Service Mesh End User Group

Who am I

Lead Infrastructure Engineer

Rocktavious

krockman@underarmour.com

Kyle Rockman

Agenda

History
Journey
Q & A

History

History

Pre Kubernetes

History

Planned Kubernetes Migration

Kubernetes

K8S == 1.6

Service Mesh Infancy

Already Knew NGINX

ELBs & Security Groups

History

What we ended up with

Split Internal
vs External

Allowed for
Network Policies

Easy to Replicate
Per Team

History

Traffic Flow

All Traffic flows
through an ELB

Only allow internal
to talk to integ namespace

History

Scaling this to an Enterprise

History

Cluster HA

History

Observeability

Journey

Journey

Reasons For a Service Mesh

Service Discovery/Inventory

Observe-ability

Traffic governance

Access control

Mutual TLS

Journey

Reasons to NOT use a Service Mesh

Functionally diverse environments

Structurally diverse environments

Technologically diverse environment

Journey

Areas for Improvement

Cross AZ Traffic

External OAUTH

Collapse ELB & Ingress Pod into ALB

https://slides.com/rocktavious/service-mesh/

Thanks!

Sevice Mesh

By Kyle Rockman

Made with Slides.com

Sevice Mesh

Presentations for CNCF SMEUG about why Under Armour hasn't adopted a Service Mesh solution yet. This mainly focuses on our use of nginx ingress controller

  • 402

More from Kyle Rockman