TEC Campus, profile picture
Uploaded byTEC Campus
116 views

Service Mesh Introduction - CloudNative Meetup Karlsruhe

The document is a presentation about service mesh technology, specifically focusing on Istio and its advantages in microservices architecture. It discusses the need for centralized management of cross-cutting network functions like encryption, load balancing, and monitoring, which are essential for microservices running on container platforms. Key aspects include architectural details, configuration samples, performance metrics, and the challenges of implementing service mesh solutions.

Softwareâ—¦
Download to read offline
Stephan Fudeus SERVICE MESH INTRODUCTION Cloud Native and Kubernetes Karlsruhe Meetup
1&1 Mail & Media Development & Technology GmbH2 Speaker 29.08.19 Stephan Fudeus § Joined 1&1 in 2005 § Long-term experience in building highly scalable multi- tenant applications § Product Owner and Technology Lead for Kubernetes Clusters of 1&1 Mail & Media § Twitter: @der_sfu
¢ Motivation ¢ Service Mesh in general ¢ Istio £ Beyond a single cluster £ Configuration samples £ Observability £ Performance 1&1 Mail & Media Development & Technology GmbH3 Agenda 29.08.19
SOA & Microservices 29.08.194 1&1 Mail & Media Development & Technology GmbH Source: https://www.redhat.com/de/topics/microservices/what-are-microservices
Advantages of Microservices 29.08.195 1&1 Mail & Media Development & Technology GmbH § Decoupling § Less local complexity § Faster development cycles § Focus on single purpose § Reusability § Scalability § …
Microservices 29.08.196 1&1 Mail & Media Development & Technology GmbH Source: https://hackernoon.com/capture-and-forward-correlation-ids-through-different-lambda-event-sources-220c227c65f5
Networks in Container Platforms 29.08.197 1&1 Mail & Media Development & Technology GmbH § Physical network insufficient § Take care of basic routing and firewalling § Software Defined Networks § flexible § Usually „flat“ / „unstructured“ within a single cluster § Some infrastructural enhancements, e.g. network policies § Container Orchestrator functionalities § Rollout processes § Simple Request Routing / Load Balancing
Gap Between Network and Applications 29.08.198 1&1 Mail & Media Development & Technology GmbH § SDN offers basic functionality § Applications need further cross-cutting network functions § Encryption: TLS § Identification & Authentication: TLS client certificates § Loadbalancing, Routing (blue/green, canary, …) § Request Tracing (incl. Timing) § Monitoring § Rate limiting § Request mirroring, Retries § Circuit Breaking § Tests: e.g. fault injection
Solution so far 29.08.199 1&1 Mail & Media Development & Technology GmbH § Implementation as part of the application § language specific details § Inconsistent throughout the full landscape § High risk of errors § Re-inventing the wheel § Highly redundant § Use of frameworks § Still language-specific, thus incompatible
But …. 29.08.1910 1&1 Mail & Media Development & Technology GmbH Service 1 Actual service Ribbon Hystrix Metrics Tracing Service 2 Actual service Ribbon Hystrix Metrics Tracing Service 3 Actual service Ribbon Hystrix Metrics Tracing
Solution: Service Mesh 29.08.1911 1&1 Mail & Media Development & Technology GmbH § Idea: Enhance functionality in an infrastructural component § Central implementation § Easier to maintain § Language agnostic
Control Plane Data Plane Service Mesh Architecture 29.08.1912 1&1 Mail & Media Development & Technology GmbH Pod 1 Service A Pod 2 Service B Proxy Proxy Configuration Management Policies & Telemetry Certificate Management
Major Implementations 29.08.1913 1&1 Mail & Media Development & Technology GmbH § Istio (1.2.x) § Linkerd2 (2.5.x) § Consul connect § …
Example: Istio 29.08.1914 1&1 Mail & Media Development & Technology GmbH Control Plane Data Plane 29.08.1914 Pod 1 Service A Pod 2 Service B Pilot Mixer Citadel
General External Connectivity 29.08.1915 1&1 Mail & Media Development & Technology GmbH
Flexible Request Routing 29.08.1916 1&1 Mail & Media Development & Technology GmbH
Mesh Expansion 29.08.1917 1&1 Mail & Media Development & Technology GmbH Cluster A Host A Host B Pod 1 Service A App A App A Istio Control Plane
Multi Cluster 29.08.1918 1&1 Mail & Media Development & Technology GmbH Cluster A Pod 1 Service A Istio Control Plane Cluster B Pod 2 Service B Istio Control Plane Root CA Gateway
Configuration Objects 29.08.1919 1&1 Mail & Media Development & Technology GmbH VirtualService DestinationRuleClient Pod Destination Pod Relevant features • Routing • Timeouts • Retries • Fault injection • Aborts • Delays • Mirroring Relevant features • Circuit breaking • Routing • Load balancing
Configuration Objects 29.08.1920 1&1 Mail & Media Development & Technology GmbH Client Pod ServiceEntry External Service
Configuration Samples - Routing 29.08.1921 1&1 Mail & Media Development & Technology GmbH
Configuration Samples – Fault/Delay Injection 29.08.1922 1&1 Mail & Media Development & Technology GmbH
Configuration Samples – Mirroring / Timeouts 29.08.1923 1&1 Mail & Media Development & Technology GmbH
Configuration Samples – Circuit Breaking 29.08.1924 1&1 Mail & Media Development & Technology GmbH
Additional Aspects 29.08.1925 1&1 Mail & Media Development & Technology GmbH § Security policies § Transport security § Authentication / Authorization § Policies and Telemetry § Whitelists and Blacklists § Rate limiting § Header rewrites and redirects
Observability with Kiali 29.08.1926 1&1 Mail & Media Development & Technology GmbH
Overhead 29.08.1927 1&1 Mail & Media Development & Technology GmbH § Official numbers § The Envoy proxy adds 8ms to the 90th percentile latency. § The Envoy proxy uses 0.6 vCPU and 50 MB memory per 1000 requests per second going through the proxy.

