Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Proxyless Service Mesh with gRPC

Yuki Ito
December 22, 2020
Technology
3
1.3k

Proxyless Service Mesh with gRPC

Yuki Ito

December 22, 2020
Tweet

More Decks by Yuki Ito

See All by Yuki Ito
Evolution of Architecture @ Kauche
110y
3
160
Envoy as an API Gateway
110y
0
78
Microservices on Cloud Run + VPC Network
110y
0
180
How We Use Cloud Run and its Friends
110y
0
120
Custom Kubernetes Controllers at Mercari
110y
1
400
What Is the Go Workspace Mode
110y
4
1k
What Are We Doing as Merpay Architect
110y
0
1.2k
Kubernetes Casual Talk
110y
0
49
How to Make Kubernetes Controller Development Happier: mercari.go #17
110y
1
520

Other Decks in Technology

See All in Technology
LINE iOSのビルド環境の変遷 / Changes in LINE iOS Build Environment
line_developers
PRO
3
330
Symfony Serializer Deep Dive
suzuki
0
190
aws-nuke + Github Actoinsで AWSアカウントのクリーンアップを 自動化した話
msato
0
710
ソフトウェア開発者に必要な考え方 / Necessary mindset for software developers
soudai
20
8.1k
OCI サービス基本情報
ocise
2
4.8k
TokyoR#101 パーマーステーションのペンギンたち2 データクリーニング編
bob3bob3
1
290
Java SEの動向 2022夏版
chiroito
4
1.3k
IIJmio meeting 33 IIJmio 2022年夏のおすすめ端末
iij_techlog
0
2.3k
Migrating to Compose | DevFest Bangalore 2022
rivuchk
0
250
AWSの「今」 - PHPのコードを素早く動かすための サービスのご紹介 / PHPCon2022 AWS Japan Session
koemu
2
800
「家族アルバム みてね」を支えるビルド環境の改善
hicka04
2
290
DX_開発管理課
iketomo1207
1
140

Featured

See All Featured
The Language of Interfaces
destraynor
148
21k
jQuery: Nuts, Bolts and Bling
dougneiner
56
6.5k
Faster Mobile Websites
deanohume
294
29k
10 Git Anti Patterns You Should be Aware of
lemiorhan
642
53k
Building an army of robots
kneath
300
40k
What's new in Ruby 2.0
geeforr
335
30k
No one is an island. Learnings from fostering a developers community.
thoeni
10
1.4k
Side Projects
sachag
451
37k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
213
11k
Designing on Purpose - Digital PM Summit 2013
jponch
107
5.7k
Fashionably flexible responsive web design (full day workshop)
malarkey
396
62k
Building Better People: How to give real-time feedback that sticks.
wjessup
344
17k

Transcript

  1. Recap: KubeCon + CloudNativeCon NA 2020 Proxyless Service Mesh with

    gRPC Menghan Li, Google Kubernetes Meetup Tokyo #37 Yuki Ito https://sched.co/ekI8

  2. Agenda ɾBasics ɾHow to Use ɾCompare with the Proxy based

    Mesh

  3. Agenda ɾBasics ɾHow to Use ɾCompare with the Proxy based

    Mesh

  4. Microserivces Era Service Pod Service Pod Service Pod Service Pod

    Service Pod Service Pod Service Pod Service Pod

  5. Common Concerns ɾLoad Balance ɾTraffic Shifting / Canary Release ɾTracing

    ɾAuthentication / Authorization etc...

  6. Service Mesh https://istio.io/latest/docs/concepts/what-is-istio/ The term service mesh is used to

    describe the network of microservices that make up such applications and the interactions between them.

