SlideShare une entreprise Scribd logo

Service Mesh in Practice

Ballerina
Ballerina

One of the most complex challenges in realizing microservice architecture is not building the services themselves, but building and governing the communication between services. Most microservices developers have to take care of complex inter-service communication logic as part of their service development. Service Mesh has emerged as a solution to overcome the challenges that we have in microservices communication. Since most of the inter-service communication requirements are quite generic across all microservices implementations, we can think about offloading all such tasks to a different layer, so that we can keep the service code independent. This presentation will discuss the following: 1) Why we need a Service Mesh? 2) Fundamentals of Service Mesh 3) Introduction to Istio 4) What's new in Istio 1.0. 5) Seamless integration of Ballerina and Istio

Logiciels
1  sur  25
Télécharger pour lire hors ligne
Service Mesh in Practice KASUN INDRASIRI Director – Integration Architecture, WSO2 DAVID MUNRO Product Manager – Istio, Google
Introduction to Service Mesh
Why Do We Need Service Mesh? ○ Microservices/cloud native applications are connected via network calls ○ Building inter-service communication is the hardest thing in realizing the microservices architecture ○ Decentralized architecture → No central point of governance
From ESB to Smart Endpoints and Dumb Pipes ○ Centralized ESB layer provides integration and network communication and governance capabilities Virtual Service 1 Service A Virtual Service 2 Virtual Service 3 Service B Service C Service D ESB Consumers
From ESB to Smart Endpoints and Dumb Pipes ○ Microservices code has to take care of all network communication and governance of services Microservice X Microservice P Microservice Y Microservice z Microservice Q Microservice R Microservice S Java Consumers Node.js Go
Composition of a Microservice ○ Microservices comprise of the business logic and the network communication logic Business Logic Network Stack Microservice A Network Stack Business Logic Network Functions Network Functions Microservice B
Key Components of a Service Mesh Microservice A Network Stack Sidecar Microservice B Network Stack Sidecar Control Plane HTTP1.x, HTTP2, gRPC, TCP Application Network Functions Business Logic Primitive Network Functions Data Plane
Key Functionalities ○ Resilient inter-service communications: Circuit breaker, retry, timeout, etc. ○ Routing ○ Service discovery ○ Observability ○ Security ○ Multi protocols support - HTTP/s, gRPC
Istio Overview
Securing service traffic Operational agility Uniform observability Istio Value Proposition
Architectural components Pilot: Control plane to configure and push service communication policies. Envoy: Network proxy to intercept communication and apply policies. Mixer: Policy enforcement with a flexible plugin model for providers for a policy. Citadel: Service-to-service auth[n,z] using mutual TLS, with built-in identity and credential management. Istio Security Pilot Mixer Control Plane API Service A Service B proxy proxy HTTP/1.1, HTTP/2, gRPC or TCP -- with or without mTLS Config data to Envoys TLS certs to Envoys Policy checks, telemetry
○ Enable mTLS for authentication and encryption. ○ Authorize access based on service identity or any channel attribute. ○ Configure finer grained RPC-level access control for REST and gRPC. What can you do with Istio security?
Why do we support mTLS via Istio? Policy driven encryption in transit with no code changes … but that’s only the obvious value …..
… the real value is strong authentication Logging Shared Service (compromised) Order Processing Service Credit Card Info Service Channel bound identity Channel bound identity Order processing identity cannot be replayed ○ Peers are authenticated using non-replayable service identities bound to the TLS channel. ○ Similar to ALTS, Istio strongly authenticates the workload identity and not the host. ○ End user or application level identity is propagated as a bearer token across service “hops”.
Mixer: send metrics where you want them frontend proxy API: /pictures Latency: 10ms Status Code: 503 src: 10.0.0.1 dst: 10.0.0.2 Mixer AdaptersMixer Mixer has an open API and a pluggable architecture: send telemetry, logs and traces to your system of choice Input policy from your choice of policy source
Pilot: configuring the data plane Pilot pushes service registry info and all routing rules to Envoy proxies -- sidecars and ingress Service A Service B proxy proxy Routing and load balancing config to Envoys Pilot
How does Istio help? With Istio, you can control traffic by routing // A simple traffic splitting rule destination: serviceB.example.cluster.local match: source: serviceA.example.cluster.local route: - tags: version: v1 env: us-prod weight: 90 - tags: version: v2 env: us-staging weight: 10
Ballerina and Istio
Ballerina with Istio ○ Seamlessly integrates with Istio Metrics (Prometheus & Grafana) Tracing (Jaeger) Client Envoy (sidecar proxy) Pilot Mixer Istio Auth Istio Control Plane Time-Service
Ballerina Service for Istio ... import ballerinax/kubernetes; @kubernetes:Service { serviceType:"NodePort", name:"ballerina-time-service" } endpoint http:Listener listener { port:9095 }; @kubernetes:Deployment { image: "ballerina-time-service", name: "ballerina-time-service", singleYAML:true } @http:ServiceConfig {basePath:"/localtime"} service<http:Service> time bind listener { @http:ResourceConfig{ path: "/", methods: ["GET"] } getTime (endpoint caller, http:Request request) { _ = caller -> respond(response); ... ○ Add Kubernetes deployment and service annotation $build time_service.bal ○ Manual sidecar injection $istioctl kube-inject -f time_service.yaml -o time_service_istio.yaml ○ Deploy $kubectrl apply -f time_service_istio.yaml
Ballerina without Service Mesh ○ Ballerina has inbuilt capabilities to facilitate: ○ Resilient inter-service communication ○ Observability: Metrics, tracing, logging ○ Security: TLS, OAuth, JWT ○ Multi-protocol support: HTTP1/2, gRPC, AMQP, Kafka ○ Service discovery
Ballerina without Service Mesh - When? ○ You are not using a Service Mesh ○ Asynchronous event-driven messaging ○ Business logic depends on the network functions
Summary ○ Service mesh reduces the complexity of inter-service communication and governance of those interactions. ○ Business logic shouldn’t be part of service mesh. ○ Istio overview. ○ Ballerina can work with or without service mesh.
Q & A
THANK YOU

