Service Mesh Status Quo 2018: 2019年に向けたService Meshの現状課題の整理と考察
15 likes4,905 views
The document discusses the evolution and current state of service mesh technologies within the framework of cloud-native computing, emphasizing their role in building scalable applications across various cloud environments. It highlights how these technologies, including containers and microservices, enhance system resilience and manageability through automation and open-source projects supported by the Cloud Native Computing Foundation (CNCF). Key components such as control and data planes, along with examples like Istio and Envoy, are mentioned as integral to modern application architectures.
Service Mesh Status Quo 2018: 2019年に向けたService Meshの現状課題の整理と考察
- 1. , 2 , ,1 21 21 1, 0 , Service Mesh Status Quo 2018 2019 Service Mesh
- 3. 1970 1980 1990 2000 2010 2020
- 4. CNCF Cloud Native Definition v1.0 Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor-neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone. https://github.com/cncf/toc/blob/master/DEFINITION.md Cloud Native CNCF
- 7. Fallacies of distributed computing https://en.wikipedia.org/wiki/Fallacies_of_distributed_computing
- 9. Buoyant’s CEO William Morgan https://blog.buoyant.io/2017/04/25/whats-a-service-mesh-and-why-do-i-need-one/
- 10. Service Mesh ①
- 12. PodPodPod PodPodPod PodPodPod Service Breaker Destination Rule (Istio) https://istio.io/docs/tasks/traffic-management/circuit-breaking/ Service Mesh
- 13. Service Mesh Data Plane Control Plane Envoyproxy Blog: Service mesh data plane vs. control plane https://blog.envoyproxy.io/service-mesh-data-plane-vs-control-plane-2774e720f7fc Control Plane Data Plane Mesh Data Plane ② Control Plane Data Plane
- 17. https://www.hashicorp.com/blog/consul-1-2-service-mesh https://github.com/cncf/landscape/pull/1009 Cloud Native Computing Foundation Announces Envoy Graduation https://www.cncf.io/announcement/2018/11/28/cncf- announces-envoy-graduation/
- 19. https://trends.google.com/trends/explore?date=2017-01-01%202018-12- 17&q=Istio,Linkerd,Hashicorp%20Consul,Envoy%20Proxy ★ Star # (Dec 17, 2018) Istio 13,865 Linkerd 4,792 Linkerd2 3,004 Consul 14,319 Envoy 7,608
- 21. “ENVOY IS AN OPEN SOURCE EDGE AND SERVICE PROXY, DESIGNED FOR CLOUD-NATIVE APPLICATIONS” https://www.envoyproxy.io/ Istio • Dynamic service discovery • Load balancing • TLS termination • HTTP/2 and gRPC proxies • Circuit breakers • Health checks • Staged rollouts with %-based traffic split • Fault injection • Rich metrics
- 23. Demo Code: https://github.com/yokawasa/envoy-proxy-demos/tree/master/front-proxy
- 24. Front-envoy process Front-envoy container service3 envoy process Service3 Container service3 app process service1 envoy process Service1 Container service1 app process service2 envoy process Service2 Container service2 app process Port 80 Port 80 Port 80 8080 8080 8080 Front envoy listens on port 80
- 26. • Pilot: • Mixer: • Citadel: https://istio.io/docs/concepts/what-is-istio/
- 27. Discovery & Load Balancing round robin, random, weighted least request Traffic Splitting A/B testing, canary rollouts, staged rollouts Traffic Control Handling Failures circuit breakers, timeouts, and retries Fault Injections delays or abort Rate Limiting Distributed Tracing Collecting Logs & Metrics Service Graph Authentication Policy Mutual TLS Authentication Istio RBAC https://istio.io/docs/concepts/what-is-istio/
- 29. • Demo Code: https://github.com/istio/istio/tree/master/samples/bookinfo • Setup: https://github.com/yokawasa/azure-container-labs/blob/master/labs/aks-202-istio-top.md
- 33. Mixer Cache 5ms
- 35. • : • https://istio.io/docs/reference/config/installation-options/ • Minimal Istio Installation: • https://istio.io/docs/setup/kubernetes/minimal-install
- 37. Service Mesh Service Fabric Mesh Istio on GKE App Mesh
- 38. k8s Service Mesh Knative - https://github.com/knative/docs
- 39. •
- 46. Figure 1-1. Traditional network security architecture
- 47. • Zero Trust Control plane vs Data plane • Zero Trust Control plane • Zero Trust Data Plane: Control Plane
- 49. k8s Service Mesh