Traffic Director Overview

Transcript

1. Traffic Director Overview

2. 2 About me @lainra (GitHub) Twitter / @la1nra Please follow

   me :) フォローしてね！:) SRE at Mercari microservices platform team I love that bridge!!!

3. 3 Table of contents ・Service Mesh Overview ・Istio in GCP

   ・Traffic Director Overview ・What’s next?

4. 4 What is a service mesh? A service mesh is

   a network communication infrastructure which allows decoupling and offloading most of the application network functions from the application code. Service Mesh Overview

5. 5 Decoupling the network features With Virtual Machines Service Mesh

   Overview VM App Sidecar proxy VM App Sidecar proxy VM App Sidecar proxy VM App Sidecar proxy Pod App Sidecar proxy Pod App Sidecar proxy Pod App Sidecar proxy Pod App Sidecar proxy Data plane (proxy mesh) Control plane (controls, configures proxies) Controller With Kubernetes Pods Service mesh

6. 6 Service Mesh Key Capabilities - Telemetry: Examine everything between

   services with little to no instrumentation - Security: Secure access and communications between some or all services - Traffic Control: Manage the flow of traffic into, out of, and within your complex deployments Service Mesh Overview

7. 7 Envoy, the universal data plane Service Mesh Overview Based

   on open configuration & control plane called xDS (Discovery Service, actually v2) - LDS,RDS,CDS,EDS,ADS,SDS,LRS,HDS (too much!!!) - proto3 Protocol Buffers canonical definition - Streaming gRPC, REST long poll based - Eventually & sequentially consistent A modern extensible lightweight L4/L7 high performance proxy built as a platform. - Network filter - HTTP filter - Listener filter - Health checker - Transport sockets - Address resolver - Clustering - Retry policy

8. 8 Istio, the industry-standard service mesh control plane Service Mesh

   Overview

9. 9 Istio Addon for GKE(Google Kubernetes Engine) + The simplest

   way to install Istio in your GKE cluster + Deployment managed by GCP, automatic upgrades and patches + Underlying Istio complexity (partially) removed from the customer Istio in GCP - Still in Beta - Fast evolving product in GCP, hard to evaluate the product’s roadmap - Cannot modify or tailor the control plane (Pilot) to your needs - Hard to separate/disable some Istio components/features you don’t need

10. 10 But… I only have VMs, what can I do???

    Istio in GCP

11. 11 Here comes in Traffic Director (Beta) Traffic Director is

    a GCP-managed configuration & traffic control plane for any xDS compliant proxy (less formally, GCP-managed Pilot for Istio) - Can be used both by GCP VMs and Kubernetes Pods (self-managed K8s, GKE) - Sidecar proxy management -> Offload it from your responsibility - Communicates with sidecar proxies with open xDS APIs -> Prevent technology lock-in - Integrates with Global Load Balancing (GLB) -> Leverage GLB cross-region capabilities - Centralized Health Checking - Traffic-driven autoscaling - Traffic control capabilities (based on Envoy features) in Alpha Traffic Director Overview

12. 12 I’m a bit biased :) (But I don’t work

    for Google!) Traffic Director Overview

13. 13 Source: https://cloud.google.com/traffic-director/docs/setting-up-traffic-director Traffic Director Overview - Uses the same

    data model as GLB - Need to inject Envoys by yourself - Need to create NEG/MIG - (NEG requires enabling Alias IP in your VPC) - Configuration through GCP API only (support for Istio API in the future)

14. 14 Traffic Director features Routing Rules : define how requests

    should be served in the service mesh - Traffic splitting - Traffic steering - Timeouts and Retries - Fault Injection - Mirroring Traffic Director Overview Traffic Policies : define routing policies for a service - Load balancing - Outlier detection - Circuit breaker - Timeouts

15. 15 Main use cases (non exhaustive) - I want to

    try the Service Mesh but am too afraid/lacking resources to invest in Istio - I have an existing Envoy mesh but no control plane (unlikely) - I have an existing Envoy mesh and an internally-made control plane (more likely) - I wish to use a managed service to pilot my Envoy mesh - I want to bring my VMs / both VMs and pods to the service mesh - I want to expose my services globally using GLB and Envoy mesh - I want HTTP/2 native load-balancing (not supported yet, on roadmap) Traffic Director Overview

16. 16 Who is it not for? (also non exhaustive!) -

    People who already use Istio AND are satisfied with it - People who wants to expose their services through an API Gateway/API Management component - People who don’t want to use GCP APIs to control their service mesh (until Istio API support) - People who think it will magically solve all their network/microservices issues Traffic Director Overview

17. 17 Traffic Director Roadmap - Hybrid/Multi-cloud support - Better integration

    with Anthos - Service meshes control plane federation - Security integration (Adding more Istio features such as mTLS, RBAC) - Observability integration (Adding Istio Mixer features with Stackdriver) - and other secrets yet untold… Ultimately, Traffic Director could be the standard way to Istio in GCP What’s next?

18. 18 - Traffic Director official documentation - Cloud NEXT 19’

    Traffic Director session recording - Istio official documentation - Envoy official documentation Resources

19. Thank you for coming! (We’re hiring!!!)