More Related Content

PPTX
Building a scalable microservice architecture with envoy, kubernetes and istio
bySAMIR BEHARA
 
PDF
Meetup talk about the Red Hat OpenShift Service Mesh
byConSol Consulting & Solutions Software GmbH
 
PPT
Cics Connectivity
byCICS ROADSHOW
 
PDF
Building a CI/CD driven infrastructure for managing kubernetes clusters on ba...
byTEC Campus
 
PPTX
Towards Quality-Aware Development of Big Data Applications with DICE
byPooyan Jamshidi
 
PDF
„GitOps with Flux and Flagger“
byConSol Consulting & Solutions Software GmbH
 
PDF
Vanalstine Soq 2012
bytomvanalstine
 
PDF
MongoDB Linux Porting, Performance Measurements and and Scaling Advantage usi...
byMongoDB
 
Building a scalable microservice architecture with envoy, kubernetes and istio
bySAMIR BEHARA
 
Meetup talk about the Red Hat OpenShift Service Mesh
byConSol Consulting & Solutions Software GmbH
 
Cics Connectivity
byCICS ROADSHOW
 
Building a CI/CD driven infrastructure for managing kubernetes clusters on ba...
byTEC Campus
 
Towards Quality-Aware Development of Big Data Applications with DICE
byPooyan Jamshidi
 
„GitOps with Flux and Flagger“
byConSol Consulting & Solutions Software GmbH
 
Vanalstine Soq 2012
bytomvanalstine
 
MongoDB Linux Porting, Performance Measurements and and Scaling Advantage usi...
byMongoDB
 

Similar to Service Mesh Introduction - CloudNative Meetup Karlsruhe

PPTX
Kubernetes Ingress to Service Mesh (and beyond!)
byChristian Posta
 
PDF
Docker microservices and the service mesh
byDocker, Inc.
 
