Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Service Mesh Magic

Frank Munz
April 27, 2019
Programming
0
72

Service Mesh Magic

Services Meshes are the new hype without any question.. But what do they really bring to the table? A service mesh adds new qualities to your container orchestration: It connects, secures, observes and controls service invocations in a language agnostic way that doesn't require any code changes. This presentation gives you a gentle intro to service mesh. Starting with the shortcomings of Docker and Kubernetes. I will show in a live demo and have a look at how a service mesh bridges to the world of chaos engineering by giving us the possibility to inject errors. To conclude I will analyze if and how a service mesh should evolve into becoming a standard component of a public cloud

Frank Munz

April 27, 2019
Tweet

More Decks by Frank Munz

See All by Frank Munz
The Serverless, Real-Time Data Lakehouse in Action
fmunz
0
48
Sharing Streaming Data with Delta Sharing - Kafka Conference
fmunz
0
42
Streaming Data on the Lakehouse (Devoxx Conference ATH)
fmunz
0
250
The Data Lakehouse
fmunz
1
250
Sharing Huge Amounts of Live Data with Delta Sharing
fmunz
0
170
Slice_DAIS_Español_ONLINE.pdf
fmunz
0
110
Slice & DAIS - Summit Highlights from Data and AI Summit 2021 (former Apache Spark Summit)
fmunz
0
330
Architect your Data for the 21st Century: Hasta la vista, Data Lake?
fmunz
0
150
AWS re:Invent re:Cap 2019
fmunz
1
670

Other Decks in Programming

See All in Programming
Ruby製社内ツールのGo移行
bgpat
2
330
オブジェクト指向のリ・オリエンテーション~歴史を振り返り、AI時代に向きなおる~
hanyudaeiiti
9
5.6k
ログラスを支える設計標準について / loglass-design-standards
urmot
10
2.1k
Rails と人魚の話/rails-and-mermaid
sanfrecce_osaka
0
100
Front-end application development, Symfony-style(s)
dunglas
2
1.9k
1BRC--Nerd Sniping the Java Community
gunnarmorling
0
300
HUIT新歓2024「競技プログラミング、やってみませんか?」
slephy2784
1
250
Java 22 Overview
kishida
1
170
Changed Rules: Architectures with Lightweight Stores
manfredsteyer
PRO
0
230
今、知っておきたい! 生成AIエージェントの世界
elith
3
340
OpenAPIを中心に考えるAPI開発入門 / Introduction to API Development with a Focus on OpenAPI
seike460
PRO
2
110
ADRを一年運用してみた/adr_after_a_year
hanhan1978
7
2.2k

Featured

See All Featured
ReactJS: Keep Simple. Everything can be a component!
pedronauck
658
120k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
1
3.4k
The Power of CSS Pseudo Elements
geoffreycrofte
59
5k
How GitHub (no longer) Works
holman
304
140k
Keith and Marios Guide to Fast Websites
keithpitt
408
22k
Atom: Resistance is Futile
akmur
258
25k
Practical Orchestrator
shlominoach
181
9.7k
Making the Leap to Tech Lead
cromwellryan
123
8.5k
Robots, Beer and Maslow
schacon
PRO
155
7.9k
[RailsConf 2023] Rails as a piece of cake
palkan
22
3.9k
Side Projects
sachag
451
41k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
34
8.8k

Transcript

  1. Globalcode – Open4education Service Mesh Magic in the Cloud Frank

    Munz Senior Technical Evangelist Amazon Web Services @frankmunz

  2. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. About me • Software Architect / DevOps Engineer • Technical Evangelist @ AWS • Published an AWS book • Containers, serverless and a sprinkle of ML & big / fast data @frankmunz

  3. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. 10+ Years Back in Time: SOA ESB = Service Virtualization Layer • Reduces complexity #cx: squared -> linear with ESB • VETO pattern = Validate, Enrich, Transform, Operate • CCC = location transparency, throttling, monitoring, security, audit

  4. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Splitting the Monolith – A. Cockroft @ AWS https://youtu.be/aBcG57Gw9k0

  5. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Enterprise SW Modernization -> Microservices Building Blocks / Technical Architecture • Containers • Serverless (AWS Lambda) • Other cloud services • Do NOT stuff everything into a container! • AWS API Gateway, Kinesis, Aurora, Dynamo DB, etc. -> Container / K8s will not make other cloud services redundant

  6. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Challenges of Containers at Scale • More transient • More distributed and complex • Networking • Scheduling / Resource Management • Not virtualized, but isolated: containers share Linux kernel -> Tooling and orchestration required

  7. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. … so we built a solution for that

  8. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. ECS Easiest way to deploy and manage containers at scale Integration with entire AWS platform ALB, Auto Scaling, Batch, Elastic Beanstalk, CloudFormation, CloudTrail, CloudWatch Events, CloudWatch Logs, CloudWatch Metrics, ECR, EC2 Spot, IAM, NLB, Parameter Store, and VPC Scales to support clusters of any size Service integrations (like ALB and NLB) are at container level 1 2 3

  9. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Then Kubernetes entered the stage

  10. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. … and devOps ❤ Kubernetes

  11. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Open source container management platform Helps you run containers at scale Gives you primitives for building modern applications What is Kubernetes (K8s)?

