SlideShare a Scribd company logo

Fundamentals of microservices

N
NGINX, Inc.

The document discusses the fundamentals of microservices, detailing their architecture as an approach where applications are composed of loosely coupled services that are independently deployable. It also highlights the evolution from traditional monolithic architectures to microservices, emphasizing the operational challenges and requirements for running applications on platforms like Kubernetes. The importance of service meshes for controlling application traffic and ensuring security in distributed systems is also covered.

Software
1 of 38
Downloaded 174 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
Fundamentals of Microservices OWEN GARRETT AND ALAN MURPHY NGINX, F5 O.GARRETT@F5.COM / A.MURPHY@F5.COM
| ©2021 F5 2 What is your organization’s expertise with Microservices? 1. What’s a Microservice? That’s what I’m here to learn about! 2. We’re not using a Microservices architecture yet. 3. We are taking first steps to production Microservices. 4. We run both Microservices and Traditional architectures in production. 5. We are (almost) entirely a Microservices-first organization.
| ©2021 F5 3 Microservices began in Venice Shipbuilding in Europe, c1500 Ships were built in-place, by hand, taking months to construct. The guild system provided craftsmen and maintained a monopoly of skills and training. It protected workers and created artifacts of great quality, but was slow and inefficient. Shipwrights building a brigantine, 1541
| ©2021 F5 4 Microservices began in Venice Shipbuilding in Venice, c1500 The Venetian Arsenal was the most powerful and efficient shipbuilding enterprise in the world. It built a ship every day, with up to 100 galleys of various specification in the backlog. In 1574, King Henry of France watched the outfitting of an entire ship during his lunch… Venetian Arsenal, present day
| ©2021 F5 5 CONFI
| ©2021 F5 6 CONFI
| ©2021 F5 7
| ©2021 F5 8 What has this got to do with Microservices?
| ©2021 F5 9
| ©2021 F5 10 Microservices architecture is an approach in which a single application is composed of many loosely coupled and independently deployable smaller services. • Highly maintainable and testable • Loosely coupled • Independently deployable • Organized around business capabilities • Owned by a small team
| ©2021 F5 11 What’s your biggest concern with microservices? 1. Training and Knowledge – the journey to production is difficult 2. In production – Logging, Visibility and Monitoring 3. In production – Security 4. In production – Scaling to large apps and multiple teams 5. None – I know what I’m doing, all is working
| ©2021 F5 12 Modern Apps Require a Modern Architecture FROM MONOLITHIC ... ... to Dynamic Three-tier, J2EE-style architectures Complex protocols (HTML, SOAP) Persistent deployments Fixed, static Infrastructure Big-bang releases Silo’ed teams (Dev, Test, Ops) Microservices Lightweight (REST, JSON) Containers, VMs, Functions Infrastructure as Code Continuous delivery DevOps Culture From Monolithic ...
| ©2021 F5 13 A ‘container’ takes the bare minimum needed for an application, and packages it up as a single artifact: • Runnable application code – compiled, or needing a framework • Runtime artifacts – libraries, frameworks, etc • Declaration of runtime requirements – network, storage etc What is a Container? Develop Build Package Test Deploy Operate Code Container
| ©2021 F5 14 Kubernetes stiches together a number of servers (‘nodes’) to create a flat platform for running Containers: What is Kubernetes? Kubernetes Master API Server Scheduler Controller- Manager etcd Kubernetes Node Kubelet Kubernetes Node Kubelet Kubernetes Node Kubelet Ingress Controller Internal Network KubeProxy KubeProxy KubeProxy External Load Balancer • BIG CIS • NGINX • Cloud LB Users
| ©2021 F5 15 Requirements for Production-Grade Kubernetes Development Operations Infrastructure Dataplane Application Dataplane Application Runtime App Code Repo CI/CD pipeline Automation Pod ModSecurity AppProtect Auth Monitoring Logging WAF Users
| ©2021 F5 16 Operating a distributed application is hard STATIC, PREDICTABLE MONOLITH: Dynamic, Distributed App: Fast, reliable function calls Local debugging Local profiling Calendared, big-bang upgrades ‘Integration hell’ contained in dev Slow, unreliable API calls Distributed fault finding Distributed tracing In-place dynamic updates ‘Continuous integration’ live in prod More things can go wrong, it’s harder to find the faults, everything happens live Static, Predictable Monolith:
| ©2021 F5 17 Requirements for Production-Grade Kubernetes Development Operations Infrastructure Dataplane Application Dataplane Application Runtime App Code Repo CI/CD pipeline Automation Pod ModSecurity AppProtect Auth Monitoring Logging WAF Users
| ©2021 F5 18 Requirements for Production-Grade Kubernetes
| ©2021 F5 19 Begin with the Ingress Controller…