PPTX
Evolution of integration and microservices patterns with service mesh
byChristian Posta
 
PPTX
Microservices and Integration: what's next with Istio service mesh
byChristian Posta
 
PDF
Introduction to Istio Service Mesh
byGeorgios Andrianakis
 
PDF
SophiaConf 2018 - D. Benque (Amadeus)
byTelecomValley
 
PDF
Istio Up Running Using a Service Mesh to Connect Secure Control and Observe 1...
bykecketatyz
 
PDF
Istio presentation jhug
byGeorgios Andrianakis
 
PDF
Kubernetes in a grown environment and integration into continuous delivery
byTEC Campus
 
PDF
Managing microservices with Istio Service Mesh
byRafik HARABI
 
PPTX
Service Mesh in the Real World [Raleigh NC Meetup]
bySolo.io
 
PPTX
Docker, Microservices, and the Service Mesh
byTony Pujals
 
PPTX
Role of edge gateways in relation to service mesh adoption
byChristian Posta
 
PPTX
The Hardest Part of Microservices: Calling Your Services
byChristian Posta
 
PPTX
Cloud Native & Service Mesh
byRoi Ezra
 
PPTX
Istio Mesh – Managing Container Deployments at Scale
byMofizur Rahman
 
PPTX
Manging Container Deployments at Scale
byMofizur Rahman
 
PDF
Managing Microservices With The Istio Service Mesh on Kubernetes
byIftach Schonbaum
 
PDF
Role of Integration and Service Mesh in Cloud Native Architecture KubeCon 2108
byBallerina
 
PDF
Service mesh in Microservice World to Manage end to end service communications
bySatya Syam
 
Kubernetes Ingress to Service Mesh (and beyond!)
byChristian Posta
 
Docker microservices and the service mesh
byDocker, Inc.
 
Evolution of integration and microservices patterns with service mesh
byChristian Posta
 
Microservices and Integration: what's next with Istio service mesh
byChristian Posta
 
Introduction to Istio Service Mesh
byGeorgios Andrianakis
 
SophiaConf 2018 - D. Benque (Amadeus)
byTelecomValley
 
Istio Up Running Using a Service Mesh to Connect Secure Control and Observe 1...
bykecketatyz
 
Istio presentation jhug
byGeorgios Andrianakis
 
Kubernetes in a grown environment and integration into continuous delivery
byTEC Campus
 
Managing microservices with Istio Service Mesh
byRafik HARABI
 
Service Mesh in the Real World [Raleigh NC Meetup]
bySolo.io
 
Docker, Microservices, and the Service Mesh
byTony Pujals
 
Role of edge gateways in relation to service mesh adoption
byChristian Posta
 
The Hardest Part of Microservices: Calling Your Services
byChristian Posta
 
Cloud Native & Service Mesh
byRoi Ezra
 
Istio Mesh – Managing Container Deployments at Scale
byMofizur Rahman
 
Manging Container Deployments at Scale
byMofizur Rahman
 
Managing Microservices With The Istio Service Mesh on Kubernetes
byIftach Schonbaum
 
Role of Integration and Service Mesh in Cloud Native Architecture KubeCon 2108
byBallerina
 
Service mesh in Microservice World to Manage end to end service communications
bySatya Syam
 

Recently uploaded

PPTX
🚀 Appnigma AI – No-Code Salesforce App Builder for Faster Native Development
byssuser412e60
 
PDF
Hiring Dedicated Laravel Developers: Cost Breakdown
byShiv Technolabs Pvt. Ltd.
 
PDF
Cloud-based Hotel PMS_ Why hotels Must Upgrade Now.pdf
byHotelogix
 
PDF
Enterprise Data Sync via Navision Integration Service Provider
byNavision India
 
PPTX
Hall-Pass-Management-Software-Transforming-School-Safety-and-Efficiency.pptx
byinfoswipesolutionsin
 
PDF
How to Get Premium Capacity Power BI.pdf
byinfodobbsdataconsult
 
PDF
Build Vs. Buy: Cloud Cost Management and FinOps
byAmnic
 
PPTX
How Embedded Analytics Drives SaaS Growth in Fintech.pptx
byVarsha Nayak
 
PDF
Boobanker Token – Smart Contract Security Audit Report by EtherAuthority
byEtherAuthority1
 
PDF
Softaken OCR Image to Text Extractor Tool
byaimberdphilomena
 
PPTX
Cache management across scenarios_version5.pptx
bykamarajsindhuja1
 
PDF
Simplify Finances with Qandle’s Expense Software.pdf
byQandle
 
PPTX
PPT - Easy way to improve your website's Google ranking.pptx
byThe Webbuzz
 
PPTX
1stCollege Management System (1) .pptx
bygehlotyash2005
 
PDF
Top 10 Ways AI Can Improve SEO Strategies in 2025.pdf
bybpractseo
 
PPTX
AI in Payroll Automate & Optimize Workforce Management
byMatellio
 
PPTX
School-Hall-Pass-System-Modernizing-Student-Movement-Management.pptx
byinfoswipesolutionsin
 
