SlideShare a Scribd company logo

The Future of Service Mesh

All Things Open
All Things Open

Presented at Spacewalk 2023 Presented by Christian Posta, solo.io Title: The Future of Service Mesh Abstract: Service mesh is a powerful way to solve cross-cutting application-networking concerns, such as load balancing, service resilience, observability, and security. Adopting a mesh for your services can save hundreds of hours of developer time and reduce the burden placed on operations. In this talk we'll explore some common use cases for service mesh, look at some case studies, and then dig into innovation happening in this space such as "sidecar-less" service mesh.

Technology
1 of 44
Download to read offline
The Future of Service Mesh
2 | Copyright © 2022 CHRISTIAN POSTA VP, Global Field CTO, Solo.io @christianposta christian@solo.io
3 | Copyright © 2022 Solo.io Modern Application Networking Cloud Native 1.0 Private Cloud | Public Cloud | Kubernetes | Containers Cloud Native 2.0 Modernize API Management Microservice Applications | DevSecOps | GitOps Service Mesh Zero-Trust | Observability Scale Microservices Multi-Clusters Serverless | GraphQL
4 | Copyright © 2022 Solo.io - The Next Step in Your Cloud Journey Well Funded ($135M), $1B Valuation Satisfied Customers (120% Renewals) Cloud-native Technology Leadership Cloud-native Education Leadership The Service Mesh and API Platform for Kubernetes | Zero-Trust | Microservices
5 | Copyright © 2022 Solo Gloo Platform - Enabling Cloud-Native 2.0 Cloud Native 1.0 Private Cloud | Public Cloud | Kubernetes | Containers Cloud Native 2.0 Modernize API Management Microservice Applications | DevSecOps | GitOps Service Mesh Zero-Trust | Observability Scale Microservices Multi-Clusters Serverless | GraphQL
6 | Copyright © 2022 Istio Leadership
7 | Copyright © 2022 Application Networking
8 | Copyright © 2022 What is application networking? Challenges ● Service discovery ● Load balancing ● Timeouts ● Retry / Budgets ● Circuit breaking ● Tracing, observability ● Secure transport ● Extension
9 | Copyright © 2022 What is application networking? ● Example: when svc A calls svc B, svc A should retry up to 3 times, with 0.5s timeouts and total up to 2.0s timeouts, but should not exceed retry budgets ● Example: when exposing svc A on the network, we should be able to quickly understand which services call it and restrict callers to only svc B and svc C ● Example: when svc A calls svc B and svc B is failing, try another locality/zone/cluster ● Example: svc A can call svc B 100 times per hour, but if a customer representing a “platinum” customer, then svc A can call svc B 1000 times per hour ● Example: when svc A calls svc B, and svc B exists in a different line of business, svc A’s request must be re-authenticated/verified before proceeding ● Example: any untrusted traffic coming into a set of applications must be authenticated and authorized at call time using potentially different types of auth before allowing to go upstream
10 | Copyright © 2022 What is application networking?
11 | Copyright © 2022 Application Networking
12 | Copyright © 2022
13 | Copyright © 2022 Additional Network Hops ● Typically expensive load balancers ● More single points of failure ● Difficult to trace/debug ● Additional expense (cloud load balancers, egress/ingress costs, etc) ● Not built for modern, dynamic, ephemeral architectures ● Typically overprovisioned, bloated operational deployments ● Does not fit into GitOps, self-serve model ● Lack of isolation mechanisms (noisy neighbor problems) ● Central team, use tickets to coordinate to make changes Problems with current approaches Outdated Technology Doesn’t Scale
14 | Copyright © 2022 Application Networking
15 | Copyright © 2022 Application Networking
16 | Copyright © 2022 Application Networking
17 | Copyright © 2022 Application Networking
18 | Copyright © 2022 Application Networking
19 | Copyright © 2022 Istio - Open Source Service Mesh 2017 Istio Launched Data Plane Enhancements 2019-20 7 New Community Releases 1000s Production Users ~ 1000 Community Contributors 2022 CNCF 2019-2022
20 | Copyright © 2022 Top Use Cases and Drivers for Service Mesh
21 | Copyright © 2020 Business Drivers for Adopting Istio Observability Resiliency Security
22 | Copyright © 2020 Network Security in Kubernetes Default State !!! Desired State “Zero Trust Security”
23 | Copyright © 2020 DIY … Whoops! 81% of companies experienced a certificate-related outage in the past two years 65% are concerned about the increased workload and risk of outages caused by shorter SSL/TLS certificate lifespans. Human error was a major contributing factor in 95% of breaches
24 | Copyright © 2020 Istio to the Rescue!
25 | Copyright © 2020 Observability - Insights That Drive Competitive Advantage Building a Uniform Approach ● Understand traffic patterns ● Determine service health ● Anticipate outages ● Detect dangerous activity ● Audit access
26 | Copyright © 2020 Istio - Metrics and Access Logging [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default metrics
27 | Copyright © 2020 Resiliency - There Will Be Failures Common Mitigations ● Waiting indefinitely is bad ● Trying again is good ● Degrade gracefully when services are overwhelmed
28 | Copyright © 2020 Timeouts - Don’t Wait Indefinitely
29 | Copyright © 2020 Retries - Trying Again Is Good 👍
30 | Copyright © 2020 Circuit Breaker - Degrade gracefully when services are overwhelmed
31 | Copyright © 2020 Drive everything through GitOps!
32 | Copyright © 2022 Can this be improved?
33 | Copyright © 2022 Istio Data Plane https://www.solo.io/blog/ebpf-for-service-mesh/
34 | Copyright © 2022 Istio Data Plane https://www.solo.io/blog/ebpf-for-service-mesh/
35 | Copyright © 2022 Istio Data Plane https://www.solo.io/blog/ebpf-for-service-mesh/
36 | Copyright © 2022 Introducing Istio Ambient Mesh A new, open source contribution to the Istio project, that defines a new sidecar-less data plane. Improve Performance Simplify Operations Cost Reduction https://istio.io/latest/blog/2022/introducing-ambient-mesh/
37 | Copyright © 2022 How does it work? ● Separate mesh capabilities into L4 and L7 ● Adopt only the capabilities you need ● Remove the data plane from the workload Pods ● Leverage more capabilities in the CNI ● Reduce attack surface of data plane
38 | Copyright © 2022 How does it work?
39 | Copyright © 2022 How does it work?
40 | Copyright © 2022 Benefits ● No more race conditions between workload containers and sidecar/init-container, etc ● Don’t need to inject Pods / alter deployment resources ● Upgrades/patching are out of band / transparent from the application ● Limited risk profile for opting into mesh features ● Reduced blast radius of application vulnerabilities ● Cost savings with reduced data plane components ● Maintain isolated tenancy, customization, configuration ● Maintain the foundations of zero-trust network security ● Improved performance
41 | Copyright © 2022 Demo (link) https://bit.ly/ambient-demo-video
42 | Copyright © 2022 VP, Global Field CTO @christianposta christian@solo.io Additional Resources ● https://www.solo.io/events/upcoming/ ● https://academy.solo.io ● https://lp.solo.io/white-paper-zero-trust ● https://lp.solo.io/istio-ambient-mesh-explained ● https://istio.io
43 | Copyright © 2022 Manage APIs Data Access API Gateway | Kubernetes Ingress Microservices, Security, Observability Kubernetes CNI, Network Policy Application Networking Federation | GraphQL Server
Thank You!