  7. Proxy based Service Mesh Proxy Application Proxy Application Pod Pod

  8. e.g. Istio https://istio.io/latest/docs/concepts/what-is-istio/

  9. Proxyless gRPC Service Mesh Control Plane

  10. gRPC https://grpc.io/docs/what-is-grpc/introduction/

  11. Proxyless gRPC Service Mesh Control Plane

  12. Proxyless gRPC Service Mesh Control Plane xDS API

  13. x Discovery Service API •Listener Discovery Service •Route Discovery Service

    •Cluster Discovery Service •Endpoint Discovery Service

  14. x Discovery Service API •Listener Discovery Service •Route Discovery Service

    •Cluster Discovery Service •Endpoint Discovery Service

  15. Envoy Envoy is an L7 proxy and communication bus designed

    for large modern service oriented architectures. The project was born out of the belief that:ɹ The network should be transparent to applications. When network and application problems do occur it should be easy to determine the source of the problem. https://www.envoyproxy.io/docs/envoy/v1.16.2/intro/what_is_envoy

  16. Envoy Configurations Listener Route Cluster Endpoint Endpoint Endpoint Endpoint Cluster

  17. Envoy Configurations 0.0.0.0:5000 Listener Route Service-1 Cluster 10.28.1.11 10.28.1.12 10.28.1.13

    10.28.1.14 Service-2 Cluster Path: /service-1 Path: /service-2

  18. Dynamic Configurations Control Plane Route Listener Cluster xDS API

  19. e.g. Change Endpoints 0.0.0.0:5000 Listener Route Service-1 Cluster 10.28.1.11 10.28.1.12

  20. e.g. Change Endpoints 0.0.0.0:5000 Listener Route Service-1 Cluster 10.28.1.11 10.28.1.12

    10.28.1.13 10.28.1.14 Service-2 Cluster

  21. e.g. Change Endpoints 0.0.0.0:5000 Listener Route Service-1 Cluster 10.28.1.11 10.28.1.12

    10.28.1.13 10.28.1.14 Service-2 Cluster RDS CDS EDS EDS

  22. x Discovery Service API •Listener Discovery Service •Route Discovery Service

    •Cluster Discovery Service •Endpoint Discovery Service

  23. e.g. Cluster Discovery Service service ClusterDiscoveryService { rpc StreamClusters(stream discovery.v3.DiscoveryRequest)

    returns (stream discovery.v3.DiscoveryResponse) { } rpc DeltaClusters(stream discovery.v3.DeltaDiscoveryRequest) returns (stream discovery.v3.DeltaDiscoveryResponse) { } rpc FetchClusters(discovery.v3.DiscoveryRequest) returns (discovery.v3.DiscoveryResponse) { } } cds.proto https://github.com/envoyproxy/envoy/blob/master/api/envoy/service/cluster/v3/cds.proto

  24. x Discovery Service API Control Plane Route Listener CDS LDS

    RDS CDS

  25. Aggregated Discovery Service Control Plane Route Listener CDS Aggregated Discovery

    Service

  26. Aggregated Discovery Service service AggregatedDiscoveryService { rpc StreamAggregatedResources(stream DiscoveryRequest) returns

    (stream DiscoveryResponse) { } rpc DeltaAggregatedResources(stream DeltaDiscoveryRequest) returns (stream DeltaDiscoveryResponse) { } } ads.proto https://github.com/envoyproxy/envoy/blob/master/api/envoy/service/discovery/v3/ads.proto

  27. Aggregated Discovery Service https://istio.io/latest/docs/concepts/what-is-istio/ e.g. Istio ADS

  28. Aggregated Discovery Service gRPC will support the Aggregate Discovery Service

    (ADS) variant of xDS, where all of these resource types are obtained on a single gRPC stream... we have no plans to support any non-aggregated variants of xDS... https://github.com/grpc/proposal/blob/master/A27-xds-global-load-balancing.md

  29. x Discovery Service API https://speakerdeck.com/110y/bootes-envoy-control-plane-kubernetes-controller https://envoytokyo.connpass.com/event/175256/

  30. Proxyless gRPC Service Mesh Control Plane xDS API (ADS)

  31. Without xDS Pod 10.28.1.11 Pod 10.28.1.12 Pod 10.28.1.13 Kubernetes Service

    serivce.foo.svc.cluster.local service.foo.svc.cluster.local

  32. Without xDS Pod 10.28.1.11 Pod 10.28.1.12 Pod 10.28.1.13 Kubernetes Headless

    Service hs-serivce.foo.svc.cluster.local 10.28.1.11 10.28.1.12 10.28.1.13 hs-service.foo.svc.cluster.local