Recommandé

Cloud and the Future of Networked Systems
Cloud and the Future of Networked SystemsCloud and the Future of Networked Systems
Cloud and the Future of Networked Systems
James Urquhart
 
Service mesh
Service meshService mesh
Service mesh
Arnab Mitra
 
Service mesh on Kubernetes - Istio 101
Service mesh on Kubernetes - Istio 101Service mesh on Kubernetes - Istio 101
Service mesh on Kubernetes - Istio 101
Huy Vo
 
The Service Mesh: It's about Traffic
The Service Mesh: It's about TrafficThe Service Mesh: It's about Traffic
The Service Mesh: It's about Traffic
C4Media
 
Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service Mesh
Natanael Fonseca
 
The Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data PlaneThe Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data Plane
Christian Posta
 
Istio a service mesh
Istio a service meshIstio a service mesh
Istio a service mesh
Chandresh Pancholi
 
O'Reilly 2017: "Introduction to Service Meshes"
O'Reilly 2017: "Introduction to Service Meshes"O'Reilly 2017: "Introduction to Service Meshes"
O'Reilly 2017: "Introduction to Service Meshes"
Daniel Bryant
 

Recommandé

Cloud and the Future of Networked Systems
Cloud and the Future of Networked SystemsCloud and the Future of Networked Systems
Cloud and the Future of Networked Systems
James Urquhart
 
Service mesh
Service meshService mesh
Service mesh
Arnab Mitra
 
Service mesh on Kubernetes - Istio 101
Service mesh on Kubernetes - Istio 101Service mesh on Kubernetes - Istio 101
Service mesh on Kubernetes - Istio 101
Huy Vo
 
The Service Mesh: It's about Traffic
The Service Mesh: It's about TrafficThe Service Mesh: It's about Traffic
The Service Mesh: It's about Traffic
C4Media
 
Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service Mesh
Natanael Fonseca
 
The Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data PlaneThe Truth About the Service Mesh Data Plane
The Truth About the Service Mesh Data Plane
Christian Posta
 