Recommended

Istio service mesh introduction
Istio service mesh introductionIstio service mesh introduction
Istio service mesh introduction
Kyohei Mizumoto
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with Istio
Michelle Holley
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust Visibility
Raphaël PINSON
 
KubeVirt (Kubernetes and Cloud Native Toronto)
KubeVirt (Kubernetes and Cloud Native Toronto)KubeVirt (Kubernetes and Cloud Native Toronto)
KubeVirt (Kubernetes and Cloud Native Toronto)
Stephen Gordon
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 
Introduction to Istio Service Mesh
Introduction to Istio Service MeshIntroduction to Istio Service Mesh
Introduction to Istio Service Mesh
Georgios Andrianakis
 
Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service Mesh
Natanael Fonseca
 
GitOps - Operation By Pull Request
GitOps - Operation By Pull RequestGitOps - Operation By Pull Request
GitOps - Operation By Pull Request
Kasper Nissen
 

Recommended

Istio service mesh introduction
Istio service mesh introductionIstio service mesh introduction
Istio service mesh introduction
Kyohei Mizumoto
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with Istio
Michelle Holley
 
Cloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust VisibilityCloud Native Bern 05.2023 — Zero Trust Visibility
Cloud Native Bern 05.2023 — Zero Trust Visibility
Raphaël PINSON
 
KubeVirt (Kubernetes and Cloud Native Toronto)
KubeVirt (Kubernetes and Cloud Native Toronto)KubeVirt (Kubernetes and Cloud Native Toronto)
KubeVirt (Kubernetes and Cloud Native Toronto)
Stephen Gordon
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 
Introduction to Istio Service Mesh
Introduction to Istio Service MeshIntroduction to Istio Service Mesh
Introduction to Istio Service Mesh
Georgios Andrianakis
 
Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service Mesh
Natanael Fonseca
 
GitOps - Operation By Pull Request
GitOps - Operation By Pull RequestGitOps - Operation By Pull Request
GitOps - Operation By Pull Request
Kasper Nissen
 
Container Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyondContainer Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyond
KubeAcademy
 
Istio a service mesh
Istio a service meshIstio a service mesh
Istio a service mesh
Chandresh Pancholi
 
Istio on Kubernetes
Istio on KubernetesIstio on Kubernetes
Istio on Kubernetes
Daneyon Hansen
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes Networking
Sreenivas Makam
 
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdfContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
Raphaël PINSON
 
Service mesh
Service meshService mesh
Service mesh
Arnab Mitra
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
Yong Feng
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
Winton Winton
 
Gitops: the kubernetes way
Gitops: the kubernetes wayGitops: the kubernetes way
Gitops: the kubernetes way
sparkfabrik
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
Docker, Inc.
 
