Proxyless Service Mesh with gRPC

Transcript

1. Recap: KubeCon + CloudNativeCon NA 2020 Proxyless Service Mesh with

   gRPC Menghan Li, Google Kubernetes Meetup Tokyo #37 Yuki Ito https://sched.co/ekI8

2. Agenda ɾBasics ɾHow to Use ɾCompare with the Proxy based

   Mesh

3. Agenda ɾBasics ɾHow to Use ɾCompare with the Proxy based

   Mesh

4. Microserivces Era Service Pod Service Pod Service Pod Service Pod

   Service Pod Service Pod Service Pod Service Pod

5. Common Concerns ɾLoad Balance ɾTraffic Shifting / Canary Release ɾTracing

   ɾAuthentication / Authorization etc...

6. Service Mesh https://istio.io/latest/docs/concepts/what-is-istio/ The term service mesh is used to

   describe the network of microservices that make up such applications and the interactions between them.

7. Proxy based Service Mesh Proxy Application Proxy Application Pod Pod

8. e.g. Istio https://istio.io/latest/docs/concepts/what-is-istio/

9. Proxyless gRPC Service Mesh Control Plane

10. gRPC https://grpc.io/docs/what-is-grpc/introduction/

11. Proxyless gRPC Service Mesh Control Plane

12. Proxyless gRPC Service Mesh Control Plane xDS API

13. x Discovery Service API •Listener Discovery Service •Route Discovery Service

    •Cluster Discovery Service •Endpoint Discovery Service

14. x Discovery Service API •Listener Discovery Service •Route Discovery Service

    •Cluster Discovery Service •Endpoint Discovery Service

15. Envoy Envoy is an L7 proxy and communication bus designed

    for large modern service oriented architectures. The project was born out of the belief that:ɹ The network should be transparent to applications. When network and application problems do occur it should be easy to determine the source of the problem. https://www.envoyproxy.io/docs/envoy/v1.16.2/intro/what_is_envoy

16. Envoy Configurations Listener Route Cluster Endpoint Endpoint Endpoint Endpoint Cluster

17. Envoy Configurations 0.0.0.0:5000 Listener Route Service-1 Cluster 10.28.1.11 10.28.1.12 10.28.1.13

    10.28.1.14 Service-2 Cluster Path: /service-1 Path: /service-2

18. Dynamic Configurations Control Plane Route Listener Cluster xDS API

19. e.g. Change Endpoints 0.0.0.0:5000 Listener Route Service-1 Cluster 10.28.1.11 10.28.1.12

20. e.g. Change Endpoints 0.0.0.0:5000 Listener Route Service-1 Cluster 10.28.1.11 10.28.1.12

    10.28.1.13 10.28.1.14 Service-2 Cluster

21. e.g. Change Endpoints 0.0.0.0:5000 Listener Route Service-1 Cluster 10.28.1.11 10.28.1.12

    10.28.1.13 10.28.1.14 Service-2 Cluster RDS CDS EDS EDS

22. x Discovery Service API •Listener Discovery Service •Route Discovery Service

    •Cluster Discovery Service •Endpoint Discovery Service

23. e.g. Cluster Discovery Service service ClusterDiscoveryService { rpc StreamClusters(stream discovery.v3.DiscoveryRequest)

    returns (stream discovery.v3.DiscoveryResponse) { } rpc DeltaClusters(stream discovery.v3.DeltaDiscoveryRequest) returns (stream discovery.v3.DeltaDiscoveryResponse) { } rpc FetchClusters(discovery.v3.DiscoveryRequest) returns (discovery.v3.DiscoveryResponse) { } } cds.proto https://github.com/envoyproxy/envoy/blob/master/api/envoy/service/cluster/v3/cds.proto

24. x Discovery Service API Control Plane Route Listener CDS LDS

    RDS CDS

25. Aggregated Discovery Service Control Plane Route Listener CDS Aggregated Discovery

    Service

26. Aggregated Discovery Service service AggregatedDiscoveryService { rpc StreamAggregatedResources(stream DiscoveryRequest) returns

    (stream DiscoveryResponse) { } rpc DeltaAggregatedResources(stream DeltaDiscoveryRequest) returns (stream DeltaDiscoveryResponse) { } } ads.proto https://github.com/envoyproxy/envoy/blob/master/api/envoy/service/discovery/v3/ads.proto

27. Aggregated Discovery Service https://istio.io/latest/docs/concepts/what-is-istio/ e.g. Istio ADS

28. Aggregated Discovery Service gRPC will support the Aggregate Discovery Service

    (ADS) variant of xDS, where all of these resource types are obtained on a single gRPC stream... we have no plans to support any non-aggregated variants of xDS... https://github.com/grpc/proposal/blob/master/A27-xds-global-load-balancing.md