| ©2021 F5 20 What Ingress solution do you use? 1. Default Kubernetes Ingress Controller 2. Default OpenShift Router 3. NGINX’s Ingress Controller 4. F5 Container Ingress Services 5. Something else 6. Don’t know
| ©2021 F5 21 • Accepts traffic from outside the Kubernetes platform, and load-balances it to pods (containers) running inside the platform • Configured using the Kubernetes API, with objects called ‘Ingress Resources’ • Monitors the pods running in Kubernetes, and automatically updates the load balancing rules if, for example, pods are added or removed from a service The Ingress Controller Internal Network Users Ingress Controller A specialized load balancer for Kubernetes environments:
| ©2021 F5 22 Two Challenges at Scale Multitenancy (Teams) How can multiple teams and applications share a Container environment safely and securely? Complex Applications How can you provide the advanced capabilities that complex applications require?
| ©2021 F5 23 Host TLS Upstreams Routes - Path Action Split Match Route ErrorPage pass redirect return proxy delegation optional Host TLS Upstreams Routes - Path Action Split Match Route ErrorPage pass redirect return proxy delegation optional NGINX Ingress Resources – Rich Capabilities Host TLS Policies Upstreams Routes - Path Policies Action Split Match Route ErrorPage pass redirect return proxy delegation VirtualServer pass redirect return proxy pass redirect return proxy Host Upstreams Subroutes - Path Policies Action Split Match ErrorPage pass redirect return proxy VirtualServerRoute NGINX server configuration NGINX http configuration Server and HTTP snippets NGINX location configuration Location snippets Policies Access Control Rate Limiting Auth (JWT, OIDC) MTLS (Ingress/Egress) App Protect WAF
| ©2021 F5 24 Conditional Routing Split Routing Error Pages Rate Limiting Authentication Web Application Firewall NGINX Snippets Multiple versions, multiple clients A|B Testing for safe production deployment Implement ‘Circuit Breakers’ to contain failures Protect vulnerable apps, limit greedy clients Offload identity checking from apps and centralize Protect from known and unknown vulnerabilities “to-the-metal” with NGINX configuration Spotlight on Use Cases
| ©2021 F5 25 NGINX Ingress Resources – Distributed Configuration
| ©2021 F5 26 NGINX Ingress Resources – Distributed Configuration NetOps DevOps-FE DevOps-NG Identity DevSecOps
| ©2021 F5 27 … but many operational challenges happen within the application
| ©2021 F5 28 Do you use a Service Mesh in production? 1. No, and I’m not planning to use one yet 2. No, but I’m actively evaluating 3. Yes – Istio in production 4. Yes – a different mesh in prod. (perhaps share in the comments) 5. Don’t know
| ©2021 F5 29 Where does a Service Mesh fit in? Users Ingress Controller “North-South” traffic “East-West” traffic
| ©2021 F5 30 What Is A Service Mesh? WHAT’S MISSING IN K8S AND WHAT DO YOU REALLY WANT AND NEED FROM A MESH? Service mesh aims to improve application traffic control, observability and security for distributed systems. - The New Stack
| ©2021 F5 31 Service Mesh controls communications between pods and external apps What Does A Service Mesh Do? Secure Traffic End-to-end encryption (Mutual TLS / mTLS), ACLs Manage All Service Traffic Load Balance, Circuit breaker, B|G, Rate Limiting… Orchestration Injection and sidecar management, K8s API integration Measure Traffic Generate transaction traces and real-time monitoring
| ©2021 F5 32 NGINX Service Mesh Components • NGINX Service Mesh runs within a K8s cluster • Securely manages ingress/egress traffic to external services • Can be deployed in any K8s cluster platform
| ©2021 F5 33 Mutual TLS Instrumentation Tracing Rate Limiting Traffic Splitting Access Control Egress Control Secure traffic in a zero-trust network Monitor performance, latency and availability Debug transactions and locate faults Protect vulnerable apps, limit greedy clients Implement A|B, Canary and Blue-Green upgrades Implement allow-lists to accurately govern traffic Manage and broker traffic to external services Spotlight on Use Cases
| ©2021 F5 34 ü You have a mature, fully-automated CI/CD pipeline (GitOps-enabled) ü You are fully invested in microservices and using Kubernetes ü You are deploying frequently to production (at least once per day) ü You have a zero-trust production environment (so need mTLS) ü You need/want additional visibility of container traffic interaction When Am I Ready For A Service Mesh?
| ©2021 F5 35 Review
| ©2021 F5 36 What have we learnt? Microservices is a journey, not a destination. Begin when the need to iterate and improve is high The technology choice will take you down the path of Containers and Kubernetes It’s a long journey, with separate paths for development and operations The key to a production-ready service is the ability to control the dataplane. To find out more, join NGINX on our Microservices March journey!
| ©2021 F5 37 Where to find out more? bit.ly/microservices-march
Fundamentals of microservices

