SlideShare uma empresa Scribd logo

Multicluster Kubernetes: How a Service Mesh Can and Can’t Help

Transferir como PPTX, PDF
Aspen Mesh
Aspen Mesh

A look at different ways to achieve multicluster communication and when it makes sense to use a service mesh.

Tecnologia
1 de 45
Multiclusterk8s: How a Service MeshCan/Can’t Help Andrew Jenkins, CTO @notthatjenkins
Aspen Mesh Survey at KubeCon 2019 Europe Multiple Independent Prod Dev/Test/Stage Multiple x-comm Prod Multiple (85%) (10%) Other (5%) One
Service Mesh Service Mesh Control Plane App A Proxy App B Proxy Service A Service B ObservabilitySecurityTraffic Management k8s apiserver Cluster
Service Mesh Service Mesh Control Plane App A Proxy App B Proxy Service A Service B k8s apiserver Cluster A Service Mesh Control Plane App A Proxy App B Proxy Service A Service B k8s apiserver Cluster B
Service Mesh App A Proxy App B Proxy Service A Service B k8s apiserver Cluster A App A Proxy App B Proxy Service A Service B k8s apiserver Cluster B Service Mesh Control Plane
Service Mesh App A Proxy App B Proxy Service A Service B k8s apiserver Cluster A App A Proxy App B Proxy Service A Service B k8s apiserver Cluster B Service Mesh Control Plane
Service Mesh Service Mesh Control Plane App A Proxy App B Proxy Service A Service B k8s apiserver Cluster A Service Mesh Control Plane App A Proxy App B Proxy Service A Service B k8s apiserver Cluster B Higher Level
There are many reasons to want to run multiple clusters… * Blast-radius (a problem in one cluster doesn't kill the whole system) * Environment isolation (dev, test, prod) * Reliability (a zone or region outage does not bring down the app) * Latency (run the app as close to customers as possible) * Scale (the app is too big to fit in a single cluster) * Provider diversity (for regulatory, geographic, data gravity, or other reasons) * Jurisdiction (keep user data in-country) * Upgrade scope (upgrade infra for some parts of your app but not all of it) * Avoid the need for in-place cluster upgrades * Performance isolation (teams don't want to feel each other) * Security isolation (sensitive data or untrusted code) * Organizational isolation (teams have different management domains) * Cost isolation (teams get different bills) Tim Hockin, Re: Proposing Submariner as a sig-multicluster
What does the Internet have to teach us?
NarrowPurpose Diversity …what itruns on …what runs on it ...how big it is Any system with an IP addresscan send packetsto any other system with anIP address Internet IEEE 802.3 IEEE 802.5 IEEE 802.11 RFC1577 RFC2549
~100GB/wk 1983 ~100GB/day 1992 ~100GB/hour 1997 ~100GB/second2002 ~100GB/ 50ms 2007 ~100GB/ms 2019
Scalable Evolutionary
Example
B D C A
B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - Routing InformationProtocol(RIP) Bellman-Ford
B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - To Hops Via Cat 2 D
B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - To Hops Via Cat 2 D To Hops Via Cat 3 C
B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - To Hops Via Cat 2 D To Hops Via Cat 3 C AJ 2 A
B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - To Hops Via Cat 2 D To Hops Via Cat 3 2 C D AJ 2 A
B D C A To Hops Via AJ 1 - Cat 3 B To Hops Via Cat 1 - To Hops Via Cat 2 D To Hops Via Cat 3 2 C D AJ 2 A
Scalable Evolutionary
B D C A E FG H I
B D C A E FG H I AS4037 AS717 AS2310 Border GatewayProtocol(BGP)
B D C A E FG H I AS4037 AS717 AS2310 RIP RIP RIP OSPF
OK, what does this have to do with k8s?
