Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Service Mesh Status Quo 2018: 2019年に向けたService ...

Service Mesh Status Quo 2018: 2019年に向けたService Meshの現状課題の整理と考察 / Service Mesh Status Quo 2018

Yoichi Kawasaki

December 18, 2018
Tweet

More Decks by Yoichi Kawasaki

Other Decks in Technology

Transcript

  1. , 2 , ,1 21 21 1, 0 , Service

    Mesh Status Quo 2018 2019Service Mesh   
  2. CNCF Cloud Native Definition v1.0 Cloud native technologies empower organizations

    to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor-neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone. https://github.com/cncf/toc/blob/master/DEFINITION.md Cloud Native CNCF
  3. Pod Pod Pod      % https://docs.microsoft.com/ja-jp/dotnet/standard/microservices-

    architecture/implement-resilient-applications/implement-circuit-breaker-pattern Pod Pod Pod Pod Pod Pod &"    !$# 
  4. Pod Pod Pod Pod Pod Pod Pod Pod Pod 

         Service BreakerDestination Rule (Istio) https://istio.io/docs/tasks/traffic-management/circuit-breaking/ Service Mesh
  5. Service Mesh &! Data Plane Control Plane *  

    + %)# Envoyproxy Blog: Service mesh data plane vs. control plane https://blog.envoyproxy.io/service-mesh-data-plane-vs-control-plane-2774e720f7fc Control Plane Data Plane'(Mesh Data Plane *,   ② Control PlaneData Plane$"
  6. “ENVOY IS AN OPEN SOURCE EDGE AND SERVICE PROXY, DESIGNED

    FOR CLOUD-NATIVE APPLICATIONS” https://www.envoyproxy.io/ Istio  • Dynamic service discovery • Load balancing • TLS termination • HTTP/2 and gRPC proxies • Circuit breakers • Health checks • Staged rollouts with %-based traffic split • Fault injection • Rich metrics
  7. Front-envoy process Front-envoy container service3 envoy process Service3 Container service3

    app process service1 envoy process Service1 Container service1 app process service2 envoy process Service2 Container service2 app process Port 80 Port 80 Port 80 8080 8080 8080 Front envoy listens on port 80
  8. Discovery & Load Balancing round robin, random, weighted least request

    Traffic Splitting A/B testing, canary rollouts, staged rollouts Traffic Control Handling Failures circuit breakers, timeouts, and retries Fault Injections delays or abort Rate Limiting Distributed Tracing Collecting Logs & Metrics Service Graph Authentication Policy Mutual TLS Authentication Istio RBAC https://istio.io/docs/concepts/what-is-istio/
  9. •    : • https://istio.io/docs/reference/config/installation-options/ • Minimal Istio

    Installation: • https://istio.io/docs/setup/kubernetes/minimal-install
  10. k8s Service Mesh   &)" Knative - https://github.com/knative/docs *'#(

    &)"  &)"  &)"  &)" ! %$+  
  11. • Zero Trust Control plane vs Data plane • Zero

    Trust Control plane      • Zero Trust Data Plane: Control Plane