O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
Service Mesh Sharing Thang Chung – May 2018 – v0.0.1
Agenda • Before Service Mesh Era • Service Mesh • Building Service Mesh for Microservices • Demo • Q&A
Before Service Mesh Era
From SOA to MSA pattern
Virtual Machines Containers Data Centers Orchestrated Environments Hardware Redundancy Design for Failure Servers Service ...
• Load Balancing • Routing: path based routing – L7 intelligent proxy • Auto Service Discovery • Resiliency for inter-serv...
Challenge of Going Faster Fallacies of Distributed Computing Network Reliable Network Dependency Code to Application Logic...
Then what kind of software architecture can help us to sort it out?
Service Mesh
MSA to Service Mesh Network Business Logic Network Functions Microservice A NODE 1 Business Logic Network Functions Micros...
MSA to Service Mesh (cont.) Business Logic Service Mesh Microservice A CONTAINER CONTAINER NODE 1 Business Logic Service M...
A SERVICE MESH offers consistent discovery, security, tracing, monitoring and failure handling without the need for a shar...
Service Mesh Types • Library • Node Agent • Sidecar
Service Mesh Types - Library • Netflix OSS (Hystrix, Ribbon), Twitter Finagle, Google Stubby • Pros: - Simple and straight...
Service Mesh Types – Node Agent • Linkerd + Kubernetes • Pros: - Benefits from sharing is configuration information - Cont...
Service Mesh Types – Sidecar • Istio + Envoy + Kubernetes, Conduit • Pros: - Don’t need infrastructure-wide cooperation to...
Service Mesh - Pros and Cons • Pros: - Commodity features are implemented outside microservice code and be able to reusabl...
NELSON CONTROL PLANE DATA PLANE Control Plane and Data Plane Competitors
Building Service Mesh for Microservices
Orchestration Layer
Kubernetes
Kubernetes (cont.) Pod Container Service Container Pods are groups of containers that share system resource (namespaces), ...
Istio
Istio - Sidecar • A secondary container in a Pod • Intercept & manages network traffic • Security/Identity • Pluggability ...
Istio - Pilot Pilot Pod Service 1 Pod Service 2 Envoy Envoy
Istio - Mixer Pilot Pod Service 1 Pod Service 2 Envoy Envoy Mixer
Istio - Auth Service 1 Service 2 Istio Certificate Authority Issue & Mount Keys Issue & Mount Keys mTLS & Secure Naming
Istio – Auth (cont.)
Istio – Key features • Automatic Protocol Metrics Collection & Tracing • Mutual TLS Authentication • Circuit Breaking • Fa...
Istio – Full picture Automatic Protocol Metrics Collection & Tracing
• Circuit Breaking • Failure Injection • Traffic Splitting
Ambassador
Demo Time https://github.com/thangchung/shopping-cart-k8s
Shopping Cart Demo Istio Control Plane Istio Data Plane Istio Pilot Istio Mixer Istio Auth Catalog Supplier Checkout
Q&A
THANK YOU www.nashtechglobal.com
Próximos SlideShares
Carregando em…5
×
Tecnologia
1.254 visualizações
05 de Mai de 2018

Service Mesh for Microservices

Building the Shopping Cart Application with Service Mesh pattern. Source code can be found at https://github.com/thangchung/shopping-cart-k8s