  12. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. “Run Kubernetes for me.”

  13. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Availability Zone 1 Availability Zone 2 Availability Zone 3 Kubectl EKS Architecture

  14. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Kubernetes Ressources (incomplete list) Ressource Pod Basic K8s unit, co-located containers Namespace Non-overlapping group of ressources Replica Set Keeps pod replicas running Service Exposes pod at single stable IP Deployment Rolling update of pods Ingress Expose service with static IP to external client Admission Controller Run code after API request, e.g. inject sidecar

  15. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. OSS Hystrix library: code changes required; language specific Service Mesh: decentral, language agnostic, dumb endpoints https://www.infoq.com/articles/microservices-post-kubernetes Shift in Infrastructure Logic ESB: clustered monolith

  16. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Istio Service Mesh Connect, secure, and observe services • Shift in where functionality is located • Istio = control plane • Set of all Envoy proxies = data plane • Envoy proxy as sidecar in K8s pod • Automatic / manual injection of proxy

  17. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Istio Service Mesh with Envoy Proxy Add a 5s delay to 10% of all requests

  18. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. User Based Routing Traffic Shifting

  19. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Envoy Proxy • Level 7 proxy • HTTP, HTTP/2, gRPC, AWS Dynamo DB, MongoDB • C++11 code base , only 8 MB (statically linked) • No language or framework dependencies • No code changes • OSS started at Lyft

  20. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Service Mesh Cross Cutting Concerns such as retries, timeouts, circuit breaking, fault injection, client-side load balancing, service discovery, security, metrics-collection, A/B deployments, and traffic shifting / mirroring / routing

  21. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Service Mesh But Docker / Kubernetes can do rolling updates! Yes, but Istio sparates traffic flow from replica deployment

  22. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. A bath tub full of cold water ? K8s rolling update 25% 1 pod at a time … or just wetten your feet? Service Mesh 3% Traffic routing ! ! ! " # ! $❄$❄$❄ Fancy a Swim in the Arctic Sea ? Blue / Green 100% All services at once Microservices Update Strategies

  23. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved.

  24. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Install Istio with Helm $ helm install --wait --name istio \ --namespace istio-system \ install/kubernetes/helm/istio \ --set grafana.enabled=true \ --set tracing.enabled=true \ --set servicegraph.enabled=true $ # K8s label turn on automatic sidecar injection $ kubectl label namespace default istioinjection=enabled

  25. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Grafana

  26. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Jaeger

  27. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Servicegraph

  28. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Kiali

  29. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Kiali

  30. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Customers

  31. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Snap @AWS Summit in New York 2018 https://youtu.be/mCVdcz01Z-g?t=2052

  32. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. AWS App Mesh

  33. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. App Mesh works across compute services Amazon ECS AWS Fargate Amazon EKS Amazon EC2 Kubernetes on EC2

  34. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Logging HTTP access logging Amazon CloudWatch Logs Available as container logs on Amazon ECS, Amazon EKS, AWS Fargate Metrics CloudWatch metrics StatsD (with tags) Prometheus Tracing AWS X-Ray Other Envoy tracing drivers Observability

  35. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Traffic shaping Load balancing Weight targets Service discovery (DNS + AWS Cloud Map) Health checks Retries* Timeouts* Circuit breakers* *Coming soon Traffic Management Routing controls Protocols support (HTTP, TCP, gRPC*) Path-based Header-based* Cookie-based* Host-based*

  36. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. App Mesh Architecture

  37. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. AWS App Mesh Roadmap is Public https://github.com/awslabs/aws-app-mesh-examples

  38. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Summary • Architect wisely • Running K8s is hard Use a managed K8s service in the cloud. • A Service Meshes complements K8s: It adds observability and traffic management • Istio with Envoy on EKS • AWS App Mesh

  39. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Open-source Istio and Enovy on AWS EKS Video https://www.youtube.com/watch?v=fDmJf9kWFws

  40. Globalcode – Open4educa0on Muito obrigado! Frank Munz Senior Technical Evangelist

    Amazon Web Services @frankmunz