Proxyless Service Mesh with gRPC

Transcript

1. Recap: KubeCon + CloudNativeCon NA 2020
   Proxyless Service Mesh with gRPC
   Menghan Li, Google
   Kubernetes Meetup Tokyo
   #37
   Yuki Ito
   https://sched.co/ekI8
   

   View Slide

2. Agenda
   ɾBasics
   ɾHow to Use
   ɾCompare with the Proxy based Mesh
   

   View Slide

3. Agenda
   ɾBasics
   ɾHow to Use
   ɾCompare with the Proxy based Mesh
   

   View Slide

4. Microserivces Era
   Service
   Pod
   Service
   Pod
   Service
   Pod
   Service
   Pod
   Service
   Pod
   Service
   Pod
   Service
   Pod
   Service
   Pod
   

   View Slide

5. Common Concerns
   ɾLoad Balance
   ɾTraffic Shifting / Canary Release
   ɾTracing
   ɾAuthentication / Authorization
   etc...
   

   View Slide

6. Service Mesh
   https://istio.io/latest/docs/concepts/what-is-istio/
   The term service mesh is used to describe the
   network of microservices that make up such
   applications and the interactions between them.
   

   View Slide

7. Proxy based Service Mesh
   Proxy Application
   Proxy Application
   Pod
   Pod
   

   View Slide

8. e.g. Istio
   https://istio.io/latest/docs/concepts/what-is-istio/
   

   View Slide

9. Proxyless gRPC Service Mesh
   Control Plane
   

   View Slide

10. gRPC
    https://grpc.io/docs/what-is-grpc/introduction/
    

    View Slide

11. Proxyless gRPC Service Mesh
    Control Plane
    

    View Slide

12. Proxyless gRPC Service Mesh
    Control Plane
    xDS API
    

    View Slide

13. x Discovery Service API
    •Listener Discovery Service
    •Route Discovery Service
    •Cluster Discovery Service
    •Endpoint Discovery Service
    

    View Slide

14. x Discovery Service API
    •Listener Discovery Service
    •Route Discovery Service
    •Cluster Discovery Service
    •Endpoint Discovery Service
    

    View Slide

15. Envoy
    Envoy is an L7 proxy and communication bus designed
    for large modern service oriented architectures. The
    project was born out of the belief that:ɹ
    The network should be transparent to applications.
    When network and application problems do occur it
    should be easy to determine the source of the problem.
    https://www.envoyproxy.io/docs/envoy/v1.16.2/intro/what_is_envoy
    

    View Slide

16. Envoy Configurations
    Listener
    Route
    Cluster
    Endpoint Endpoint Endpoint Endpoint
    Cluster
    

    View Slide

17. Envoy Configurations
    0.0.0.0:5000 Listener
    Route
    Service-1 Cluster
    10.28.1.11 10.28.1.12 10.28.1.13 10.28.1.14
    Service-2 Cluster
    Path: /service-1 Path: /service-2
    

    View Slide

18. Dynamic Configurations
    Control Plane
    Route
    Listener Cluster
    xDS API
    

    View Slide

19. e.g. Change Endpoints
    0.0.0.0:5000 Listener
    Route
    Service-1 Cluster
    10.28.1.11 10.28.1.12
    

    View Slide

20. e.g. Change Endpoints
    0.0.0.0:5000 Listener
    Route
    Service-1 Cluster
    10.28.1.11 10.28.1.12 10.28.1.13 10.28.1.14
    Service-2 Cluster
    

    View Slide

21. e.g. Change Endpoints
    0.0.0.0:5000 Listener
    Route
    Service-1 Cluster
    10.28.1.11 10.28.1.12 10.28.1.13 10.28.1.14
    Service-2 Cluster
    RDS
    CDS
    EDS EDS
    

    View Slide

22. x Discovery Service API
    •Listener Discovery Service
    •Route Discovery Service
    •Cluster Discovery Service
    •Endpoint Discovery Service
    