Istio a service mesh
Istio a service meshIstio a service mesh
Istio a service mesh
Chandresh Pancholi
 
O'Reilly 2017: "Introduction to Service Meshes"
O'Reilly 2017: "Introduction to Service Meshes"O'Reilly 2017: "Introduction to Service Meshes"
O'Reilly 2017: "Introduction to Service Meshes"
Daniel Bryant
 
linkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service Meshlinkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service Mesh
Dario Simonetti
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service Mesh
Rafik HARABI
 
Service Mesh 101 - Digging into your service
Service Mesh 101 - Digging into your service Service Mesh 101 - Digging into your service
Service Mesh 101 - Digging into your service
Huynh Thai Bao
 
Evolution At The Edge
Evolution At The EdgeEvolution At The Edge
Evolution At The Edge
Christian Koch
 
Introduction to Istio on Kubernetes
Introduction to Istio on KubernetesIntroduction to Istio on Kubernetes
Introduction to Istio on Kubernetes
Jonh Wendell
 
Microservices with Spring Cloud
Microservices with Spring CloudMicroservices with Spring Cloud
Microservices with Spring Cloud
Wilder Rodrigues
 
Elastic Connectivity - Session Sponsored by Megaport
Elastic Connectivity - Session Sponsored by Megaport Elastic Connectivity - Session Sponsored by Megaport
Elastic Connectivity - Session Sponsored by Megaport
Amazon Web Services
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
Christian Posta
 
AWS Summit Sydney 2014 | Network-as-a-Service - Session Sponsored by Megaport
AWS Summit Sydney 2014 | Network-as-a-Service - Session Sponsored by MegaportAWS Summit Sydney 2014 | Network-as-a-Service - Session Sponsored by Megaport
AWS Summit Sydney 2014 | Network-as-a-Service - Session Sponsored by Megaport
Amazon Web Services
 
Elastic Connectivity - Session Sponsored by Megaport
Elastic Connectivity - Session Sponsored by MegaportElastic Connectivity - Session Sponsored by Megaport
Elastic Connectivity - Session Sponsored by Megaport
Amazon Web Services
 
API World: The service-mesh landscape
API World: The service-mesh landscapeAPI World: The service-mesh landscape
API World: The service-mesh landscape
Christian Posta
 
Service mesh in action with onap
Service mesh in action with onapService mesh in action with onap
Service mesh in action with onap
Huabing Zhao
 
istio: service mesh for all
istio: service mesh for allistio: service mesh for all
istio: service mesh for all
Mandar Jog
 
Intro to Service Meshes & Progressive Delivery (WOUG)
Intro to Service Meshes & Progressive Delivery (WOUG) Intro to Service Meshes & Progressive Delivery (WOUG)
Intro to Service Meshes & Progressive Delivery (WOUG)
Weaveworks
 
Istio By Example (extended version)
Istio By Example (extended version)Istio By Example (extended version)
Istio By Example (extended version)
Josef Adersberger
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh Landscape
Christian Posta
 
Service mesh with istio
Service mesh with istioService mesh with istio
Service mesh with istio
WisnuPrabowo20
 
State of Packet Optical Integration
State of Packet Optical IntegrationState of Packet Optical Integration
State of Packet Optical Integration
Colt Technology Services
 
Rina2020 taps rina-ocarina (1)
Rina2020 taps rina-ocarina (1)Rina2020 taps rina-ocarina (1)
Rina2020 taps rina-ocarina (1)
Eduard Grasa
 
Communication in a Microservice Architecture
Communication in a Microservice ArchitectureCommunication in a Microservice Architecture
Communication in a Microservice Architecture
Per Bernhardt
 
Introduction to Istio for APIs and Microservices meetup
Introduction to Istio for APIs and Microservices meetupIntroduction to Istio for APIs and Microservices meetup
Introduction to Istio for APIs and Microservices meetup
Daniel Ciruli
 
Api observability
Api observability Api observability
Api observability
Luca Mattia Ferrari
 

Contenu connexe

Tendances

Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service Mesh
Rafik HARABI
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
Christian Posta
 

