Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Conduit: Open source, Ultralight Service Mesh for Kubernetes

Conduit: Open source, Ultralight Service Mesh for Kubernetes

Introducing the Conduit service mesh to the Silicon Valley Kubernetes meetup


Oliver Gould

March 15, 2018


  1. Open source, ultralight service mesh for Kubernetes Oliver Gould @olix0r

    CTO, Buoyant
  2. conduit.io Today’s talk ‣ Who am I? ‣ What is

    Conduit? ‣ What is a service mesh? ‣ How did we get here? ‣ How can I do cool things with Condut? ‣ Demotime
  3. conduit.io Who am I? ‣ Twitter engineer 2010—2015 ‣ Creator

    of Linkerd ‣ CTO @ Buoyant ‣ Occasional tweeter: @olix0r ‣ Dog enthusiast
  4. conduit.io Who am I? ‣ Twitter engineer 2010—2015 ‣ Creator

    of Linkerd ‣ CTO @ Buoyant ‣ Occasional tweeter: @olix0r ‣ Dog enthusiast
  5. conduit.io What is Conduit?

  6. conduit.io ‣ Ultralight, ultra fast service mesh for Kubernetes ‣

    Purpose-built for security & performance: ‣ Data plane proxy in Rust ‣ Control plane services in Go ‣ Open Source: Apache v2; developed in the open
  7. conduit.io Goal: Improve visibility, reliability, and security for any application

    in Kubernetes without config or code
  8. conduit.io What is a service mesh?

  9. conduit.io The service mesh Service C Service B Service A

    linkerd Service C Service B Service A linkerd Service C Service B Service A linkerd application HTTP proxied HTTP monitoring & control Node 1 Node 2 Node 3 “Mesh” of user space network proxies, deployed alongside application code. • Lightweight,
 Horizontally scalable • Low operational impact • Centralized control & visibility
  10. conduit.io Why? ‣ Add reliability, security, visibility to cloud native

    apps, without changing code. ‣ Move operational ownership from service owner to platform operator. ‣ Make runtime operations as easy as Kubernetes has made deploy-time ops ‣ Features: request routing, retries, timeouts, circuit breaking, deadlines, distributed tracing, instrumentation, service discovery, TLS, service auth, …
  11. conduit.io Uniform visibility

  12. conduit.io Uniform reliability ‣ Load balance over requests
 not connections

    ‣ LB algorithms have an enormous impact on your oncall!
  13. conduit.io Uniform, dynamic policy timeout=400ms retries=3 timeout=400ms retries=2 timeout=200ms retries=3

    timelines users web db 800ms 600ms
  14. conduit.io Processes Guy with the spreadsheet of machines Hardware redundancy

    Servers IP addresses and DNS Server monitoring Big monolithic application TCP/IP connections “Containers” Orchestrated environment Design for failure Services Service discovery Service monitoring Microservices RPC calls How did we get here? Sys Admin Cloud Native
  15. conduit.io This brought a whole new set of problems

  16. conduit.io Evolution of the service mesh • Twitter: Finagle

 Netflix: Hysterix • Buoyant: the Service Mesh
 Language- and deployment-agnostic Goal is the same: Solve operational challenges that are fundamental to cloud native architectures.
  17. conduit.io ‣ ~2 years old ‣ 1400+ Slack channel members

    ‣ 3500+ Github stars ‣ 1.5m+ Docker Hub pulls ‣ 60+ contributors
  18. conduit.io Why Conduit?

  19. conduit.io JVM pros and cons Linkerd is on the JVM.

    There are some great things about the JVM: ‣ Secure memory model ‣ Plugin architecture ‣ Performance at scale ‣ Rich ecosystem! (Finagle + Scala + Netty) But… The JVM takes a ton of resources! This can be tough for microservices.
  20. conduit.io Getting off the JVM Motivation for Conduit: service mesh

    but without the resource cost. ‣ Minimize resource requirements, maximize performance. (=> Native code) ‣ Provide security and reliability by default. (=> Zero config) ‣ Provide a clear centralized API. (=> Decoupled control plane) ‣ Fits into existing cloud native ecosystem (=> Kubernetes)
  21. conduit.io Conduit’s architecture Conduit API Prometheus … Control plane {namespace:

    “conduit”} app: birds proxy app: rabbits proxy Pod 2 app: dogs proxy Pod 3 … Your app, plus Conduit data plane Pod 1
  22. conduit.io Conduit control plane Control plane written is written in

    Go. ‣ Kinda fast! Well, fast enough for control plane purposes. ‣ Kinda lightweight! Well, compared to the JVM. ‣ No modern features! Oh well. But it’s the lingua franca of Kubernetes, and most importantly: Go is easy to learn and Go projects are easy to get involved in!
  23. conduit.io Conduit data plane Data plane written is a proxy

    written in Rust. ‣ Fast: Native performance, ‣ Type- & Memory-safe: Doesn’t link against C libraries like OpenSSL. ‣ No GC! Very important for proxies where tail latencies are critical to performance. Result: <2mb RSS, <1ms p99, designed for HTTP/2
  24. conduit.io Data plane Rust stack ‣ mio: cross-platform API for

    epoll. Foundation for non-blocking sockets. ‣ futures: Promises/Futures implementation. Zero-cost abstractions on async code ‣ tokio: async I/O ‣ hyper, h2: HTTP libraries ‣ tower: Finagle-esque remote call framework ‣ tower-grpc: gRPC framework All open source libraries available on GitHub.
  25. conduit.io Demo time!

  26. conduit.io Get involved ‣ Conduit 0.3.1 released today! ‣ Current

    status: alpha, but rapidly approaching beta ‣ Works with most applications on Kubernetes 1.8+ ‣ github.com/runconduit ‣ conduit-users@googlegroups.com
 conduit-dev@googlegroups.com ‣ slack.linkerd.io #conduit channel
  27. Thank you! Oliver Gould | CTO | @olix0r conduit.io