Service Mesh Interfaceとそのエコシステム / Service Mesh Interface and its Ecosystem

Transcript

1. © Hitachi, Ltd. 2020. All rights reserved.
   Service Mesh InterfaceͱͦͷΤίγεςϜ
   #cndjp
   Hitachi, Ltd. R&D Group
   Takaya Ide
   - Cloud Native Developers JP #14 -
   

   View Slide

2. © Hitachi, Ltd. 2020. All rights reserved.
   ಺༰
   1. Service Mesh Interfaceͷ֓ཁ
   2. Service Mesh InterfaceͷΤίγεςϜ
   3. (ࢀߟ) Istio׆༻ʹ޲͚ͨ׆ಈ
   1
   

   View Slide

3. © Hitachi, Ltd. 2020. All rights reserved.
   Service Mesh Interfaceͷ֓ཁ
   2
   

   View Slide

4. © Hitachi, Ltd. 2020. All rights reserved.
   Service Mesh InterfaceʢSMIʣ
   § A standard interface for
   service meshes on Kubernetes.
   § ඪ४API͸KuberenetesͷCRD(Custom
   Resource Definition)ͱͯ͠ఆٛ
   § CNCF Sandbox Project
   § Microsoft͕ࣾओಋ
   3
   ϩΰͷग़యݩ: https://github.com/servicemeshinterface/smi-spec/blob/master/logo/icon.svg
   

   View Slide

5. © Hitachi, Ltd. 2020. All rights reserved.
   ڠࢍاۀ
   15͕ࣾڠࢍɻେ͖͘4छʹ෼ྨͰ͖Δ
   Istioͷ։ൃΛओಋ͢ΔGoogle, IBM͸ෆࢀՃ
   4
   ϓϥοτϑΥʔϚ, SIer
   Microsoft, RedHat, Pivotal, Vmware, Docker,
   Aspin Mesh, Kinvolk, Canonical, Kubecost
   Service Mesh ϕϯμ
   Buoyant(Linkerd),
   HashiCorp(Consul)
   πʔϧϕϯμ
   Rancher(Rio), Layer5(Meshery),
   Weaveworks(Flagger),
   Service Mesh Manager ϕϯμ
   Solo.io (Service Mesh Hub)
   

   View Slide

6. © Hitachi, Ltd. 2020. All rights reserved.
   SMIͷಈػ
   Service MeshͷϙʔλϏϦςΟ΍૬ޓӡ༻ੑͷ޲্
   § ݱঢ়͸ӡ༻Ϟσϧ΍࢓༷͕֤छService Mesh࣮૷ʹඥ෇͘
   § Ϣʔβɼπʔϧ(Flagger౳)ڞʹServiceMeshͷରԠෛՙ͕େ͖͍
   5
   App User
   Tools
   Istio Consul
   Linkerd
   

   View Slide

7. © Hitachi, Ltd. 2020. All rights reserved.
   SMIͷΰʔϧ
   ڞ௨తͰҠ২ੑͷ͋ΔService Mesh APIηοτͷఏڙ
   § ࣮૷ͱ࢓༷Λ෼཭
   § Service Meshػೳͷ༗༻ͳαϒηοτͱ͢Δ
   6
   App User
   Tools
   Istio Consul
   Linkerd
   Service Mesh Interface
   

   View Slide

8. © Hitachi, Ltd. 2020. All rights reserved.
   SMI͸৽͍͠ߟ͑Ͱ͸ͳ͍
   Ingress΍CSIɼCNIͱಉ༷ͷߟ͑ʹج͍͍ͮͯΔ
   7
   App Ecosystem
   Tools
   Istio Consul
   Linkerd
   App Ecosystem
   Tools
   Nginx Gloo
   HAProxy
   Service Mesh Interface Ingress
   

   View Slide

9. © Hitachi, Ltd. 2020. All rights reserved.
   είʔϓ֎
   § Service Meshιϑτ΢ΣΞͷఏڙ
   § Service Meshͦͷ΋ͷͷఆٛ
   ◇ Service Meshιϑτ΢ΣΞ͕SMI࢓༷Ҏ֎ͷ
   ػೳΛఏڙ͢Δ͜ͱ΋׻ܴ͢Δελϯε
   ◇ ͦͷػೳ͕Ұൠʹड͚ೖΕΒΕΕ͹SMIʹؐݩ
   8
   

