Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Proxyless Service Mesh with gRPC

1bfc6e2ed04a895bb36f36b86828b689?s=47 Yuki Ito
December 22, 2020
Technology
3
1.2k

Proxyless Service Mesh with gRPC

1bfc6e2ed04a895bb36f36b86828b689?s=128

Yuki Ito

December 22, 2020
Tweet

More Decks by Yuki Ito

See All by Yuki Ito
1bfc6e2ed04a895bb36f36b86828b689?s=48 110y
0
140
1bfc6e2ed04a895bb36f36b86828b689?s=48 110y
0
27
1bfc6e2ed04a895bb36f36b86828b689?s=48 110y
1
390
1bfc6e2ed04a895bb36f36b86828b689?s=48 110y
5
1.3k
1bfc6e2ed04a895bb36f36b86828b689?s=48 110y
0
380
1bfc6e2ed04a895bb36f36b86828b689?s=48 110y
3
12k
1bfc6e2ed04a895bb36f36b86828b689?s=48 110y
2
440
1bfc6e2ed04a895bb36f36b86828b689?s=48 110y
0
760
1bfc6e2ed04a895bb36f36b86828b689?s=48 110y
2
750

Other Decks in Technology

See All in Technology
A2cac4b3dcb2bc0b87917ddc034ef708?s=48 sansandsoc
0
120
A49d01c48e10d19feb8e61310bceabab?s=48 _kensh
1
200
17d4ef53b432ebf7c566fd6a11345570?s=48 ytake
1
100
85da685d91fda190e2e3162d0de248a4?s=48 recruitengineers
2
280
50bc42471d197d0dbef7171f2ef85bb6?s=48 comucal
PRO
0
6.1k
140494d272a4d89883a94fdfdb29dea2?s=48 oracle4engineer
PRO
1
1k
88f4e84b94fe07cddbd9e6479d689192?s=48 soudai
16
9k
A64ac825509279a770c13c6fc517f11a?s=48 kawaguti
PRO
0
200
58ed7368f1de80df0b380087b19a4ac1?s=48 sugarcrm
PRO
0
150
Cdf97a1b1b132c56582773c3ba09a3a6?s=48 rakus_dev
0
300
Dd672f13e7e17714700544cb355cbaba?s=48 kyoshimoto
0
100
140494d272a4d89883a94fdfdb29dea2?s=48 oracle4engineer
PRO
1
740

Featured

See All Featured
719435d98d452de7ac367c828266cf01?s=48 erikaheidi
30
5.4k
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
224
48k
E9221b172e78e888355fa2fe4541b595?s=48 mclloyd
7
8k
C51b39fa3c79ccb99dcb8a076bc98287?s=48 brianwarren
89
5.4k
1b8ad785acdd1ce1c99914b1c2a4e10e?s=48 sugarenia
236
990k
B3d6434763caa0ef5dc4b792662c49f7?s=48 smashingmag
289
47k
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
6
1k
7c8469ee8c9e594c65c59b919626c08d?s=48 scottboms
253
11k
0c6fd6a08d0f898159cda7cafcacf07f?s=48 afnizarnur
181
14k
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
33
2.7k
D09fad3e36ae6841f54820be0e907f7a?s=48 rocio
156
12k
F716e5f737fcfb03f2cf8d1a184f1dbe?s=48 nonsquared
84
3.8k

Transcript

  1. Recap: KubeCon + CloudNativeCon NA 2020 Proxyless Service Mesh with

    gRPC Menghan Li, Google Kubernetes Meetup Tokyo #37 Yuki Ito https://sched.co/ekI8

  2. Agenda ɾBasics ɾHow to Use ɾCompare with the Proxy based

    Mesh

  3. Agenda ɾBasics ɾHow to Use ɾCompare with the Proxy based

    Mesh

  4. Microserivces Era Service Pod Service Pod Service Pod Service Pod

    Service Pod Service Pod Service Pod Service Pod

  5. Common Concerns ɾLoad Balance ɾTraffic Shifting / Canary Release ɾTracing

    ɾAuthentication / Authorization etc...

  6. Service Mesh https://istio.io/latest/docs/concepts/what-is-istio/ The term service mesh is used to

    describe the network of microservices that make up such applications and the interactions between them.

