Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Multi-Cluster Deployment Patterns for Ingress and API Gateways

Solo.io
August 27, 2020
Programming
0
480

Multi-Cluster Deployment Patterns for Ingress and API Gateways

In this webinar, we will explore deployment patterns, configurations, global traffic routing policies and more for scalable, highly available, and resilient application environments using Envoy Proxy for the Edge / API Gateway across multiple clusters. We will compare the tradeoffs between the different patterns for consideration and guidance for implementation and operations.

Watch the webinar https://youtu.be/SsdaHmjgjLk

Learn more https://www.solo.io/products/gloo
Request a trial https://lp.solo.io/lp-request-a-trial-general
Questions? https://slack.solo.io

Solo.io

August 27, 2020
Tweet

More Decks by Solo.io

See All by Solo.io
Gloo Mesh Enterprise Webinar 12.10.2020
soloio
0
190
Workshop - Service Mesh Hub
soloio
0
99
Wasm-SF Meetup - Creating a "Docker-Like" Experience for Wasm in Envoy
soloio
0
75
What's New in Gloo API Gateway version 1.5
soloio
0
440
Workshop - Service Mesh Hub
soloio
1
100
Can You Replace API Management with Service Mesh?
soloio
0
520
Gloo API Gateway Federation Overview and Demo
soloio
0
420
Protecting Applications with L4 and L7 Network Encryption for TLS/mTLS
soloio
0
250
Gloo 1.4 Release Overview
soloio
0
400

Other Decks in Programming

See All in Programming
Milestoner
bkuhlmann
1
410
単体テストを書かない技術 #phpcon_odawara
o0h
PRO
27
8.3k
『Railsオワコン』と言われる時代に、なぜブルーモ証券はRailsを選ぶのか
free_world21
0
250
Rethinking UI building strategies @ SFI 2024
letelete
0
270
TYPO3 v13 – The road to LTS: What's new and new APIs
luisasofie_xoxo
0
210
PHPはいつから死んでいるかの調査
chiroruxx
1
400
0→1と1→10の狭間で Javaという技術選定を振り返る/Reflecting on the Decision to Choose Java Between Scaling from 0 to 1 and 1 to 10
jaguar_imo
2
380
雑に思考を整理する技術と効能
konifar
60
29k
Amazon SQSコンシューマー疎結合への旅 - 出張! #DevelopersIO IT技術ブログの中の人が語る勉強会 #3
quiver
0
270
GitHub Actionsで泣かないためにやっておきたい設定 / Recommended GHA settings to avoid crying
pinkumohikan
3
540
PostmanでAPIの動作確認が楽になった話
h455h1
0
170
Anthropic Cookbook のおすすめレシピ
schroneko
7
980

Featured

See All Featured
Being A Developer After 40
akosma
57
580k
For a Future-Friendly Web
brad_frost
172
9k
The Invisible Customer
myddelton
114
12k
Product Roadmaps are Hard
iamctodd
44
9.7k
VelocityConf: Rendering Performance Case Studies
addyosmani
320
23k
Fireside Chat
paigeccino
21
2.6k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
227
16k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
34
8.9k
No one is an island. Learnings from fostering a developers community.
thoeni
16
2.1k
Statistics for Hackers
jakevdp
789
220k

Transcript

  1. Multi-Cluster API Gateway Patterns with Envoy Proxy and Gloo Christian

    Posta Global Field CTO – Solo.io

  2. 2 | Copyright © 2020 Our customers’ challenges

  3. 3 | Copyright © 2020 SERVICE MESH JOURNEY INNOVATION MODERNIZE

    TO MICROSERVICES SERVICE MESH MANAGEMENT ADAPTIVE SERVICE MESH

  4. 4 | Copyright © 2020 December 11, 2018 2018 TOP

    WOMEN ENTREPRENEURS IN CLOUD INNOVATION Seventh Annual Award Honors Women Founders for Outstanding Accomplishments in Cloud and Emerging Technologies, Sponsored by Facebook, Intel, and Google. Award Winning Innovation Enterprise Credibility Key Industry Collaborations https://www.solo.io/customers/

  5. 5 | Copyright © 2020 API connectivity & communication challenges

    SERVICE A SERVICE B SERVICE C SERVICE D SERVICE E Challenges • Entry point for services • Establishing boundary • AuthN/AuthZ • Traffic routing • Transformations • Rate limiting • Automation • Extension

  6. 6 | Copyright © 2020 API connectivity & communication challenges

    Challenges • Discovering APIs • Documentation • Self-service sign up • Security • Internal vs External SERVICE A SERVICE B SERVICE C SERVICE D SERVICE E

  7. 7 | Copyright © 2020 Solo.io solves API connectivity &

    communication challenges SERVICE A SERVICE B SERVICE C SERVICE D SERVICE E API portal

  8. 8 | Copyright © 2020 Gloo Enterprise Features

  9. 9 | Copyright © 2020 Gloo Data Plane and Control

    Plane EXTERNAL AUTH RATE LIMITING GLOO FILTERS ROUTER UPSTREAM EXTERNAL AUTH SERVER RATE LIMITING SERVER CACHING DATA LOSS PREVENTION LAMBDA NATS.IO TRANSFORMATION WEB APPLICATION FIREWALL (WAF)

