Do you need a Service Mesh?

Transcript

1. Do you need a Service Mesh? Ignasi Barrera Madrid |

   November 30 - December 1, 2018
2. None

3. Journey to the chaos

4. None
5. None
6. None
7. None

8. Micro-services

9. Failure happens

10. And shit hits the fan

11. Frameworks and tools to the rescue

12. Must-have primitives • Service discovery • Fault tolerance • Circuit

    breakers • Back-pressure • Tracing

13. Deployment-aware apps

14. Heterogeneous environments

15. Heterogeneous environments

16. Service Mesh

17. Platform abstractions • Networking • Observability • Security Focus on

    creating services and providing value

18. Data plane

19. Control plane

20. Networking

21. Traffic management 80% 20% 50 req/sec

22. Example: Bookinfo

23. Example: declarative traffic routing kind: VirtualService metadata: name: reviews spec:

    hosts: - reviews http: - route: - destination: host: reviews subset: v1 kind: VirtualService metadata: name: reviews spec: hosts: - reviews http: - match: - headers: end-user: exact: jason route: - destination: host: reviews subset: v2 - route: - destination: host: reviews subset: v1 Pin to reviews v1 Jason user to use v2

24. Observability

25. Telemetry reporting

26. Security

27. Policy enforcement (authZ)

28. Insecure communications?

29. Identity and encryption (authN) mTLS

30. Recap

31. Traffic routing • Service discovery • Application level overlay network

    • L7 addressing • Canaries • Traffic shifting • Protocol translation

32. Traffic management • Load balancing • Failure detection • Circuit

    breakers • Retries • Deadlines • Rate limiting • Fault injection

33. Observability • Logs • Metrics • Distributed tracing • Monitoring

    tools • Multiple telemetry backends

34. Security • Runtime policy enforcement • Trusted Identity • Transparent

    mTLS • JWT validation • OIDC (soon)

35. Thanks! @IgnasiBarrera Madrid | November 30 - December 1, 2018