  33. With xDS Pod 10.28.1.11 Pod 10.28.1.12 Pod 10.28.1.13 10.28.1.11 10.28.1.12

    10.28.1.13 Control Plane xDS API (ADS)

  34. Agenda ɾBasics ɾHow to Use ɾCompare with the Proxy based

    Mesh

  35. How to Use Control Plane xDS API (ADS)

  36. Bootstrap Configuration { "xds_servers": [ { "server_uri": "localhost:50050", "channel_creds": [

    { "type": "insecure" } ] } ], "node": { "id": "foo", "cluster": "bar" }, "server_features": [ "xds_v3" ] }

  37. Bootstrap Configuration { "xds_servers": [ { "server_uri": "localhost:50050", "channel_creds": [

    { "type": "insecure" } ] } ], "node": { "id": "foo", "cluster": "bar" }, "server_features": [ "xds_v3" ] }

  38. Bootstrap Configuration { "xds_servers": [ { "server_uri": "localhost:50050", "channel_creds": [

    { "type": "insecure" } ] } ], "node": { "id": "foo", "cluster": "bar" }, "server_features": [ "xds_v3" ] } GRPC_XDS_BOOTSTRAP=/path/to/bootstrap.json

  39. Use xDS Resolver import _ "google.golang.org/grpc/xds" e.g. grpc-go

  40. Use xDS Resolver e.g. grpc-go grpc.Dial("target-service.foo.svc.cluster.local") Before xDS:

  41. Use xDS Resolver e.g. grpc-go grpc.Dial("xds:///target-service") After xDS:

  42. How to Use Control Plane xDS API (ADS)

  43. Agenda ɾBasics ɾHow to Use ɾCompare with the Proxy based

    Mesh

  44. Deployment Proxy Application Pod Proxy based Mesh

  45. Deployment Proxy Application Pod Require Container Lifecycle Management Proxy based

    Mesh

  46. Deployment Proxyless Mesh { "xds_servers": [ { "server_uri": "localhost:50050", "channel_creds":

    [ { "type": "insecure" } ] } ], "node": { "id": "foo", "cluster": "bar" }, "server_features": [ "xds_v3" ] } GRPC_XDS_BOOTSTRAP=/path/to/bootstrap.json

  47. Networking Proxy based Mesh https://istio.io/latest/docs/concepts/what-is-istio/

  48. Inbound Traffic PREROUTING ISTIO_INBOUND ISTIO_IN_REDIRECT ISTIO_OUTPUT POSTROUTING OUTPUT istio-proxy PORT:

    15006 Application Linux Kernel Space (iptables / netfilter) Linux User Space ᶃ ᶄ ᶅ ᶆ ᶇ ᶈ ᶉ ᶊ

  49. Outbound Traffic OUTPUT ISTIO_REDIRECT POSTROUTING ISTIO_OUTPUT istio-proxy PORT: 15001 Application

    Linux Kernel Space (iptables / netfilter) Linux User Space ᶃ ᶄ ᶅ ᶆ ᶈ ᶇ ᶉ ᶊ ᶋ

  50. Networking Proxyless Mesh Control Plane xDS API (ADS)

  51. Monitoring Proxy based Mesh Proxy Application Pod

  52. Monitoring Proxyless Mesh Control Plane xDS API (ADS)

  53. Extensibility Proxy based Mesh Control Plane Route Listener Cluster xDS

    API

  54. Extensibility Proxy based Mesh Control Plane xDS API Filters...

  55. Extensibility Proxyless Mesh gRPC Interceptors

  56. Non gRPC Services Proxy based Mesh https://istio.io/latest/docs/concepts/what-is-istio/

  57. Non gRPC Services Proxyless Mesh Control Plane xDS API (ADS)

  58. Agenda ɾBasics ɾHow to Use ɾCompare with the Proxy based

    Mesh

  59. Proxyless gRPC Service Mesh Control Plane xDS API