$30 off During Our Annual Pro Sale. View Details »

Do you need a Service Mesh?

Do you need a Service Mesh?

In this talk, we will explore what a service mesh is and what they can do for your microservice web backends. Are the claims of observability, resiliency, and WAF features real? Are they useful during development, production, or both? Using pictures and demos, we’ll find out! This session will also briefly cover how a service mesh works, giving us a mental model with which to explore and evaluate after the talk.

Ignasi Barrera

November 30, 2018
Tweet

More Decks by Ignasi Barrera

Other Decks in Technology

Transcript

  1. Do you need a Service Mesh?
    Ignasi Barrera
    Madrid | November 30 - December 1, 2018

    View Slide

  2. View Slide

  3. Journey to the chaos

    View Slide

  4. View Slide

  5. View Slide

  6. View Slide

  7. View Slide

  8. Micro-services

    View Slide

  9. Failure happens

    View Slide

  10. And shit hits the fan

    View Slide

  11. Frameworks and tools to the rescue

    View Slide

  12. Must-have primitives
    • Service discovery
    • Fault tolerance
    • Circuit breakers
    • Back-pressure
    • Tracing

    View Slide

  13. Deployment-aware apps

    View Slide

  14. Heterogeneous environments

    View Slide

  15. Heterogeneous environments

    View Slide

  16. Service Mesh

    View Slide

  17. Platform abstractions
    • Networking
    • Observability
    • Security
    Focus on creating services and providing
    value

    View Slide

  18. Data plane

    View Slide

  19. Control plane

    View Slide

  20. Networking

    View Slide

  21. Traffic management
    80%
    20%
    50 req/sec

    View Slide

  22. Example: Bookinfo

    View Slide

  23. Example: declarative traffic routing
    kind: VirtualService
    metadata:
    name: reviews
    spec:
    hosts:
    - reviews
    http:
    - route:
    - destination:
    host: reviews
    subset: v1
    kind: VirtualService
    metadata:
    name: reviews
    spec:
    hosts:
    - reviews
    http:
    - match:
    - headers:
    end-user:
    exact: jason
    route:
    - destination:
    host: reviews
    subset: v2
    - route:
    - destination:
    host: reviews
    subset: v1
    Pin to reviews v1 Jason user to use v2

    View Slide

  24. Observability

    View Slide

  25. Telemetry reporting

    View Slide

  26. Security

    View Slide

  27. Policy enforcement (authZ)

    View Slide

  28. Insecure communications?

    View Slide

  29. Identity and encryption (authN)
    mTLS

    View Slide

  30. Recap

    View Slide

  31. Traffic routing
    • Service discovery
    • Application level overlay network
    • L7 addressing
    • Canaries
    • Traffic shifting
    • Protocol translation

    View Slide

  32. Traffic management
    • Load balancing
    • Failure detection
    • Circuit breakers
    • Retries
    • Deadlines
    • Rate limiting
    • Fault injection

    View Slide

  33. Observability
    • Logs
    • Metrics
    • Distributed tracing
    • Monitoring tools
    • Multiple telemetry backends

    View Slide

  34. Security
    • Runtime policy enforcement
    • Trusted Identity
    • Transparent mTLS
    • JWT validation
    • OIDC (soon)

    View Slide

  35. Thanks!
    @IgnasiBarrera
    Madrid | November 30 - December 1, 2018

    View Slide