API World: The service-mesh landscape
Download as PPTX, PDF6 likes870 views
The document discusses the complexities of microservices architectures and highlights the role of service meshes as a solution to manage service-to-service communication effectively. It outlines the features and technologies associated with service meshes, including service discovery, resilience, security, and traffic control. The document also introduces several open-source service mesh projects such as Linkerd, Consul Connect, and Istio, along with their capabilities.
API World: The service-mesh landscape
- 2. Christian Posta Chief Architect, cloud application development Twitter: @christianposta Blog: http://blog.christianposta.com Slides: http://slideshare.net/ceposta • Author “Microservices for Java developers” and “Introducing Istio Service Mesh” • Committer/contributor lots of open-source projects • Blogger, speaker, mentor, leader
- 4. Microservice A highly distracting word that serves to confuse developers, architects, and IT leaders into believing that we can actually have a utopian application architecture. @christianposta
- 5. Microservice A highly distracting word that serves to confuse developers, architects, and IT leaders into believing that we can actually have a utopian application architecture. An architecture optimization that treats the modules of an application as independently owned and deployed services for the purposes of increasing an organization’s velocity @christianposta
- 7. @christianposta Our services need to connect to each other to provide overall business value.
- 16. Integration sucks! Just do REST/HTTP! @christianposta
- 18. @christianposta Come on… how hard can it be!?
- 19. @christianposta
- 20. @christianposta
- 21. @christianposta
- 22. @christianposta
- 23. As we move to services architectures, we push the complexity to the space between our services. @christianposta
- 24. New challenges in a cloudy, services world • Service discovery • Retries • Timeouts • Load balancing • Rate limiting • Thread bulk heading • Circuit breaking @christianposta
- 25. …continued • Routing between services (adaptive, zone-aware) • Deadlines • Back pressure • Outlier detection • Health checking • Traffic shaping • Request shadowing @christianposta
- 26. …continued • Edge/DMZ routing • Surgical / fine / per-request routing • A/B rollout • Internal releases / dark launches • Fault injection • Stats, metric, collection • Logging • Tracing
- 28. • Netflix Hystrix (circuit breaking / bulk heading) • Netflix Zuul (edge router) • Netflix Ribbon (client-side service discovery / load balance) • Netflix Eureka (service discovery registry) • Brave / Zipkin (tracing) • Netflix spectator / atlas (metrics) “Microservices” patterns
- 29. But I’m using Spring! • spring-cloud-netflix-hystrix • spring-cloud-netflix-zuul • spring-cloud-netflix-eureka-client • spring-cloud-netflix-ribbon • spring-cloud-netflix-atlas • spring-cloud-netflix-spectator • spring-cloud-netflix-hystrix-stream • ….. • ...... • @Enable....150differentThings
- 30. But I’m using Vert.x! • vertx-circuit-breaker • vertx-service-discovery • vertx-dropwizard-metrics • vertx-zipkin? • ….. • ......
- 31. Screw Java - I’m using NodeJS! JavaScript is for rookies, I use Go! But python is so pretty! I prefer unreadability… Perl for me!
- 32. • Require specific language to bring in new services • A single language doesn’t fit for all use cases • How do you patch/upgrade/manage lifecycle? • Need strict control over application library choices • Inconsistent implementations • Incorrect implementations Some drawbacks to this approach? @christianposta
- 33. Let’s abstract this functionality to a single binary and apply to all services. • Allow heterogeneous architectures • Remove application-specific implementations of this functionality • Consistently enforce these properties • Correctly enforce these properties • Opt-in as well as safety nets @christianposta
- 34. @christianposta
- 35. @christianposta
- 36. A service mesh is decentralized, application-agnostic, networking infrastructure between your services that can be programmed to provide more resilient and observable service to service communication @christianposta Time for definitions:
- 37. @christianposta
- 38. Service mesh technologies typically provide: • Service discovery / Load balancing • Secure service-to-service communication • Traffic control / shaping / shifting • Policy / Intention based access control • Traffic metric collection • Service resilience @christianposta
- 39. Resilience with timeouts, retries, budgets, circuit breakers, service discovery, etc @christianposta
- 40. Zone aware, sophisticated client-side load balancing @christianposta
- 41. Fine-grained traffic control and routing @christianposta
- 43. Secure transport with mTLS @christianposta
- 44. Metrics, logs, distributed tracing out of the box http://bit.ly/application-networking
- 45. Three open-sourced service mesh projects
- 47. Linkerd2 • Control plane / data plane constructs • Originally introduced in December 2017 as “Conduit” • In “alpha” release • Collect top-level metrics • Resilience, timeouts, retry budgets • Experimental TLS
- 50. Consul Connect • Control plane (consul server) / data plane (proxies/app) • Part of Consul 1.2 release, June 2018 • Secure, mTLS communication • Builds on Consul’s discovery and configuration capabilities • Service segmentation, intention-based ACL policy • Native app integration for latency/performance sensitive apps
- 53. Istio • Control plane / data plane • 1.0 GA July 2018 • Collaboration between Google, IBM, Lyft, VMWare, Red Hat, et al. • Based on Envoy proxy • mTLS, policy based ACL, resilience, observability, traffic control
- 56. Thanks! BTW: Hand drawn diagrams made with Paper by FiftyThree.com Twitter: @christianposta Blog: http://blog.christianposta.com Email: christian@redhat.com Slides: http://slideshare.net/cepostaFollow up links: • http://blog.christianposta.com • http://istio.io • http://envoyproxy.io • http://linkerd.io • http://consul.io • http://bit.ly/istio-tutorial • http://blog.christianposta.com/istio-workshop/slides/
Editor's Notes
- #2: Service-mesh technology promises to deliver a lot of value to a cloud-native application, but it doesn't come without some hype. In this talk, we'll look at what is a "service mesh", how it compares to similar technology (Netflix OSS, API Management, ESBs, etc) and what options for service mesh exist today.