Demystifying Service Mesh
Demystifying Service MeshDemystifying Service Mesh
Demystifying Service Mesh
Mitchell Pronschinske
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platform
Kangaroot
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Sunnyvale
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKS
Amazon Web Services
 
OpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdfOpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdf
JuanSalinas593459
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Thomas Graf
 
Meetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOpsMeetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOps
Vietnam Open Infrastructure User Group
 
CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes
Adnan Rashid
 
Cilium - Network security for microservices
Cilium - Network security for microservicesCilium - Network security for microservices
Cilium - Network security for microservices
Thomas Graf
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
Mirantis
 
Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service Mesh
Christian Posta
 
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannotapidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays
 

More Related Content

What's hot

Container Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyondContainer Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyond
KubeAcademy
 
Istio a service mesh
Istio a service meshIstio a service mesh
Istio a service mesh
Chandresh Pancholi
 
Istio on Kubernetes
Istio on KubernetesIstio on Kubernetes
Istio on Kubernetes
Daneyon Hansen
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes Networking
Sreenivas Makam
 
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdfContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
Raphaël PINSON
 
Service mesh
Service meshService mesh
Service mesh
Arnab Mitra
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
Yong Feng
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
Winton Winton
 
Gitops: the kubernetes way
Gitops: the kubernetes wayGitops: the kubernetes way
Gitops: the kubernetes way
sparkfabrik
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
Docker, Inc.
 
Demystifying Service Mesh
Demystifying Service MeshDemystifying Service Mesh
Demystifying Service Mesh
Mitchell Pronschinske
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platform
Kangaroot
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Sunnyvale
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKS
Amazon Web Services
 
OpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdfOpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdf
JuanSalinas593459
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Thomas Graf
 
Meetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOpsMeetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOps
Vietnam Open Infrastructure User Group
 
CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes
Adnan Rashid
 
Cilium - Network security for microservices
Cilium - Network security for microservicesCilium - Network security for microservices
Cilium - Network security for microservices
Thomas Graf
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
Mirantis
 

What's hot (20)

Container Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyondContainer Network Interface: Network Plugins for Kubernetes and beyond
Container Network Interface: Network Plugins for Kubernetes and beyond
 
Istio a service mesh
Istio a service meshIstio a service mesh
Istio a service mesh
 
Istio on Kubernetes
Istio on KubernetesIstio on Kubernetes
Istio on Kubernetes
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes Networking
 
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdfContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
 
Service mesh
Service meshService mesh
Service mesh
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
 
Gitops: the kubernetes way
Gitops: the kubernetes wayGitops: the kubernetes way
Gitops: the kubernetes way
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
 
Demystifying Service Mesh
Demystifying Service MeshDemystifying Service Mesh
Demystifying Service Mesh
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platform
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKS
 
OpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdfOpenShift-Technical-Overview.pdf
OpenShift-Technical-Overview.pdf
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
 
Meetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOpsMeetup 23 - 03 - Application Delivery on K8S with GitOps
Meetup 23 - 03 - Application Delivery on K8S with GitOps
 
CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes
 
Cilium - Network security for microservices
Cilium - Network security for microservicesCilium - Network security for microservices
Cilium - Network security for microservices
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 

Similar to The Future of Service Mesh

Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service Mesh
Christian Posta
 
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannotapidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays
 
Oracle Open World 2018 - Cloud Lift Accelerator Suite
Oracle Open World 2018 - Cloud Lift Accelerator SuiteOracle Open World 2018 - Cloud Lift Accelerator Suite
Oracle Open World 2018 - Cloud Lift Accelerator Suite
Ike Aniagoh
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
Ram Vennam
 
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.ioapidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays
 
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on AzureMigrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Mitchell Pronschinske
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
Christian Posta
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
Christian Posta
 
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdfCNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
LibbySchulze
 
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Hello Cloud
 
Patrick Kerpan's CSA EMEA Congress presentation "Overlay Networks: Connecting...
Patrick Kerpan's CSA EMEA Congress presentation "Overlay Networks: Connecting...Patrick Kerpan's CSA EMEA Congress presentation "Overlay Networks: Connecting...
Patrick Kerpan's CSA EMEA Congress presentation "Overlay Networks: Connecting...
Cohesive Networks
 
Api observability
Api observability Api observability
Api observability
Red Hat
 
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdfQuebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
prune1
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
NetworkCollaborators
 