More Related Content

PDF
Control Kubernetes Ingress and Egress Together with NGINX
NGINX, Inc.
 
PDF
Découvrez NGINX AppProtect
NGINX, Inc.
 
PPTX
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
NGINX, Inc.
 
PDF
API Gateway Use Cases​ for Kubernetes​
NGINX, Inc.
 
PDF
Strengthen Security and Traffic Visibility on Amazon EKS with NGINX
NGINX, Inc.
 
PPTX
Production-Grade Kubernetes With NGINX Ingress Controller
NGINX, Inc.
 
PDF
Nim tames sprawl
NGINX, Inc.
 
PPTX
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX, Inc.
 
Control Kubernetes Ingress and Egress Together with NGINX
NGINX, Inc.
 
Découvrez NGINX AppProtect
NGINX, Inc.
 
Flexible, Powerful, and Easy-to-Use Ingress Load Balancing with NGINX and Ope...
NGINX, Inc.
 
API Gateway Use Cases​ for Kubernetes​
NGINX, Inc.
 
Strengthen Security and Traffic Visibility on Amazon EKS with NGINX
NGINX, Inc.
 
Production-Grade Kubernetes With NGINX Ingress Controller
NGINX, Inc.
 
Nim tames sprawl
NGINX, Inc.
 
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX, Inc.
 

What's hot (20)

PDF
Securing Your Apps & APIs in the Cloud
Olivia LaMar
 
PPTX
Accélérez vos déploiements applicatifs avec NGINX Controller
NGINX, Inc.
 
PDF
What's New with NGINX Application Security Solutions
NGINX, Inc.
 
PPTX
Control Kubernetes Ingress and Egress Together with NGINX
NGINX, Inc.
 
PPTX
NGINX: Back to Basics – APCJ
NGINX, Inc.
 
PDF
Driving Success In The Cloud With NGINX
NGINX, Inc.
 
PDF
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
NGINX, Inc.
 
PDF
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ
NGINX, Inc.
 
PDF
How to Get Started With NGINX
NGINX, Inc.
 
PPTX
Revolutionising IT Agility
NGINX, Inc.
 
PPTX
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
Katherine Bagood
 
PDF
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
NGINX, Inc.
 
PPTX
Controller and Coffee: Deliver APIs in Real Time with API Management
NGINX, Inc.
 
PDF
Application Security with NGINX | APAC
NGINX, Inc.
 
PPTX
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
NGINX, Inc.
 
PDF
Monitoring NGINX Deployments with Sumo Logic
NGINX, Inc.
 
PPTX
Migrating from BIG-IP Deployment to NGINX ADC
NGINX, Inc.
 
PDF
Microservice API Gateways with NGINX
Geoffrey Filippi
 
PDF
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero
NGINX, Inc.
 
