Do you need a Service Mesh?

Slide 1

Slide 1 text

Do you need a Service Mesh? Ignasi Barrera Madrid | November 30 - December 1, 2018

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

Journey to the chaos

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

Micro-services

Slide 9

Slide 9 text

Failure happens

Slide 10

Slide 10 text

And shit hits the fan

Slide 11

Slide 11 text

Frameworks and tools to the rescue

Slide 12

Slide 12 text

Must-have primitives • Service discovery • Fault tolerance • Circuit breakers • Back-pressure • Tracing

Slide 13

Slide 13 text

Deployment-aware apps

Slide 14

Slide 14 text

Heterogeneous environments

Slide 15

Slide 15 text

Heterogeneous environments

Slide 16

Slide 16 text

Service Mesh

Slide 17

Slide 17 text

Platform abstractions • Networking • Observability • Security Focus on creating services and providing value

Slide 18

Slide 18 text

Data plane

Slide 19

Slide 19 text

Control plane

Slide 20

Slide 20 text

Networking

Slide 21

Slide 21 text

Traffic management 80% 20% 50 req/sec

Slide 22

Slide 22 text

Example: Bookinfo

Slide 23

Slide 23 text

Example: declarative traffic routing kind: VirtualService metadata: name: reviews spec: hosts: - reviews http: - route: - destination: host: reviews subset: v1 kind: VirtualService metadata: name: reviews spec: hosts: - reviews http: - match: - headers: end-user: exact: jason route: - destination: host: reviews subset: v2 - route: - destination: host: reviews subset: v1 Pin to reviews v1 Jason user to use v2

Slide 24

Slide 24 text

Observability

Slide 25

Slide 25 text

Telemetry reporting

Slide 26

Slide 26 text

Security

Slide 27

Slide 27 text

Policy enforcement (authZ)

Slide 28

Slide 28 text

Insecure communications?

Slide 29

Slide 29 text

Identity and encryption (authN) mTLS

Slide 30

Slide 30 text

Recap

Slide 31

Slide 31 text

Traffic routing • Service discovery • Application level overlay network • L7 addressing • Canaries • Traffic shifting • Protocol translation

Slide 32

Slide 32 text

Traffic management • Load balancing • Failure detection • Circuit breakers • Retries • Deadlines • Rate limiting • Fault injection

Slide 33

Slide 33 text

Observability • Logs • Metrics • Distributed tracing • Monitoring tools • Multiple telemetry backends

Slide 34

Slide 34 text

Security • Runtime policy enforcement • Trusted Identity • Transparent mTLS • JWT validation • OIDC (soon)

Slide 35

Slide 35 text

Thanks! @IgnasiBarrera Madrid | November 30 - December 1, 2018