   View Slide

10. © Hitachi, Ltd. 2020. All rights reserved.
    ػೳ
    ݱࡏͷAPI͸4छ
    9
    Traffic Split
    Traffic Access Control
    Traffic Metrics
    Traffic Specs
    τϥώοΫΛࢦఆׂͨ͠߹
    Ͱ෼ׂૹ෇͢Δ
    τϥώοΫͷೝՄϙϦγʔ
    Λઃఆ͢Δ
    ࢦఆͨ͠τϥώοΫͷϝτ
    ϦΫεΛग़ྗ͢Δ͢Δ
    ଞAPIͷର৅ͱͳΔτϥ
    ώοΫΛࢦఆ͢Δ
    

    View Slide

11. © Hitachi, Ltd. 2020. All rights reserved.
    Traffic Specs
    § HTTPͱTCPͷϦιʔε͕ଘࡏ
    § HTTP
    ◇ Path, Header, MethodͰࢦఆ
    ◇ ਖ਼نදݱ͕ར༻Մೳ
    § TCP
    ◇ ύϥϝʔλͳ͠ɻTCP૚֦ு༻
    ◇ port൪߸͸ผϦιʔεͰࢦఆ
    § UDPͷIssue/PR͕ग़͍ͯΔ
    https://github.com/servicemeshinterface/smi-spec/issues/150
    apiVersion: specs.smi-spec.io/v1alpha1
    kind: TCPRoute
    metadata:
    name: tcp-route
    apiVersion: specs.smi-spec.io/v1alpha2
    kind: HTTPRouteGroup
    metadata:
    name: the-routes
    namespace: default
    matches:
    - name: android-insiders
    pathRegex: "/login"
    methods:
    - GET
    headers:
    - user-agent: ".*Android.*"
    - cookie: "^(.*?;)?(type=insider)(;.*)?$"
    ---
    ଞAPIͷର৅ͱͳΔτϥώοΫΛ
    ࢦఆ͢Δ
    10
    

    View Slide

12. © Hitachi, Ltd. 2020. All rights reserved.
    Traffic Access Control
    § લఏɿೝূ͸ج൫ଆػೳͰ࣮ࢪ
    § ݱࡏ͸k8sͷServiceAccount(SA)Λ
    ೝূΩʔͱ͢Δɻଞ͸ࠓޙ੍ఆ
    § σϑΥϧτͰ͸Deny All
    § destination/source: Ѽઌ/ૹ৴ݩͷ
    PodΛSA΍Namespaceɼport൪߸Λ
    ༻͍ͯࢦఆ
    § specs: ର৅τϥώοΫͷࢦఆɻ
    Traffic SpecΛ࢖༻
    apiVersion: access.smi-spec.io/v1alpha1
    kind: TrafficTarget
    …
    destination:
    kind: ServiceAccount
    name: api-service
    port: 8080
    namespace: default
    specs:
    - kind: HTTPRouteGroup
    name: api-service-routes
    matches:
    - metrics
    sources:
    - kind: ServiceAccount
    name: prometheus
    namespace: default
    ---
    apiVersion: specs.smi-spec.io/v1alpha1
    kind: HTTPRouteGroup
    metadata:
    name: api-service-routes
    matches:
    …
    τϥώοΫͷೝՄϙϦγʔΛઃఆ͢Δ
    11
    

    View Slide

13. © Hitachi, Ltd. 2020. All rights reserved.
    Traffic Split (1/2)
    § Canary Release΍A/B testingʹ
    ༻͍ΒΕΔ
    § matches: ෼ׂ͢ΔτϥώοΫΛࢦఆ
    ◇ HTTPRouteGroupΛ༻͍Δ
    § service: root-service(࣍ท)Λࢦఆ
    § backends: backend-service(࣍ท)ͱ
    ෼ׂׂ߹Λࢦఆ
    apiVersion: split.smi-spec.io/v1alpha3
    kind: TrafficSplit
    metadata:
    name: canary
    spec:
    service: root-svc
    matches:
    - kind: HTTPRouteGroup
    name: canary
    backends:
    - service: back-svc1
    weight: 30
    - service: back-svc2
    weight: 70
    ---
    apiVersion: specs.smi-spec.io/v1alpha2
    kind: HTTPRouteGroup
    metadata:
    name: canary
    matches:
    - name: firefox-users
    headers:
    - user-agent: ".*Firefox.*"
    ෳ਺ͷѼઌʹ޲͚ࢦఆׂͨ͠߹Ͱ
    τϥώοΫΛ෼ׂͯ͠ૹ෇͢Δ
    TrafficSpecs
    SMIͰ௥Ճ͞Εͨ
    Traffic Specs (લท)
    root-service
    backend-service
    12
    