PDF
Kubernetes and the NGINX Plus Ingress Controller
Katherine Bagood
 
Securing Your Apps & APIs in the Cloud
Olivia LaMar
 
Accélérez vos déploiements applicatifs avec NGINX Controller
NGINX, Inc.
 
What's New with NGINX Application Security Solutions
NGINX, Inc.
 
Control Kubernetes Ingress and Egress Together with NGINX
NGINX, Inc.
 
NGINX: Back to Basics – APCJ
NGINX, Inc.
 
Driving Success In The Cloud With NGINX
NGINX, Inc.
 
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
NGINX, Inc.
 
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ
NGINX, Inc.
 
How to Get Started With NGINX
NGINX, Inc.
 
Revolutionising IT Agility
NGINX, Inc.
 
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
Katherine Bagood
 
Deep Dive: Automating the Application and Security Pipeline with NGINX and An...
NGINX, Inc.
 
Controller and Coffee: Deliver APIs in Real Time with API Management
NGINX, Inc.
 
Application Security with NGINX | APAC
NGINX, Inc.
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
NGINX, Inc.
 
Monitoring NGINX Deployments with Sumo Logic
NGINX, Inc.
 
Migrating from BIG-IP Deployment to NGINX ADC
NGINX, Inc.
 
Microservice API Gateways with NGINX
Geoffrey Filippi
 
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero
NGINX, Inc.
 
Kubernetes and the NGINX Plus Ingress Controller
Katherine Bagood
 
Ad

Similar to Fundamentals of microservices (20)

PDF
InfoQ_NGINX_Fundamentals_of_Microservices.pptx.pdf
usmanpk
 
PPTX
MRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
NGINX, Inc.
 
PDF
Reference architectures shows a microservices deployed to Kubernetes
Rakesh Gujjarlapudi
 
PDF
Get the Most Out of Kubernetes with NGINX
NGINX, Inc.
 
PDF
From Code to Customer with F5 and NGNX London Nov 19
NGINX, Inc.
 
PDF
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
NGINX, Inc.
 
PDF
Containers, microservices and serverless for realists
Karthik Gaekwad
 
PPTX
Kubernetes 101
Vishwas N
 
PDF
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
Ambassador Labs
 
PDF
Microservices: How loose is loosely coupled?
John Rofrano
 
PDF
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
 
PPTX
Application portability with kubernetes
Oleg Chunikhin
 
PPTX
Do I Need A Service Mesh.pptx
PINGXIONG3
 
PDF
Relevez les défis Kubernetes avec NGINX
NGINX, Inc.
 
PDF
Publishing Microservices Applications
Francisco Javier Ramírez Urea
 
PPTX
Do You Need A Service Mesh?
NGINX, Inc.
 
PPTX
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Olivia LaMar
 
PDF
Azure meetup cloud native concepts - may 28th 2018
Jim Bugwadia
 
PPTX
Containers, Serverless and Functions in a nutshell
Eugene Fedorenko
 
PPTX
The 3 Models in the NGINX Microservices Reference Architecture
NGINX, Inc.
 
InfoQ_NGINX_Fundamentals_of_Microservices.pptx.pdf
usmanpk
 
MRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
NGINX, Inc.
 
Reference architectures shows a microservices deployed to Kubernetes
Rakesh Gujjarlapudi
 
Get the Most Out of Kubernetes with NGINX
NGINX, Inc.
 
From Code to Customer with F5 and NGNX London Nov 19
NGINX, Inc.
 
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
NGINX, Inc.
 
Containers, microservices and serverless for realists
Karthik Gaekwad
 
Kubernetes 101
Vishwas N
 
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
Ambassador Labs
 
Microservices: How loose is loosely coupled?
John Rofrano
 
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
 
Application portability with kubernetes
Oleg Chunikhin
 
Do I Need A Service Mesh.pptx
PINGXIONG3
 
Relevez les défis Kubernetes avec NGINX
NGINX, Inc.
 
Publishing Microservices Applications
Francisco Javier Ramírez Urea
 
Do You Need A Service Mesh?
NGINX, Inc.
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Olivia LaMar
 
Azure meetup cloud native concepts - may 28th 2018
Jim Bugwadia
 
Containers, Serverless and Functions in a nutshell
Eugene Fedorenko
 
The 3 Models in the NGINX Microservices Reference Architecture
NGINX, Inc.
 