- #4: How many people are embarking on projects to drive innovation in their organizations? How many people think those projects will succeed? How many people can predict the future? How many people believe their organization’s executives can predict the future?
- #7: …… new challenge….. Let’s come back to that…..
- #8: …… new challenge….. Let’s come back to that…..
- #17: Does microservices help us do this?
- #19: …… new challenge….. Let’s come back to that…..
- #20: One large database! We should focus on how we design our data models so that they can be sharded and distributed…. Focus on transactions, etc not 2PC
- #21: One large database! We should focus on how we design our data models so that they can be sharded and distributed…. Focus on transactions, etc not 2PC
- #22: One large database! We should focus on how we design our data models so that they can be sharded and distributed…. Focus on transactions, etc not 2PC
- #23: One large database! We should focus on how we design our data models so that they can be sharded and distributed…. Focus on transactions, etc not 2PC
- #25: This concept of defining language, developing models to describe a domain, implementing those models, enforcing assertions, etc all happen within a certain context, and that context is vitally important in software. In common language, we are smart enough to resolve these types of language conflicts within a sentence because of its context. The computer doesn’t have this context. We have to make it explicit. And any context needs to have explicit boundaries. This model needs to be “useful” ie, it should be able to be implemented. Try to establish a model that’s both useful for discussion with the domain experts and is implementable. There are infinite ways to model/think about something. Balance both masters with the model you choose. Large complex domains may need multiple models. And really the only way to understand a language and model is within a certain context. That context should have boundaries so it doesn’t bleed or force others to bleed definitions and semantics. Bounded context: within this space, this is the context of the language. This is what it means and it’s not ambiguous. Central thing about a model is the language you create to express the prblem and solution very crisply. Need clear language and need boundaries. Anti corruption layers are translations between the different models that may exist in multiple bounded contexts. They keep an internal model consistent and pure without bleeding across the boundaries. Bounded contexts tend to be “self contained systems” themselves with a complete vertical stack of the software including UI, business logic, data models, and database. They tend to not share databases across multiple models.
- #26: This concept of defining language, developing models to describe a domain, implementing those models, enforcing assertions, etc all happen within a certain context, and that context is vitally important in software. In common language, we are smart enough to resolve these types of language conflicts within a sentence because of its context. The computer doesn’t have this context. We have to make it explicit. And any context needs to have explicit boundaries. This model needs to be “useful” ie, it should be able to be implemented. Try to establish a model that’s both useful for discussion with the domain experts and is implementable. There are infinite ways to model/think about something. Balance both masters with the model you choose. Large complex domains may need multiple models. And really the only way to understand a language and model is within a certain context. That context should have boundaries so it doesn’t bleed or force others to bleed definitions and semantics. Bounded context: within this space, this is the context of the language. This is what it means and it’s not ambiguous. Central thing about a model is the language you create to express the prblem and solution very crisply. Need clear language and need boundaries. Anti corruption layers are translations between the different models that may exist in multiple bounded contexts. They keep an internal model consistent and pure without bleeding across the boundaries. Bounded contexts tend to be “self contained systems” themselves with a complete vertical stack of the software including UI, business logic, data models, and database. They tend to not share databases across multiple models.
- #27: This concept of defining language, developing models to describe a domain, implementing those models, enforcing assertions, etc all happen within a certain context, and that context is vitally important in software. In common language, we are smart enough to resolve these types of language conflicts within a sentence because of its context. The computer doesn’t have this context. We have to make it explicit. And any context needs to have explicit boundaries. This model needs to be “useful” ie, it should be able to be implemented. Try to establish a model that’s both useful for discussion with the domain experts and is implementable. There are infinite ways to model/think about something. Balance both masters with the model you choose. Large complex domains may need multiple models. And really the only way to understand a language and model is within a certain context. That context should have boundaries so it doesn’t bleed or force others to bleed definitions and semantics. Bounded context: within this space, this is the context of the language. This is what it means and it’s not ambiguous. Central thing about a model is the language you create to express the prblem and solution very crisply. Need clear language and need boundaries. Anti corruption layers are translations between the different models that may exist in multiple bounded contexts. They keep an internal model consistent and pure without bleeding across the boundaries. Bounded contexts tend to be “self contained systems” themselves with a complete vertical stack of the software including UI, business logic, data models, and database. They tend to not share databases across multiple models.