    View Slide

23. e.g. Cluster Discovery Service
    service ClusterDiscoveryService {
    rpc StreamClusters(stream discovery.v3.DiscoveryRequest)
    returns (stream discovery.v3.DiscoveryResponse) {
    }
    rpc DeltaClusters(stream discovery.v3.DeltaDiscoveryRequest)
    returns (stream discovery.v3.DeltaDiscoveryResponse) {
    }
    rpc FetchClusters(discovery.v3.DiscoveryRequest)
    returns (discovery.v3.DiscoveryResponse) {
    }
    }
    cds.proto
    https://github.com/envoyproxy/envoy/blob/master/api/envoy/service/cluster/v3/cds.proto
    

    View Slide

24. x Discovery Service API
    Control Plane
    Route
    Listener CDS
    LDS RDS CDS
    

    View Slide

25. Aggregated Discovery Service
    Control Plane
    Route
    Listener CDS
    Aggregated Discovery Service
    

    View Slide

26. Aggregated Discovery Service
    service AggregatedDiscoveryService {
    rpc StreamAggregatedResources(stream DiscoveryRequest)
    returns (stream DiscoveryResponse) {
    }
    rpc DeltaAggregatedResources(stream DeltaDiscoveryRequest)
    returns (stream DeltaDiscoveryResponse) {
    }
    }
    ads.proto
    https://github.com/envoyproxy/envoy/blob/master/api/envoy/service/discovery/v3/ads.proto
    

    View Slide

27. Aggregated Discovery Service
    https://istio.io/latest/docs/concepts/what-is-istio/
    e.g. Istio
    ADS
    

    View Slide

28. Aggregated Discovery Service
    gRPC will support the Aggregate Discovery Service
    (ADS) variant of xDS, where all of these resource
    types are obtained on a single gRPC stream...
    we have no plans to support any non-aggregated
    variants of xDS...
    https://github.com/grpc/proposal/blob/master/A27-xds-global-load-balancing.md
    

    View Slide

29. x Discovery Service API
    https://speakerdeck.com/110y/bootes-envoy-control-plane-kubernetes-controller
    https://envoytokyo.connpass.com/event/175256/
    

    View Slide

30. Proxyless gRPC Service Mesh
    Control Plane
    xDS API (ADS)
    

    View Slide

31. Without xDS
    Pod
    10.28.1.11
    Pod
    10.28.1.12
    Pod
    10.28.1.13
    Kubernetes Service
    serivce.foo.svc.cluster.local
    service.foo.svc.cluster.local
    

    View Slide

32. Without xDS
    Pod
    10.28.1.11
    Pod
    10.28.1.12
    Pod
    10.28.1.13
    Kubernetes Headless Service
    hs-serivce.foo.svc.cluster.local
    10.28.1.11
    10.28.1.12
    10.28.1.13
    hs-service.foo.svc.cluster.local
    

    View Slide

33. With xDS
    Pod
    10.28.1.11
    Pod
    10.28.1.12
    Pod
    10.28.1.13
    10.28.1.11
    10.28.1.12
    10.28.1.13
    Control Plane
    xDS API (ADS)
    

    View Slide

34. Agenda
    ɾBasics
    ɾHow to Use
    ɾCompare with the Proxy based Mesh
    

    View Slide

35. How to Use
    Control Plane
    xDS API (ADS)
    

    View Slide

36. Bootstrap Configuration
    {
    "xds_servers": [
    {
    "server_uri": "localhost:50050",
    "channel_creds": [
    {
    "type": "insecure"
    }
    ]
    }
    ],
    "node": {
    "id": "foo",
    "cluster": "bar"
    },
    "server_features": [
    "xds_v3"
    ]
    }
    

    View Slide

37. Bootstrap Configuration
    {
    "xds_servers": [
    {
    "server_uri": "localhost:50050",
    "channel_creds": [
    {
    "type": "insecure"
    }
    ]
    }
    ],
    "node": {
    "id": "foo",
    "cluster": "bar"
    },
    "server_features": [
    "xds_v3"
    ]
    }
    

