Lead Infrastructure Engineer
Rocktavious
krockman@underarmour.com
Kyle Rockman
History Journey Q & A
Pre Kubernetes
Planned Kubernetes Migration
Kubernetes
K8S == 1.6
Service Mesh Infancy
Already Knew NGINX
ELBs & Security Groups
What we ended up with
Split Internal vs External
Allowed for Network Policies
Easy to Replicate Per Team
Traffic Flow
All Traffic flows through an ELB
Only allow internal to talk to integ namespace
Scaling this to an Enterprise
Cluster HA
Observeability
Reasons For a Service Mesh
Service Discovery/Inventory
Observe-ability
Traffic governance
Access control
Mutual TLS
Reasons to NOT use a Service Mesh
Functionally diverse environments
Structurally diverse environments
Technologically diverse environment
Areas for Improvement
Cross AZ Traffic
External OAUTH
Collapse ELB & Ingress Pod into ALB
https://slides.com/rocktavious/service-mesh/
Thanks!
By Kyle Rockman
Presentations for CNCF SMEUG about why Under Armour hasn't adopted a Service Mesh solution yet. This mainly focuses on our use of nginx ingress controller
Lead Infrastructure Engineer OpsLevel.com