- #28: This concept of defining language, developing models to describe a domain, implementing those models, enforcing assertions, etc all happen within a certain context, and that context is vitally important in software. In common language, we are smart enough to resolve these types of language conflicts within a sentence because of its context. The computer doesn’t have this context. We have to make it explicit. And any context needs to have explicit boundaries. This model needs to be “useful” ie, it should be able to be implemented. Try to establish a model that’s both useful for discussion with the domain experts and is implementable. There are infinite ways to model/think about something. Balance both masters with the model you choose. Large complex domains may need multiple models. And really the only way to understand a language and model is within a certain context. That context should have boundaries so it doesn’t bleed or force others to bleed definitions and semantics. Bounded context: within this space, this is the context of the language. This is what it means and it’s not ambiguous. Central thing about a model is the language you create to express the prblem and solution very crisply. Need clear language and need boundaries. Anti corruption layers are translations between the different models that may exist in multiple bounded contexts. They keep an internal model consistent and pure without bleeding across the boundaries. Bounded contexts tend to be “self contained systems” themselves with a complete vertical stack of the software including UI, business logic, data models, and database. They tend to not share databases across multiple models.
- #30: This concept of defining language, developing models to describe a domain, implementing those models, enforcing assertions, etc all happen within a certain context, and that context is vitally important in software. In common language, we are smart enough to resolve these types of language conflicts within a sentence because of its context. The computer doesn’t have this context. We have to make it explicit. And any context needs to have explicit boundaries. This model needs to be “useful” ie, it should be able to be implemented. Try to establish a model that’s both useful for discussion with the domain experts and is implementable. There are infinite ways to model/think about something. Balance both masters with the model you choose. Large complex domains may need multiple models. And really the only way to understand a language and model is within a certain context. That context should have boundaries so it doesn’t bleed or force others to bleed definitions and semantics. Bounded context: within this space, this is the context of the language. This is what it means and it’s not ambiguous. Central thing about a model is the language you create to express the prblem and solution very crisply. Need clear language and need boundaries. Anti corruption layers are translations between the different models that may exist in multiple bounded contexts. They keep an internal model consistent and pure without bleeding across the boundaries. Bounded contexts tend to be “self contained systems” themselves with a complete vertical stack of the software including UI, business logic, data models, and database. They tend to not share databases across multiple models.
- #31: This concept of defining language, developing models to describe a domain, implementing those models, enforcing assertions, etc all happen within a certain context, and that context is vitally important in software. In common language, we are smart enough to resolve these types of language conflicts within a sentence because of its context. The computer doesn’t have this context. We have to make it explicit. And any context needs to have explicit boundaries. This model needs to be “useful” ie, it should be able to be implemented. Try to establish a model that’s both useful for discussion with the domain experts and is implementable. There are infinite ways to model/think about something. Balance both masters with the model you choose. Large complex domains may need multiple models. And really the only way to understand a language and model is within a certain context. That context should have boundaries so it doesn’t bleed or force others to bleed definitions and semantics. Bounded context: within this space, this is the context of the language. This is what it means and it’s not ambiguous. Central thing about a model is the language you create to express the prblem and solution very crisply. Need clear language and need boundaries. Anti corruption layers are translations between the different models that may exist in multiple bounded contexts. They keep an internal model consistent and pure without bleeding across the boundaries. Bounded contexts tend to be “self contained systems” themselves with a complete vertical stack of the software including UI, business logic, data models, and database. They tend to not share databases across multiple models.
- #32: Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
- #34: Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
- #35: Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
- #37: Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
- #39: Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
- #46: This concept of defining language, developing models to describe a domain, implementing those models, enforcing assertions, etc all happen within a certain context, and that context is vitally important in software. In common language, we are smart enough to resolve these types of language conflicts within a sentence because of its context. The computer doesn’t have this context. We have to make it explicit. And any context needs to have explicit boundaries. This model needs to be “useful” ie, it should be able to be implemented. Try to establish a model that’s both useful for discussion with the domain experts and is implementable. There are infinite ways to model/think about something. Balance both masters with the model you choose. Large complex domains may need multiple models. And really the only way to understand a language and model is within a certain context. That context should have boundaries so it doesn’t bleed or force others to bleed definitions and semantics. Bounded context: within this space, this is the context of the language. This is what it means and it’s not ambiguous. Central thing about a model is the language you create to express the prblem and solution very crisply. Need clear language and need boundaries. Anti corruption layers are translations between the different models that may exist in multiple bounded contexts. They keep an internal model consistent and pure without bleeding across the boundaries. Bounded contexts tend to be “self contained systems” themselves with a complete vertical stack of the software including UI, business logic, data models, and database. They tend to not share databases across multiple models.
- #47: Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
- #48: Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
- #50: Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
- #51: Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
- #52: Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
- #53: Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
- #54: Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.
- #56: Get back to first principles. Focus on principles, patterns, methodologies. Tools will help, but you cannot start with tools.