Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Conduit: Open source, Ultralight Service Mesh for Kubernetes

Conduit: Open source, Ultralight Service Mesh for Kubernetes

Introducing the Conduit service mesh to the Silicon Valley Kubernetes meetup

625beff353c7c2b068b26d1a57566e05?s=128

Oliver Gould

March 15, 2018
Tweet

Transcript

  1. Open source, ultralight service mesh for Kubernetes Oliver Gould @olix0r

    CTO, Buoyant
  2. conduit.io Today’s talk ‣ Who am I? ‣ What is

    Conduit? ‣ What is a service mesh? ‣ How did we get here? ‣ How can I do cool things with Condut? ‣ Demotime
  3. conduit.io Who am I? ‣ Twitter engineer 2010—2015 ‣ Creator

    of Linkerd ‣ CTO @ Buoyant ‣ Occasional tweeter: @olix0r ‣ Dog enthusiast
  4. conduit.io Who am I? ‣ Twitter engineer 2010—2015 ‣ Creator

    of Linkerd ‣ CTO @ Buoyant ‣ Occasional tweeter: @olix0r ‣ Dog enthusiast
  5. conduit.io What is Conduit?

  6. conduit.io ‣ Ultralight, ultra fast service mesh for Kubernetes ‣

    Purpose-built for security & performance: ‣ Data plane proxy in Rust ‣ Control plane services in Go ‣ Open Source: Apache v2; developed in the open
  7. conduit.io Goal: Improve visibility, reliability, and security for any application

    in Kubernetes without config or code
  8. conduit.io What is a service mesh?

  9. conduit.io The service mesh Service C Service B Service A

    linkerd Service C Service B Service A linkerd Service C Service B Service A linkerd application HTTP proxied HTTP monitoring & control Node 1 Node 2 Node 3 “Mesh” of user space network proxies, deployed alongside application code. • Lightweight,
 Horizontally scalable • Low operational impact • Centralized control & visibility
  10. conduit.io Why? ‣ Add reliability, security, visibility to cloud native

    apps, without changing code. ‣ Move operational ownership from service owner to platform operator. ‣ Make runtime operations as easy as Kubernetes has made deploy-time ops ‣ Features: request routing, retries, timeouts, circuit breaking, deadlines, distributed tracing, instrumentation, service discovery, TLS, service auth, …
  11. conduit.io Uniform visibility

  12. conduit.io Uniform reliability ‣ Load balance over requests
 not connections

    ‣ LB algorithms have an enormous impact on your oncall!
  13. conduit.io Uniform, dynamic policy timeout=400ms retries=3 timeout=400ms retries=2 timeout=200ms retries=3

    timelines users web db 800ms 600ms
  14. conduit.io Processes Guy with the spreadsheet of machines Hardware redundancy

    Servers IP addresses and DNS Server monitoring Big monolithic application TCP/IP connections “Containers” Orchestrated environment Design for failure Services Service discovery Service monitoring Microservices RPC calls How did we get here? Sys Admin Cloud Native
  15. conduit.io This brought a whole new set of problems

  16. conduit.io Evolution of the service mesh • Twitter: Finagle
 Google:

    Stubby
 Netflix: Hysterix • Buoyant: the Service Mesh
 Language- and deployment-agnostic Goal is the same: Solve operational challenges that are fundamental to cloud native architectures.
  17. conduit.io ‣ ~2 years old ‣ 1400+ Slack channel members

    ‣ 3500+ Github stars ‣ 1.5m+ Docker Hub pulls ‣ 60+ contributors
  18. conduit.io Why Conduit?

  19. conduit.io JVM pros and cons Linkerd is on the JVM.

    There are some great things about the JVM: ‣ Secure memory model ‣ Plugin architecture ‣ Performance at scale ‣ Rich ecosystem! (Finagle + Scala + Netty) But… The JVM takes a ton of resources! This can be tough for microservices.
  20. conduit.io Getting off the JVM Motivation for Conduit: service mesh

    but without the resource cost. ‣ Minimize resource requirements, maximize performance. (=> Native code) ‣ Provide security and reliability by default. (=> Zero config) ‣ Provide a clear centralized API. (=> Decoupled control plane) ‣ Fits into existing cloud native ecosystem (=> Kubernetes)
  21. conduit.io Conduit’s architecture Conduit API Prometheus … Control plane {namespace:

    “conduit”} app: birds proxy app: rabbits proxy Pod 2 app: dogs proxy Pod 3 … Your app, plus Conduit data plane Pod 1
  22. conduit.io Conduit control plane Control plane written is written in

    Go. ‣ Kinda fast! Well, fast enough for control plane purposes. ‣ Kinda lightweight! Well, compared to the JVM. ‣ No modern features! Oh well. But it’s the lingua franca of Kubernetes, and most importantly: Go is easy to learn and Go projects are easy to get involved in!
  23. conduit.io Conduit data plane Data plane written is a proxy

    written in Rust. ‣ Fast: Native performance, ‣ Type- & Memory-safe: Doesn’t link against C libraries like OpenSSL. ‣ No GC! Very important for proxies where tail latencies are critical to performance. Result: <2mb RSS, <1ms p99, designed for HTTP/2
  24. conduit.io Data plane Rust stack ‣ mio: cross-platform API for

    epoll. Foundation for non-blocking sockets. ‣ futures: Promises/Futures implementation. Zero-cost abstractions on async code ‣ tokio: async I/O ‣ hyper, h2: HTTP libraries ‣ tower: Finagle-esque remote call framework ‣ tower-grpc: gRPC framework All open source libraries available on GitHub.
  25. conduit.io Demo time!

  26. conduit.io Get involved ‣ Conduit 0.3.1 released today! ‣ Current

    status: alpha, but rapidly approaching beta ‣ Works with most applications on Kubernetes 1.8+ ‣ github.com/runconduit ‣ conduit-users@googlegroups.com
 conduit-announce@googlegroups.com
 conduit-dev@googlegroups.com ‣ slack.linkerd.io #conduit channel
  27. Thank you! Oliver Gould | CTO | @olix0r conduit.io