StampedeCon 2015 Keynote
StampedeCon 2015 KeynoteStampedeCon 2015 Keynote
StampedeCon 2015 Keynote
Ken Owens
 
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
StampedeCon
 
Move Auth, Policy, and Resilience to the Platform
Move Auth, Policy, and Resilience to the PlatformMove Auth, Policy, and Resilience to the Platform
Move Auth, Policy, and Resilience to the Platform
Christian Posta
 
Rethinking the Database in the IoT Era
Rethinking the Database in the IoT EraRethinking the Database in the IoT Era
Rethinking the Database in the IoT Era
InfluxData
 
The rise of microservices
The rise of microservicesThe rise of microservices
The rise of microservices
Cloud Technology Experts
 

Similar to The Future of Service Mesh (20)

Cloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service MeshCloud-Native Application Debugging with Envoy and Service Mesh
Cloud-Native Application Debugging with Envoy and Service Mesh
 
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannotapidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
 
Oracle Open World 2018 - Cloud Lift Accelerator Suite
Oracle Open World 2018 - Cloud Lift Accelerator SuiteOracle Open World 2018 - Cloud Lift Accelerator Suite
Oracle Open World 2018 - Cloud Lift Accelerator Suite
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
 
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.ioapidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
 
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on AzureMigrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
 
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdfCNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
CNCF On-Demand Webinar_ LitmusChaos Project Updates.pdf
 
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
 
Patrick Kerpan's CSA EMEA Congress presentation "Overlay Networks: Connecting...
Patrick Kerpan's CSA EMEA Congress presentation "Overlay Networks: Connecting...Patrick Kerpan's CSA EMEA Congress presentation "Overlay Networks: Connecting...
Patrick Kerpan's CSA EMEA Congress presentation "Overlay Networks: Connecting...
 
Api observability
Api observability Api observability
Api observability
 
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdfQuebec - 16 November 2022 - Canada CNCF Meetups.pdf
Quebec - 16 November 2022 - Canada CNCF Meetups.pdf
 
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
Cisco Connect 2018 Thailand - Enabling the next gen data center transformatio...
 
StampedeCon 2015 Keynote
StampedeCon 2015 KeynoteStampedeCon 2015 Keynote
StampedeCon 2015 Keynote
 
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
How Cisco Migrated from MapReduce Jobs to Spark Jobs - StampedeCon 2015
 
Move Auth, Policy, and Resilience to the Platform
Move Auth, Policy, and Resilience to the PlatformMove Auth, Policy, and Resilience to the Platform
Move Auth, Policy, and Resilience to the Platform
 
Rethinking the Database in the IoT Era
Rethinking the Database in the IoT EraRethinking the Database in the IoT Era
Rethinking the Database in the IoT Era
 
The rise of microservices
The rise of microservicesThe rise of microservices
The rise of microservices
 

More from All Things Open

Building Reliability - The Realities of Observability
Building Reliability - The Realities of ObservabilityBuilding Reliability - The Realities of Observability
Building Reliability - The Realities of Observability
All Things Open
 
Modern Database Best Practices
Modern Database Best PracticesModern Database Best Practices
Modern Database Best Practices
All Things Open
 
Open Source and Public Policy
Open Source and Public PolicyOpen Source and Public Policy
Open Source and Public Policy
All Things Open
 
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
All Things Open
 
The State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil NashThe State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil Nash
All Things Open
 
Total ReDoS: The dangers of regex in JavaScript
Total ReDoS: The dangers of regex in JavaScriptTotal ReDoS: The dangers of regex in JavaScript
Total ReDoS: The dangers of regex in JavaScript
All Things Open
 
What Does Real World Mass Adoption of Decentralized Tech Look Like?
What Does Real World Mass Adoption of Decentralized Tech Look Like?What Does Real World Mass Adoption of Decentralized Tech Look Like?
What Does Real World Mass Adoption of Decentralized Tech Look Like?
All Things Open
 
How to Write & Deploy a Smart Contract
How to Write & Deploy a Smart ContractHow to Write & Deploy a Smart Contract
How to Write & Deploy a Smart Contract
All Things Open
 
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
All Things Open
 
DEI Challenges and Success
DEI Challenges and SuccessDEI Challenges and Success
DEI Challenges and Success
All Things Open
 
Scaling Web Applications with Background
Scaling Web Applications with BackgroundScaling Web Applications with Background
Scaling Web Applications with Background
All Things Open
 
Supercharging tutorials with WebAssembly
Supercharging tutorials with WebAssemblySupercharging tutorials with WebAssembly
Supercharging tutorials with WebAssembly
All Things Open
 
Using SQL to Find Needles in Haystacks
Using SQL to Find Needles in HaystacksUsing SQL to Find Needles in Haystacks
Using SQL to Find Needles in Haystacks
All Things Open
 
Configuration Security as a Game of Pursuit Intercept
Configuration Security as a Game of Pursuit InterceptConfiguration Security as a Game of Pursuit Intercept
Configuration Security as a Game of Pursuit Intercept
All Things Open
 