Tendances (20)

linkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service Meshlinkerd: The Cloud Native Service Mesh
linkerd: The Cloud Native Service Mesh
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service Mesh
 
Service Mesh 101 - Digging into your service
Service Mesh 101 - Digging into your service Service Mesh 101 - Digging into your service
Service Mesh 101 - Digging into your service
 
Evolution At The Edge
Evolution At The EdgeEvolution At The Edge
Evolution At The Edge
 
Introduction to Istio on Kubernetes
Introduction to Istio on KubernetesIntroduction to Istio on Kubernetes
Introduction to Istio on Kubernetes
 
Microservices with Spring Cloud
Microservices with Spring CloudMicroservices with Spring Cloud
Microservices with Spring Cloud
 
Elastic Connectivity - Session Sponsored by Megaport
Elastic Connectivity - Session Sponsored by Megaport Elastic Connectivity - Session Sponsored by Megaport
Elastic Connectivity - Session Sponsored by Megaport
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
 
AWS Summit Sydney 2014 | Network-as-a-Service - Session Sponsored by Megaport
AWS Summit Sydney 2014 | Network-as-a-Service - Session Sponsored by MegaportAWS Summit Sydney 2014 | Network-as-a-Service - Session Sponsored by Megaport
AWS Summit Sydney 2014 | Network-as-a-Service - Session Sponsored by Megaport
 
Elastic Connectivity - Session Sponsored by Megaport
Elastic Connectivity - Session Sponsored by MegaportElastic Connectivity - Session Sponsored by Megaport
Elastic Connectivity - Session Sponsored by Megaport
 
API World: The service-mesh landscape
API World: The service-mesh landscapeAPI World: The service-mesh landscape
API World: The service-mesh landscape
 
Service mesh in action with onap
Service mesh in action with onapService mesh in action with onap
Service mesh in action with onap
 
istio: service mesh for all
istio: service mesh for allistio: service mesh for all
istio: service mesh for all
 
Intro to Service Meshes & Progressive Delivery (WOUG)
Intro to Service Meshes & Progressive Delivery (WOUG) Intro to Service Meshes & Progressive Delivery (WOUG)
Intro to Service Meshes & Progressive Delivery (WOUG)
 
Istio By Example (extended version)
Istio By Example (extended version)Istio By Example (extended version)
Istio By Example (extended version)
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh Landscape
 
Service mesh with istio
Service mesh with istioService mesh with istio
Service mesh with istio
 
State of Packet Optical Integration
State of Packet Optical IntegrationState of Packet Optical Integration
State of Packet Optical Integration
 
Rina2020 taps rina-ocarina (1)
Rina2020 taps rina-ocarina (1)Rina2020 taps rina-ocarina (1)
Rina2020 taps rina-ocarina (1)
 
Communication in a Microservice Architecture
Communication in a Microservice ArchitectureCommunication in a Microservice Architecture
Communication in a Microservice Architecture
 

Similaire à Service Mesh in Practice

Building a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istioBuilding a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istio
SAMIR BEHARA
 
Consul: Service Mesh for Microservices
Consul: Service Mesh for MicroservicesConsul: Service Mesh for Microservices
Consul: Service Mesh for Microservices
ArmonDadgar
 

Similaire à Service Mesh in Practice (20)

Introduction to Istio for APIs and Microservices meetup
Introduction to Istio for APIs and Microservices meetupIntroduction to Istio for APIs and Microservices meetup
Introduction to Istio for APIs and Microservices meetup
 
Api observability
Api observability Api observability
Api observability
 
Introduction to Istio Service Mesh
Introduction to Istio Service MeshIntroduction to Istio Service Mesh
Introduction to Istio Service Mesh
 
Building a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istioBuilding a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istio
 
Open Source Networking Days- Service Mesh
Open Source Networking Days- Service MeshOpen Source Networking Days- Service Mesh
Open Source Networking Days- Service Mesh
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019
 
Api service mesh and microservice tooling
Api service mesh and microservice toolingApi service mesh and microservice tooling
Api service mesh and microservice tooling
 