  7. Proxy based Service Mesh Proxy Application Proxy Application Pod Pod

  8. e.g. Istio https://istio.io/latest/docs/concepts/what-is-istio/

  9. Proxyless gRPC Service Mesh Control Plane

  10. gRPC https://grpc.io/docs/what-is-grpc/introduction/

  11. Proxyless gRPC Service Mesh Control Plane

  12. Proxyless gRPC Service Mesh Control Plane xDS API

  13. x Discovery Service API •Listener Discovery Service •Route Discovery Service

    •Cluster Discovery Service •Endpoint Discovery Service

  14. x Discovery Service API •Listener Discovery Service •Route Discovery Service

    •Cluster Discovery Service •Endpoint Discovery Service

  15. Envoy Envoy is an L7 proxy and communication bus designed

    for large modern service oriented architectures. The project was born out of the belief that:ɹ The network should be transparent to applications. When network and application problems do occur it should be easy to determine the source of the problem. https://www.envoyproxy.io/docs/envoy/v1.16.2/intro/what_is_envoy

  16. Envoy Configurations Listener Route Cluster Endpoint Endpoint Endpoint Endpoint Cluster

  17. Envoy Configurations 0.0.0.0:5000 Listener Route Service-1 Cluster 10.28.1.11 10.28.1.12 10.28.1.13

    10.28.1.14 Service-2 Cluster Path: /service-1 Path: /service-2

  18. Dynamic Configurations Control Plane Route Listener Cluster xDS API

  19. e.g. Change Endpoints 0.0.0.0:5000 Listener Route Service-1 Cluster 10.28.1.11 10.28.1.12

  20. e.g. Change Endpoints 0.0.0.0:5000 Listener Route Service-1 Cluster 10.28.1.11 10.28.1.12

    10.28.1.13 10.28.1.14 Service-2 Cluster

  21. e.g. Change Endpoints 0.0.0.0:5000 Listener Route Service-1 Cluster 10.28.1.11 10.28.1.12

    10.28.1.13 10.28.1.14 Service-2 Cluster RDS CDS EDS EDS

  22. x Discovery Service API •Listener Discovery Service •Route Discovery Service

    •Cluster Discovery Service •Endpoint Discovery Service

  23. e.g. Cluster Discovery Service service ClusterDiscoveryService { rpc StreamClusters(stream discovery.v3.DiscoveryRequest)

    returns (stream discovery.v3.DiscoveryResponse) { } rpc DeltaClusters(stream discovery.v3.DeltaDiscoveryRequest) returns (stream discovery.v3.DeltaDiscoveryResponse) { } rpc FetchClusters(discovery.v3.DiscoveryRequest) returns (discovery.v3.DiscoveryResponse) { } } cds.proto https://github.com/envoyproxy/envoy/blob/master/api/envoy/service/cluster/v3/cds.proto

  24. x Discovery Service API Control Plane Route Listener CDS LDS

    RDS CDS

  25. Aggregated Discovery Service Control Plane Route Listener CDS Aggregated Discovery

    Service

  26. Aggregated Discovery Service service AggregatedDiscoveryService { rpc StreamAggregatedResources(stream DiscoveryRequest) returns

    (stream DiscoveryResponse) { } rpc DeltaAggregatedResources(stream DeltaDiscoveryRequest) returns (stream DeltaDiscoveryResponse) { } } ads.proto https://github.com/envoyproxy/envoy/blob/master/api/envoy/service/discovery/v3/ads.proto

  27. Aggregated Discovery Service https://istio.io/latest/docs/concepts/what-is-istio/ e.g. Istio ADS

  28. Aggregated Discovery Service gRPC will support the Aggregate Discovery Service

    (ADS) variant of xDS, where all of these resource types are obtained on a single gRPC stream... we have no plans to support any non-aggregated variants of xDS... https://github.com/grpc/proposal/blob/master/A27-xds-global-load-balancing.md

  29. x Discovery Service API https://speakerdeck.com/110y/bootes-envoy-control-plane-kubernetes-controller https://envoytokyo.connpass.com/event/175256/