    View Slide

14. © Hitachi, Ltd. 2020. All rights reserved.
    pod1
    pod1
    Traffic Split (2/2) root-service ͱ backend-serviceͷؔ܎
    § root-service: ΫϥΠΞϯτͷΞΫηεઌͱͳΔService
    § backend-service: τϥώοΫ෼ׂઌͷPodʹରԠͨ͠Service
    13
    pod1
    app: sample
    version: v1
    client
    back-svc1
    back-svc2
    app: sample
    version: v2
    pod1
    pod1
    pod2
    app: sample
    version: v1
    selector label
    app: sample
    30%
    70%
    app: sample
    version: v1
    ※SMI͸͋͘·Ͱ࢓༷ɻ
    ࣮૷ํ๏͸ݸʑͷιϑτ
    ΢ΣΞ͕ܾΊΔɻ
    Traffic Split ͸ ྫ ͑ ͹ ɼ
    client͕root-svcѼͷτϥ
    ώοΫΛࢦఆׂͨ͠߹Ͱ
    ֤ backend-svc ʹ ૹ ෇ ͢
    Δ࣮૷ํ๏͕͋Δ
    root-svc
    

    View Slide

15. © Hitachi, Ltd. 2020. All rights reserved.
    Traffic Metrics(1/4)
    § KubernetesͷResource Metrics API
    Λ༻͍ͯϝτϦΫεΛऔಘ(࣍ท)
    § resource, edge: ର৅τϥώοΫ(࣍ʑท)
    § metrics: ग़ྗ͢ΔϝτϦΫε
    ◇ ݱࡏ͸ҎԼ5छଘࡏ
    ◇ p99_response_latency (ಉp90, p50)
    ◇ success_count, failure_count
    § window: ϝτϦΫεऔಘִؒ
    § timestamp: windowͷ։࢝࣌ؒ
    apiVersion: metrics.smi-spec.io/v1alpha1
    kind: TrafficMetrics
    resource:
    name: frontend
    namespace: foobar
    kind: Pod
    edge:
    direction: to
    side: client
    resource:
    name: backend
    namespace: foobar
    kind: Pod
    timestamp: 2019-04-08T22:25:55Z
    window: 30s
    metrics:
    - name: p99_response_latency
    unit: seconds
    value: 10m
    - name: success_count
    value: 100
    - name: failure_count
    value: 100
    14
    [to|from]
    [Pod|Deployment|
    DaemonSet|
    StatefulSet|
    Namespace ]
    [client|server]
    ࢦఆͨ͠τϥώοΫͷϝτϦΫεΛ
    Kubernetes APIܦ༝Ͱग़ྗ͢Δ
    

    View Slide

16. © Hitachi, Ltd. 2020. All rights reserved.
    § Kubernetes APIServerʹ metrics.smi-spec.io υϝΠϯΛ௥Ճ
    § TrafficMetricsϦιʔεͷ಺༰ʹԊͬͯɼϝτϦΫεऩूઃఆΛߋ৽
    Traffic Metrics(2/4) ϝτϦΫεऩूํ๏
    15
    ఺ઢ಺͸࣮૷ґଘɻ্͸Ұྫ
    /apis/metrics.smi-spec.io/v1alpha1
    /namespaces/default/pods
    Collect
    metrics
    Aggregate
    metrics
    Prome
    theus
    For-
    ward
    API
    Server
    Shim
    server
    proxy
    proxy
    Get
    metrics
    TrafficMetrics
    Add
    TrafficMetrics
    Updated metrics
    collection conditions
    