Consul: Service Mesh for Microservices
Consul: Service Mesh for MicroservicesConsul: Service Mesh for Microservices
Consul: Service Mesh for Microservices
 
All About Microservices and OpenSource Microservice Frameworks
All About Microservices and OpenSource Microservice FrameworksAll About Microservices and OpenSource Microservice Frameworks
All About Microservices and OpenSource Microservice Frameworks
 
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
 
Service Mesh For Beginner
Service Mesh For BeginnerService Mesh For Beginner
Service Mesh For Beginner
 
Dev conf .in cloud native reference architecture .advance
Dev conf .in cloud native reference architecture .advanceDev conf .in cloud native reference architecture .advance
Dev conf .in cloud native reference architecture .advance
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
 
Microservice Powered Orchestration
Microservice Powered OrchestrationMicroservice Powered Orchestration
Microservice Powered Orchestration
 
Consul Connect - EPAM SEC - 22nd september 2018
Consul Connect - EPAM SEC - 22nd september 2018Consul Connect - EPAM SEC - 22nd september 2018
Consul Connect - EPAM SEC - 22nd september 2018
 
2019 devoxx - apis, microservices, et le service mesh
2019 devoxx - apis, microservices, et le service mesh2019 devoxx - apis, microservices, et le service mesh
2019 devoxx - apis, microservices, et le service mesh
 
Microservices with Spring Cloud and Netflix OSS
Microservices with Spring Cloud and Netflix OSSMicroservices with Spring Cloud and Netflix OSS
Microservices with Spring Cloud and Netflix OSS
 
Getting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulGetting Started with Kubernetes and Consul
Getting Started with Kubernetes and Consul
 
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
 
Complete Architecture and Development Guide To Windows Communication Foundati...
Complete Architecture and Development Guide To Windows Communication Foundati...Complete Architecture and Development Guide To Windows Communication Foundati...
Complete Architecture and Development Guide To Windows Communication Foundati...
 

Plus de Ballerina

Role of Integration and Service Mesh in Cloud Native Architecture KubeCon 2108
Role of Integration and Service Mesh in Cloud Native Architecture KubeCon 2108Role of Integration and Service Mesh in Cloud Native Architecture KubeCon 2108
Role of Integration and Service Mesh in Cloud Native Architecture KubeCon 2108
Ballerina
 
Service resiliency in microservices
Service resiliency in microservicesService resiliency in microservices
Service resiliency in microservices
Ballerina
 
Writing microservices
Writing microservicesWriting microservices
Writing microservices
Ballerina
 
Ballerina philosophy
Ballerina philosophy Ballerina philosophy
Ballerina philosophy
Ballerina
 
Writing services in Ballerina_Ballerina Day CMB 2018
Writing services in Ballerina_Ballerina Day CMB 2018Writing services in Ballerina_Ballerina Day CMB 2018
Writing services in Ballerina_Ballerina Day CMB 2018
Ballerina
 
Resiliency & Security_Ballerina Day CMB 2018
Resiliency & Security_Ballerina Day CMB 2018 Resiliency & Security_Ballerina Day CMB 2018
Resiliency & Security_Ballerina Day CMB 2018
Ballerina
 
Secure by Design Microservices & Integrations
Secure by Design Microservices & IntegrationsSecure by Design Microservices & Integrations
Secure by Design Microservices & Integrations
Ballerina
 

Plus de Ballerina (20)

Role of Integration and Service Mesh in Cloud Native Architecture KubeCon 2108
Role of Integration and Service Mesh in Cloud Native Architecture KubeCon 2108Role of Integration and Service Mesh in Cloud Native Architecture KubeCon 2108
Role of Integration and Service Mesh in Cloud Native Architecture KubeCon 2108
 
Ballerina in the Real World: Motorola_KubeCon 2018
Ballerina in the Real World: Motorola_KubeCon 2018Ballerina in the Real World: Motorola_KubeCon 2018
Ballerina in the Real World: Motorola_KubeCon 2018
 
Ballerina integration with Azure cloud services_KubeCon 2018
Ballerina integration with Azure cloud services_KubeCon 2018Ballerina integration with Azure cloud services_KubeCon 2018
Ballerina integration with Azure cloud services_KubeCon 2018
 