Scaling an Open Source Sponsorship Program
Scaling an Open Source Sponsorship ProgramScaling an Open Source Sponsorship Program
Scaling an Open Source Sponsorship Program
All Things Open
 
Build Developer Experience Teams for Open Source
Build Developer Experience Teams for Open SourceBuild Developer Experience Teams for Open Source
Build Developer Experience Teams for Open Source
All Things Open
 
Deploying Models at Scale with Apache Beam
Deploying Models at Scale with Apache BeamDeploying Models at Scale with Apache Beam
Deploying Models at Scale with Apache Beam
All Things Open
 
Sudo – Giving access while staying in control
Sudo – Giving access while staying in controlSudo – Giving access while staying in control
Sudo – Giving access while staying in control
All Things Open
 
Fortifying the Future: Tackling Security Challenges in AI/ML Applications
Fortifying the Future: Tackling Security Challenges in AI/ML ApplicationsFortifying the Future: Tackling Security Challenges in AI/ML Applications
Fortifying the Future: Tackling Security Challenges in AI/ML Applications
All Things Open
 
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
All Things Open
 

More from All Things Open (20)

Building Reliability - The Realities of Observability
Building Reliability - The Realities of ObservabilityBuilding Reliability - The Realities of Observability
Building Reliability - The Realities of Observability
 
Modern Database Best Practices
Modern Database Best PracticesModern Database Best Practices
Modern Database Best Practices
 
Open Source and Public Policy
Open Source and Public PolicyOpen Source and Public Policy
Open Source and Public Policy
 
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...
 
The State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil NashThe State of Passwordless Auth on the Web - Phil Nash
The State of Passwordless Auth on the Web - Phil Nash
 
Total ReDoS: The dangers of regex in JavaScript
Total ReDoS: The dangers of regex in JavaScriptTotal ReDoS: The dangers of regex in JavaScript
Total ReDoS: The dangers of regex in JavaScript
 
What Does Real World Mass Adoption of Decentralized Tech Look Like?
What Does Real World Mass Adoption of Decentralized Tech Look Like?What Does Real World Mass Adoption of Decentralized Tech Look Like?
What Does Real World Mass Adoption of Decentralized Tech Look Like?
 
How to Write & Deploy a Smart Contract
How to Write & Deploy a Smart ContractHow to Write & Deploy a Smart Contract
How to Write & Deploy a Smart Contract
 
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
 
DEI Challenges and Success
DEI Challenges and SuccessDEI Challenges and Success
DEI Challenges and Success
 
Scaling Web Applications with Background
Scaling Web Applications with BackgroundScaling Web Applications with Background
Scaling Web Applications with Background
 
Supercharging tutorials with WebAssembly
Supercharging tutorials with WebAssemblySupercharging tutorials with WebAssembly
Supercharging tutorials with WebAssembly
 
Using SQL to Find Needles in Haystacks
Using SQL to Find Needles in HaystacksUsing SQL to Find Needles in Haystacks
Using SQL to Find Needles in Haystacks
 
Configuration Security as a Game of Pursuit Intercept
Configuration Security as a Game of Pursuit InterceptConfiguration Security as a Game of Pursuit Intercept
Configuration Security as a Game of Pursuit Intercept
 
Scaling an Open Source Sponsorship Program
Scaling an Open Source Sponsorship ProgramScaling an Open Source Sponsorship Program
Scaling an Open Source Sponsorship Program
 
Build Developer Experience Teams for Open Source
Build Developer Experience Teams for Open SourceBuild Developer Experience Teams for Open Source
Build Developer Experience Teams for Open Source
 
Deploying Models at Scale with Apache Beam
Deploying Models at Scale with Apache BeamDeploying Models at Scale with Apache Beam
Deploying Models at Scale with Apache Beam
 
Sudo – Giving access while staying in control
Sudo – Giving access while staying in controlSudo – Giving access while staying in control
Sudo – Giving access while staying in control
 
Fortifying the Future: Tackling Security Challenges in AI/ML Applications
Fortifying the Future: Tackling Security Challenges in AI/ML ApplicationsFortifying the Future: Tackling Security Challenges in AI/ML Applications
Fortifying the Future: Tackling Security Challenges in AI/ML Applications
 
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...
 