    View Slide

17. © Hitachi, Ltd. 2020. All rights reserved.
    Traffic Metrics(3/4) resourceͱedgeͷؔ܎
    § resource: τϥώοΫͷऩूର৅ͱͳΔϦιʔε
    § edge: resourceͷ௨৴૬ख
    ◇ direction: resourceͷૹ৴ଆ(to)ɼड৴ଆ(from)ͲͪΒͷ
    τϥώοΫΛऩू͢Δ͔
    ◇ side: resource͸clientͱserverͷͲͪΒ͔ɻτϥώοΫͷऩूॲཧʹ͸
    Өڹ͠ͳ͍ͱࢥΘΕΔͨΊɼϦιʔεґଘؔ܎ͷࢉग़༻͔
    16
    resour
    ce
    edge
    direction: to direction: from
    Metrics
    Collector
    Metrics
    

    View Slide

18. © Hitachi, Ltd. 2020. All rights reserved.
    Traffic Metrics(3/4) Ϣʔεέʔε
    smi-spec ͷϢʔεέʔεΛ঺հ
    § ϝτϦΫεͷදࣔ
    § ΞϓϦؒͷґଘؔ܎άϥϑͷ࡞੒
    17
    $ kubectl traffic top pods
    NAME SUCCESS RPS LATENCY_P99
    foo-6846bf6b-gjmvz 100.00% 1.8rps 1ms
    bar-f84f44b5b-dk4g9 75.47% 0.9rps 1ms
    baz-69c8bb6d5b-gn5rt 86.67% 1.8rps 2ms
    $ kubectl traffic topology deployment
    +-------------------------------+
    | v
    +---------+ +--------+ +---------+ +-------+
    | traffic | --> | foo | --> | bar | <--> | baz |
    +---------+ +--------+ +---------+ +-------+
    

    View Slide

19. © Hitachi, Ltd. 2020. All rights reserved.
    ֤छϦιʔεͱͦͷؔ܎ੑ
    18
    Traffic Split Traffic Access Control
    Traffic Specs
    HTTPRouteGroup
    TCPRoute
    TrafficTarget
    TrafficSplit
    Traffic Metrics
    TrafficMetrics
    τϥώοΫΛ
    ࢦఆ
    τϥώοΫΛ
    ࢦఆ
    ϝτϦΫεऩू
    ର৅ʹࢦఆ※1
    ※1. ຊࢿྉະهࡌ https://github.com/servicemeshinterface/smi-spec/blob/master/traffic-metrics.md#traffic-splits
    

    View Slide

20. © Hitachi, Ltd. 2020. All rights reserved.
    SMIͷఏڙ෺
    CRDఆٛͱղઆ
    § smi-specɿAPIͷ֓ཁͱyamlαϯϓϧ
    https://github.com/servicemeshinterface/smi-spec
    § APIͷৄࡉ͸smi-sdk-go repoͷ/crdsͱ/pkg/apis͕෼͔Γ΍͍͢
    https://github.com/servicemeshinterface/smi-sdk-go/
    § ಈ࡞αϯϓϧ͸smi-adapter-istioͱsmi-metrics͕ࢀߟʹͳΔ
    https://github.com/servicemeshinterface/smi-adapter-istio/tree/master/docs
    https://github.com/servicemeshinterface/smi-metrics
    ΫϥΠΞϯτSDK
    § smi-sdk-go
    https://github.com/servicemeshinterface/smi-sdk-go
    ◇ k8s.ioͷcode-generatorΛར༻
    19
    

    View Slide

21. © Hitachi, Ltd. 2020. All rights reserved.
    SMIͷΤίγεςϜ
    20
    

    View Slide

22. © Hitachi, Ltd. 2020. All rights reserved.
    ରԠιϑτ΢ΣΞʢ2020/04ݱࡏʣ
    ݱঢ়ɼ8छͷιϑτ΢ΣΞ͕SMIʹରԠ
    21
    Istio
    ֤छOSSϩΰͷग़యݩɿ
    https://smi-spec.io/, https://www.hashicorp.com/brand, https://istio.io/about/media-resources/
    

