Lee Calcote
Clouds, containers, functions, applications and their management.
Lee Calcote
Layer5, Founder
clouds, containers, functions, applications, and their management
layer5.io/books
First few services are relatively easy
Democratization of language and technology choice
Faster delivery, service teams running independently, rolling updates
Next 10 or so may introduce pain
Language and framework-specific libraries
Distributed environments, ephemeral infrastructure, out-moded tooling
layer5.io/landscape
Cluster Management
Host Discovery
Host Health Monitoring
Scheduling
Orchestrator Updates and Host Maintenance
Service Discovery
Networking and Load Balancing
Stateful Services
Multi-Tenant, Multi-Region
Application Health and Performance Monitoring
Application Deployments
Application Secrets
minimal capabilities required to qualify as a container orchestrator
Service meshes generally rely on these underlying layers.
Ambassador uses Envoy
Kong uses Nginx
OpenResty uses Nginx
north-south vs. east-west
• Observability
• Logging
• Metrics
• Tracing
• Traffic Control
• Resiliency
• Efficiency
• Security
• Policy
a dedicated layer for managing service-to-service communication
So, a microservices platform?
obviously.
Orchestrators don't bring all that you need
and neither do service meshes,
but they do get you closer.
Missing: application lifecycle management, but not by much
partially.
Missing: distributed debugging; provide nascent visibility (topology)
to avoid...
Bloated service code
Duplicating work to make services production-ready
Load balancing, auto scaling, rate limiting, traffic routing...
Inconsistency across services
Retry, tls, failover, deadlines, cancellation, etc., for each language, framework
Siloed implementations lead to fragmented, non-uniform policy application and difficult debugging
Diffusing responsibility of service management
what gets people hooked on service metrics
Metrics without instrumenting apps
Consistent metrics across fleet
Trace flow of requests across services
Portable across metric back-end providers
You get a metric! You get a metric! Everyone gets a metric!
© 2018 SolarWinds Worldwide, LLC. All rights reserved.
control over chaos
Timeouts and Retries with timeout budget
Control connection pool size and request load
Circuit breakers and Health checks
content-based traffic steering
Web
Service Foo
Timeout = 600ms
Retries = 3
Timeout = 300ms
Retries = 3
Timeout = 900ms
Retries = 3
Service Bar
Database
Timeout = 500ms
Retries = 3
Timeout = 300ms
Retries = 3
Timeout = 900ms
Retries = 3
Web
Service Foo
Deadline = 600ms
Deadline = 496ms
Service Bar
Database
Deadline = 428ms
Deadline=180ms
Elapsed=104ms
Elapsed=68ms
Elapsed=248ms
where Dev and Ops meet
Problem: too much infrastructure code in services
Data Plane
No control plane? Not a service mesh.
Ingress Gateway
Egress Gateway
Control Plane
Data Plane
No control plane? Not a service mesh.
Ingress Gateway
Egress Gateway
Control Plane
Data Plane
No control plane? Not a service mesh.
Ingress Gateway
Egress Gateway
Management
Plane
Reviews v1
Reviews Pod
Reviews v2
Reviews v3
Product Pod
Details Container
Details Pod
Ratings Container
Ratings Pod
Product Container
Reviews Service
Ratings Service
Details Service
Product Service
Reviews v1
Reviews Pod
Reviews v2
Reviews v3
Product Pod
Details Container
Details Pod
Ratings Container
Ratings Pod
Product Container
Envoy sidecar
Envoy sidecar
Envoy sidecar
Envoy sidecar
Envoy sidecar
Reviews Service
Enovy sidecar
Envoy ingress
Product Service
Ratings Service
Details Service
Pilot
Citadel
Mixer
Control Plane
Data Plane
istio-system namespace
policy check
Foo Pod
Proxy Sidecar
Service Foo
tls certs
discovery & config
Foo Container
Bar Pod
Proxy Sidecar
Service Bar
Bar Container
Out-of-band telemetry propagation
telemetry
reports
Control flow during request processing
application traffic
Application traffic
application namespace
telemetry reports
Galley
Ingress Gateway
Egress Gateway
Control Plane
Data Plane
linkerd-system namespace
Foo Pod
Proxy Sidecar
Service Foo
Foo Container
Bar Pod
Proxy Sidecar
Service Bar
Bar Container
Out-of-band telemetry propagation
telemetry
scarping
Control flow during request processing
application traffic
Application traffic
application namespace
telemetry scraping
destination
Prometheus
Grafana
tap
dashboard
CLI
proxy-api
public-api
at
Consider an organization that has a thousand existing services running on VMs (external to the service mesh) that have little to no service-to-service traffic.
Nearly all traffic flows from client to the service and back to client.
This organization can deploy a service mesh ingress (e.g. Istio Gateway) and begin gaining granular traffic control (e.g path rewrites) and detailed service monitoring without immediately deploying a thousand sidecars.
Playground
WHICH SERVICE MESH SHOULD I USE AND HOW DO I GET STARTED?
Learn about the functionality of different service meshes and visually manipulate mesh configuration.
Performance Benchmark
WHAT OVERHEAD DOES BEING ON THE SERVICE MESH INCUR?
Benchmark the performance of your application across different service meshes and compare their overhead.
layer5.io/meshery
@lcalcote
a multi-service mesh performance benchmark and playground
Istio
Linkerd
Octarine
NSM
App Mesh
@lcalcote
results coming forthcoming at KubeCon EU...
Consul
Up next...
(service meshes contributing adapters)
Kubernetes
(no mesh)
Demo
@lcalcote
layer5.io/meshery
Cores | Threads | Istio (2) | Linkerd |
---|---|---|---|
8 | 8 | 1 | 1 |
8 | 16 | 1.7 | 1.8 |
8 | 32 | 3.2 | 3.4 |
8 | 100 | 9.3 | 9.6 |
(2) mTLS on, tracing off
@lcalcote
layer5.io/meshery
Cores | Threads | Istio (1) | Istio (2) | Linkerd |
---|---|---|---|---|
8 | 8 | 1 | 1 | 1 |
8 | 16 | 1.4 | 1.7 | 1.8 |
8 | 32 | 18.4 | 3.2 | 3.4 |
8 | 100 | 52.2 | 9.3 | 9.6 |
(1) mTLS on, tracing on
(2) mTLS on, tracing off
Mixer
Control Plane
Data Plane
istio-system namespace
Foo Pod
Proxy sidecar
Service Foo
Foo Container
Out-of-band telemetry propagation
Control flow during request processing
application traffic
application traffic
application namespace
telemetry reports
an attribute processing engine
@lcalcote
layer5.io/meshery
@lcalcote
layer5.io/meshery
@lcalcote
layer5.io/meshery
A project and vendor-neutral specification for capturing details of:
Environment / Infrastructure
Number and size of nodes, orchestrator
Service mesh and its configuration
Service / application details
Bundled with test results.
github.com/layer5io/service-mesh-benchmark-spec
@lcalcote
layer5.io/meshery
@lcalcote
layer5.io/meshery
By Lee Calcote
Presented at Cloud Native Rejekts 2019
Clouds, containers, functions, applications and their management.