no profile picture user

  • Entre para ver os comentários

Exibir mais

Service Mesh for Microservices

  1. 1. Service Mesh Sharing Thang Chung – May 2018 – v0.0.1
  2. 2. Agenda • Before Service Mesh Era • Service Mesh • Building Service Mesh for Microservices • Demo • Q&A
  3. 3. Before Service Mesh Era
  4. 4. From SOA to MSA pattern
  5. 5. Virtual Machines Containers Data Centers Orchestrated Environments Hardware Redundancy Design for Failure Servers Service IP Addresses, DNS Service Discovery Server Monitoring Service Monitoring Monolithic Applications Microservices TCP/IP gRPC, REST, DataPack From Server to Service/Container Abstraction
  6. 6. • Load Balancing • Routing: path based routing – L7 intelligent proxy • Auto Service Discovery • Resiliency for inter-service communications: circuit-breaking, bulkhead, retries and timeouts, fault injection, fault handling, load balancing and failover, and Rate Limiting. • Observability: metrics, monitoring, distributed logging, and distributed tracing • Security: mTLS and key management • Inter-service communication protocols: HTTP1.x, HTTP2, gRPC, or DataPack protocols • Configuration information • Deployment: native support for containers (Docker) and orchestration layer (Kubernetes, Docker Swarm…) • 100% Uptime Standard Requirements for MSA
  7. 7. Challenge of Going Faster Fallacies of Distributed Computing Network Reliable Network Dependency Code to Application Logic Health Check, Retry, Time-out, Discovery, Logs, Diagnose, Circuit Breaker, Bulkhead… Single Deployment Dozen Deployments Hard to Manage Version, Deployment Environments Frameworks and Libraries Many Programming Languages Duplicated Code Base in Many Languages (Polyglot)
  8. 8. Then what kind of software architecture can help us to sort it out?
  9. 9. Service Mesh
  10. 10. MSA to Service Mesh Network Business Logic Network Functions Microservice A NODE 1 Business Logic Network Functions Microservice B NODE 2 Data Plane and Control Plane mixed together => ???
  11. 11. MSA to Service Mesh (cont.) Business Logic Service Mesh Microservice A CONTAINER CONTAINER NODE 1 Business Logic Service Mesh Microservice B CONTAINER CONTAINER NODE 2 Network Separated Data Plane and Control Plane
  12. 12. A SERVICE MESH offers consistent discovery, security, tracing, monitoring and failure handling without the need for a shared asset such as an API gateway or ESB. https://www.thoughtworks.com/radar/techniques/service-mesh
  13. 13. Service Mesh Types • Library • Node Agent • Sidecar
  14. 14. Service Mesh Types - Library • Netflix OSS (Hystrix, Ribbon), Twitter Finagle, Google Stubby • Pros: - Simple and straight-forward - Work well with one programming language technical stack - Don’t care much about co-operate with underlying infrastructure (e.g. Kubernetes, Docker Swarm) • Cons: - Become messy and consume efforts when using many different programming languages (polyglot) - Cannot leverage the power of containerized application (Resource Isolation and Dependency Management), orchestration layer (Kubernetes, Docker Swarm)
  15. 15. Service Mesh Types – Node Agent • Linkerd + Kubernetes • Pros: - Benefits from sharing is configuration information - Containerized Microservices on top of Node Agent or something topologically equivalent - Manages the powerful techniques: circuit-breaking, latency-aware load balancing, eventually consistent, service discovery, retries, and deadlines • Cons: - Requires some cooperation from the infrastructure
  16. 16. Service Mesh Types – Sidecar • Istio + Envoy + Kubernetes, Conduit • Pros: - Don’t need infrastructure-wide cooperation to deploy that shared agent - Security-related aspects - Principle of Least Privilege, e.g. authentication keys, memory and network capabilities • Cons: - Run multiple copies of an identical sidecar - Spend more effort computing that reduced configuration for each sidecar. - Quite new to the community
  17. 17. Service Mesh - Pros and Cons • Pros: - Commodity features are implemented outside microservice code and be able to reusable. - Solves most of the problems in MSA (which we used to have ad-hoc solutions) like distributed tracing, logging, security, access control etc. - Freedom when it comes to selecting a microservices implementation language. E.g. PHP, Java, .NET Core, NodeJS, Golang,… • Cons: - Complexity - Adding extra hops - Immature
  18. 18. NELSON CONTROL PLANE DATA PLANE Control Plane and Data Plane Competitors
  19. 19. Building Service Mesh for Microservices
  20. 20. Orchestration Layer
  21. 21. Kubernetes
  22. 22. Kubernetes (cont.) Pod Container Service Container Pods are groups of containers that share system resource (namespaces), e.g. Process, Networking...
  23. 23. Istio
  24. 24. Istio - Sidecar • A secondary container in a Pod • Intercept & manages network traffic • Security/Identity • Pluggability • Language Agnostic
  25. 25. Istio - Pilot Pilot Pod Service 1 Pod Service 2 Envoy Envoy
  26. 26. Istio - Mixer Pilot Pod Service 1 Pod Service 2 Envoy Envoy Mixer
  27. 27. Istio - Auth Service 1 Service 2 Istio Certificate Authority Issue & Mount Keys Issue & Mount Keys mTLS & Secure Naming
  28. 28. Istio – Auth (cont.)
  29. 29. Istio – Key features • Automatic Protocol Metrics Collection & Tracing • Mutual TLS Authentication • Circuit Breaking • Failure Injection • Traffic Splitting
  30. 30. Istio – Full picture Automatic Protocol Metrics Collection & Tracing
  31. 31. • Circuit Breaking • Failure Injection • Traffic Splitting
  32. 32. Ambassador
  33. 33. Demo Time https://github.com/thangchung/shopping-cart-k8s
  34. 34. Shopping Cart Demo Istio Control Plane Istio Data Plane Istio Pilot Istio Mixer Istio Auth Catalog Supplier Checkout
  35. 35. Q&A
  36. 36. THANK YOU www.nashtechglobal.com

×