    View Slide

38. Bootstrap Configuration
    {
    "xds_servers": [
    {
    "server_uri": "localhost:50050",
    "channel_creds": [
    {
    "type": "insecure"
    }
    ]
    }
    ],
    "node": {
    "id": "foo",
    "cluster": "bar"
    },
    "server_features": [
    "xds_v3"
    ]
    }
    GRPC_XDS_BOOTSTRAP=/path/to/bootstrap.json
    

    View Slide

39. Use xDS Resolver
    import _ "google.golang.org/grpc/xds"
    e.g. grpc-go
    

    View Slide

40. Use xDS Resolver
    e.g. grpc-go
    grpc.Dial("target-service.foo.svc.cluster.local")
    Before xDS:
    

    View Slide

41. Use xDS Resolver
    e.g. grpc-go
    grpc.Dial("xds:///target-service")
    After xDS:
    

    View Slide

42. How to Use
    Control Plane
    xDS API (ADS)
    

    View Slide

43. Agenda
    ɾBasics
    ɾHow to Use
    ɾCompare with the Proxy based Mesh
    

    View Slide

44. Deployment
    Proxy Application
    Pod
    Proxy based Mesh
    

    View Slide

45. Deployment
    Proxy Application
    Pod
    Require Container
    Lifecycle Management
    Proxy based Mesh
    

    View Slide

46. Deployment
    Proxyless Mesh
    {
    "xds_servers": [
    {
    "server_uri": "localhost:50050",
    "channel_creds": [
    {
    "type": "insecure"
    }
    ]
    }
    ],
    "node": {
    "id": "foo",
    "cluster": "bar"
    },
    "server_features": [
    "xds_v3"
    ]
    }
    GRPC_XDS_BOOTSTRAP=/path/to/bootstrap.json
    

    View Slide

47. Networking
    Proxy based Mesh
    https://istio.io/latest/docs/concepts/what-is-istio/
    

    View Slide

48. Inbound Traffic
    PREROUTING
    ISTIO_INBOUND
    ISTIO_IN_REDIRECT
    ISTIO_OUTPUT
    POSTROUTING
    OUTPUT
    istio-proxy
    PORT: 15006
    Application
    Linux Kernel Space (iptables / netfilter) Linux User Space
    ᶃ
    ᶄ
    ᶅ
    ᶆ
    ᶇ
    ᶈ
    ᶉ
    ᶊ
    

    View Slide

49. Outbound Traffic
    OUTPUT
    ISTIO_REDIRECT
    POSTROUTING
    ISTIO_OUTPUT
    istio-proxy
    PORT: 15001
    Application
    Linux Kernel Space (iptables / netfilter) Linux User Space
    ᶃ
    ᶄ
    ᶅ
    ᶆ
    ᶈ
    ᶇ
    ᶉ
    ᶊ
    ᶋ
    

    View Slide

50. Networking
    Proxyless Mesh
    Control Plane
    xDS API (ADS)
    

    View Slide

51. Monitoring
    Proxy based Mesh
    Proxy Application
    Pod
    

    View Slide

52. Monitoring
    Proxyless Mesh
    Control Plane
    xDS API (ADS)
    

    View Slide

53. Extensibility
    Proxy based Mesh
    Control Plane
    Route
    Listener Cluster
    xDS API
    

    View Slide

54. Extensibility
    Proxy based Mesh
    Control Plane
    xDS API
    Filters...
    

    View Slide

55. Extensibility
    Proxyless Mesh
    gRPC Interceptors
    

    View Slide

56. Non gRPC Services
    Proxy based Mesh
    https://istio.io/latest/docs/concepts/what-is-istio/
    

    View Slide

57. Non gRPC Services
    Proxyless Mesh
    Control Plane
    xDS API (ADS)
    

    View Slide

58. Agenda
    ɾBasics
    ɾHow to Use
    ɾCompare with the Proxy based Mesh
    

    View Slide

59. Proxyless gRPC Service Mesh
    Control Plane
    xDS API
    

    View Slide