PDF
"SiyanoAV: Preventing Data Breaches in 2025"
byyogeshchauhanoffice
 
PPTX
AI and Automation Software | Best AI and Automation Software
byEasy Clinic
 
PDF
The future Android App Development in 2025
byLoudOwls Solutions Private Limited
 
🚀 Appnigma AI – No-Code Salesforce App Builder for Faster Native Development
byssuser412e60
 
Hiring Dedicated Laravel Developers: Cost Breakdown
byShiv Technolabs Pvt. Ltd.
 
Cloud-based Hotel PMS_ Why hotels Must Upgrade Now.pdf
byHotelogix
 
Enterprise Data Sync via Navision Integration Service Provider
byNavision India
 
Hall-Pass-Management-Software-Transforming-School-Safety-and-Efficiency.pptx
byinfoswipesolutionsin
 
How to Get Premium Capacity Power BI.pdf
byinfodobbsdataconsult
 
Build Vs. Buy: Cloud Cost Management and FinOps
byAmnic
 
How Embedded Analytics Drives SaaS Growth in Fintech.pptx
byVarsha Nayak
 
Boobanker Token – Smart Contract Security Audit Report by EtherAuthority
byEtherAuthority1
 
Softaken OCR Image to Text Extractor Tool
byaimberdphilomena
 
Cache management across scenarios_version5.pptx
bykamarajsindhuja1
 
Simplify Finances with Qandle’s Expense Software.pdf
byQandle
 
PPT - Easy way to improve your website's Google ranking.pptx
byThe Webbuzz
 
1stCollege Management System (1) .pptx
bygehlotyash2005
 
Top 10 Ways AI Can Improve SEO Strategies in 2025.pdf
bybpractseo
 
AI in Payroll Automate & Optimize Workforce Management
byMatellio
 
School-Hall-Pass-System-Modernizing-Student-Movement-Management.pptx
byinfoswipesolutionsin
 