Ad

More from NGINX, Inc. (20)

PDF
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
NGINX, Inc.
 
PDF
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
NGINX, Inc.
 
PDF
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
NGINX, Inc.
 
PPTX
Get Hands-On with NGINX and QUIC+HTTP/3
NGINX, Inc.
 
PPTX
Managing Kubernetes Cost and Performance with NGINX & Kubecost
NGINX, Inc.
 
PDF
Manage Microservices Chaos and Complexity with Observability
NGINX, Inc.
 
PDF
Accelerate Microservices Deployments with Automation
NGINX, Inc.
 
PDF
Unit 2: Microservices Secrets Management 101
NGINX, Inc.
 
PDF
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX, Inc.
 
PDF
Easily View, Manage, and Scale Your App Security with F5 NGINX
NGINX, Inc.
 
PDF
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINX, Inc.
 
PDF
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
NGINX, Inc.
 
PPTX
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
NGINX, Inc.
 
PPTX
Protecting Apps from Hacks in Kubernetes with NGINX
NGINX, Inc.
 
PPTX
NGINX Kubernetes API
NGINX, Inc.
 
PPTX
Successfully Implement Your API Strategy with NGINX
NGINX, Inc.
 
PPTX
Installing and Configuring NGINX Open Source
NGINX, Inc.
 
PPTX
Shift Left for More Secure Apps with F5 NGINX
NGINX, Inc.
 
PPTX
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
NGINX, Inc.
 
PDF
Kubernetes環境で実現するWebアプリケーションセキュリティ
NGINX, Inc.
 
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
NGINX, Inc.
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
NGINX, Inc.
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
NGINX, Inc.
 
Get Hands-On with NGINX and QUIC+HTTP/3
NGINX, Inc.
 
Managing Kubernetes Cost and Performance with NGINX & Kubecost
NGINX, Inc.
 
Manage Microservices Chaos and Complexity with Observability
NGINX, Inc.
 
Accelerate Microservices Deployments with Automation
NGINX, Inc.
 
Unit 2: Microservices Secrets Management 101
NGINX, Inc.
 
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX, Inc.
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
NGINX, Inc.
 
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINX, Inc.
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
NGINX, Inc.
 
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
NGINX, Inc.
 
Protecting Apps from Hacks in Kubernetes with NGINX
NGINX, Inc.
 
NGINX Kubernetes API
NGINX, Inc.
 
Successfully Implement Your API Strategy with NGINX
NGINX, Inc.
 
Installing and Configuring NGINX Open Source
NGINX, Inc.
 
Shift Left for More Secure Apps with F5 NGINX
NGINX, Inc.
 
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
NGINX, Inc.
 
Kubernetes環境で実現するWebアプリケーションセキュリティ
NGINX, Inc.
 

Recently uploaded (20)

PPTX
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PDF
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PPTX
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
PDF
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
Introduction to Artificial Intelligence
lohedi9363
 
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
System and Network Administration Chapter 2
jaramharo
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 