    View Slide

23. © Hitachi, Ltd. 2020. All rights reserved.
    ରԠιϑτ΢ΣΞͷ෼ྨ
    ιϑτ΢ΣΞ͸େ͖͘3छྨʹ෼ྨՄೳ
    22
    Tools
    Service
    Mesh
    Service Mesh Interface
    Service Mesh
    Manager※1
    ˞ ໊শ͸ಠࣗͷ΋ͷ
    Canary ReleaseͳͲ
    Service MeshΛར༻ͨ͠
    ੍ޚΛߦ͏πʔϧ
    ෳ਺Service MeshΛந৅
    ౷߹తʹ؅ཧ͢Δج൫
    ݸʑͷService Mesh࣮૷
    Istio
    

    View Slide

24. © Hitachi, Ltd. 2020. All rights reserved.
    Weave Flagger Rio Meshery
    ։ൃݩ Weaveworks Rancher Labs Layer5
    ࠷৽൛ v1.0.0-rc.4 (2020/04/03) v0.7.0 (2020/01/07) v0.3.13 (2020/04/16)
    Github Stars 1,804 1,905 288
    ֓ཁ
    Canary Deployment
    ΍A/B TestingΛߦ͏
    ϓϩάϨογϒ
    σϦόϦج൫
    Kubernetes্ʹߏங͢Δ
    MicroPaaSɻDocker΍
    Docker-ComposeϥΠΫ
    ͳૢ࡞ײΛ࣋ͭ
    Service MeshͷϕϯνϚʔ
    ΫπʔϧɻService Mesh
    ͷԠ౴ੑೳ͓Αͼ
    ফඅϦιʔεΛܭଌ͢Δ
    SMIΛར༻
    ͨ͠ػೳ
    Canary Deployment
    weightػೳ
    ʢτϥώοΫॏΈ෇͚ʣ
    adapterΛ௨ͨ͠
    Istioɼmaeshૢ࡞
    ࢖༻͢Δ
    SMI API
    Traffic Split
    Traffic Split
    ( [WIP]Traffic Metrics )
    Traffic Split
    Tools
    23
    

    View Slide

25. © Hitachi, Ltd. 2020. All rights reserved.
    Weave Flagger
    § Progressive Delivery πʔϧ
    ◇ Progressive Delivery: ੵۃతʹϦϦʔε͠ϑΟʔυόοΫΛಘΔ
    § Canary Deployment, A/B Testing, Blue Green DeploymentΛߦ͏
    § ༷ʑͳService Mesh࣮૷ͱͷ࿈ܞ͕Մೳ
    24
    ग़యݩɿIUUQTGMBHHFSBQQ
    

    View Slide

26. © Hitachi, Ltd. 2020. All rights reserved.
    Rio
    § Kubernetes্ʹߏஙՄೳͳMicroPaaSج൫ɻ DashboardɼMonitoringɼ
    CI/CDɼ Service Mesh(Routing, Canary Deployment) ౳ͷػೳΛ࣋ͭ
    § ϦιʔεΛ࠶ఆ͓ٛͯ͠ΓɼDockerϥΠΫͳૢ࡞ײΛ࣋ͭ
    25
    ग़యݩɿIUUQTSBODIFSDPNCMPHSJPSFWPMVUJPOJ[JOHUIFXBZZPVEFQMPZBQQT
    

    View Slide

27. © Hitachi, Ltd. 2020. All rights reserved.
    Meshery
    § Service MeshͷϕϯνϚʔΫπʔϧɻੑೳͱফඅϦιʔεΛධՁ
    § ෳ਺ιϑτ΢ΣΞؒɼ·ͨ͸όʔδϣϯؒͰͷൺֱ͕Մೳ
    § ଞϢʔβͱͷ଎౓ϥϯΩϯάػೳʢධՁ݁Ռ͕ಗ໊Խ͞Εऩूʣ
    § ධՁσʔλͷඪ४࢓༷ Service Mesh Performance Specification Λఆٛ
    26
    ग़యݩɿ IUUQTMBZFSJPNFTIFSZ
    

    View Slide

28. © Hitachi, Ltd. 2020. All rights reserved.
    Service Mesh Manager
    27
    Servic Mesh Hub
    ։ൃݩ solo.io
    ࠷৽൛ v0.4.8 (2020/04/21)
    GitHub Stars 692
    ֓ཁ
    ෳ਺Ϋϥελɼෳ਺Service Meshͷӡ༻Λ
    Ұݩతʹߦ͏ͨΊͷ؅ཧπʔϧ
    SMIΛར༻
    ͨ͠ػೳ
    τϥϑΟοΫ෼ׂɼΞΫηε੍ޚ
    ࢖༻͢Δ
    SMI API
    TrafficTarget, HttpRouteGroup, TrafficSplit
    

    View Slide

29. © Hitachi, Ltd. 2020. All rights reserved.
    Service Mesh Hub
    § ෳ਺ͷService Mesh࣮૷΍ɼෳ਺K8sΫϥελΛҰݩతʹ؅ཧ͢Δπʔϧ
    § Service MeshͷΠϯετʔϧɼߋ৽ɼ੍ޚͳͲΛߦ͏
    28
    ग़యݩɿ IUUQTHJUIVCDPNTPMPJPTFSWJDFNFTIIVC
    

    View Slide

30. © Hitachi, Ltd. 2020. All rights reserved.
    Service Mesh
    Istio Linkerd Consul Maesh
    ։ൃݩ Google, IBM, etc Buoyant HashiCorp Containous
    ࠷৽൛ v1.5.1 (2020/04/03) v2.7.1 (2020/04/17) v1.7.2 (2020/03/17) v1.1.0 (2020/03/10)
    GitHub stars 22,470 5,431 18,939 1,103
    Data Plane Envoy linkerd-proxy Envoy(มߋՄ) Traefik
    Proxy Arch Side Car Side Car Side Car DemonSet
    SMIରԠํࣜ Ξμϓλ ඪ४ରԠ Ξμϓλ ඪ४ରԠ
    Traffic Specs※1 ରԠ ରԠ ରԠ
    Traffic Access Ctrl※1 ରԠ ରԠ ରԠ
    Traffic Split※1 ରԠ ରԠ ରԠ
    Traffic Metrics※1 ରԠ※2 ରԠ※2
    29
    ※1. ࣮ػௐࠪͳ͠ ※2. smi-metrics https://github.com/servicemeshinterface/smi-metrics
    

    View Slide

31. © Hitachi, Ltd. 2020. All rights reserved.
    ଞService Mesh࣮૷ͷSMIରԠ
    Network Service Mesh
    § SMIΞμϓλΛߏங͢ΔఏҊ͋Γ
    https://github.com/networkservicemesh/networkservicemesh/issues/1263
    § Observability͸SMIΛࢀߟʹऩूϝτϦΫεΛݕ౼
    https://blogs.vmware.com/opensource/2019/10/10/network-service-mesh-integration-smi/
    Kuma
    § KongࣾͷCTO͕SMIʹջٙత
    https://www.sdxcentral.com/articles/news/kongs-kuma-service-mesh-climbs-the-kubernetes-wall/2019/09/
    Gray Matter, Netflix Zuul, Vamp
    § ݴٴͳ͠
    30
    ௐࠪൣғɿ
    CNCF Landscapeͷ
    Service MeshΧςΰϦ
    

    View Slide

32. © Hitachi, Ltd. 2020. All rights reserved.
    § ඪ४Խ͸֤Service Mesh࣮૷ͷڞ௨߲͕औΒΕɺ
    ϢʔβՁ஋͕௿͘ͳΔͱͷҙݟ͕͋ΔʢKumaࣾCTO Palladinoࢯʣ
    § Service Mesh͸ػೳੑͰࠩผԽΛਤΔͨΊɼ
    ඪ४Խ͕ಛʹ೉͍͠ͱߟ͑ΒΕΔ
    → SMI͸Ұൠʹड͚ೖΕΒΕͨService MeshػೳΛඪ४APIʹ
    ؐݩ͢Δ͜ͱͰରԠ͢Δελϯε
    SMIͷ՝୊ɿඪ४Խͱଟ༷ԽͷδϨϯϚ
    31
    ग़యݩɿKong’s Kuma Service Mesh Climbs the Kubernetes Wall
    https://www.sdxcentral.com/articles/news/kongs-kuma-service-mesh-climbs-the-kubernetes-wall/2019/09/
    “We do not believe in SMI at all,” he said. “It’s another attempt to
    standardize the interface to be average and not excellent. It takes the
    common denominator across the meshes and makes them less valuable
    to the end user. It’s wide but it does not go deep.”
    l
    

