Presentation is loading. Please wait.

Presentation is loading. Please wait.

A DevOps világ következő kedvence

Published byJulia Segers Modified over 5 years ago

Similar presentations

Presentation on theme: "A DevOps világ következő kedvence"— Presentation transcript:

1 A DevOps világ következő kedvence
Service Mesh: A DevOps világ következő kedvence Április 2. Szabó Dávid Senior Software Engineer @szabvid

2 The Way Applications Are Developed and Deployed Has Fundamentally Changed
DevOps Cloud Native Development Process Application Architecture Deployment & Packaging Application Infrastructure Waterfall Agile Monolithic SOA Microservices Psychical Servers Virtual Machines Containers Server Room Data Center (IaaS) Cloud Platform Time Az első oszlop a módszertan, a többi pedig a technológia rész. Ha ehhez az OS community növekedését is hozzáadjuk, akkor talán ma tartunk igazán ott, hogy a legjobban/legkönnyebben megközelítsük az általános DevOps célokat. Én innen a microservice-t ragadnám ki. Egy aspektust emelnék ki az előadás alatt, ez pedig az, hogy ezekben a környezetben mi a legnagyobb kihivás és mit lehet tenni…

3 Introduction – DevOps Drivers
Lead Time DEV OPS wall of confusion

4 Introduction – DevOps Drivers
Lead Time Service Mesh Microservices DEV OPS wall of confusion Nézzük meg milyen kihívásokkal szembesülünk a microservice-ek esetén Service Mesh Amplify Feedback

5 How does microservices typically looks like?

6 This is not a Microservice Architecture!
Web Server App Server DB Server

7 This is Getting There….

8 But These are True Microservice Architectures!
Twitter Amazon Web Service Szóval a microservice-ek tök jók, de cserébe bonyolult lett a hálózat. Monolith vs. micro. Complexity moved from application into the network!

9 The Need of Common Features in Service Components
Dynamic service discovery Load balancing Health checks Service B 1 Service A 2 3 circuit-breaking, latency-aware load balancing, eventually consistent (“advisory”) service discovery, retries, and deadlines.

10 The Need of Common Features in Service Components
Dynamic service discovery Load balancing Health checks Timeouts Retries Web timeout = 400ms retries = 3 User Auth timeout = 400ms retries = 2 800ms! timeout = 200ms retries = 3 App 600ms! circuit-breaking, latency-aware load balancing, eventually consistent (“advisory”) service discovery, retries, and deadlines. DB

11 The Need of Common Features in Service Components
Dynamic service discovery Load balancing Health checks Timeouts Retries TLS termination Monitoring and tracing via rich metrics Fault injection Circuit breakers Service B 1 Service A X 2 3 circuit-breaking, latency-aware load balancing, eventually consistent (“advisory”) service discovery, retries, and deadlines.

12 What is a Service Mesh? Service Mesh is dedicated infrastructure layer in a microservice environment to consistently manage, monitor and control the communication between services across the entire application A service mesh is a dedicated infrastructure layer for handling service-to-service communication. It’s responsible for the reliable delivery of requests through the complex topology of services that comprise a modern, cloud native application. In practice, the service mesh is typically implemented as an array of lightweight network proxies that are deployed alongside application code, without the application needing to be aware. 

13 Evolution: 1G - Shared Libraries
Examples for such fat libraries: Netflix Google Twitter Advantages: Simple Customizable Disadvantages of shared libraries: Have to be implemented in multiple languages If the library changes the entire service has to be redeployed Too tight involvement of dev teams SVC Nginx DB SVC Nginx DB SVC Nginx DB SVC Stubby is the basis of gRPC Finagle is the basis of Linkerd SVC Library

14 Evolution: 2G - Linkerd A service mesh that adds reliability, security, and visibility to cloud native applications Official CNCF Project Originally created by Buoyant Inc. based on Finagle Written in JAVA This is the control plane that programs the individual dataplane proxies Data Plane vs. Control Plane These are the dataplane components (proxies) namerd

15 Per-node vs. Sidecar Model
The per-node model and its disadvantages: Raises security concerns in multi-tenant environments (shared TLS secrets, etc.) Can only be scaled vertically, not horizontally (more memory and CPU handle more conns.) Not optimized for container workloads The sidecar model: Put a proxy next to every container This is supported by the POD abstraction in Kubernetes Linkerd is considered to be too heavy for such environment! Data Plane vs. Control Plane Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Node 1 Node 2 Node 3

