Next Level Cloud Development with Service...
54
1 Next Level Cloud Development with Service Mesh HVOpen January 2020 Patrick Ladd – [email protected] Technical Account Manager Red Hat
Transcript of Next Level Cloud Development with Service...
1
Next Level Cloud Development with Service MeshHVOpen January 2020
Patrick Ladd – [email protected] Account ManagerRed Hat
2
QUICK TIPTry right clicking on the photo and using “Replace” to insert your own photo. You are also welcome to use this photo.
A mash-up of several better-known technologies: “A service mesh is
a set of software components which act as the “glue” for a set of
independent applications. The goal of the mesh is to guarantee
secure communications between each application and be able to
redirect traffic in the event of failures. Often the features of a
service mesh look like a mash-up between a load balancer, a web
application firewall, and an API gateway.”
- Brian “Redbeard” Harrington, Product Manager at Red Hat
3
BUILD AND DEPLOY CLOUD-NATIVE APPS WITH RED HAT OPENSHIFT
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
ANYINFRASTRUCTURE
OpenShift Container Platform(Enterprise Kubernetes)
Amazon Web Services Microsoft Azure Google CloudOpenStackDatacenterLaptop
ANYAPPLICATION
Service
CONTAINER
Service
CONTAINER
Service Discovery
Config Mgmt
Build Automation
Deploy Automation
Monitoring
Log Mgmt
Security
CI/CD Pipelines
OVERVIEW
5
WHAT IS A SERVICE MESH ?
NETWORK
Circuit Breaker
Discovery
Tracing
Circuit Breaker
Discovery
Tracing
Service A Service B
ProxyProxy
Machine A (Monolith)
Machine B
6
SERVICE MESH ECOSYSTEM
Observe Observe
Secure
ControlConnect
Jaeger
Kiali Grafana
Prometheus
Istio
7
DISTRIBUTED SERVICES WITHRED HAT OPENSHIFT SERVICE MESH
INFRA
INFRA OPS
SERVICE OPS
SERVICE
ANYINFRASTRUCTURE
OpenShift Container Platform(Enterprise Kubernetes)
Amazon Web Services Microsoft Azure Google CloudOpenStackDatacenterLaptop
OpenShift Service Mesh(Istio + Jaeger + Kiali)
ANYAPPLICATION
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
UNDER THE HOOD
@redhat
MICROSERVICES ARCHITECTURE
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Application Server
HTML Javascript Web
ServiceServiceService
Service Service Service
Data Access
Runtime
Service
Runtime
Service
@redhat
MICROSERVICES ARCHITECTURE
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Application Server
HTML Javascript Web
ServiceServiceService
Service Service Service
Data Access
DISTRIBUTED
Runtime
Service
Runtime
Service
@redhat
DISTRIBUTED ARCHITECTURE
Service ServiceService
Service ServiceService
Service ServiceService
@redhat
HOW TO DEAL WITH THE COMPLEXITY?
Photo by Clint Adair on Unsplash
@redhat
DEPLOYMENT
ServiceContainer
INFRASTRUCTURE
ServiceContainer
ServiceContainer
@redhat
CONFIGURATION
Spring CloudConfig Server
Service
Config
Service
Config
Service
Config
INFRASTRUCTURE
@redhat
SERVICE DISCOVERY
Service
Spring CloudConfig Server Netflix Eureka
Netflix RibbonConfig
Service
Config
Service
Config
Svc Discovery Svc Discovery Svc Discovery
INFRASTRUCTURE
@redhat
DYNAMIC ROUTING
Spring CloudConfig Server
Service
Netflix EurekaNetflix Ribbon
Config
Service
Config
Service
Config
Svc Discovery Svc Discovery Svc Discovery
Routing Routing Routing
Netflix ZuulServer
INFRASTRUCTURE
@redhat
FAULT TOLERANCE
Spring CloudConfig Server
Service
Netflix EurekaNetflix Ribbon
Config
Service
Config
Service
Config
Svc Discovery Svc Discovery Svc Discovery
Routing Routing Routing
Netflix ZuulServer
Circuit Breaker Circuit Breaker Circuit Breaker
INFRASTRUCTURE
@redhat
TRACING AND VISIBILITY
Spring CloudConfig Server
Service
Netflix EurekaNetflix Ribbon
Config
Service
Config
Service
Config
Svc Discovery Svc Discovery Svc Discovery
Routing Routing Routing
Netflix ZuulServer
Circuit Breaker Circuit Breaker Circuit Breaker
Tracing Tracing Tracing
ZipKin Server
INFRASTRUCTURE
@redhat
WHAT ABOUT…?
