Service Mesh Status Quo 2018: 2019年に向けたService Meshの現状課題の整理と考察 / Service Mesh Status Quo 2018

Transcript

1. , 2 , ,1 21 21 1, 0 , Service

   Mesh Status Quo 2018 2019
   Service Mesh   
2. None

3.   
        1970 1980 1990

   2000 2010 2020

4. CNCF Cloud Native Definition v1.0 Cloud native technologies empower organizations

   to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor-neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone. https://github.com/cncf/toc/blob/master/DEFINITION.md Cloud Native CNCF
   

5.    
        

   
   
6. None

7. Fallacies of distributed computing https://en.wikipedia.org/wiki/Fallacies_of_distributed_computing     

   
    
8. None

9. Buoyant’s CEO William Morgan https://blog.buoyant.io/2017/04/25/whats-a-service-mesh-and-why-do-i-need-one/

10. Service Mesh ①  
     

11. Pod Pod Pod      % https://docs.microsoft.com/ja-jp/dotnet/standard/microservices-

    architecture/implement-resilient-applications/implement-circuit-breaker-pattern Pod Pod Pod Pod Pod Pod &"
        !$# 

12. Pod Pod Pod Pod Pod Pod Pod Pod Pod 
    

         Service BreakerDestination Rule (Istio) https://istio.io/docs/tasks/traffic-management/circuit-breaking/ Service Mesh

13. Service Mesh &! Data Plane Control Plane
    *  

    + %)# Envoyproxy Blog: Service mesh data plane vs. control plane https://blog.envoyproxy.io/service-mesh-data-plane-vs-control-plane-2774e720f7fc Control Plane Data Plane'(Mesh Data Plane *,   ② Control PlaneData Plane$"

14. Service Mesh
       https://github.com/istio/istio https://github.com/linkerd/linkerd https://github.com/runconduit/conduit https://www.consul.io/ https://www.envoyproxy.io/

15. https://twitter.com/IstioMesh/status/1024339027531624451

16. https://blog.linkerd.io/2018/09/18/announcing-linkerd-2-0/ https://github.com/linkerd/linkerd/issues/2018

17. https://www.hashicorp.com/blog/consul-1-2-service-mesh https://github.com/cncf/landscape/pull/1009 Cloud Native Computing Foundation Announces Envoy Graduation https://www.cncf.io/announcement/2018/11/28/cncf-

    announces-envoy-graduation/

18. https://kubedex.com/istio-vs-linkerd-vs-linkerd2-vs-consul/ https://docs.google.com/spreadsheets/d/1OBaKrwR030G39i0n_47i-hzcFJ966bJjGArXVKX39_k/

19. https://trends.google.com/trends/explore?date=2017-01-01%202018-12- 17&q=Istio,Linkerd,Hashicorp%20Consul,Envoy%20Proxy ★ Star # (Dec 17, 2018) Istio 13,865

    Linkerd 4,792 Linkerd2 3,004 Consul 14,319 Envoy 7,608
20. None

21. “ENVOY IS AN OPEN SOURCE EDGE AND SERVICE PROXY, DESIGNED

    FOR CLOUD-NATIVE APPLICATIONS” https://www.envoyproxy.io/ Istio 
     • Dynamic service discovery • Load balancing • TLS termination • HTTP/2 and gRPC proxies • Circuit breakers • Health checks • Staged rollouts with %-based traffic split • Fault injection • Rich metrics

22. https://techlife.cookpad.com/entry/2018/05/08/080000 KubeCon 2018 Seattle
     https://envoyconna18.sched.com/event/HDdu/building-operating-a-service-mesh-at-a-mid-size-company-taiki-ono-cookpad-inc

23. Demo Code: https://github.com/yokawasa/envoy-proxy-demos/tree/master/front-proxy

24. Front-envoy process Front-envoy container service3 envoy process Service3 Container service3

    app process service1 envoy process Service1 Container service1 app process service2 envoy process Service2 Container service2 app process Port 80 Port 80 Port 80 8080 8080 8080 Front envoy listens on port 80

25. https://istio.io

26. • Pilot: • Mixer: • Citadel: https://istio.io/docs/concepts/what-is-istio/

27. Discovery & Load Balancing round robin, random, weighted least request

    Traffic Splitting A/B testing, canary rollouts, staged rollouts Traffic Control Handling Failures circuit breakers, timeouts, and retries Fault Injections delays or abort Rate Limiting Distributed Tracing Collecting Logs & Metrics Service Graph Authentication Policy Mutual TLS Authentication Istio RBAC https://istio.io/docs/concepts/what-is-istio/

28. https://www.slideshare.net/yokawasa/istio-114360124

29. • Demo Code: https://github.com/istio/istio/tree/master/samples/bookinfo • Setup: https://github.com/yokawasa/azure-container-labs/blob/master/labs/aks-202-istio-top.md

30. Product page Mixer Pilot Citadel Ingress gateway Review V1 Review

    V2 Review V3 Ratings Details
31. None

32. https://github.com/istio/istio/tree/master/tools

33. Mixer   Cache 
    5ms   

34. Istio Proxy*(  " "!'.  !10ms$#)+ Proxy0/%
    Mixer/% "" -&

    ,

35. •
      : • https://istio.io/docs/reference/config/installation-options/ • Minimal Istio

    Installation: • https://istio.io/docs/setup/kubernetes/minimal-install
36. None

37. Service Mesh
       Service Fabric Mesh Istio on GKE

    App Mesh

38. k8s Service Mesh   &)" Knative - https://github.com/knative/docs *'#(

    &)"  &)"  &)"  &)" ! %$+ 
     

39.   •  
    
     

40. None
41. None
42. None

43. https://istio.io/docs/concepts/security/

44. Istio multicluster

45. None

46. Figure 1-1. Traditional network security architecture

47. • Zero Trust Control plane vs Data plane • Zero

    Trust Control plane  
       • Zero Trust Data Plane: Control Plane 
48. None

49. k8s Service Mesh

50. https://www.slideshare.net/hiromasaoka/noops-125109991