There are many reasons to want to run multiple clusters… * Blast-radius (a problem in one cluster doesn't kill the whole system) * Environment isolation (dev, test, prod) * Reliability (a zone or region outage does not bring down the app) * Latency (run the app as close to customers as possible) * Scale (the app is too big to fit in a single cluster) * Provider diversity (for regulatory, geographic, data gravity, or other reasons) * Jurisdiction (keep user data in-country) * Upgrade scope (upgrade infra for some parts of your app but not all of it) * Avoid the need for in-place cluster upgrades * Performance isolation (teams don't want to feel each other) * Security isolation (sensitive data or untrusted code) * Organizational isolation (teams have different management domains) * Cost isolation (teams get different bills) Tim Hockin, Re: Proposing Submariner as a sig-multicluster
Scalable Evolutionary
Unified Management – Configurethem all inoneplace Unified Trust – Crypto trusttraceable back to onecommonroot Heterogenous Network – Clusters can have overlappingor non-routableinternal IPs Independent Fault Domain – If Cluster A blows up,Cluster B is still OK Inter-Cluster Mesh Traffic –Inter-cluster traffic is still Service Mesh traffic To Multicluster, or Not to Multicluster: Inter-cluster Communication Using a Service Mesh
UnifiedManagement UnifiedTrust Heterogenous Network Independent Fault Domain Inter-clusterMesh Traffic Independent ✓ ✓ Common Management ✓ ✓ ✓ Flat Network ✓ ✓ ✓ Split Horizon ✓ ✓ ✓ ✓ Cluster-AwareService Routing ✓ ✓ ✓ ✓ To Multicluster, or Not to Multicluster: Inter-cluster Communication Using a Service Mesh
Istio: Multicluster Deployments Split Horizon ✓ Unified Mgmt ✓ Unified Trust ✓ Hetero Network ✘Fault Domain ✓ X-Cluster Mesh
Istio: Multicluster Deployments Cluster-Aware Service Routing ✘ Unified Mgmt ✓ Unified Trust ✓ Hetero Network ✓ Fault Domain ✓ X-Cluster Mesh
Recap
Aspen Mesh Survey at KubeCon 2019 Europe Multiple Independent Prod Dev/Test/Stage Multiple x-comm Prod Multiple (85%) (10%) Other (5%) One
There are many reasons to want to run multiple clusters… * Blast-radius (a problem in one cluster doesn't kill the whole system) * Environment isolation (dev, test, prod) * Reliability (a zone or region outage does not bring down the app) * Latency (run the app as close to customers as possible) * Scale (the app is too big to fit in a single cluster) * Provider diversity (for regulatory, geographic, data gravity, or other reasons) * Jurisdiction (keep user data in-country) * Upgrade scope (upgrade infra for some parts of your app but not all of it) * Avoid the need for in-place cluster upgrades * Performance isolation (teams don't want to feel each other) * Security isolation (sensitive data or untrusted code) * Organizational isolation (teams have different management domains) * Cost isolation (teams get different bills) Tim Hockin, Re: Proposing Submariner as a sig-multicluster
Unified Management – Configurethem all inoneplace Unified Trust – Crypto trusttraceable back to onecommonroot Heterogenous Network – Clusters can have overlappingor non-routableinternal IPs Independent Fault Domain – If Cluster A blows up,Cluster B is still OK Inter-Cluster Mesh Traffic –Inter-cluster traffic is still Service Mesh traffic To Multicluster, or Not to Multicluster: Inter-cluster Communication Using a Service Mesh
Thank You
Speaker Name Title
Section Title Goes Here
Unique, live, never-to-be repeated entertainment & experiences created by the magical interactions of many.
Slide Title Goes Here Observability Security Insights
Config data toEnvoys TLS certs toEnvoys Monitors K8s fornew pods toinject Envoys Mixer Sidecar InjectorPilot IstioControlPlane Ingress Gateway Egress GatewayEnvoy Container Flask Python Container SERVICEA SERVICEA Envoy Container Flask Python Container SERVICEA SERVICEA Envoy Container Flask Python Container SERVICEA SERVICEA Policy, quota &telemetry Citadel Managing Microservices with Istio