Recently uploaded

Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024
BookNet Canada
 
GDG Cloud Southlake #34: Neatsun Ziv: Automating Appsec
GDG Cloud Southlake #34: Neatsun Ziv: Automating AppsecGDG Cloud Southlake #34: Neatsun Ziv: Automating Appsec
GDG Cloud Southlake #34: Neatsun Ziv: Automating Appsec
James Anderson
 
Leveraging AI for Software Developer Productivity.pptx
Leveraging AI for Software Developer Productivity.pptxLeveraging AI for Software Developer Productivity.pptx
Leveraging AI for Software Developer Productivity.pptx
petabridge
 
“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...
“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...
“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...
Edge AI and Vision Alliance
 
MYIR Product Brochure - A Global Provider of Embedded SOMs & Solutions
MYIR Product Brochure - A Global Provider of Embedded SOMs & SolutionsMYIR Product Brochure - A Global Provider of Embedded SOMs & Solutions
MYIR Product Brochure - A Global Provider of Embedded SOMs & Solutions
Linda Zhang
 
New ThousandEyes Product Features and Release Highlights: June 2024
New ThousandEyes Product Features and Release Highlights: June 2024New ThousandEyes Product Features and Release Highlights: June 2024
New ThousandEyes Product Features and Release Highlights: June 2024
ThousandEyes
 
Quality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of TimeQuality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of Time
Aurora Consulting
 
Kubernetes Cloud Native Indonesia Meetup - June 2024
Kubernetes Cloud Native Indonesia Meetup - June 2024Kubernetes Cloud Native Indonesia Meetup - June 2024
Kubernetes Cloud Native Indonesia Meetup - June 2024
Prasta Maha
 
Chapter 2 - Testing Throughout SDLC V4.0
Chapter 2 - Testing Throughout SDLC V4.0Chapter 2 - Testing Throughout SDLC V4.0
Chapter 2 - Testing Throughout SDLC V4.0
Neeraj Kumar Singh
 
Artificial Intelligence and Its Different Domains.pptx
Artificial Intelligence and Its Different Domains.pptxArtificial Intelligence and Its Different Domains.pptx
Artificial Intelligence and Its Different Domains.pptx
officialnavya2010
 
Supercomputing from the Desktop Workstation
Supercomputing from the Desktop WorkstationSupercomputing from the Desktop Workstation
Supercomputing from the Desktop Workstation
Larry Smarr
 
Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...
BookNet Canada
 
Lessons Of Binary Analysis - Christien Rioux
Lessons Of Binary Analysis - Christien RiouxLessons Of Binary Analysis - Christien Rioux
Lessons Of Binary Analysis - Christien Rioux
crioux1
 
Summer24-ReleaseOverviewDeck - Stephen Stanley 27 June 2024.pdf
Summer24-ReleaseOverviewDeck - Stephen Stanley 27 June 2024.pdfSummer24-ReleaseOverviewDeck - Stephen Stanley 27 June 2024.pdf
Summer24-ReleaseOverviewDeck - Stephen Stanley 27 June 2024.pdf
Anna Loughnan Colquhoun
 
HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)
Alpen-Adria-Universität
 
How to Improve Your Ability to Solve Complex Performance Problems
How to Improve Your Ability to Solve Complex Performance ProblemsHow to Improve Your Ability to Solve Complex Performance Problems
How to Improve Your Ability to Solve Complex Performance Problems
ScyllaDB
 
Chapter 3 - Static Testing (Review) V4.0
Chapter 3 - Static Testing (Review) V4.0Chapter 3 - Static Testing (Review) V4.0
Chapter 3 - Static Testing (Review) V4.0
Neeraj Kumar Singh
 
Blockchain and Cyber Defense Strategies in new genre times
Blockchain and Cyber Defense Strategies in new genre timesBlockchain and Cyber Defense Strategies in new genre times
Blockchain and Cyber Defense Strategies in new genre times
anupriti
 
Data Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber SecurityData Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber Security
anupriti
 
APJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes WebinarAPJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes Webinar
ThousandEyes
 

Recently uploaded (20)

Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024
 
GDG Cloud Southlake #34: Neatsun Ziv: Automating Appsec
GDG Cloud Southlake #34: Neatsun Ziv: Automating AppsecGDG Cloud Southlake #34: Neatsun Ziv: Automating Appsec
GDG Cloud Southlake #34: Neatsun Ziv: Automating Appsec
 
Leveraging AI for Software Developer Productivity.pptx
Leveraging AI for Software Developer Productivity.pptxLeveraging AI for Software Developer Productivity.pptx
Leveraging AI for Software Developer Productivity.pptx
 
“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...
“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...
“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...
 
MYIR Product Brochure - A Global Provider of Embedded SOMs & Solutions
MYIR Product Brochure - A Global Provider of Embedded SOMs & SolutionsMYIR Product Brochure - A Global Provider of Embedded SOMs & Solutions
MYIR Product Brochure - A Global Provider of Embedded SOMs & Solutions
 
New ThousandEyes Product Features and Release Highlights: June 2024
New ThousandEyes Product Features and Release Highlights: June 2024New ThousandEyes Product Features and Release Highlights: June 2024
New ThousandEyes Product Features and Release Highlights: June 2024
 
Quality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of TimeQuality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of Time
 
Kubernetes Cloud Native Indonesia Meetup - June 2024
Kubernetes Cloud Native Indonesia Meetup - June 2024Kubernetes Cloud Native Indonesia Meetup - June 2024
Kubernetes Cloud Native Indonesia Meetup - June 2024
 