Ballerina is not Java_KubeCon 2108
Ballerina is not Java_KubeCon 2108Ballerina is not Java_KubeCon 2108
Ballerina is not Java_KubeCon 2108
 
Microservice Integration from Dev to Production_KubeCon2018
Microservice Integration from Dev to Production_KubeCon2018Microservice Integration from Dev to Production_KubeCon2018
Microservice Integration from Dev to Production_KubeCon2018
 
Building a Microgateway in Ballerina_KubeCon 2108
Building a Microgateway in Ballerina_KubeCon 2108Building a Microgateway in Ballerina_KubeCon 2108
Building a Microgateway in Ballerina_KubeCon 2108
 
Ballerina ecosystem
Ballerina ecosystemBallerina ecosystem
Ballerina ecosystem
 
Orchestrating microservices with docker and kubernetes
Orchestrating microservices with docker and kubernetesOrchestrating microservices with docker and kubernetes
Orchestrating microservices with docker and kubernetes
 
Data integration
Data integrationData integration
Data integration
 
Service resiliency in microservices
Service resiliency in microservicesService resiliency in microservices
Service resiliency in microservices
 
Microservices integration
Microservices integration Microservices integration
Microservices integration
 
Writing microservices
Writing microservicesWriting microservices
Writing microservices
 
Ballerina philosophy
Ballerina philosophy Ballerina philosophy
Ballerina philosophy
 
Ballerina: Cloud Native Programming Language
Ballerina: Cloud Native Programming Language Ballerina: Cloud Native Programming Language
Ballerina: Cloud Native Programming Language
 
Writing services in Ballerina_Ballerina Day CMB 2018
Writing services in Ballerina_Ballerina Day CMB 2018Writing services in Ballerina_Ballerina Day CMB 2018
Writing services in Ballerina_Ballerina Day CMB 2018
 
Resiliency & Security_Ballerina Day CMB 2018
Resiliency & Security_Ballerina Day CMB 2018 Resiliency & Security_Ballerina Day CMB 2018
Resiliency & Security_Ballerina Day CMB 2018
 
Stream Processing with Ballerina
Stream Processing with BallerinaStream Processing with Ballerina
Stream Processing with Ballerina
 
Secure by Design Microservices & Integrations
Secure by Design Microservices & IntegrationsSecure by Design Microservices & Integrations
Secure by Design Microservices & Integrations
 
Observability with Ballerina
Observability with BallerinaObservability with Ballerina
Observability with Ballerina
 
Serverless Ballerina
Serverless BallerinaServerless Ballerina
Serverless Ballerina
 

Dernier

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
software pro Development
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Dernier (20)

