rights reserved. About me • Software Architect / DevOps Engineer • Technical Evangelist @ AWS • Published an AWS book • Containers, serverless and a sprinkle of ML & big / fast data @frankmunz
rights reserved. 10+ Years Back in Time: SOA ESB = Service Virtualization Layer • Reduces complexity, #cx: squared -> linear with ESB • VETO pattern • CCC = versioning, monitoring, security, etc.
rights reserved. Modern Application Architecture: Microservices Building Blocks • Containers • Serverless (e.g. AWS Lambda) • 165 AWS services • Do NOT stuff everything into container! -> Container / K8s will not make other cloud services redundant • EC2
rights reserved. Challenges of Containers at Scale • More transient • More distributed and complex • Networking • Scheduling / Resource Management • Not virtualized, but isolated: containers share Linux kernel -> Tooling and orchestration required
rights reserved. Amazon ECS Easiest way to deploy and manage containers at scale Integration with entire AWS platform ALB, Auto Scaling, Batch, Elastic Beanstalk, CloudFormation, CloudTrail, CloudWatch Events, CloudWatch Logs, CloudWatch Metrics, ECR, EC2 Spot, IAM, NLB, Parameter Store, and VPC Scales to support clusters of any size Service integrations (like ALB and NLB) are at container level 1 2 3
rights reserved. OSSC libraries: code changes required, language specific Service Mesh: decentral, language agnostic, polyglot, light-weight https://www.infoq.com/articles/microservices-post-kubernetes Need for a Service Mesh ESB: clustered monolith
rights reserved. Open Source: Istio Service Mesh Connect, secure, and observe services • Shift in where functionality is located • Control plane = Istio • Data plane = set of all Envoy proxies • Envoy proxy as sidecar in K8s pod • Automatic or manual injection of proxy with EKS
rights reserved. Envoy Proxy • Level 7 proxy • HTTP, HTTP/2, gRPC, Amazon Dynamo DB, MongoDB • C++11 code base , only 8 MB (statically linked) • No language or framework dependencies • Rquires no code changes • Battle proven open source, started at Lyft • Envoy is not tightly coupled to Istio
rights reserved. A bath tub full of cold water ? K8s rolling update 25% 1 pod at a time … or just wetten your feet? Service Mesh 3% Traffic routing ! ! ! " # ! $❄$❄$❄ Fancy a Swim in the Arctic Sea ? Blue / Green 100% All services at once Microservices Update Strategies
rights reserved. Based on Envoy proxy Start App Mesh from the AWS CLI, console or SDK There is no additional charge for using AWS App Mesh Supports any third-party tool that works with Envoy App Mesh
rights reserved. App Mesh constructs Mesh Virtual node Virtual router and routes Virtual service Create and manage these in App Mesh API, CLI, SDK, or AWS Management Console Proxies Services Service discovery Configure and run proxies and services on Amazon ECS, Fargate, Amazon EKS, Amazon EC2 Service discovery with AWS Cloud Map
rights reserved. App Mesh Ressources App Mesh Ressource Service Mesh Logical boundary for network traffic between the services that reside within it Virtual Node Logical pointer to a particular task group (ECS service) or Kubernetes deployment (FQDN). Virtual Service Abstraction of a real service that is provided by a virtual node directly or indirectly by means of a virtual router Virtual Router Handles traffic for one or more virtual services Route Associated with a virtual router, and it directs traffic that matches a service name prefix to one or more virtual nodes.
rights reserved. Summary • Architect wisely • Running K8s is hard, use a managed K8s service • EKS is unforked upstream K8s • A Service Mesh complements K8s: It adds observability and traffic management • AWS App Mesh is free to use and works across compute services • Service mesh can help to containerize and transition to micro services architecture
fmunz
philhawksworth
3n
akosma
gr2m
chriscoyier
akmur
matthewcrist
sachag
lara
eileencodes
jennybc
jrom
