Kubernetes meets Finagle for Resilient Microservices

Slide 1

Slide 1 text

Kubernetes meets Finagle for resilient microservices oliver gould  cto, buoyant KubeCon EU 2016

Slide 2

Slide 2 text

oliver gould • cto @ buoyant  open-source microservice infrastructure • previously, tech lead @ twitter:  observability, traﬃc • core contributor: ﬁnagle • creator: linkerd • loves: kubernetes, dogs @olix0r  [email protected]

Slide 3

Slide 3 text

overview 1. why microservices? 2. ﬁnagle: the once and future layer 5 3. resilient rpc 4. introducing linkerd 5. demo 6. questions! answers?

Slide 4

Slide 4 text

why microservices?

Slide 5

Slide 5 text

scaling teams growing software

Slide 6

Slide 6 text

performance correctness debugging monitoring security  eﬃciency  resilience

Slide 7

Slide 7 text

Resilience is an imperative: our software runs on the truly dismal computers we call datacenters. Besides being heinously  complex… they are unreliable and prone to  operator error. Marius Eriksen @marius  RPC Redux

Slide 8

Slide 8 text

resilience in microservices software you didn’t write hardware you can’t touch network you can’t conﬁgure break in new and surprising ways and your customers shouldn’t notice

Slide 9

Slide 9 text

resilient microservices require resilient communication

Slide 10

Slide 10 text

datacenter [1] physical [2] link [3] network [4] transport kubernetes   calico, … aws, azure, digitalocean, gce, … your code languages, libraries [7] application rpc [5] session [6] presentation json, protobuf, thrift, … http/2, mux, …

Slide 11

Slide 11 text

layer 5 deals in requests

Slide 12

Slide 12 text

ﬁnagle THE ONCE AND FUTURE LAYER 5

Slide 13

Slide 13 text

github.com/twitter/ﬁnagle RPC library (JVM) asynchronous built on Netty scala functional strongly typed ﬁrst commit: Oct 2010

Slide 14

Slide 14 text

used by…

Slide 15

Slide 15 text

programming ﬁnagle // proxy requests on 8080 to the users service // with a timeout of 1 second val users = Http.newClient(“/s/users”) Http.serve(“:8080”, Service.mk[Request, Response] { req => users(req).within(1.second).handle { case _: TimeoutException => Response(Status.BadGateway) } })

Slide 16

Slide 16 text

operating ﬁnagle service discovery circuit breaking backpressure timeouts retries tracing metrics keep-alive multiplexing load balancing per-request routing service-level objectives

Slide 17

Slide 17 text

resilient rpc REAL-WORLD MOTIVATIONS FOR

Slide 18

Slide 18 text

“It’s slow”  is the hardest problem you’ll ever debug. Jeﬀ Hodges @jmhodges  Notes on Distributed Systems for Young Bloods

Slide 19

Slide 19 text

the more components you deploy, the more problems you have

Slide 20

Slide 20 text

the more components you deploy, the more problems you have

Slide 21

Slide 21 text

the more components you deploy, the more problems you have

Slide 22

Slide 22 text

l5: load balance requests lb algorithms: • round-robin • fewest connections • queue depth • exponentially-weighted moving average (ewma) • aperture

Slide 23

Slide 23 text

where are we spending time?

Slide 24

Slide 24 text

who’s talking?

Slide 25

Slide 25 text

layer 5 routing • application conﬁgured against a logical name:  /s/users • requests are bound to concrete names:  /k8s/prod/http/users • delegations express routing by rewriting:  /s => /k8s/prod/http  /s/l5d-docs => /$/inet/linkerd.io/443

Slide 26

Slide 26 text

per-request routing GET / HTTP/1.1  Host: mysite.com  Dtab-local: /s/users => /s/users-v2 GET / HTTP/1.1  Host: mysite.com  Dtab-local: /s/slorbs => /s/debugproxy/s/slorbs

Slide 27

Slide 27 text

so all i have to do is rewrite my app in scala?

Slide 28

Slide 28 text

No content

Slide 29

Slide 29 text

github.com/buoyantio/linkerd microservice rpc proxy layer-5 router aka l5d built on ﬁnagle pluggable kubernetes consul zookeeper

Slide 30

Slide 30 text

make layer 5 great again transport layer security service discovery backpressure timeouts retries stats tracing routing multiplexing load balancing circuit breaking service-level objectives

Slide 31

Slide 31 text

l5d sidecar books authors pod A pod B

Slide 32

Slide 32 text

l5d sidecar incoming router outgoing router io.l5d.k8s namer service

Slide 33

Slide 33 text

l5d.yaml namers:  - kind: io.l5d.experimental.k8s  authTokenFile: …/serviceaccount/token    routers:  - protocol: http  label: incoming  servers:  - port: 8080  ip: 0.0.0.0  baseDtab: |  /http/1.1 => /$/inet/127.1/8888;  - protocol: http  label: outgoing  servers:  - port: 4140  baseDtab: |  /srv => /io.l5d.k8s/default/http;  /method => /$/io.buoyant.http.anyMethodPfx/srv;  /http/1.1 => /method; kind: Service  apiVersion: v1  metadata:  namespace: default  name: $SERVICENAME spec:  selector:  app: $SERVICENAME  type: LoadBalancer  ports:  - name: http  port: 8080  targetPort: 8080 svc.yaml.sh

Slide 34

Slide 34 text

linkerd roadmap • use k8s 3rdparty for routing state kubernetes#18835 • DaemonSets deployments? • tighter grpc support netty#3667 • cluster-wide routing control • service-level objectives • application-level circuit breaking • more conﬁgurable everything

Slide 35

Slide 35 text

traﬃc control with linkerd DEMO

Slide 36

Slide 36 text

web books authors l5d l5d l5d

Slide 37

Slide 37 text

web books authors l5d l5d l5d books-v2 l5d

Slide 38

Slide 38 text

web books authors l5d l5d l5d books-v2 l5d helium tracing  control  ui play!

Slide 39

Slide 39 text

Slide 40

Slide 40 text

more at linkerd.io slack: slack.linkerd.io email: [email protected] twitter: • @olix0r • @linkerd thanks!