Recomendados

Debugging Your Debugging Tools: What to do When Your Service Mesh Goes Down
Debugging Your Debugging Tools: What to do When Your Service Mesh Goes DownDebugging Your Debugging Tools: What to do When Your Service Mesh Goes Down
Debugging Your Debugging Tools: What to do When Your Service Mesh Goes DownAspen Mesh
 
I'm a developer; should I care about a service mesh?
I'm a developer; should I care about a service mesh?I'm a developer; should I care about a service mesh?
I'm a developer; should I care about a service mesh?Aspen Mesh
 
The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service MeshAspen Mesh
 
Standardizing Microservice Management With a Service Mesh
Standardizing Microservice Management With a Service MeshStandardizing Microservice Management With a Service Mesh
Standardizing Microservice Management With a Service MeshAspen Mesh
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 

Recomendados

Debugging Your Debugging Tools: What to do When Your Service Mesh Goes Down
Debugging Your Debugging Tools: What to do When Your Service Mesh Goes DownDebugging Your Debugging Tools: What to do When Your Service Mesh Goes Down
Debugging Your Debugging Tools: What to do When Your Service Mesh Goes DownAspen Mesh
 
I'm a developer; should I care about a service mesh?
I'm a developer; should I care about a service mesh?I'm a developer; should I care about a service mesh?
I'm a developer; should I care about a service mesh?Aspen Mesh
 
The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service MeshAspen Mesh
 
Standardizing Microservice Management With a Service Mesh
Standardizing Microservice Management With a Service MeshStandardizing Microservice Management With a Service Mesh
Standardizing Microservice Management With a Service MeshAspen Mesh
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 

Mais conteúdo relacionado

Último

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 

Último (20)

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 

Destaque

AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 

Destaque (20)

AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 

Multicluster Kubernetes: How a Service Mesh Can and Can’t Help

  • 1. Multiclusterk8s: How a Service MeshCan/Can’t Help Andrew Jenkins, CTO @notthatjenkins
  • 2. Aspen Mesh Survey at KubeCon 2019 Europe Multiple Independent Prod Dev/Test/Stage Multiple x-comm Prod Multiple (85%) (10%) Other (5%) One
  • 3. Service Mesh Service Mesh Control Plane App A Proxy App B Proxy Service A Service B ObservabilitySecurityTraffic Management k8s apiserver Cluster
  • 4. Service Mesh Service Mesh Control Plane App A Proxy App B Proxy Service A Service B k8s apiserver Cluster A Service Mesh Control Plane App A Proxy App B Proxy Service A Service B k8s apiserver Cluster B
  • 5. Service Mesh App A Proxy App B Proxy Service A Service B k8s apiserver Cluster A App A Proxy App B Proxy Service A Service B k8s apiserver Cluster B Service Mesh Control Plane
  • 6. Service Mesh App A Proxy App B Proxy Service A Service B k8s apiserver Cluster A App A Proxy App B Proxy Service A Service B k8s apiserver Cluster B Service Mesh Control Plane
  • 7. Service Mesh Service Mesh Control Plane App A Proxy App B Proxy Service A Service B k8s apiserver Cluster A Service Mesh Control Plane App A Proxy App B Proxy Service A Service B k8s apiserver Cluster B Higher Level
  • 8. There are many reasons to want to run multiple clusters… * Blast-radius (a problem in one cluster doesn't kill the whole system) * Environment isolation (dev, test, prod) * Reliability (a zone or region outage does not bring down the app) * Latency (run the app as close to customers as possible) * Scale (the app is too big to fit in a single cluster) * Provider diversity (for regulatory, geographic, data gravity, or other reasons) * Jurisdiction (keep user data in-country) * Upgrade scope (upgrade infra for some parts of your app but not all of it) * Avoid the need for in-place cluster upgrades * Performance isolation (teams don't want to feel each other) * Security isolation (sensitive data or untrusted code) * Organizational isolation (teams have different management domains) * Cost isolation (teams get different bills) Tim Hockin, Re: Proposing Submariner as a sig-multicluster
  • 9. What does the Internet have to teach us?
  • 10. NarrowPurpose Diversity …what itruns on …what runs on it ...how big it is Any system with an IP addresscan send packetsto any other system with anIP address Internet IEEE 802.3 IEEE 802.5 IEEE 802.11 RFC1577 RFC2549
  • 11. ~100GB/wk 1983 ~100GB/day 1992 ~100GB/hour 1997 ~100GB/second2002 ~100GB/ 50ms 2007 ~100GB/ms 2019
  • 15. B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - Routing InformationProtocol(RIP) Bellman-Ford
  • 16. B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - To Hops Via Cat 2 D
  • 17. B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - To Hops Via Cat 2 D To Hops Via Cat 3 C
  • 18. B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - To Hops Via Cat 2 D To Hops Via Cat 3 C AJ 2 A
  • 19. B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - To Hops Via Cat 2 D To Hops Via Cat 3 2 C D AJ 2 A
  • 20. B D C A To Hops Via AJ 1 - Cat 3 B To Hops Via Cat 1 - To Hops Via Cat 2 D To Hops Via Cat 3 2 C D AJ 2 A
  • 25. OK, what does this have to do with k8s?
  • 26. There are many reasons to want to run multiple clusters… * Blast-radius (a problem in one cluster doesn't kill the whole system) * Environment isolation (dev, test, prod) * Reliability (a zone or region outage does not bring down the app) * Latency (run the app as close to customers as possible) * Scale (the app is too big to fit in a single cluster) * Provider diversity (for regulatory, geographic, data gravity, or other reasons) * Jurisdiction (keep user data in-country) * Upgrade scope (upgrade infra for some parts of your app but not all of it) * Avoid the need for in-place cluster upgrades * Performance isolation (teams don't want to feel each other) * Security isolation (sensitive data or untrusted code) * Organizational isolation (teams have different management domains) * Cost isolation (teams get different bills) Tim Hockin, Re: Proposing Submariner as a sig-multicluster
  • 28. Unified Management – Configurethem all inoneplace Unified Trust – Crypto trusttraceable back to onecommonroot Heterogenous Network – Clusters can have overlappingor non-routableinternal IPs Independent Fault Domain – If Cluster A blows up,Cluster B is still OK Inter-Cluster Mesh Traffic –Inter-cluster traffic is still Service Mesh traffic To Multicluster, or Not to Multicluster: Inter-cluster Communication Using a Service Mesh
  • 29. UnifiedManagement UnifiedTrust Heterogenous Network Independent Fault Domain Inter-clusterMesh Traffic Independent ✓ ✓ Common Management ✓ ✓ ✓ Flat Network ✓ ✓ ✓ Split Horizon ✓ ✓ ✓ ✓ Cluster-AwareService Routing ✓ ✓ ✓ ✓ To Multicluster, or Not to Multicluster: Inter-cluster Communication Using a Service Mesh
  • 30. Istio: Multicluster Deployments Split Horizon ✓ Unified Mgmt ✓ Unified Trust ✓ Hetero Network ✘Fault Domain ✓ X-Cluster Mesh
  • 31. Istio: Multicluster Deployments Cluster-Aware Service Routing ✘ Unified Mgmt ✓ Unified Trust ✓ Hetero Network ✓ Fault Domain ✓ X-Cluster Mesh
  • 32. Recap
  • 33. Aspen Mesh Survey at KubeCon 2019 Europe Multiple Independent Prod Dev/Test/Stage Multiple x-comm Prod Multiple (85%) (10%) Other (5%) One
  • 34. There are many reasons to want to run multiple clusters… * Blast-radius (a problem in one cluster doesn't kill the whole system) * Environment isolation (dev, test, prod) * Reliability (a zone or region outage does not bring down the app) * Latency (run the app as close to customers as possible) * Scale (the app is too big to fit in a single cluster) * Provider diversity (for regulatory, geographic, data gravity, or other reasons) * Jurisdiction (keep user data in-country) * Upgrade scope (upgrade infra for some parts of your app but not all of it) * Avoid the need for in-place cluster upgrades * Performance isolation (teams don't want to feel each other) * Security isolation (sensitive data or untrusted code) * Organizational isolation (teams have different management domains) * Cost isolation (teams get different bills) Tim Hockin, Re: Proposing Submariner as a sig-multicluster
  • 35. Unified Management – Configurethem all inoneplace Unified Trust – Crypto trusttraceable back to onecommonroot Heterogenous Network – Clusters can have overlappingor non-routableinternal IPs Independent Fault Domain – If Cluster A blows up,Cluster B is still OK Inter-Cluster Mesh Traffic –Inter-cluster traffic is still Service Mesh traffic To Multicluster, or Not to Multicluster: Inter-cluster Communication Using a Service Mesh
  • 38.
  • 40.
  • 41.
  • 42.
  • 43. Unique, live, never-to-be repeated entertainment & experiences created by the magical interactions of many.
  • 45. Config data toEnvoys TLS certs toEnvoys Monitors K8s fornew pods toinject Envoys Mixer Sidecar InjectorPilot IstioControlPlane Ingress Gateway Egress GatewayEnvoy Container Flask Python Container SERVICEA SERVICEA Envoy Container Flask Python Container SERVICEA SERVICEA Envoy Container Flask Python Container SERVICEA SERVICEA Policy, quota &telemetry Citadel Managing Microservices with Istio