Lead Infrastructure Engineer
Rocktavious
krockman@underarmour.com
Kyle Rockman
History
Journey
Q & A
Pre Kubernetes
Planned Kubernetes Migration
Kubernetes
K8S == 1.6
Service Mesh Infancy
Already Knew NGINX
ELBs & Security Groups
What we ended up with
Split Internal
vs External
Allowed for
Network Policies
Easy to Replicate
Per Team
Traffic Flow
All Traffic flows
through an ELB
Only allow internal
to talk to integ namespace
Scaling this to an Enterprise
Cluster HA
Observeability
Reasons For a Service Mesh
Service Discovery/Inventory
Observe-ability
Traffic governance
Access control
Mutual TLS
Reasons to NOT use a Service Mesh
Functionally diverse environments
Structurally diverse environments
Technologically diverse environment
Areas for Improvement
Cross AZ Traffic
External OAUTH
Collapse ELB & Ingress Pod into ALB
https://slides.com/rocktavious/service-mesh/
Thanks!