Chapter 2 - Testing Throughout SDLC V4.0
Chapter 2 - Testing Throughout SDLC V4.0Chapter 2 - Testing Throughout SDLC V4.0
Chapter 2 - Testing Throughout SDLC V4.0
 
Artificial Intelligence and Its Different Domains.pptx
Artificial Intelligence and Its Different Domains.pptxArtificial Intelligence and Its Different Domains.pptx
Artificial Intelligence and Its Different Domains.pptx
 
Supercomputing from the Desktop Workstation
Supercomputing from the Desktop WorkstationSupercomputing from the Desktop Workstation
Supercomputing from the Desktop Workstation
 
Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...
 
Lessons Of Binary Analysis - Christien Rioux
Lessons Of Binary Analysis - Christien RiouxLessons Of Binary Analysis - Christien Rioux
Lessons Of Binary Analysis - Christien Rioux
 
Summer24-ReleaseOverviewDeck - Stephen Stanley 27 June 2024.pdf
Summer24-ReleaseOverviewDeck - Stephen Stanley 27 June 2024.pdfSummer24-ReleaseOverviewDeck - Stephen Stanley 27 June 2024.pdf
Summer24-ReleaseOverviewDeck - Stephen Stanley 27 June 2024.pdf
 
HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)
 
How to Improve Your Ability to Solve Complex Performance Problems
How to Improve Your Ability to Solve Complex Performance ProblemsHow to Improve Your Ability to Solve Complex Performance Problems
How to Improve Your Ability to Solve Complex Performance Problems
 
Chapter 3 - Static Testing (Review) V4.0
Chapter 3 - Static Testing (Review) V4.0Chapter 3 - Static Testing (Review) V4.0
Chapter 3 - Static Testing (Review) V4.0
 
Blockchain and Cyber Defense Strategies in new genre times
Blockchain and Cyber Defense Strategies in new genre timesBlockchain and Cyber Defense Strategies in new genre times
Blockchain and Cyber Defense Strategies in new genre times
 
Data Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber SecurityData Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber Security
 
APJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes WebinarAPJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes Webinar
 