  30. Proxyless gRPC Service Mesh Control Plane xDS API (ADS)

  31. Without xDS Pod 10.28.1.11 Pod 10.28.1.12 Pod 10.28.1.13 Kubernetes Service

    serivce.foo.svc.cluster.local service.foo.svc.cluster.local

  32. Without xDS Pod 10.28.1.11 Pod 10.28.1.12 Pod 10.28.1.13 Kubernetes Headless

    Service hs-serivce.foo.svc.cluster.local 10.28.1.11 10.28.1.12 10.28.1.13 hs-service.foo.svc.cluster.local

  33. With xDS Pod 10.28.1.11 Pod 10.28.1.12 Pod 10.28.1.13 10.28.1.11 10.28.1.12

    10.28.1.13 Control Plane xDS API (ADS)

  34. Agenda ɾBasics ɾHow to Use ɾCompare with the Proxy based

    Mesh

  35. How to Use Control Plane xDS API (ADS)

  36. Bootstrap Configuration { "xds_servers": [ { "server_uri": "localhost:50050", "channel_creds": [

    { "type": "insecure" } ] } ], "node": { "id": "foo", "cluster": "bar" }, "server_features": [ "xds_v3" ] }

  37. Bootstrap Configuration { "xds_servers": [ { "server_uri": "localhost:50050", "channel_creds": [

    { "type": "insecure" } ] } ], "node": { "id": "foo", "cluster": "bar" }, "server_features": [ "xds_v3" ] }

  38. Bootstrap Configuration { "xds_servers": [ { "server_uri": "localhost:50050", "channel_creds": [

    { "type": "insecure" } ] } ], "node": { "id": "foo", "cluster": "bar" }, "server_features": [ "xds_v3" ] } GRPC_XDS_BOOTSTRAP=/path/to/bootstrap.json

  39. Use xDS Resolver import _ "google.golang.org/grpc/xds" e.g. grpc-go

  40. Use xDS Resolver e.g. grpc-go grpc.Dial("target-service.foo.svc.cluster.local") Before xDS:

  41. Use xDS Resolver e.g. grpc-go grpc.Dial("xds:///target-service") After xDS:

  42. How to Use Control Plane xDS API (ADS)

  43. Agenda ɾBasics ɾHow to Use ɾCompare with the Proxy based

    Mesh

  44. Deployment Proxy Application Pod Proxy based Mesh

  45. Deployment Proxy Application Pod Require Container Lifecycle Management Proxy based

    Mesh

  46. Deployment Proxyless Mesh { "xds_servers": [ { "server_uri": "localhost:50050", "channel_creds":

    [ { "type": "insecure" } ] } ], "node": { "id": "foo", "cluster": "bar" }, "server_features": [ "xds_v3" ] } GRPC_XDS_BOOTSTRAP=/path/to/bootstrap.json

  47. Networking Proxy based Mesh https://istio.io/latest/docs/concepts/what-is-istio/

  48. Inbound Traffic PREROUTING ISTIO_INBOUND ISTIO_IN_REDIRECT ISTIO_OUTPUT POSTROUTING OUTPUT istio-proxy PORT:

    15006 Application Linux Kernel Space (iptables / netfilter) Linux User Space ᶃ ᶄ ᶅ ᶆ ᶇ ᶈ ᶉ ᶊ

  49. Outbound Traffic OUTPUT ISTIO_REDIRECT POSTROUTING ISTIO_OUTPUT istio-proxy PORT: 15001 Application

    Linux Kernel Space (iptables / netfilter) Linux User Space ᶃ ᶄ ᶅ ᶆ ᶈ ᶇ ᶉ ᶊ ᶋ

  50. Networking Proxyless Mesh Control Plane xDS API (ADS)

  51. Monitoring Proxy based Mesh Proxy Application Pod

  52. Monitoring Proxyless Mesh Control Plane xDS API (ADS)

  53. Extensibility Proxy based Mesh Control Plane Route Listener Cluster xDS

    API

  54. Extensibility Proxy based Mesh Control Plane xDS API Filters...

  55. Extensibility Proxyless Mesh gRPC Interceptors

  56. Non gRPC Services Proxy based Mesh https://istio.io/latest/docs/concepts/what-is-istio/

  57. Non gRPC Services Proxyless Mesh Control Plane xDS API (ADS)

  58. Agenda ɾBasics ɾHow to Use ɾCompare with the Proxy based

    Mesh

  59. Proxyless gRPC Service Mesh Control Plane xDS API