  10. 10 | Copyright © 2020 Why Gloo? Security Highly Extensible

    Multi-platform Web Assembly Integration Decentralized API • Basic auth • OIDC • JWT • API Keys • Custom Auth • TLS • mTLS • SNI • Let’s Encrypt • CORS • OPA • RBAC • Delegation • WAF • Data Loss Prevention • Rate Limit • Circuit Breaker

  11. 11 | Copyright © 2020 API connectivity & communication challenges

    Challenges • Multiple clusters • Hybrid deployments • Centralized view • Consistency • Security • Configuration • Federation • Centralization vs Decentralization S E R V I C E A S E R V I C E B S E R V I C E C S E R V I C E D S E R V I C E E S E R V I C E A S E R V I C E B S E R V I C E C S E R V I C E D S E R V I C E E S E R V I C E A S E R V I C E B S E R V I C E C S E R V I C E D S E R V I C E E S E R V I C E A S E R V I C E B S E R V I C E C S E R V I C E D S E R V I C E E

  12. 12 | Copyright © 2020 API Federation • Autonomous clusters

    • Different organizational/network/administrative boundaries • Share pieces of configuration • For those shared pieces, treat union as a single unit • Uses an orchestrator to stitch together policies for federation

  13. 13 | Copyright © 2020 SERVICE A SERVICE B SERVICE

    C SERVICE D SERVICE E SERVICE F SERVICE G SERVICE H Solo.io solves API connectivity & communication challenges Federation

  14. 14 | Copyright © 2020 Problems Solo.io solves with federation

    • Security (authz/authn/encryption/identity) • Service discovery • Failover / traffic shifting / transparent routing • Observability • Separate networks • Well-defined fault domains • Balance of centralized management with decentralized enforcement

  15. 15 | Copyright © 2020 15 | Copyright © 2020

    Envoy as the backbone of application networking

  16. 16 | Copyright © 2020 Why Envoy Proxy? • Neutral

    Foundation (CNCF) • Large, diverse, vibrant community • Built ground up for dynamic services environment • Dynamic configuration, driven by API • Highly extensible • L7 filters (HTTP/1, HTTP/2, gRPC, redis, mysql, Kafka, etc) • Deep metrics/telemetry out of the box • Versatile deployment options

  17. 17 | Copyright © 2020 Exploring Envoy failover routing capabilities:

    Request racing Account work load work load work load Calls http://products.service/ work load work load us-west-1 us-west-2 Timeout Race request First to return is the response to the caller

  18. 18 | Copyright © 2020 Exploring Envoy failover routing capabilities:

    Zone aware routing (Envoy decides) Account work load work load work load Calls http://products.service/ work load work load us-west-1 us-west-2 Not enough healthy hosts in same zone Spill over to another zone

  19. 19 | Copyright © 2020 Exploring Envoy failover routing capabilities:

    Locality aware (Control plane decides) Account work load work load work load Calls http://products.service/ work load work load us-west-1 us-west-2 Not enough healthy hosts in same zone Spill over to another zone W=1 W=1 W=1 W=5 W=5

  20. 20 | Copyright © 2020 Exploring Envoy failover routing capabilities:

    Aggregate Cluster (for routing to gateways) Account work load work load work load Calls http://products.service/ Edge gw us-west-1 us-west-2 EDS Strict DNS

  21. 21 | Copyright © 2020 21 | Copyright © 2020

    Multi-cluster patterns

  22. 22 | Copyright © 2020 @christianposta work load work load

    work load Single cluster ingress/gateway

  23. 23 | Copyright © 2020 @christianposta work load work load

    work load work load work load work load work load work load work load Decentralized API Gateway

  24. 24 | Copyright © 2020 @christianposta work load work load

    work load work load work load work load work load work load work load Leaf nodes/ application clusters Hybrid, two-tier gateways

  25. 25 | Copyright © 2020 @christianposta work load work load

    work load work load work load work load work load work load work load Leaf nodes/ application clusters Hybrid, two-tier gateways with tenancy

  26. 26 | Copyright © 2020 @christianposta work load Istiod work

    load work load work load Istiod work load work load work load Istiod work load work load API/Edge Gateway tier Access Proxy / Gateway Routing Leaf nodes/ application clusters

  27. 27 | Copyright © 2020 27 | Copyright © 2020

    Operating a multi-cluster topology

  28. 28 | Copyright © 2020 @christianposta Access Proxy / Gateway

    Routing Leaf nodes/ application clusters GlooFederation Plane work load work load work load work load work load work load work load work load work load

  29. 29 | Copyright © 2020 @christianposta Access Proxy / Gateway

    Routing Leaf nodes/ application clusters GlooFederation Plane work load work load work load work load work load work load work load work load work load

  30. 30 | Copyright © 2020 @christianposta Access Proxy / Gateway

    Routing Leaf nodes/ application clusters GlooFederation Plane work load work load work load work load work load work load work load work load work load

  31. 31 | Copyright © 2020 31 | Copyright © 2020

    Demo

  32. 32 | Copyright © 2020 • https://solo.io • https://slack.solo.io •

    https://gloo.solo.io • https://envoyproxy.io • https://istio.io • https://webassemblyhub.io • https://servicemeshhub.io • https://blog.christianposta.com