Microservices gt whoami PhD in Telecommunications Budapest University of Technology Worked with 5G technology SDN amp NFV Cloud Native Network Functions Graduated in the EIT Digital Doctoral School ID: 796524
Download The PPT/PDF document "Service Mesh: a New Infrastructure Layer..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Service Mesh: a New Infrastructure Layer Under Microservices
Slide2$>
whoami
PhD in Telecommunications @ Budapest University of Technology
Worked with 5G technologySDN & NFV Cloud Native Network FunctionsGraduated in the EIT Digital Doctoral SchoolCo-founder & CTO @ LeanNet Ltd.Consulting, training, implementingCloud Native, Microservices, DevOps
megyesi@leannet.eu
twitter.com/M3gy0
linkedin.com
/
in
/M3gy0
Slide3Outline
Basics of service mesh
The evolution of cloud computing
Microservices leading to complexityThe necessity of a new architectural componentThe sidecar proxy deployment strategyData plane vs. control plane in a service meshChoices for realizing a service meshLinkerdLinkerd2 (the current version)Envoy as the universal dataplane for
IstioAWS App Mesh
ConsulKuma
3 hour
tutorial tomorrow: Linkerd &
Istio!
Slide4Development Process
Application Architecture
Deployment & Packaging
Application InfrastructureWaterfall
AgileDevOps
Monolithic
SOA
Microservices
Psychical Servers
Virtual Machines
Containers
Server Room
Data Center (
IaaS
)
Cloud Platform
Time
Cloud Native
Slide5What
are
Microservices?
Microservices architecture is software development form that structures an application as a collection of loosely coupled services having bounded context, which implement business capabilities. Microservices enable the continuous delivery/deployment of large, complex applications.
Monolithic software
Vertically scalable
Hard to maintain and evolve
Very long build / test / release cycles
Always fixing bugs
Lack of innovation
Service Oriented
Architecture
Microservices
Horizontally scalable
Services
are easy to maintain
Very short build / test / release
cycles
Easy to innovate
Slide6This is not a
Microservice
Architecture!
Web ServerApp ServerDB Server
Slide7This is Getting There….
Slide8But Th
ese
are True Microservice
Architectures!TwitterAmazon Web Service
Slide9But Th
ese
are True Microservice
Architectures!
Slide10Monolith vs.
Microservices
?
Complex applicationEasy networkingEasy applications (services)Complex networking
The fallacies of distributed computing:The network is reliableLatency is zero
Bandwidth is infinite
The network is secureTopology doesn't change
There is one administratorTransport cost is zero
The network is homogeneous
https://en.wikipedia.org/wiki/Fallacies_of_distributed_computing
Slide11What is a Service
Mesh
?
Service Mesh is dedicated infrastructure layerin a microservices environment to consistently manage, monitor and control the communication between services across the entire application
Slide12Evolution: LAMP to Web Scale
Apache
Apache
Apache
PHP
PHP
PHP
PHP
PHP
MySQL
MySQL
MySQL
Nginx
Nginx
Nginx
DB
DB
DB
SVC
SVC
SVC
SVC
SVC
Slide13Evolution: Common Features in
DevSecOps
Dynamic service discovery
Load balancingHealth checksTimeoutsRetriesCircuit breakersTraffic encryption (mTLS)Fine-grained access controlAccess auditing
Rate limitingRewrites and redirects
Consistent metrics
Access logsDistributed tracing
Fault injection
Slide14Evolution: Shared Libraries to Service Mesh
Nginx
Nginx
Nginx
DB
DB
DB
SVC
SVC
SVC
SVC
SVC
Library
Examples for such
fat
libraries:
Hystrix
@ Netflix
Stubby @ Google
Finagle @ Twitter
Disadvantages of shared libraries:
Have to be implemented in multiple languages
If the library changes the entire service has to be redeployed
Too tight involvement of dev teams
Slide15Linkerd
A
service mesh that adds reliability, security, and visibility to cloud native applications
Official CNCF ProjectOriginally created by Buoyant Inc. based on FinagleWritten in JAVA
These are the
dataplane
components (proxies)
This is the control plane that programs the individual
dataplane
proxies
namerd
Slide16Sidecar Model in Container Environments
Disadvantages of per-node model
Raises security concerns in multi-tenant environments (shared TLS secrets, common authentication, etc.)
Can only be scaled vertically, not horizontally (give it more memory and CPU and it will handle more connection)Not optimized for container workloadsThe sidecar modelPut a proxy next to every container
This is supported by the POD abstraction in Kubernetes
Linkerd is considered to be too heavy for such environment!
Node
1
Node
2
Node
3
Proxy
Proxy
Proxy
Proxy
Proxy
Proxy
Proxy
Proxy
Proxy
Proxy
Proxy
Proxy
Slide17Linkerd2 (previously know as
Conduit
)
A novel service mesh that was specifically designed to work in KubernetesCreated by Buoyant, the same team who created LinkerdData plane is written in Rust to be very fast and lightweight to sidecar operations (~5MB container size)Control plane is written in GO to work well in KubernetesCan be deployed service-by-service (it’s not an all-or-nothing choice…)
Slide18Envoy
Envoy is an open source edge and service proxy, designed for cloud-native applications
Official CNCF Project
Originally created by LyftWritten in C++Out of process architecture with advanced threadingBest in class observabilityRich APIs called xDS
Features includeL3/L4 filter and routing architectureHTTP L7 filter architecture
First class HTTP/2 support
gRPC supportMongoDB and DynamoDB L7 support
Slide19Istio
A service mesh control plane which uses Envoy as data plane
Originally created by Google and IBM
Written in GOProvides core features for:Traffic managementObservabilitySecurityHas four main componentsPilot for managing and configuring the Envoy proxiesMixer for providing policy controls and telemetry collection
Citadel for service-to-service and end-user authenticationGalley for configuration validation, ingestion,
processing and distribution
Slide20Istio vs. Linkerd2
Somewhat easy to install
Hard to operate
Heavy control planeAdvanced data plane (Envoy)Has a built in ingress (and egress) controller (Envoy)Doesn’t have a dashboard (but Kiali
can be one)Monitoring:Service graph
S2S latency
Response codesJaeger TracingAdvanced HTTP routing:
Blue/GreenCanary
Dark launch
Very easy to install
Easy to operate
Light control plane
Very light data plane (in Rust)
No ingress included
Has a dashboard
Monitoring:
Service graph
S2S latency
Response codes
No tracing
Very basic HTTP routing:
No Blue/Green
Canary
No dark launch
Slide21Other Examples
Envoy based
Non-Envoy based
synaps
Slide22Okay, But Should I Use a Service Mesh???
It depends…
Not a good reason:
I’ve heard it’s cool since Google made this!Want to be cloud native so I must use this new stuffMy boss told me…But definitely use it if:You have micro(ish)services environment, written in multiple languages, and you need consistent telemetryYou need mTLS for every service-to-service communicationYou have a
microservices environment where some service are failing, and you can’t figure out which one of themYou need to apply more advance deployment patterns (e.g. canary, blue/green), since you current one is too slow