29. x Discovery Service API https://speakerdeck.com/110y/bootes-envoy-control-plane-kubernetes-controller https://envoytokyo.connpass.com/event/175256/

30. Proxyless gRPC Service Mesh Control Plane xDS API (ADS)

31. Without xDS Pod 10.28.1.11 Pod 10.28.1.12 Pod 10.28.1.13 Kubernetes Service

    serivce.foo.svc.cluster.local service.foo.svc.cluster.local

32. Without xDS Pod 10.28.1.11 Pod 10.28.1.12 Pod 10.28.1.13 Kubernetes Headless

    Service hs-serivce.foo.svc.cluster.local 10.28.1.11 10.28.1.12 10.28.1.13 hs-service.foo.svc.cluster.local

33. With xDS Pod 10.28.1.11 Pod 10.28.1.12 Pod 10.28.1.13 10.28.1.11 10.28.1.12

    10.28.1.13 Control Plane xDS API (ADS)

34. Agenda ɾBasics ɾHow to Use ɾCompare with the Proxy based

    Mesh

35. How to Use Control Plane xDS API (ADS)

36. Bootstrap Configuration { "xds_servers": [ { "server_uri": "localhost:50050", "channel_creds": [

    { "type": "insecure" } ] } ], "node": { "id": "foo", "cluster": "bar" }, "server_features": [ "xds_v3" ] }

37. Bootstrap Configuration { "xds_servers": [ { "server_uri": "localhost:50050", "channel_creds": [

    { "type": "insecure" } ] } ], "node": { "id": "foo", "cluster": "bar" }, "server_features": [ "xds_v3" ] }

38. Bootstrap Configuration { "xds_servers": [ { "server_uri": "localhost:50050", "channel_creds": [

    { "type": "insecure" } ] } ], "node": { "id": "foo", "cluster": "bar" }, "server_features": [ "xds_v3" ] } GRPC_XDS_BOOTSTRAP=/path/to/bootstrap.json

39. Use xDS Resolver import _ "google.golang.org/grpc/xds" e.g. grpc-go

40. Use xDS Resolver e.g. grpc-go grpc.Dial("target-service.foo.svc.cluster.local") Before xDS:

41. Use xDS Resolver e.g. grpc-go grpc.Dial("xds:///target-service") After xDS:

42. How to Use Control Plane xDS API (ADS)

43. Agenda ɾBasics ɾHow to Use ɾCompare with the Proxy based

    Mesh

44. Deployment Proxy Application Pod Proxy based Mesh

45. Deployment Proxy Application Pod Require Container Lifecycle Management Proxy based

    Mesh

46. Deployment Proxyless Mesh { "xds_servers": [ { "server_uri": "localhost:50050", "channel_creds":

    [ { "type": "insecure" } ] } ], "node": { "id": "foo", "cluster": "bar" }, "server_features": [ "xds_v3" ] } GRPC_XDS_BOOTSTRAP=/path/to/bootstrap.json

47. Networking Proxy based Mesh https://istio.io/latest/docs/concepts/what-is-istio/

48. Inbound Traffic PREROUTING ISTIO_INBOUND ISTIO_IN_REDIRECT ISTIO_OUTPUT POSTROUTING OUTPUT istio-proxy PORT:

    15006 Application Linux Kernel Space (iptables / netfilter) Linux User Space ᶃ ᶄ ᶅ ᶆ ᶇ ᶈ ᶉ ᶊ

49. Outbound Traffic OUTPUT ISTIO_REDIRECT POSTROUTING ISTIO_OUTPUT istio-proxy PORT: 15001 Application

    Linux Kernel Space (iptables / netfilter) Linux User Space ᶃ ᶄ ᶅ ᶆ ᶈ ᶇ ᶉ ᶊ ᶋ

50. Networking Proxyless Mesh Control Plane xDS API (ADS)

51. Monitoring Proxy based Mesh Proxy Application Pod

52. Monitoring Proxyless Mesh Control Plane xDS API (ADS)

53. Extensibility Proxy based Mesh Control Plane Route Listener Cluster xDS

    API

54. Extensibility Proxy based Mesh Control Plane xDS API Filters...

55. Extensibility Proxyless Mesh gRPC Interceptors

56. Non gRPC Services Proxy based Mesh https://istio.io/latest/docs/concepts/what-is-istio/

57. Non gRPC Services Proxyless Mesh Control Plane xDS API (ADS)

58. Agenda ɾBasics ɾHow to Use ɾCompare with the Proxy based

    Mesh

59. Proxyless gRPC Service Mesh Control Plane xDS API