DevFestMN 2017 - Learning Docker and Kubernetes with Openshift
State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform...
Transcript of State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform...
![Page 1: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/1.jpg)
State of the Platform Services:Service Mesh and Beyond
Brian “redbeard” HarringtonWhat is your title Brian?Red Hat
Steven DakeOpen Source Leader: Cloud NativeInternational Business Machines
IBM Cloud / DOC ID / Month XX, 2019 / © 2019 IBM Corporation 1
![Page 2: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/2.jpg)
Why Istio?
2IBM Cloud / DOC ID / Month XX, 2019 / © 2019 IBM Corporation
![Page 3: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/3.jpg)
POD
ENVOY
SERVICE
POD
ENVOY
SERVICE
POD
ENVOY
SERVICE
Pilot Mixer Auth
SERVICE MESH ARCHITECTURE
JaegerControl Plane
Data PlaneApplies security, route rules, policies and reports traffic telemetry at the pod level
![Page 4: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/4.jpg)
4
ConnectServices
IBM Cloud / DOC ID / Month XX, 2019 / © 2019 IBM Corporation
&RQQHFW
![Page 5: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/5.jpg)
5
Connect, SecureServices
IBM Cloud / DOC ID / Month XX, 2019 / © 2019 IBM Corporation
&RQQHFW6HFXUH
![Page 6: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/6.jpg)
SECURE COMMUNICATION WITH ISTIO
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
mutual TLS authentication, transparent to the services
TLS TLS
![Page 7: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/7.jpg)
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
CONTROL SERVICE ACCESS WITH ISTIO
control the service access flow, transparent to the services
![Page 8: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/8.jpg)
8
Connect, Secure, ControlServices
IBM Cloud / DOC ID / Month XX, 2019 / © 2019 IBM Corporation
&RQQHFW6HFXUH
&RQWURO
![Page 9: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/9.jpg)
POD
SERVICEA
ENVOY
POD
SERVICEB:v2
ENVOY
CANARY DEPLOYMENT WITH ISTIO
POD
SERVICEB:v1
ENVOY
boston employee
everyone
![Page 10: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/10.jpg)
POD
SERVICEA
ENVOY
POD
SERVICEB:v2
ENVOY
A/B DEPLOYMENT WITH ISTIO
POD
SERVICEB:v1
ENVOY
50% traffic
50% traffic
![Page 11: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/11.jpg)
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
CIRCUIT BREAKERS WITH ISTIO
transparent to the services
![Page 12: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/12.jpg)
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
CIRCUIT BREAKERS WITH ISTIO
improved response time with global circuit status
![Page 13: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/13.jpg)
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
TIMEOUTS AND RETRIES WITH ISTIO
configure timeouts and retries, transparent to the services
timeout: 10 secretry: 5
timeout: 15 secretry: 5
![Page 14: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/14.jpg)
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
RATE LIMITING WITH ISTIO
limit invocation rates, transparent to the services
max 500 concurrent requests
max 100 connections
![Page 15: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/15.jpg)
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
CHAOS ENGINEERING WITH ISTIO
inject delays, transparent to the services
10 sec delay in 10% of requests
![Page 16: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/16.jpg)
inject protocol-specific errors, transparent to the services
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
CHAOS ENGINEERING WITH ISTIO
HTTP 400in 5% of requests
![Page 17: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/17.jpg)
17
Connect, Secure, Control and ObserveServices
IBM Cloud / DOC ID / Month XX, 2019 / © 2019 IBM Corporation
&RQQHFW
2EVHUYH
6HFXUH
&RQWURO
![Page 18: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/18.jpg)
POD
SERVICEA
ENVOY
POD
SERVICEB
ENVOY
POD
SERVICEC
ENVOY
DISTRIBUTED TRACING WITH ISTIO & JAEGER
discovers service relationships and process times, transparent to the services
SERVICE A SERVICE B SERVICE C210 ms 720 ms
930 ms
![Page 19: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/19.jpg)
![Page 20: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/20.jpg)
Why Red Hat Service Mesh?