    View Slide

33. © Hitachi, Ltd. 2020. All rights reserved.
    SMIʹ͋Δͱخ͍͠ػೳ
    ϨδϦΤϯεϙϦγʔ
    § timeout, retry, circuit brakingͳͲ
    Namespace΍LabelʹΑΔೝূೝՄ
    § ʮಉ͡Namespace಺͸௨৴ՄʯͳͲɼNamespace΍LabelͰೝՄ͍ͨ͠
    § Network PolicyͰ΋࣮ݱͰ͖Δ͕ɼService MeshͰด͍ͤͨ͡͞
    ϧʔςΟϯάɾϩʔυόϥϯγϯά
    § A/Bςετ΍Canary DeploymentͳͲͰ͸ϩʔυόϥϯγϯά͕ඞཁ
    § ϩʔυόϥϯεΞϧΰϦζϜ͸࣮૷ґଘ͕େ͖͍ͨΊɼ
    ݱঢ়ͩͱςετલʹڍಈΛ֬ೝ͢Δඞཁ͕͋Δɻڞ௨ԽͷՁ஋͕େ͖͍
    32
    

    View Slide

34. © Hitachi, Ltd. 2020. All rights reserved.
    ʢࢀߟʣIstio׆༻ʹ޲͚ͨऔΓ૊Έ
    33
    

    View Slide

35. © Hitachi, Ltd. 2020. All rights reserved.
    Istio By ExampleͷϩʔΧϥΠζ
    Istio By Example (ja)
    § GoogleͷMegan͞ΜʹΑΔ
    IstioͷϢʔεέʔεूΛ࿨༁
    § ڠྗ͍͍ͨͩͨօ༷
    ͋Γ͕ͱ͏͍͟͝·ͨ͠
    ◇ @sakajunquality ͞Μ
    ◇ @chaspy_ ͞Μ
    ◇ @cyberblack28 ͞Μ
    (׆ಈ࢝͠Ίͨ໼ઌʹcyberblack28͞Μ͔Βશ
    هࣄͷ຋༁.zipΛ౉͞ΕͯҰॠͰऴΘΓ·ͨ͠)
    34
    https://istiobyexample-ja.github.io/istiobyexample/
    

    View Slide

36. © Hitachi, Ltd. 2020. All rights reserved.
    ੑೳධՁπʔϧ
    istio-bench
    https://github.com/Hitachi/istio-bench/
    § Istio͸Pod਺ʹൺྫͯ͠Proxy΍
    ControlPlaneͷϦιʔεফඅྔ͕૿େɻ
    Ϧιʔε؅ཧ͕ඞཁ
    § ͔͠͠ɼઃఆ΍όʔδϣϯ͝ͱʹ
    Ϧιʔεফඅ܏޲͕ҟͳΓ, ධՁࠔ೉
    § Pod਺ʹԠͨ͡ܭࢉϦιʔεফඅྔΛ
    ܭࢉ͢ΔϕϯνϚʔΧʔΛߏங
    § ࠓޙͷߋ৽༧ఆɿ
    ◇ Istio-1.5ධՁ࣌ͷόάमਖ਼
    ◇ ϕϯνϚʔΫෛՙͷ࡟ݮ(਺෼ͷҰ)
    35
    

    View Slide

37. © Hitachi, Ltd. 2020. All rights reserved.
    (ࢀߟ)ϓϩΩγϝϞϦফඅྔͷมભ
    36
    § 1000Podͷͱ͖ͷ֤ProxyͷফඅϝϞϦΛistio-benchͰܭଌ
    § v1.0࣌୅ʹٸܹʹ࡟ݮɻ1.5.0Ͱͷ૿Ճ͸Telemetry v2※1ͷӨڹ͔
    ˞ϝτϦΫεऩूΛ1SPYZଆ͢Δߏ੒
    771MB
    268MB
    163MB
    145MB 127MB 120MB 163MB 163MB
    0
    200
    400
    600
    800
    1000
    1.0.2 1.0.7 1.1.7 1.2.9 1.3.2 1.4.5 1.5.0 1.6.2
    Memory usage[MB]
    Istio version
    