A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 

Service Mesh in Practice

  • 1. Service Mesh in Practice KASUN INDRASIRI Director – Integration Architecture, WSO2 DAVID MUNRO Product Manager – Istio, Google
  • 3. Why Do We Need Service Mesh? ○ Microservices/cloud native applications are connected via network calls ○ Building inter-service communication is the hardest thing in realizing the microservices architecture ○ Decentralized architecture → No central point of governance
  • 4. From ESB to Smart Endpoints and Dumb Pipes ○ Centralized ESB layer provides integration and network communication and governance capabilities Virtual Service 1 Service A Virtual Service 2 Virtual Service 3 Service B Service C Service D ESB Consumers
  • 5. From ESB to Smart Endpoints and Dumb Pipes ○ Microservices code has to take care of all network communication and governance of services Microservice X Microservice P Microservice Y Microservice z Microservice Q Microservice R Microservice S Java Consumers Node.js Go
  • 6. Composition of a Microservice ○ Microservices comprise of the business logic and the network communication logic Business Logic Network Stack Microservice A Network Stack Business Logic Network Functions Network Functions Microservice B
  • 7. Key Components of a Service Mesh Microservice A Network Stack Sidecar Microservice B Network Stack Sidecar Control Plane HTTP1.x, HTTP2, gRPC, TCP Application Network Functions Business Logic Primitive Network Functions Data Plane
  • 8. Key Functionalities ○ Resilient inter-service communications: Circuit breaker, retry, timeout, etc. ○ Routing ○ Service discovery ○ Observability ○ Security ○ Multi protocols support - HTTP/s, gRPC
  • 11. Architectural components Pilot: Control plane to configure and push service communication policies. Envoy: Network proxy to intercept communication and apply policies. Mixer: Policy enforcement with a flexible plugin model for providers for a policy. Citadel: Service-to-service auth[n,z] using mutual TLS, with built-in identity and credential management. Istio Security Pilot Mixer Control Plane API Service A Service B proxy proxy HTTP/1.1, HTTP/2, gRPC or TCP -- with or without mTLS Config data to Envoys TLS certs to Envoys Policy checks, telemetry
  • 12. ○ Enable mTLS for authentication and encryption. ○ Authorize access based on service identity or any channel attribute. ○ Configure finer grained RPC-level access control for REST and gRPC. What can you do with Istio security?
  • 13. Why do we support mTLS via Istio? Policy driven encryption in transit with no code changes … but that’s only the obvious value …..
  • 14. … the real value is strong authentication Logging Shared Service (compromised) Order Processing Service Credit Card Info Service Channel bound identity Channel bound identity Order processing identity cannot be replayed ○ Peers are authenticated using non-replayable service identities bound to the TLS channel. ○ Similar to ALTS, Istio strongly authenticates the workload identity and not the host. ○ End user or application level identity is propagated as a bearer token across service “hops”.
  • 15. Mixer: send metrics where you want them frontend proxy API: /pictures Latency: 10ms Status Code: 503 src: 10.0.0.1 dst: 10.0.0.2 Mixer AdaptersMixer Mixer has an open API and a pluggable architecture: send telemetry, logs and traces to your system of choice Input policy from your choice of policy source
  • 16. Pilot: configuring the data plane Pilot pushes service registry info and all routing rules to Envoy proxies -- sidecars and ingress Service A Service B proxy proxy Routing and load balancing config to Envoys Pilot
  • 17. How does Istio help? With Istio, you can control traffic by routing // A simple traffic splitting rule destination: serviceB.example.cluster.local match: source: serviceA.example.cluster.local route: - tags: version: v1 env: us-prod weight: 90 - tags: version: v2 env: us-staging weight: 10
  • 19. Ballerina with Istio ○ Seamlessly integrates with Istio Metrics (Prometheus & Grafana) Tracing (Jaeger) Client Envoy (sidecar proxy) Pilot Mixer Istio Auth Istio Control Plane Time-Service
  • 20. Ballerina Service for Istio ... import ballerinax/kubernetes; @kubernetes:Service { serviceType:"NodePort", name:"ballerina-time-service" } endpoint http:Listener listener { port:9095 }; @kubernetes:Deployment { image: "ballerina-time-service", name: "ballerina-time-service", singleYAML:true } @http:ServiceConfig {basePath:"/localtime"} service<http:Service> time bind listener { @http:ResourceConfig{ path: "/", methods: ["GET"] } getTime (endpoint caller, http:Request request) { _ = caller -> respond(response); ... ○ Add Kubernetes deployment and service annotation $build time_service.bal ○ Manual sidecar injection $istioctl kube-inject -f time_service.yaml -o time_service_istio.yaml ○ Deploy $kubectrl apply -f time_service_istio.yaml
  • 21. Ballerina without Service Mesh ○ Ballerina has inbuilt capabilities to facilitate: ○ Resilient inter-service communication ○ Observability: Metrics, tracing, logging ○ Security: TLS, OAuth, JWT ○ Multi-protocol support: HTTP1/2, gRPC, AMQP, Kafka ○ Service discovery
  • 22. Ballerina without Service Mesh - When? ○ You are not using a Service Mesh ○ Asynchronous event-driven messaging ○ Business logic depends on the network functions
  • 23. Summary ○ Service mesh reduces the complexity of inter-service communication and governance of those interactions. ○ Business logic shouldn’t be part of service mesh. ○ Istio overview. ○ Ballerina can work with or without service mesh.
  • 24. Q & A