Fundamentals of microservices

  • 1. Fundamentals of Microservices OWEN GARRETT AND ALAN MURPHY NGINX, F5 O.GARRETT@F5.COM / A.MURPHY@F5.COM
  • 2. | ©2021 F5 2 What is your organization’s expertise with Microservices? 1. What’s a Microservice? That’s what I’m here to learn about! 2. We’re not using a Microservices architecture yet. 3. We are taking first steps to production Microservices. 4. We run both Microservices and Traditional architectures in production. 5. We are (almost) entirely a Microservices-first organization.
  • 3. | ©2021 F5 3 Microservices began in Venice Shipbuilding in Europe, c1500 Ships were built in-place, by hand, taking months to construct. The guild system provided craftsmen and maintained a monopoly of skills and training. It protected workers and created artifacts of great quality, but was slow and inefficient. Shipwrights building a brigantine, 1541
  • 4. | ©2021 F5 4 Microservices began in Venice Shipbuilding in Venice, c1500 The Venetian Arsenal was the most powerful and efficient shipbuilding enterprise in the world. It built a ship every day, with up to 100 galleys of various specification in the backlog. In 1574, King Henry of France watched the outfitting of an entire ship during his lunch… Venetian Arsenal, present day
  • 8. | ©2021 F5 8 What has this got to do with Microservices?
  • 10. | ©2021 F5 10 Microservices architecture is an approach in which a single application is composed of many loosely coupled and independently deployable smaller services. • Highly maintainable and testable • Loosely coupled • Independently deployable • Organized around business capabilities • Owned by a small team
  • 11. | ©2021 F5 11 What’s your biggest concern with microservices? 1. Training and Knowledge – the journey to production is difficult 2. In production – Logging, Visibility and Monitoring 3. In production – Security 4. In production – Scaling to large apps and multiple teams 5. None – I know what I’m doing, all is working
  • 12. | ©2021 F5 12 Modern Apps Require a Modern Architecture FROM MONOLITHIC ... ... to Dynamic Three-tier, J2EE-style architectures Complex protocols (HTML, SOAP) Persistent deployments Fixed, static Infrastructure Big-bang releases Silo’ed teams (Dev, Test, Ops) Microservices Lightweight (REST, JSON) Containers, VMs, Functions Infrastructure as Code Continuous delivery DevOps Culture From Monolithic ...
  • 13. | ©2021 F5 13 A ‘container’ takes the bare minimum needed for an application, and packages it up as a single artifact: • Runnable application code – compiled, or needing a framework • Runtime artifacts – libraries, frameworks, etc • Declaration of runtime requirements – network, storage etc What is a Container? Develop Build Package Test Deploy Operate Code Container
  • 14. | ©2021 F5 14 Kubernetes stiches together a number of servers (‘nodes’) to create a flat platform for running Containers: What is Kubernetes? Kubernetes Master API Server Scheduler Controller- Manager etcd Kubernetes Node Kubelet Kubernetes Node Kubelet Kubernetes Node Kubelet Ingress Controller Internal Network KubeProxy KubeProxy KubeProxy External Load Balancer • BIG CIS • NGINX • Cloud LB Users
  • 15. | ©2021 F5 15 Requirements for Production-Grade Kubernetes Development Operations Infrastructure Dataplane Application Dataplane Application Runtime App Code Repo CI/CD pipeline Automation Pod ModSecurity AppProtect Auth Monitoring Logging WAF Users
  • 16. | ©2021 F5 16 Operating a distributed application is hard STATIC, PREDICTABLE MONOLITH: Dynamic, Distributed App: Fast, reliable function calls Local debugging Local profiling Calendared, big-bang upgrades ‘Integration hell’ contained in dev Slow, unreliable API calls Distributed fault finding Distributed tracing In-place dynamic updates ‘Continuous integration’ live in prod More things can go wrong, it’s harder to find the faults, everything happens live Static, Predictable Monolith:
  • 17. | ©2021 F5 17 Requirements for Production-Grade Kubernetes Development Operations Infrastructure Dataplane Application Dataplane Application Runtime App Code Repo CI/CD pipeline Automation Pod ModSecurity AppProtect Auth Monitoring Logging WAF Users
  • 18. | ©2021 F5 18 Requirements for Production-Grade Kubernetes
  • 19. | ©2021 F5 19 Begin with the Ingress Controller…
  • 20. | ©2021 F5 20 What Ingress solution do you use? 1. Default Kubernetes Ingress Controller 2. Default OpenShift Router 3. NGINX’s Ingress Controller 4. F5 Container Ingress Services 5. Something else 6. Don’t know
