Mais conteúdo relacionado 2. | ©2020 F5
2
SR. PRODUCT MANAGER – NGINX SERVICE MESH
Alan Murphy Whether you're ready for a service mesh
How to choose a mesh that’s right for
your apps
The importance of a high-performance
Kubernetes application data plane
How NGINX Service Mesh improves the
developer experience
4. | ©2020 F5
5
What is your organization’s expertise
with Microservices?
1. We’re not using a Microservices architecture yet.
2. We are taking first steps to production Microservices.
3. We run both Microservices and Traditional architectures in
production.
4. We are (almost) entirely a Microservices-first organization.
5. | ©2020 F5
6
What’s your biggest concern
with Microservices?
1. Training and Knowledge – the journey to production is difficult
2. In production – Logging, Visibility and Monitoring
3. In production – Security
4. In production – Scaling to large apps and multiple teams
5. None – I know what I’m doing, all is working
7. | ©2020 F5
8
WHAT’S MISSING IN K8S AND WHAT DO YOU REALLY WANT AND NEED FROM A MESH?
Networking: K8, L3, L4, L5, L7
• K8s, and CNI, provides L4 servicing – IP endpoints
• Many, complex options
• https://kubernetes.io/docs/concepts/cluster-administration/networking/
• L7 Traffic Management is missing
• Policy-based routing
• Service-level access control
• SSL/mTLS enforcement
• Enter: Service Mesh
8. | ©2020 F5
9
WHAT’S MISSING IN K8S AND WHAT DO YOU REALLY WANT AND NEED FROM A MESH?
What Is A Service Mesh?
• A service mesh adds L7 traffic management & security:
• sidecar deployment
• policy management
• application availability/health,
• Service mesh isn’t just one “thing”, it’s a lot of managed and dependent
components
• Takes over where K8s networking stops (service/pod IP endpoints)
• “Traffic management for containers”
9. | ©2020 F5
10
L7 Logic (Ingress)
L3-L4 Networking
L3 – L7 Network
Management ==
Service Mesh
An Overly Simplified Picture
10. | ©2020 F5
11
Do you use a Service Mesh in production?
1. No, and I’m not planning to use one yet
2. No, but I’m actively evaluating
3. Yes – Istio in production
4. Yes – a different mesh in production (share in the comments)
5. I don’t know
11. | ©2020 F5
12
Risks of adopting a mesh too early…
Complexity
Complexity
Complexity
Preparing for a Mesh
18. | ©2020 F5
19
IT DEPENDS…
Selecting a Service Mesh
Why are you looking for a service mesh?
(what are your use cases?)
19. | ©2020 F5
20
NGINX Service Mesh Use Cases
Secure Traffic
End-to-end encryption (Mutual TLS / mTLS), ACLs
Manage All Service Traffic
Load Balance, Circuit breaker, B|G, Rate Limiting…
Orchestration
Injection and sidecar management, K8s API integration
Visualize Traffic
Generate transaction traces and real-time monitoring
Enterprise ADC sidecar with
NGINX Plus
Small/efficient control plane
and developer friendly
Enterprise ADC sidecar with
NGINX Plus
SMI spec, open ecosystem
key differentiator
20. | ©2020 F5
21
IT DEPENDS…
Selecting a Service Mesh
Why are you looking for a service mesh?
(what are your use cases?)
How will you use the service mesh?
21. | ©2020 F5
22
Developers
Do you plan to add security to a legacy app that
is moving into Kubernetes?
Are you going to incorporate security as you
refactor an app into a native Kubernetes app?
Platform/Infrastructure Team
Are you going to add the service mesh into your
CI/CD pipeline so that it’s automatically deployed
and configured with every new cluster and
available when a developer spins up a new
instance?
How will you use the service mesh?
IT DEPENDS WHO YOU ARE
22. | ©2020 F5
23
IT DEPENDS…
Selecting a Service Mesh
Why are you looking for a service mesh?
(what are your use cases?)
How will you use the service mesh?
What factors influence your selection?
24. | ©2020 F5
25
1. Your “first mile” at the edge.
2. Your ”last mile” at the application layer.
3. Resiliency of your application delivery in Kubernetes.
4. Security enforcement point.
5. Metrics and monitoring for visibility.
FOCUS ON CONTROL PLANE IS CRITICAL, BUT DON’T FORGET ABOUT THE DATA
Data Plane Handles…
E
F
25. | ©2020 F5
26
• Data plane is all Kubernetes traffic
• Ingress and egress traffic treated as E/W
S2S traffic
• Full integration with control plane
• Resiliency, security, high availability all
matters for N/S
• Egress becoming more and more critical
CONFIDENTIAL
Don’t Forget N/S Ingress/Egress Data Plane
26. | ©2020 F5
27
• Accepts traffic from outside the Kubernetes
platform, and load-balances it to pods
(containers) running inside the platform
• Configured using the Kubernetes API, with
objects called ‘Ingress Resources’
• Monitors the pods running in Kubernetes, and
automatically updates the load balancing rules if,
for example, pods are added or removed from a
service
The Ingress Controller
Internal
Network
Users
Ingress
Controller
A specialized load balancer for Kubernetes environments:
27. | ©2020 F5
28
Which Ingress controller(s) do you use?
1. Default Kubernetes Ingress Controller
2. NGINX Ingress Controller
3. Public Cloud (e.g. from AWS, Azure, Google)
4. F5 Container Ingress Services
5. Something else (share in the comments)
6. I don’t know
28. | ©2020 F5
29
Developer-Friendly: Self-service and so easy to
use that it doesn’t require an infrastructure team to
deploy and manage it. No manual configurations,
built on native Kubernetes tooling and open
source tools.
Powerful and Efficient: The fastest, lightest way to
get mTLS and traffic management in your
microservices environment.
No sidecar injected into NGINX Ingress Controller.
NGINX Plus Sidecars: A fully integrated, high
performance data plane for highly available and
scalable containerized environments.
Why you might like
31. | ©2020 F5
34 CONFIDENTIAL
And try it with our other K8s traffic management solutions
Download for free
