Do you need a Service Mesh?

Do you need a Service Mesh?

In this talk, we will explore what a service mesh is and what they can do for your microservice web backends. Are the claims of observability, resiliency, and WAF features real? Are they useful during development, production, or both? Using pictures and demos, we’ll find out! This session will also briefly cover how a service mesh works, giving us a mental model with which to explore and evaluate after the talk.

4ca6230b05046f1a809835985b1f8bc2?s=128

Ignasi Barrera

November 30, 2018
Tweet

Transcript

  1. Do you need a Service Mesh? Ignasi Barrera Madrid |

    November 30 - December 1, 2018
  2. None
  3. Journey to the chaos

  4. None
  5. None
  6. None
  7. None
  8. Micro-services

  9. Failure happens

  10. And shit hits the fan

  11. Frameworks and tools to the rescue

  12. Must-have primitives • Service discovery • Fault tolerance • Circuit

    breakers • Back-pressure • Tracing
  13. Deployment-aware apps

  14. Heterogeneous environments

  15. Heterogeneous environments

  16. Service Mesh

  17. Platform abstractions • Networking • Observability • Security Focus on

    creating services and providing value
  18. Data plane

  19. Control plane

  20. Networking

  21. Traffic management 80% 20% 50 req/sec

  22. Example: Bookinfo

  23. Example: declarative traffic routing kind: VirtualService metadata: name: reviews spec:

    hosts: - reviews http: - route: - destination: host: reviews subset: v1 kind: VirtualService metadata: name: reviews spec: hosts: - reviews http: - match: - headers: end-user: exact: jason route: - destination: host: reviews subset: v2 - route: - destination: host: reviews subset: v1 Pin to reviews v1 Jason user to use v2
  24. Observability

  25. Telemetry reporting

  26. Security

  27. Policy enforcement (authZ)

  28. Insecure communications?

  29. Identity and encryption (authN) mTLS

  30. Recap

  31. Traffic routing • Service discovery • Application level overlay network

    • L7 addressing • Canaries • Traffic shifting • Protocol translation
  32. Traffic management • Load balancing • Failure detection • Circuit

    breakers • Retries • Deadlines • Rate limiting • Fault injection
  33. Observability • Logs • Metrics • Distributed tracing • Monitoring

    tools • Multiple telemetry backends
  34. Security • Runtime policy enforcement • Trusted Identity • Transparent

    mTLS • JWT validation • OIDC (soon)
  35. Thanks! @IgnasiBarrera Madrid | November 30 - December 1, 2018