antweiss
Kuma (Kong Mesh)
● Universal Service Mesh
● Sidecar-proxy: Envoy
● Platform-agnostic (Universal and Kubernetes-native)
● No SMI Compliance
● Kong Integration for Ingress
● For Enterprise (?)
69. @antweiss
NSM - Network Service Mesh
● L2/3
● Hybrid and Multi-Cloud Scenarios
● Connecting Containers in Different Clusters
70. @antweiss
NSM - Network Service Mesh
● L2/3
● Hybrid and Multi-Cloud Scenarios
● Connecting Containers in Different Clusters
● Support for Exotic Protocols
71. @antweiss
NSM - Network Service Mesh
● L2/3
● Hybrid and Multi-Cloud Scenarios
● Connecting Containers in Different Clusters
● Support for Exotic Protocols
● Tunnels as First-Class Citizens
72. @antweiss
NSM - Network Service Mesh
● L2/3
● Hybrid and Multi-Cloud Scenarios
● Connecting Containers in Different Clusters
● Support for Exotic Protocols
● Tunnels as First-Class Citizens
● Dynamic Network Interface Allocation
73. @antweiss
NSM - Network Service Mesh
● L2/3
● Hybrid and Multi-Cloud Scenarios
● Connecting Containers in Different Clusters
● Support for Exotic Protocols
● Tunnels as First-Class Citizens
● Dynamic Network Interface Allocation
● NFV Platform for Cloud Native
81. @antweiss
Get Into The Mesh
● Start With Ingress
● Initial: Bypass + Telemetry
● Bring on Chaos (GlooShot)
● Single Namespace
● Think of : authz, authn, CA, change control, troubleshooting,
upgrade path
● One Cluster
● The Whole World is One Big Mesh