  • 21. | ©2021 F5 21 • Accepts traffic from outside the Kubernetes platform, and load-balances it to pods (containers) running inside the platform • Configured using the Kubernetes API, with objects called ‘Ingress Resources’ • Monitors the pods running in Kubernetes, and automatically updates the load balancing rules if, for example, pods are added or removed from a service The Ingress Controller Internal Network Users Ingress Controller A specialized load balancer for Kubernetes environments:
  • 22. | ©2021 F5 22 Two Challenges at Scale Multitenancy (Teams) How can multiple teams and applications share a Container environment safely and securely? Complex Applications How can you provide the advanced capabilities that complex applications require?
  • 23. | ©2021 F5 23 Host TLS Upstreams Routes - Path Action Split Match Route ErrorPage pass redirect return proxy delegation optional Host TLS Upstreams Routes - Path Action Split Match Route ErrorPage pass redirect return proxy delegation optional NGINX Ingress Resources – Rich Capabilities Host TLS Policies Upstreams Routes - Path Policies Action Split Match Route ErrorPage pass redirect return proxy delegation VirtualServer pass redirect return proxy pass redirect return proxy Host Upstreams Subroutes - Path Policies Action Split Match ErrorPage pass redirect return proxy VirtualServerRoute NGINX server configuration NGINX http configuration Server and HTTP snippets NGINX location configuration Location snippets Policies Access Control Rate Limiting Auth (JWT, OIDC) MTLS (Ingress/Egress) App Protect WAF
  • 24. | ©2021 F5 24 Conditional Routing Split Routing Error Pages Rate Limiting Authentication Web Application Firewall NGINX Snippets Multiple versions, multiple clients A|B Testing for safe production deployment Implement ‘Circuit Breakers’ to contain failures Protect vulnerable apps, limit greedy clients Offload identity checking from apps and centralize Protect from known and unknown vulnerabilities “to-the-metal” with NGINX configuration Spotlight on Use Cases
  • 25. | ©2021 F5 25 NGINX Ingress Resources – Distributed Configuration
  • 26. | ©2021 F5 26 NGINX Ingress Resources – Distributed Configuration NetOps DevOps-FE DevOps-NG Identity DevSecOps
  • 27. | ©2021 F5 27 … but many operational challenges happen within the application
  • 28. | ©2021 F5 28 Do you use a Service Mesh in production? 1. No, and I’m not planning to use one yet 2. No, but I’m actively evaluating 3. Yes – Istio in production 4. Yes – a different mesh in prod. (perhaps share in the comments) 5. Don’t know
  • 29. | ©2021 F5 29 Where does a Service Mesh fit in? Users Ingress Controller “North-South” traffic “East-West” traffic
  • 30. | ©2021 F5 30 What Is A Service Mesh? WHAT’S MISSING IN K8S AND WHAT DO YOU REALLY WANT AND NEED FROM A MESH? Service mesh aims to improve application traffic control, observability and security for distributed systems. - The New Stack
  • 31. | ©2021 F5 31 Service Mesh controls communications between pods and external apps What Does A Service Mesh Do? Secure Traffic End-to-end encryption (Mutual TLS / mTLS), ACLs Manage All Service Traffic Load Balance, Circuit breaker, B|G, Rate Limiting… Orchestration Injection and sidecar management, K8s API integration Measure Traffic Generate transaction traces and real-time monitoring
  • 32. | ©2021 F5 32 NGINX Service Mesh Components • NGINX Service Mesh runs within a K8s cluster • Securely manages ingress/egress traffic to external services • Can be deployed in any K8s cluster platform
  • 33. | ©2021 F5 33 Mutual TLS Instrumentation Tracing Rate Limiting Traffic Splitting Access Control Egress Control Secure traffic in a zero-trust network Monitor performance, latency and availability Debug transactions and locate faults Protect vulnerable apps, limit greedy clients Implement A|B, Canary and Blue-Green upgrades Implement allow-lists to accurately govern traffic Manage and broker traffic to external services Spotlight on Use Cases
  • 34. | ©2021 F5 34 ü You have a mature, fully-automated CI/CD pipeline (GitOps-enabled) ü You are fully invested in microservices and using Kubernetes ü You are deploying frequently to production (at least once per day) ü You have a zero-trust production environment (so need mTLS) ü You need/want additional visibility of container traffic interaction When Am I Ready For A Service Mesh?
  • 36. | ©2021 F5 36 What have we learnt? Microservices is a journey, not a destination. Begin when the need to iterate and improve is high The technology choice will take you down the path of Containers and Kubernetes It’s a long journey, with separate paths for development and operations The key to a production-ready service is the ability to control the dataplane. To find out more, join NGINX on our Microservices March journey!
  • 37. | ©2021 F5 37 Where to find out more? bit.ly/microservices-march