20IBM Cloud / DOC ID / Month XX, 2019 / © 2019 IBM Corporation
![Page 21: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/21.jpg)
SERVICE MESH ECOSYSTEM
Observe Observe
Secure
ControlConnect
Jaeger
Kiali Grafana
Prometheus
Istio
![Page 22: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/22.jpg)
DISTRIBUTED SERVICES WITHRED HAT OPENSHIFT SERVICE MESH
INFRA
INFRA OPS
SERVICE OPS
SERVICE
ANYINFRASTRUCTURE
OpenShift Container Platform(Enterprise Kubernetes)
Amazon Web Services Microsoft Azure Google CloudOpenStackDatacenterLaptop
OpenShift Service Mesh(Istio + Jaeger + Kiali)
ANYAPPLICATION
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
Service
CONTAINER
![Page 23: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/23.jpg)
IstioMulticluster
23IBM Cloud / DOC ID / Month XX, 2019 / © 2019 IBM Corporation
![Page 24: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/24.jpg)
24
Multicluster Today: Calabi–Yau Manifold
IBM Cloud / DOC ID / Month XX, 2019 / © 2019 IBM Corporation
![Page 25: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/25.jpg)
a4:
Identities and Trusts
a2:
Clusters
a3:
Control Planes
a1:
Networks
25
Modeling Istio Multicluster
a = (a1, a2, a3, a4, a5, a6)
IBM Cloud / DOC ID / Month XX, 2019 / © 2019 IBM Corporation
a5:
Meshes
a6:
Tenancy
![Page 26: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/26.jpg)
a4:
Identities and Trusts
Permit a broad boundary on identities and trust.
a2:
Cluster
Multiple clusters per zones
a3:
Control Planes
Minimize Istiocontrol planes to regions if possible.
a1:
Networks
Minimize networks
26
Compactification
a = (a1, a2, a3, a4, a5, a6)
IBM Cloud / DOC ID / Month XX, 2019 / © 2019 IBM Corporation
a5:
Meshes
Multiple meshes are currently in design
a6:
Tenancy
Tenancy is aligned with a namespace. Any limits K8s enforces on namespaces will result in reasonable boundaries.
![Page 27: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/27.jpg)
MulticlusterDemonstration
27IBM Cloud / DOC ID / Month XX, 2019 / © 2019 IBM Corporation
![Page 28: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/28.jpg)
28
Single Cluster Hipster Shop Anatomy
IBM Cloud / DOC ID / Month XX, 2019 / © 2019 IBM Corporation
![Page 29: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/29.jpg)
29
Multiple Region (Three Clusters) Hipster Shop Anatomy
IBM Cloud / DOC ID / Month XX, 2019 / © 2019 IBM Corporation
,QWHUQHW
)URQWHQG
3URGXFW&DWDORJ6HUYLFH
&XUUHQF\6HUYLFH
&KHFNRXW6HUYLFH
$G6HUYLFH
&DUW6HUYLFH
5HGLV6HUYLFH5HFRPPHQGDWLRQ6HUYLFH
3D\PHQW6HUYLFH
6KLSSLQJ6HUYLFH
(PDLO6HUYLFH
1$
1$
(0($
1$
(0($
(0($
$3$&
$3$&
$3$&
$3$&
$3$&
![Page 30: State of the Platform Services Integrated · 2020-04-09 · OpenShift Container Platform (Enterprise Kubernetes) Laptop Datacenter OpenStack Amazon Web Services Microsoft Azure Google](https://reader034.fdocuments.us/reader034/viewer/2022042308/5ed4864e6549871b3b5424d7/html5/thumbnails/30.jpg)
30IBM Cloud / DOC ID / Month XX, 2019 / © 2019 IBM Corporation