    View Slide

38. © Hitachi, Ltd. 2020. All rights reserved.
    ·ͱΊ
    SMI(Service Mesh Interface)͸Service Meshͷඪ४API
    § MicrosoftΛத৺ʹKubenetesͷCRDͱͯ͠APIΛࡦఆ
    § ݱࡏ͸ Traffic Spec, Traffic Access Control,
    Traffic Split, Traffic Metrics ͷAPI͕ଘࡏ
    SMI͸Tools, Service Mesh Manager, Service Meshʹͯར༻
    § ToolsͰ͸Canary Deploymentͷ༻్Ͱͷར༻͕ଟ͍
    § Service Mesh࣮૷ͷதͰ΋SMIରԠঢ়گ͸ҟͳΔ
    Istio׆༻ʹ޲͚ͨऔΓ૊Έ
    § Istio by ExampleͷϩʔΧϥΠζαΠτΛެ։͠·ͨ͠
    37
    

    View Slide

39. © Hitachi, Ltd. 2020. All rights reserved.
    Trademarks
    § Service Mesh Interface͸ɺThe Linux Foundation
    ͷถࠃ·ͨ͸ͦͷଞͷࠃʹ͓͚Δొ࿥঎ඪ·ͨ
    ͸঎ඪͰ͢
    § Weave Flagger͸ɼWeaveworks Organizationͷ
    ถࠃ·ͨ͸ͦͷଞͷࠃʹ͓͚Δొ࿥঎ඪ·ͨ͸
    ঎ඪͰ͢
    § Meshery͸ɼLayer5, Inc.ͷถࠃ·ͨ͸ͦͷଞͷࠃ
    ʹ͓͚Δొ࿥঎ඪ·ͨ͸঎ඪͰ͢
    § Rio͸ɼRancher Labs, Inc.ͷถࠃ·ͨ͸ͦͷଞͷ
    ࠃʹ͓͚Δొ࿥঎ඪ·ͨ͸঎ඪͰ͢
    § Service Mesh Hub͸ɼsolo.io, inc.ͷถࠃ·ͨ͸ͦ
    ͷଞͷࠃʹ͓͚Δొ࿥঎ඪ·ͨ͸঎ඪͰ͢
    § Istio͸ɺGoogle LLCͷถࠃ·ͨ͸ͦͷଞͷࠃʹ
    ͓͚Δొ࿥঎ඪ·ͨ͸঎ඪͰ͢
    § Linkerd͸ɼThe Linux Foundationͷถࠃ·ͨ͸ͦ
    ͷଞͷࠃʹ͓͚Δొ࿥঎ඪ·ͨ͸঎ඪͰ͢
    § Consul͸ɼHashiCorp, Inc.ͷถࠃ·ͨ͸ͦͷଞͷ
    ࠃʹ͓͚Δొ࿥঎ඪ·ͨ͸঎ඪͰ͢
    § maesh͸ɼCONTAINOUSͷถࠃ·ͨ͸ͦͷଞͷ
    ࠃʹ͓͚Δొ࿥঎ඪ·ͨ͸঎ඪͰ͢
    § Envoy͸ɺThe Linux Foundationͷถࠃ·ͨ͸ͦ
    ͷଞͷࠃʹ͓͚Δొ࿥঎ඪ·ͨ͸঎ඪͰ͢
    § Kubernetes͸ɺThe Linux Foundationͷถࠃ·ͨ
    ͸ͦͷଞͷࠃʹ͓͚Δొ࿥঎ඪ·ͨ͸঎ඪͰ͢
    § Istio by Example͸Google LLCॴଐͷ
    Megan O‘Keefeࢯͷஶ࡞෺Ͱ͢
    § ͦͷଞهࡌͷձ໊ࣾɺ੡඼໊ɺαʔϏε໊ɺͦ
    ͷଞݻ༗໊ࢺ͸ɺͦΕͧΕͷձࣾͷ঎ඪ·ͨ͸
    ొ࿥঎ඪͰ͢
    § ຊൃදதͷจষɺਤͰ͸ɺTMɺϚʔΫ͸දه
    ͓ͯ͠Γ·ͤΜ
    38
    

    View Slide

40. View Slide