"SiyanoAV: Preventing Data Breaches in 2025"
byyogeshchauhanoffice
 
AI and Automation Software | Best AI and Automation Software
byEasy Clinic
 
The future Android App Development in 2025
byLoudOwls Solutions Private Limited
 

Service Mesh Introduction - CloudNative Meetup Karlsruhe

  • 1.
    Stephan Fudeus SERVICE MESHINTRODUCTION Cloud Native and Kubernetes Karlsruhe Meetup
  • 2.
    1&1 Mail &Media Development & Technology GmbH2 Speaker 29.08.19 Stephan Fudeus § Joined 1&1 in 2005 § Long-term experience in building highly scalable multi- tenant applications § Product Owner and Technology Lead for Kubernetes Clusters of 1&1 Mail & Media § Twitter: @der_sfu
  • 3.
    ¢ Motivation ¢ ServiceMesh in general ¢ Istio £ Beyond a single cluster £ Configuration samples £ Observability £ Performance 1&1 Mail & Media Development & Technology GmbH3 Agenda 29.08.19
  • 4.
    SOA & Microservices 29.08.1941&1 Mail & Media Development & Technology GmbH Source: https://www.redhat.com/de/topics/microservices/what-are-microservices
  • 5.
    Advantages of Microservices 29.08.1951&1 Mail & Media Development & Technology GmbH § Decoupling § Less local complexity § Faster development cycles § Focus on single purpose § Reusability § Scalability § …
  • 6.
    Microservices 29.08.196 1&1 Mail& Media Development & Technology GmbH Source: https://hackernoon.com/capture-and-forward-correlation-ids-through-different-lambda-event-sources-220c227c65f5
  • 7.
    Networks in ContainerPlatforms 29.08.197 1&1 Mail & Media Development & Technology GmbH § Physical network insufficient § Take care of basic routing and firewalling § Software Defined Networks § flexible § Usually „flat“ / „unstructured“ within a single cluster § Some infrastructural enhancements, e.g. network policies § Container Orchestrator functionalities § Rollout processes § Simple Request Routing / Load Balancing
  • 8.
    Gap Between Networkand Applications 29.08.198 1&1 Mail & Media Development & Technology GmbH § SDN offers basic functionality § Applications need further cross-cutting network functions § Encryption: TLS § Identification & Authentication: TLS client certificates § Loadbalancing, Routing (blue/green, canary, …) § Request Tracing (incl. Timing) § Monitoring § Rate limiting § Request mirroring, Retries § Circuit Breaking § Tests: e.g. fault injection
  • 9.
    Solution so far 29.08.1991&1 Mail & Media Development & Technology GmbH § Implementation as part of the application § language specific details § Inconsistent throughout the full landscape § High risk of errors § Re-inventing the wheel § Highly redundant § Use of frameworks § Still language-specific, thus incompatible
  • 10.
    But …. 29.08.1910 1&1Mail & Media Development & Technology GmbH Service 1 Actual service Ribbon Hystrix Metrics Tracing Service 2 Actual service Ribbon Hystrix Metrics Tracing Service 3 Actual service Ribbon Hystrix Metrics Tracing
  • 11.
    Solution: Service Mesh 29.08.19111&1 Mail & Media Development & Technology GmbH § Idea: Enhance functionality in an infrastructural component § Central implementation § Easier to maintain § Language agnostic
  • 12.
    Control Plane Data Plane ServiceMesh Architecture 29.08.1912 1&1 Mail & Media Development & Technology GmbH Pod 1 Service A Pod 2 Service B Proxy Proxy Configuration Management Policies & Telemetry Certificate Management
  • 13.
    Major Implementations 29.08.1913 1&1Mail & Media Development & Technology GmbH § Istio (1.2.x) § Linkerd2 (2.5.x) § Consul connect § …
  • 14.
    Example: Istio 29.08.1914 1&1Mail & Media Development & Technology GmbH Control Plane Data Plane 29.08.1914 Pod 1 Service A Pod 2 Service B Pilot Mixer Citadel
  • 15.
    General External Connectivity 29.08.19151&1 Mail & Media Development & Technology GmbH
  • 16.
    Flexible Request Routing 29.08.19161&1 Mail & Media Development & Technology GmbH
  • 17.
    Mesh Expansion 29.08.1917 1&1Mail & Media Development & Technology GmbH Cluster A Host A Host B Pod 1 Service A App A App A Istio Control Plane
  • 18.
    Multi Cluster 29.08.1918 1&1Mail & Media Development & Technology GmbH Cluster A Pod 1 Service A Istio Control Plane Cluster B Pod 2 Service B Istio Control Plane Root CA Gateway
  • 19.
    Configuration Objects 29.08.1919 1&1Mail & Media Development & Technology GmbH VirtualService DestinationRuleClient Pod Destination Pod Relevant features • Routing • Timeouts • Retries • Fault injection • Aborts • Delays • Mirroring Relevant features • Circuit breaking • Routing • Load balancing
  • 20.
    Configuration Objects 29.08.1920 1&1Mail & Media Development & Technology GmbH Client Pod ServiceEntry External Service
  • 21.
    Configuration Samples -Routing 29.08.1921 1&1 Mail & Media Development & Technology GmbH
  • 22.
    Configuration Samples –Fault/Delay Injection 29.08.1922 1&1 Mail & Media Development & Technology GmbH
  • 23.
    Configuration Samples –Mirroring / Timeouts 29.08.1923 1&1 Mail & Media Development & Technology GmbH
  • 24.
    Configuration Samples –Circuit Breaking 29.08.1924 1&1 Mail & Media Development & Technology GmbH
  • 25.
    Additional Aspects 29.08.1925 1&1Mail & Media Development & Technology GmbH § Security policies § Transport security § Authentication / Authorization § Policies and Telemetry § Whitelists and Blacklists § Rate limiting § Header rewrites and redirects
  • 26.
    Observability with Kiali 29.08.19261&1 Mail & Media Development & Technology GmbH
  • 27.
    Overhead 29.08.1927 1&1 Mail& Media Development & Technology GmbH § Official numbers § The Envoy proxy adds 8ms to the 90th percentile latency. § The Envoy proxy uses 0.6 vCPU and 50 MB memory per 1000 requests per second going through the proxy.