16 Evolution: 3G - Service Meshes
Linkerd2 (Conduit): Specifically designed for Kubernetes: control plane is written in Go Data plane is written in Rust: fast and lightweight to sidecar operations (~5MB container size) Can be deployed service-by-service (it’s not an all-or-nothing choice…) Envoy Open source edge and service proxy, designed for cloud-native applications Official CNCF Project, originally created by Lyft Written in C++, built on the learnings of solutions as NGINX, HAProxy, hardware LBs and cloud LBs Istio Service mesh control plane which uses Envoy as data plane Originally created by Google and IBM Written in GO Most akkor linkerd2 vagy conduit? - Linkerd nem opensource? Conduit? Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. Featuring zero-cost abstractions move semantics guaranteed memory safety threads without data races trait-based generics pattern matching type inference minimal runtime efficient C bindings

17 Examples: routing Service A Service B TCP 8080 /api/v1/t-shirts GET
2 3 1 4 95% 5% Canary version Current version Service A Service B1.1 Service B1.2 2 3 1 4 User-agent: Android User-agent: iPhone Service A Service B Service C Service A TCP 8080 /api/v1/t-shirts GET /api/v1/t-shirts PUT /api/v1/jeans * 1000/day Service B The core component used for traffic management in Istio is Pilot, which manages and configures all the Envoy proxy instances deployed in a particular Istio service mesh. Pilot lets you specify which rules you want to use to route traffic between Envoy proxies and configure failure recovery features such as timeouts, retries, and circuit breakers. It also maintains a canonical model of all the services in the mesh and uses this model to let Envoy instances know about the other Envoy instances in the mesh via its discovery service. Each Envoy instance maintains load balancing information based on the information it gets from Pilot and periodic health-checks of other instances in its load-balancing pool, allowing it to intelligently distribute traffic between destination instances while following its specified routing rules. Pilot is responsible for the lifecycle of Envoy instances deployed across the Istio service mesh. As shown in the figure above, Pilot maintains a canonical representation of services in the mesh that is independent of the underlying platform. Platform-specific adapters in Pilot are responsible for populating this canonical model appropriately. For example, the Kubernetes adapter in Pilot implements the necessary controllers to watch the Kubernetes API server for changes to the pod registration information, ingress resources, and third-party resources that store traffic management rules. This data is translated into the canonical representation. An Envoy-specific configuration is then generated based on the canonical representation. Pilot enables service discovery, dynamic updates to load balancing pools and routing tables. You can specify high-level traffic management rules through Pilot’s Rule configuration. These rules are translated into low-level configurations and distributed to Envoy instances.

18 Examples: visibility The core component used for traffic management in Istio is Pilot, which manages and configures all the Envoy proxy instances deployed in a particular Istio service mesh. Pilot lets you specify which rules you want to use to route traffic between Envoy proxies and configure failure recovery features such as timeouts, retries, and circuit breakers. It also maintains a canonical model of all the services in the mesh and uses this model to let Envoy instances know about the other Envoy instances in the mesh via its discovery service. Each Envoy instance maintains load balancing information based on the information it gets from Pilot and periodic health-checks of other instances in its load-balancing pool, allowing it to intelligently distribute traffic between destination instances while following its specified routing rules. Pilot is responsible for the lifecycle of Envoy instances deployed across the Istio service mesh. As shown in the figure above, Pilot maintains a canonical representation of services in the mesh that is independent of the underlying platform. Platform-specific adapters in Pilot are responsible for populating this canonical model appropriately. For example, the Kubernetes adapter in Pilot implements the necessary controllers to watch the Kubernetes API server for changes to the pod registration information, ingress resources, and third-party resources that store traffic management rules. This data is translated into the canonical representation. An Envoy-specific configuration is then generated based on the canonical representation. Pilot enables service discovery, dynamic updates to load balancing pools and routing tables. You can specify high-level traffic management rules through Pilot’s Rule configuration. These rules are translated into low-level configurations and distributed to Envoy instances.

