@redhat
BUILD AND DEPLOY CLOUD-NATIVE APPS WITH RED HAT OPENSHIFT
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
ANYINFRASTRUCTURE
OpenShift Container Platform(Enterprise Kubernetes)
Amazon Web Services Microsoft Azure Google CloudOpenStackDatacenterLaptop
ANYAPPLICATION
Service
CONTAINER
Service
CONTAINER
Service Discovery
Config Mgmt
Build Automation
Deploy Automation
Monitoring
Log Mgmt
Security
CI/CD Pipelines
@redhat
WHAT IS A SERVICEMESH ?
NETWORK
Circuit Breaker
Discovery
Tracing
Circuit Breaker
Discovery
Tracing
Service A Service B
Proxy Proxy
Machine A (Monolith)
Machine B
@redhat
SERVICE MESH ECOSYSTEM
Observe Observe
Secure
ControlConnect
Jaeger
Kiali Grafana
Prometheus
Istio
@redhat
DISTRIBUTED SERVICES WITHRED HAT OPENSHIFT SERVICE MESH
INFRA
INFRA OPS
SERVICE OPS
SERVICE
ANYINFRASTRUCTURE
OpenShift Container Platform(Enterprise Kubernetes)
Amazon Web Services Microsoft Azure Google CloudOpenStackDatacenterLaptop
OpenShift Service Mesh(Istio + Jaeger + Kiali)
ANYAPPLICATION
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
@redhat
MICROSERVICES ARCHITECTURE
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Application Server
HTML Javascript Web
ServiceServiceService
Service Service Service
Data Access
Runtime
Service
Runtime
Service
@redhat
MICROSERVICES ARCHITECTURE
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Runtime
Service
Application Server
HTML Javascript Web
ServiceServiceService
Service Service Service
Data Access
DISTRIBUTED
Runtime
Service
Runtime
Service
@redhat
DISTRIBUTED ARCHITECTURE
Service ServiceService
Service ServiceService
Service ServiceService
@redhat
HOW TO DEAL WITH THE COMPLEXITY?
Photo by Clint Adair on Unsplash
@redhat
CONFIGURATION
Spring CloudConfig Server
Service
Config
Service
Config
Service
Config
INFRASTRUCTURE
@redhat
SERVICE DISCOVERY
Service
Spring CloudConfig Server Netflix Eureka
Netflix Ribbon Config
Service
Config
Service
Config
Svc Discovery Svc Discovery Svc Discovery
INFRASTRUCTURE
@redhat
DYNAMIC ROUTING
Spring CloudConfig Server
Service
Netflix EurekaNetflix Ribbon Config
Service
Config
Service
Config
Svc Discovery Svc Discovery Svc Discovery
Routing Routing Routing
Netflix ZuulServer
INFRASTRUCTURE
@redhat
FAULT TOLERANCE
Spring CloudConfig Server
Service
Netflix EurekaNetflix Ribbon Config
Service
Config
Service
Config
Svc Discovery Svc Discovery Svc Discovery
Routing Routing Routing
Netflix ZuulServer
Circuit Breaker Circuit Breaker Circuit Breaker
INFRASTRUCTURE
@redhat
TRACING AND VISIBILITY
Spring CloudConfig Server
Service
Netflix EurekaNetflix Ribbon Config
Service
Config
Service
Config
Svc Discovery Svc Discovery Svc Discovery
Routing Routing Routing
Netflix ZuulServer
Circuit Breaker Circuit Breaker Circuit Breaker
Tracing Tracing TracingZipKin Server
INFRASTRUCTURE
@redhat
SERVICE MESHA dedicated infrastructure layer for service-to-service communications
Photo on Visual Hunt
@redhat
MICROSERVICES EVOLUTION
Service
Config
Svc Discovery
Routing
Circuit Breaker
Tracing
Service
Platform Container Platform (+ Service Mesh)
...2014 2018
@redhat
POD
SERVICECONTAINER
POD
SERVICECONTAINER
POD
SERVICECONTAINER
KUBERNETES
AUTOMATING CONTAINER DEPLOYMENT
INFRASTRUCTURE
@redhat
● Two or more containers deployed to same pod
● Share ○ Same
■ Namespace■ Pod IP
○ Shared lifecycle● Used to enhance the co-located containers● Istio Proxy (L7 Proxy)
○ Proxy all network traffic in and out of the app container
Source: http://blog.kubernetes.io/2015/06/the-distributed-system-toolkit-patterns.html
SIDECARS
POD
SERVICE A
Istio Proxy
@redhat
POD
ENVOY
SERVICE
POD
ENVOY
SERVICE
POD
ENVOY
SERVICE
Pilot Mixer Auth
SERVICE MESH ARCHITECTURE
Applies security, route rules, policies and reports traffic telemetry at the pod level
JaegerControl Plane
Data Plane
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
CIRCUIT BREAKERS WITH ISTIO
transparent to the services
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
CIRCUIT BREAKERS WITH ISTIO
improved response time with global circuit status
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
TIMEOUTS AND RETRIES WITH ISTIO
configure timeouts and retries, transparent to the services
timeout: 10 secretry: 5
timeout: 15 secretry: 5
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
RATE LIMITING WITH ISTIO
limit invocation rates, transparent to the services
max 500 concurrent reqs
max 100 connections
@redhat
SERVICEA
SERVICEB
SECURE COMMUNICATION WITHOUT ISTIO
SERVICECTLS TLS TLS TLS
coupled to the service code
@redhat
SECURE COMMUNICATION WITH ISTIO
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
mutual TLS authentication, transparent to the services
TLS TLS
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
CONTROL SERVICE ACCESS WITH ISTIO
control the service access flow, transparent to the services
@redhat
CHAOS ENGINEERING WITHOUT ISTIO
SERVICEA
SERVICEB
SERVICEC
Netflix Chaos Monkeys
Netflix Spinnaker
randomtermination
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
CHAOS ENGINEERING WITH ISTIO
inject delays, transparent to the services
10 sec delay in 10% of requests
@redhat
inject protocol-specific errors, transparent to the services
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
CHAOS ENGINEERING WITH ISTIO
HTTP 400in 5% of requests
@redhat
GatewayServiceSERVICE
A
SERVICEB:1
DYNAMIC ROUTING WITHOUT ISTIO
SERVICEB:2
Netflix ZuulServer
custom code to enable dynamic routing
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB:v2
ENVOY
CANARY DEPLOYMENT WITH ISTIO
POD
SERVICEB:v1
ENVOY
boston employee
everyone
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB:v2
ENVOY
DARK LAUNCHES WITH ISTIO
POD
SERVICEB:v1
ENVOY
100% traffic
mirror traffic
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB:v2
ENVOY
A/B DEPLOYMENT WITH ISTIO
POD
SERVICEB:v1
ENVOY
50% traffic
50% traffic
@redhat
SERVICEA
SERVICEB
SERVICEC
DISTRIBUTED TRACING WITHOUT ISTIO
Spring SleuthZipKin
Spring SleuthZipKin
Spring SleuthZipKin
code to enable dynamic tracing
@redhat
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
DISTRIBUTED TRACING WITH ISTIO & JAEGER
discovers service relationships and process times, transparent to the services
SERVICE A SERVICE B SERVICE C210 ms 720 ms
930 ms
@redhat
DISTRIBUTED SERVICES PLATFORM
ANYINFRASTRUCTURE
OpenShift Container Platform(Enterprise Kubernetes)
Amazon Web Services Microsoft Azure Google CloudOpenStackDatacenterLaptop
OpenShift Service Mesh(Istio + Jaeger + Kiali)
ANYAPPLICATION
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER