Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Do you need a Service Mesh?

Ignasi Barrera
November 30, 2018
Technology
0
190

Do you need a Service Mesh?

In this talk, we will explore what a service mesh is and what they can do for your microservice web backends. Are the claims of observability, resiliency, and WAF features real? Are they useful during development, production, or both? Using pictures and demos, we’ll find out! This session will also briefly cover how a service mesh works, giving us a mental model with which to explore and evaluate after the talk.

Ignasi Barrera

November 30, 2018
Tweet

More Decks by Ignasi Barrera

See All by Ignasi Barrera
Access Control for Microservices
nacx
0
50
Identity provisioning in a Service Mesh
nacx
0
150
Protecting your data with a Service Mesh
nacx
0
170
Service Mesh and the future of networking
nacx
0
160
Next Generation Access Control (NGAC) for the Multi-Cloud World
nacx
0
1.1k
Standalone Neutron: How we integrated it with Abiquo
nacx
0
290
Rule the cloud with Apache jclouds
nacx
1
300
Introduction to Apache jclouds - ApacheCon EU 2014
nacx
0
160
Continuous Integration before and after Chef
nacx
0
140

Other Decks in Technology

See All in Technology
サイボウズ #Garoon 開発チームの
「 完成度低いの歓迎LT大会 」 PHPerKaigi出張版 / Low quality LT in PHPerKaigi 2023
oogfranz
PRO
0
140
Svelte/SvelteKitを採用した理由とその魅力
oekazuma
3
200
ChatGPTにR言語を教えてもらう(仮)
doradora09
1
190
開発チーム内でのQAの役割
iseki
0
120
大規模言語モデルで変わるMLシステム開発
hirosatogamo
11
8.5k
また(CDK界隈の)世界を縮めてしまった
bun913
0
490
「新卒エンジニアが1年間で顔を売るために取った行動100連発」/YAPC::Kyoto 2023 前日祭 ネコトーストラボ杯争奪東西対抗LTマッチ
arthur1
0
590
ZOZOTOWNの検索APIにキャッシュを導入、実装時の工夫や効果について
sattosan
0
200
Win Testing Trophy Easily / テスティングトロフィーを獲得する / PHPerKaigi 2023
k1low
2
160
stdClassって一体何者なんだ?!/Who the hell is stdClass?
daina0321
0
240
チームで導入する Jetpack Compose あの素晴らしいLTをもう一度.ver
kako351
1
160
『登記所備付地図XMLデータ』に触れてみよう〜法務省が公開した大規模オープンデータとは一体何なのか〜 / What is moj map xml
sakaik
0
130

Featured

See All Featured
Testing 201, or: Great Expectations
jmmastey
25
5.8k
Fashionably flexible responsive web design (full day workshop)
malarkey
396
64k
Rebuilding a faster, lazier Slack
samanthasiow
70
7.6k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
121
29k
How GitHub Uses GitHub to Build GitHub
holman
466
280k
VelocityConf: Rendering Performance Case Studies
addyosmani
317
22k
The Art of Programming - Codeland 2020
erikaheidi
36
11k
Become a Pro
speakerdeck
PRO
6
3.3k
jQuery: Nuts, Bolts and Bling
dougneiner
57
6.7k
Writing Fast Ruby
sferik
613
58k
What's in a price? How to price your products and services
michaelherold
233
9.8k
10 Git Anti Patterns You Should be Aware of
lemiorhan
643
55k

Transcript

  1. Do you need a Service Mesh?
    Ignasi Barrera
    Madrid | November 30 - December 1, 2018

    View Slide

  2. View Slide

  3. Journey to the chaos

    View Slide

  4. View Slide

  5. View Slide

  6. View Slide

  7. View Slide

  8. Micro-services

    View Slide

  9. Failure happens

    View Slide

  10. And shit hits the fan

    View Slide

  11. Frameworks and tools to the rescue

    View Slide

  12. Must-have primitives
    • Service discovery
    • Fault tolerance
    • Circuit breakers
    • Back-pressure
    • Tracing

    View Slide

  13. Deployment-aware apps

    View Slide

  14. Heterogeneous environments

    View Slide

  15. Heterogeneous environments

    View Slide

  16. Service Mesh

    View Slide

  17. Platform abstractions
    • Networking
    • Observability
    • Security
    Focus on creating services and providing
    value

    View Slide

  18. Data plane

    View Slide

  19. Control plane

    View Slide

  20. Networking

    View Slide

  21. Traffic management
    80%
    20%
    50 req/sec

    View Slide

  22. Example: Bookinfo

    View Slide

  23. Example: declarative traffic routing
    kind: VirtualService
    metadata:
    name: reviews
    spec:
    hosts:
    - reviews
    http:
    - route:
    - destination:
    host: reviews
    subset: v1
    kind: VirtualService
    metadata:
    name: reviews
    spec:
    hosts:
    - reviews
    http:
    - match:
    - headers:
    end-user:
    exact: jason
    route:
    - destination:
    host: reviews
    subset: v2
    - route:
    - destination:
    host: reviews
    subset: v1
    Pin to reviews v1 Jason user to use v2

    View Slide

  24. Observability

    View Slide

  25. Telemetry reporting

    View Slide

  26. Security

    View Slide

  27. Policy enforcement (authZ)

    View Slide

  28. Insecure communications?

    View Slide

  29. Identity and encryption (authN)
    mTLS

    View Slide

  30. Recap

    View Slide

  31. Traffic routing
    • Service discovery
    • Application level overlay network
    • L7 addressing
    • Canaries
    • Traffic shifting
    • Protocol translation

    View Slide

  32. Traffic management
    • Load balancing
    • Failure detection
    • Circuit breakers
    • Retries
    • Deadlines
    • Rate limiting
    • Fault injection

    View Slide

  33. Observability
    • Logs
    • Metrics
    • Distributed tracing
    • Monitoring tools
    • Multiple telemetry backends

    View Slide

  34. Security
    • Runtime policy enforcement
    • Trusted Identity
    • Transparent mTLS
    • JWT validation
    • OIDC (soon)

    View Slide

  35. Thanks!
    @IgnasiBarrera
    Madrid | November 30 - December 1, 2018

    View Slide