Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Service Mesh Status Quo 2018: 2019年に向けたService Meshの現状課題の整理と考察

3.164 visualizaciones

Publicado el

Slides for Presentation at Container X‘mas Party, Dec 2018
Title: Service Mesh Status Quo 2018 - 2019年に向けたService Meshの現状課題の整理と考察
https://flexy.connpass.com/event/110839/

Publicado en: Tecnología
  • Sé el primero en comentar

Service Mesh Status Quo 2018: 2019年に向けたService Meshの現状課題の整理と考察

  1. 1. , 2 , ,1 21 21 1, 0 , Service Mesh Status Quo 2018 2019 Service Mesh
  2. 2. 1970 1980 1990 2000 2010 2020
  3. 3. CNCF Cloud Native Definition v1.0 Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor-neutral projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone. https://github.com/cncf/toc/blob/master/DEFINITION.md Cloud Native CNCF
  4. 4. Fallacies of distributed computing https://en.wikipedia.org/wiki/Fallacies_of_distributed_computing
  5. 5. Buoyant’s CEO William Morgan https://blog.buoyant.io/2017/04/25/whats-a-service-mesh-and-why-do-i-need-one/
  6. 6. Service Mesh ①
  7. 7. PodPodPod https://docs.microsoft.com/ja-jp/dotnet/standard/microservices- architecture/implement-resilient-applications/implement-circuit-breaker-pattern PodPodPod PodPodPod
  8. 8. PodPodPod PodPodPod PodPodPod Service Breaker Destination Rule (Istio) https://istio.io/docs/tasks/traffic-management/circuit-breaking/ Service Mesh
  9. 9. Service Mesh Data Plane Control Plane Envoyproxy Blog: Service mesh data plane vs. control plane https://blog.envoyproxy.io/service-mesh-data-plane-vs-control-plane-2774e720f7fc Control Plane Data Plane Mesh Data Plane ② Control Plane Data Plane
  10. 10. Service Mesh https://github.com/istio/istio https://github.com/linkerd/linkerd https://github.com/runconduit/conduit https://www.consul.io/ https://www.envoyproxy.io/
  11. 11. https://twitter.com/IstioMesh/status/1024339027531624451
  12. 12. https://blog.linkerd.io/2018/09/18/announcing-linkerd-2-0/ https://github.com/linkerd/linkerd/issues/2018
  13. 13. https://www.hashicorp.com/blog/consul-1-2-service-mesh https://github.com/cncf/landscape/pull/1009 Cloud Native Computing Foundation Announces Envoy Graduation https://www.cncf.io/announcement/2018/11/28/cncf- announces-envoy-graduation/
  14. 14. https://kubedex.com/istio-vs-linkerd-vs-linkerd2-vs-consul/ https://docs.google.com/spreadsheets/d/1OBaKrwR030G39i0n_47i-hzcFJ966bJjGArXVKX39_k/
  15. 15. https://trends.google.com/trends/explore?date=2017-01-01%202018-12- 17&q=Istio,Linkerd,Hashicorp%20Consul,Envoy%20Proxy ★ Star # (Dec 17, 2018) Istio 13,865 Linkerd 4,792 Linkerd2 3,004 Consul 14,319 Envoy 7,608
  16. 16. “ENVOY IS AN OPEN SOURCE EDGE AND SERVICE PROXY, DESIGNED FOR CLOUD-NATIVE APPLICATIONS” https://www.envoyproxy.io/ Istio • Dynamic service discovery • Load balancing • TLS termination • HTTP/2 and gRPC proxies • Circuit breakers • Health checks • Staged rollouts with %-based traffic split • Fault injection • Rich metrics
  17. 17. https://techlife.cookpad.com/entry/2018/05/08/080000 KubeCon 2018 Seattle https://envoyconna18.sched.com/event/HDdu/building-operating-a-service-mesh-at-a-mid-size-company-taiki-ono-cookpad-inc
  18. 18. Demo Code: https://github.com/yokawasa/envoy-proxy-demos/tree/master/front-proxy
  19. 19. Front-envoy process Front-envoy container service3 envoy process Service3 Container service3 app process service1 envoy process Service1 Container service1 app process service2 envoy process Service2 Container service2 app process Port 80 Port 80 Port 80 8080 8080 8080 Front envoy listens on port 80
  20. 20. https://istio.io
  21. 21. • Pilot: • Mixer: • Citadel: https://istio.io/docs/concepts/what-is-istio/
  22. 22. Discovery & Load Balancing round robin, random, weighted least request Traffic Splitting A/B testing, canary rollouts, staged rollouts Traffic Control Handling Failures circuit breakers, timeouts, and retries Fault Injections delays or abort Rate Limiting Distributed Tracing Collecting Logs & Metrics Service Graph Authentication Policy Mutual TLS Authentication Istio RBAC https://istio.io/docs/concepts/what-is-istio/
  23. 23. https://www.slideshare.net/yokawasa/istio-114360124
  24. 24. • Demo Code: https://github.com/istio/istio/tree/master/samples/bookinfo • Setup: https://github.com/yokawasa/azure-container-labs/blob/master/labs/aks-202-istio-top.md
  25. 25. Product page Mixer Pilot Citadel Ingress gateway Review V1 Review V2 Review V3 Ratings Details
  26. 26. https://github.com/istio/istio/tree/master/tools
  27. 27. Mixer Cache 5ms
  28. 28. Istio Proxy 10ms Proxy Mixer
  29. 29. • : • https://istio.io/docs/reference/config/installation-options/ • Minimal Istio Installation: • https://istio.io/docs/setup/kubernetes/minimal-install
  30. 30. Service Mesh Service Fabric Mesh Istio on GKE App Mesh
  31. 31. k8s Service Mesh Knative - https://github.com/knative/docs
  32. 32.
  33. 33. https://istio.io/docs/concepts/security/
  34. 34. Istio multicluster
  35. 35. Figure 1-1. Traditional network security architecture
  36. 36. • Zero Trust Control plane vs Data plane • Zero Trust Control plane • Zero Trust Data Plane: Control Plane
  37. 37. k8s Service Mesh
  38. 38. https://www.slideshare.net/hiromasaoka/noops-125109991

×