$30 off During Our Annual Pro Sale. View Details »

Do you need a Service Mesh?

Ignasi Barrera
November 30, 2018
Technology
0
220

Do you need a Service Mesh?

In this talk, we will explore what a service mesh is and what they can do for your microservice web backends. Are the claims of observability, resiliency, and WAF features real? Are they useful during development, production, or both? Using pictures and demos, we’ll find out! This session will also briefly cover how a service mesh works, giving us a mental model with which to explore and evaluate after the talk.

Ignasi Barrera

November 30, 2018
Tweet

More Decks by Ignasi Barrera

See All by Ignasi Barrera
Next-gen Authorization
nacx
0
25
Access Control for Microservices
nacx
0
69
Identity provisioning in a Service Mesh
nacx
0
190
Protecting your data with a Service Mesh
nacx
0
220
Service Mesh and the future of networking
nacx
0
190
Next Generation Access Control (NGAC) for the Multi-Cloud World
nacx
0
1.3k
Standalone Neutron: How we integrated it with Abiquo
nacx
0
340
Rule the cloud with Apache jclouds
nacx
1
340
Introduction to Apache jclouds - ApacheCon EU 2014
nacx
0
160

Other Decks in Technology

See All in Technology
開発生産性大幅アップ!Postman VS Code拡張機能
nagix
0
120
3つの⽴場で考える技術的負債への組織的アプローチ
sansantech
PRO
16
4.9k
2023-12-01 吉祥寺.pm ベストプラクティスと組織とIaC
masasuzu
1
250
開発生産性向上へのコミットについて理解してもらうためのスライドテンプレートを作った話
ouchi2501
0
190
AI・機械学習ライブラリを使ったWebアプリでワクワク体験! / Qiita Night~AI、機械学習 / 20231201
you
PRO
0
700
LLMを活用した爆速アウトプットのすゝめ / bakusoku-outputs-with-llm
yuya4
8
3.9k
⾃律的な開発チームを⽀えるためのSLO運⽤
sansantech
PRO
5
860
Kafka Streamsで作る10万rpsを支えるイベント駆動マイクロサービス
joker1007
7
2.3k
スタートアップにおける、チーム拡大を見据えたコンポーネント分割の取り組み
rynsuke
2
820
サービスの1等地ホーム画面改善と効果的なステークホルダーマネジメント / Improvement of Prime Location Home Screen for Services and Effective Stakeholder Management
rilmayer
0
150
cloudflare-workersを使ってslack上に匿名チャットを作った話
sugawani
0
130
Rest Clientユーザーの自分がPostman の VS Code拡張機能を扱ってみた感想
smt7174
0
120

Featured

See All Featured
Typedesign – Prime Four
hannesfritz
35
1.8k
Designing on Purpose - Digital PM Summit 2013
jponch
108
6.2k
Into the Great Unknown - MozCon
thekraken
7
650
Imperfection Machines: The Place of Print at Facebook
scottboms
257
12k
Why Our Code Smells
bkeepers
PRO
329
56k
Building Effective Engineering Teams - LeadDev
addyosmani
22
1.2k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
219
21k
Done Done
chrislema
178
15k
Intergalactic Javascript Robots from Outer Space
tanoku
264
26k
A Tale of Four Properties
chriscoyier
150
22k
Ruby is Unlike a Banana
tanoku
93
10k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
10
1.2k

Transcript

  1. Do you need a Service Mesh?
    Ignasi Barrera
    Madrid | November 30 - December 1, 2018

    View Slide

  2. View Slide

  3. Journey to the chaos

    View Slide

  4. View Slide

  5. View Slide

  6. View Slide

  7. View Slide

  8. Micro-services

    View Slide

  9. Failure happens

    View Slide

  10. And shit hits the fan

    View Slide

  11. Frameworks and tools to the rescue

    View Slide

  12. Must-have primitives
    • Service discovery
    • Fault tolerance
    • Circuit breakers
    • Back-pressure
    • Tracing

    View Slide

  13. Deployment-aware apps

    View Slide

  14. Heterogeneous environments

    View Slide

  15. Heterogeneous environments

    View Slide

  16. Service Mesh

    View Slide

  17. Platform abstractions
    • Networking
    • Observability
    • Security
    Focus on creating services and providing
    value

    View Slide

  18. Data plane

    View Slide

  19. Control plane

    View Slide

  20. Networking

    View Slide

  21. Traffic management
    80%
    20%
    50 req/sec

    View Slide

  22. Example: Bookinfo

    View Slide

  23. Example: declarative traffic routing
    kind: VirtualService
    metadata:
    name: reviews
    spec:
    hosts:
    - reviews
    http:
    - route:
    - destination:
    host: reviews
    subset: v1
    kind: VirtualService
    metadata:
    name: reviews
    spec:
    hosts:
    - reviews
    http:
    - match:
    - headers:
    end-user:
    exact: jason
    route:
    - destination:
    host: reviews
    subset: v2
    - route:
    - destination:
    host: reviews
    subset: v1
    Pin to reviews v1 Jason user to use v2

    View Slide

  24. Observability

    View Slide

  25. Telemetry reporting

    View Slide

  26. Security

    View Slide

  27. Policy enforcement (authZ)

    View Slide

  28. Insecure communications?

    View Slide

  29. Identity and encryption (authN)
    mTLS

    View Slide

  30. Recap

    View Slide

  31. Traffic routing
    • Service discovery
    • Application level overlay network
    • L7 addressing
    • Canaries
    • Traffic shifting
    • Protocol translation

    View Slide

  32. Traffic management
    • Load balancing
    • Failure detection
    • Circuit breakers
    • Retries
    • Deadlines
    • Rate limiting
    • Fault injection

    View Slide

  33. Observability
    • Logs
    • Metrics
    • Distributed tracing
    • Monitoring tools
    • Multiple telemetry backends

    View Slide

  34. Security
    • Runtime policy enforcement
    • Trusted Identity
    • Transparent mTLS
    • JWT validation
    • OIDC (soon)

    View Slide

  35. Thanks!
    @IgnasiBarrera
    Madrid | November 30 - December 1, 2018

    View Slide