POLYGLOT APPS
EXISTING APPS
@redhat
THERE SHOULD BE A BETTER WAY
@redhat
ADDRESS THE COMPLEXITY IN THE INFRASTRUCTURE
@redhat
SERVICE MESHA dedicated infrastructure layer for service-to-service
communications
Photo on Visual Hunt
@redhat
MICROSERVICES EVOLUTION
Service
Config
Svc Discovery
Routing
Circuit Breaker
Tracing
Service
Platform Container Platform (+ Service Mesh)
...2014 2018
@redhat
POD
SERVICECONTAINER
POD
SERVICECONTAINER
POD
SERVICECONTAINER
KUBERNETES
AUTOMATING CONTAINER DEPLOYMENT
INFRASTRUCTURE
@redhat
● Two or more containers deployed to same pod● Share
○ Same■ Namespace■ Pod IP
○ Shared lifecycle● Used to enhance the co-located containers● Istio Proxy (L7 Proxy)
○ Proxy all network traffic in and out of the app container
Source: http://blog.kubernetes.io/2015/06/the-distributed-system-toolkit-patterns.html
SIDECARS
POD
SERVICE A
Istio Proxy
@redhat
POD
ENVOY
SERVICE
POD
ENVOY
SERVICE
POD
ENVOY
SERVICE
Pilot Mixer Auth
SERVICE MESH ARCHITECTURE
Applies security, route rules, policies and reports traffic telemetry at the pod level
JaegerControl Plane
Data Plane
MAJOR FUNCTIONALITY
FAULT TOLERANCE
@redhat
SERVICEA
SERVICEB
CIRCUIT BREAKERS WITHOUT ISTIO
SERVICECCB CB
coupled to the service code
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
CIRCUIT BREAKERS WITH ISTIO
transparent to the services
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
CIRCUIT BREAKERS WITH ISTIO
improved response time with global circuit status
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
TIMEOUTS AND RETRIES WITH ISTIO
configure timeouts and retries, transparent to the services
timeout: 10 secretry: 5
timeout: 15 secretry: 5
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
RATE LIMITING WITH ISTIO
limit invocation rates, transparent to the services
max 500 concurrent reqs
max 100 connections
SERVICE SECURITY
@redhat
SERVICEA
SERVICEB
SECURE COMMUNICATION WITHOUT ISTIO
SERVICECTLS TLS TLS TLS
coupled to the service code
@redhat
SECURE COMMUNICATION WITH ISTIO
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
mutual TLS authentication, transparent to the services
TLS TLS
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
CONTROL SERVICE ACCESS WITH ISTIO
control the service access flow, transparent to the services
CHAOS ENGINEERING
@redhat
CHAOS ENGINEERING WITHOUT ISTIO
SERVICEA
SERVICEB
SERVICEC
Netflix Chaos Monkeys
Netflix Spinnaker
randomtermination
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
CHAOS ENGINEERING WITH ISTIO
inject delays, transparent to the services
10 sec delay in 10% of requests
@redhat
inject protocol-specific errors, transparent to the services
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
CHAOS ENGINEERING WITH ISTIO
HTTP 400in 5% of requests
DYNAMIC ROUTING
@redhat
GatewayServiceSERVICE
A
SERVICEB:1
DYNAMIC ROUTING WITHOUT ISTIO
SERVICEB:2
Netflix ZuulServer
custom code to enable dynamic routing
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB:v2
ENVOY
CANARY DEPLOYMENT WITH ISTIO
POD
SERVICEB:v1
ENVOY
boston employee
everyone
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB:v2
ENVOY
A/B DEPLOYMENT WITH ISTIO
POD
SERVICEB:v1
ENVOY
50% traffic
50% traffic
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB:v2
ENVOY
DARK LAUNCHES WITH ISTIO
POD
SERVICEB:v1
ENVOY
100% traffic
mirror traffic
DISTRIBUTED TRACING(JAEGER)
@redhat
SERVICEA
SERVICEB
SERVICEC
DISTRIBUTED TRACING WITHOUT ISTIO
Spring SleuthZipKin
Spring SleuthZipKin
Spring SleuthZipKin
code to enable dynamic tracing
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
DISTRIBUTED TRACING WITH ISTIO & JAEGER
discovers service relationships and process times, transparent to the services
SERVICE A SERVICE B SERVICE C210 ms 720 ms
930 ms
SERVICE MESH OBSERVABILITY(KIALI)
@redhat
@redhat
DISTRIBUTED SERVICES PLATFORM
ANYINFRASTRUCTURE
OpenShift Container Platform(Enterprise Kubernetes)
Amazon Web Services Microsoft Azure Google CloudOpenStackDatacenterLaptop
OpenShift Service Mesh(Istio + Jaeger + Kiali)
ANYAPPLICATION
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
53
References
How to explain service mesh in plain Englishhttps://enterprisersproject.com/article/2019/6/service-mesh-plain-english
OpenShift Commons 2019https://blog.openshift.com/wp-content/uploads/State-of-the-Platform-Services-Integrated-1.pdf QUICK TIP
Try right clicking on the icon and using “Replace” to insert your own icons.
linkedin.com/company/red-hat
youtube.com/user/RedHatVideos
facebook.com/redhatinc
twitter.com/RedHat
54
Red Hat is the world’s leading provider of enterprise
open source software solutions. Award-winning
support, training, and consulting services make
Red Hat a trusted adviser to the Fortune 500.
Thank you