The Future of Service Mesh

  • 1. The Future of Service Mesh
  • 2. 2 | Copyright © 2022 CHRISTIAN POSTA VP, Global Field CTO, Solo.io @christianposta christian@solo.io
  • 3. 3 | Copyright © 2022 Solo.io Modern Application Networking Cloud Native 1.0 Private Cloud | Public Cloud | Kubernetes | Containers Cloud Native 2.0 Modernize API Management Microservice Applications | DevSecOps | GitOps Service Mesh Zero-Trust | Observability Scale Microservices Multi-Clusters Serverless | GraphQL
  • 4. 4 | Copyright © 2022 Solo.io - The Next Step in Your Cloud Journey Well Funded ($135M), $1B Valuation Satisfied Customers (120% Renewals) Cloud-native Technology Leadership Cloud-native Education Leadership The Service Mesh and API Platform for Kubernetes | Zero-Trust | Microservices
  • 5. 5 | Copyright © 2022 Solo Gloo Platform - Enabling Cloud-Native 2.0 Cloud Native 1.0 Private Cloud | Public Cloud | Kubernetes | Containers Cloud Native 2.0 Modernize API Management Microservice Applications | DevSecOps | GitOps Service Mesh Zero-Trust | Observability Scale Microservices Multi-Clusters Serverless | GraphQL
  • 6. 6 | Copyright © 2022 Istio Leadership
  • 7. 7 | Copyright © 2022 Application Networking
  • 8. 8 | Copyright © 2022 What is application networking? Challenges ● Service discovery ● Load balancing ● Timeouts ● Retry / Budgets ● Circuit breaking ● Tracing, observability ● Secure transport ● Extension
  • 9. 9 | Copyright © 2022 What is application networking? ● Example: when svc A calls svc B, svc A should retry up to 3 times, with 0.5s timeouts and total up to 2.0s timeouts, but should not exceed retry budgets ● Example: when exposing svc A on the network, we should be able to quickly understand which services call it and restrict callers to only svc B and svc C ● Example: when svc A calls svc B and svc B is failing, try another locality/zone/cluster ● Example: svc A can call svc B 100 times per hour, but if a customer representing a “platinum” customer, then svc A can call svc B 1000 times per hour ● Example: when svc A calls svc B, and svc B exists in a different line of business, svc A’s request must be re-authenticated/verified before proceeding ● Example: any untrusted traffic coming into a set of applications must be authenticated and authorized at call time using potentially different types of auth before allowing to go upstream
  • 10. 10 | Copyright © 2022 What is application networking?
  • 11. 11 | Copyright © 2022 Application Networking
  • 12. 12 | Copyright © 2022
  • 13. 13 | Copyright © 2022 Additional Network Hops ● Typically expensive load balancers ● More single points of failure ● Difficult to trace/debug ● Additional expense (cloud load balancers, egress/ingress costs, etc) ● Not built for modern, dynamic, ephemeral architectures ● Typically overprovisioned, bloated operational deployments ● Does not fit into GitOps, self-serve model ● Lack of isolation mechanisms (noisy neighbor problems) ● Central team, use tickets to coordinate to make changes Problems with current approaches Outdated Technology Doesn’t Scale
  • 14. 14 | Copyright © 2022 Application Networking
  • 15. 15 | Copyright © 2022 Application Networking
  • 16. 16 | Copyright © 2022 Application Networking
  • 17. 17 | Copyright © 2022 Application Networking
  • 18. 18 | Copyright © 2022 Application Networking
  • 19. 19 | Copyright © 2022 Istio - Open Source Service Mesh 2017 Istio Launched Data Plane Enhancements 2019-20 7 New Community Releases 1000s Production Users ~ 1000 Community Contributors 2022 CNCF 2019-2022
  • 20. 20 | Copyright © 2022 Top Use Cases and Drivers for Service Mesh
  • 21. 21 | Copyright © 2020 Business Drivers for Adopting Istio Observability Resiliency Security
  • 22. 22 | Copyright © 2020 Network Security in Kubernetes Default State !!! Desired State “Zero Trust Security”
  • 23. 23 | Copyright © 2020 DIY … Whoops! 81% of companies experienced a certificate-related outage in the past two years 65% are concerned about the increased workload and risk of outages caused by shorter SSL/TLS certificate lifespans. Human error was a major contributing factor in 95% of breaches
  • 24. 24 | Copyright © 2020 Istio to the Rescue!
  • 25. 25 | Copyright © 2020 Observability - Insights That Drive Competitive Advantage Building a Uniform Approach ● Understand traffic patterns ● Determine service health ● Anticipate outages ● Detect dangerous activity ● Audit access
  • 26. 26 | Copyright © 2020 Istio - Metrics and Access Logging [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default metrics
  • 27. 27 | Copyright © 2020 Resiliency - There Will Be Failures Common Mitigations ● Waiting indefinitely is bad ● Trying again is good ● Degrade gracefully when services are overwhelmed
  • 28. 28 | Copyright © 2020 Timeouts - Don’t Wait Indefinitely
  • 29. 29 | Copyright © 2020 Retries - Trying Again Is Good 👍
  • 30. 30 | Copyright © 2020 Circuit Breaker - Degrade gracefully when services are overwhelmed
  • 31. 31 | Copyright © 2020 Drive everything through GitOps!
  • 32. 32 | Copyright © 2022 Can this be improved?
  • 33. 33 | Copyright © 2022 Istio Data Plane https://www.solo.io/blog/ebpf-for-service-mesh/
  • 34. 34 | Copyright © 2022 Istio Data Plane https://www.solo.io/blog/ebpf-for-service-mesh/
  • 35. 35 | Copyright © 2022 Istio Data Plane https://www.solo.io/blog/ebpf-for-service-mesh/
  • 36. 36 | Copyright © 2022 Introducing Istio Ambient Mesh A new, open source contribution to the Istio project, that defines a new sidecar-less data plane. Improve Performance Simplify Operations Cost Reduction https://istio.io/latest/blog/2022/introducing-ambient-mesh/
  • 37. 37 | Copyright © 2022 How does it work? ● Separate mesh capabilities into L4 and L7 ● Adopt only the capabilities you need ● Remove the data plane from the workload Pods ● Leverage more capabilities in the CNI ● Reduce attack surface of data plane
  • 38. 38 | Copyright © 2022 How does it work?
  • 39. 39 | Copyright © 2022 How does it work?
  • 40. 40 | Copyright © 2022 Benefits ● No more race conditions between workload containers and sidecar/init-container, etc ● Don’t need to inject Pods / alter deployment resources ● Upgrades/patching are out of band / transparent from the application ● Limited risk profile for opting into mesh features ● Reduced blast radius of application vulnerabilities ● Cost savings with reduced data plane components ● Maintain isolated tenancy, customization, configuration ● Maintain the foundations of zero-trust network security ● Improved performance
  • 41. 41 | Copyright © 2022 Demo (link) https://bit.ly/ambient-demo-video
  • 42. 42 | Copyright © 2022 VP, Global Field CTO @christianposta christian@solo.io Additional Resources ● https://www.solo.io/events/upcoming/ ● https://academy.solo.io ● https://lp.solo.io/white-paper-zero-trust ● https://lp.solo.io/istio-ambient-mesh-explained ● https://istio.io
  • 43. 43 | Copyright © 2022 Manage APIs Data Access API Gateway | Kubernetes Ingress Microservices, Security, Observability Kubernetes CNI, Network Policy Application Networking Federation | GraphQL Server