19 Examples: visibility The core component used for traffic management in Istio is Pilot, which manages and configures all the Envoy proxy instances deployed in a particular Istio service mesh. Pilot lets you specify which rules you want to use to route traffic between Envoy proxies and configure failure recovery features such as timeouts, retries, and circuit breakers. It also maintains a canonical model of all the services in the mesh and uses this model to let Envoy instances know about the other Envoy instances in the mesh via its discovery service. Each Envoy instance maintains load balancing information based on the information it gets from Pilot and periodic health-checks of other instances in its load-balancing pool, allowing it to intelligently distribute traffic between destination instances while following its specified routing rules. Pilot is responsible for the lifecycle of Envoy instances deployed across the Istio service mesh. As shown in the figure above, Pilot maintains a canonical representation of services in the mesh that is independent of the underlying platform. Platform-specific adapters in Pilot are responsible for populating this canonical model appropriately. For example, the Kubernetes adapter in Pilot implements the necessary controllers to watch the Kubernetes API server for changes to the pod registration information, ingress resources, and third-party resources that store traffic management rules. This data is translated into the canonical representation. An Envoy-specific configuration is then generated based on the canonical representation. Pilot enables service discovery, dynamic updates to load balancing pools and routing tables. You can specify high-level traffic management rules through Pilot’s Rule configuration. These rules are translated into low-level configurations and distributed to Envoy instances.

Download ppt "A DevOps világ következő kedvence"

Similar presentations

System Center 2012 R2 Overview

System Center 2012 R2 Overview
FI-WARE – Future Internet Core Platform FI-WARE Cloud Hosting July 2011 High-level description.

FI-WARE – Future Internet Core Platform FI-WARE Cloud Hosting July 2011 High-level description.
Plan Introduction What is Cloud Computing?

Plan Introduction What is Cloud Computing?
By Mihir Joshi Nikhil Dixit Limaye Pallavi Bhide Payal Godse.

By Mihir Joshi Nikhil Dixit Limaye Pallavi Bhide Payal Godse.
Cloud Computing 1. Outline  Introduction  Evolution  Cloud architecture  Map reduce operation  Platform 2.

Cloud Computing 1. Outline  Introduction  Evolution  Cloud architecture  Map reduce operation  Platform 2.
M.A.Doman 2011. Short video intro Model for enabling the delivery of computing as a SERVICE.

M.A.Doman Short video intro Model for enabling the delivery of computing as a SERVICE.
Windows Azure Conference 2014 Deploy your Java workloads on Windows Azure.

Windows Azure Conference 2014 Deploy your Java workloads on Windows Azure.
1 Introduction to Middleware. 2 Outline What is middleware? Purpose and origin Why use it? What Middleware does? Technical details Middleware services.

1 Introduction to Middleware. 2 Outline What is middleware? Purpose and origin Why use it? What Middleware does? Technical details Middleware services.
IBM Bluemix Ecosystem Development Hands on Workshop Section 1 - Overview.

IBM Bluemix Ecosystem Development Hands on Workshop Section 1 - Overview.
Chapter 8 – Cloud Computing

Chapter 8 – Cloud Computing
© 2012 Eucalyptus Systems, Inc. Cloud Computing Introduction Eucalyptus Education Services 2.

© 2012 Eucalyptus Systems, Inc. Cloud Computing Introduction Eucalyptus Education Services 2.
Amazon Web Services. Amazon Web Services (AWS) - robust, scalable and affordable infrastructure for cloud computing. This session is about:

Amazon Web Services. Amazon Web Services (AWS) - robust, scalable and affordable infrastructure for cloud computing. This session is about:
Structured Container Delivery Oscar Renalias Accenture Container Lead (NOTE: PASTE IN PORTRAIT AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP)

Structured Container Delivery Oscar Renalias Accenture Container Lead (NOTE: PASTE IN PORTRAIT AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP)
Unit 3 Virtualization.

Unit 3 Virtualization.
CLOUD ARCHITECTURE Many organizations and researchers have defined the architecture for cloud computing. Basically the whole system can be divided into.

CLOUD ARCHITECTURE Many organizations and researchers have defined the architecture for cloud computing. Basically the whole system can be divided into.
Run Azure Services in your datacenter

Run Azure Services in your datacenter
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S

DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S
DevOps Cloud Native Microservices

DevOps Cloud Native Microservices
Containers as a Service with Docker to Extend an Open Platform

Containers as a Service with Docker to Extend an Open Platform
Organizations Are Embracing New Opportunities

Organizations Are Embracing New Opportunities

Similar presentations

Ads by Google