SlideShare ist ein Scribd-Unternehmen logo

Multicluster Kubernetes: How a Service Mesh Can and Can’t Help

Als PPTX, PDF herunterladen
Aspen Mesh
Aspen Mesh

A look at different ways to achieve multicluster communication and when it makes sense to use a service mesh.

Technologie
1 von 45
Multiclusterk8s: How a Service MeshCan/Can’t Help Andrew Jenkins, CTO @notthatjenkins
Aspen Mesh Survey at KubeCon 2019 Europe Multiple Independent Prod Dev/Test/Stage Multiple x-comm Prod Multiple (85%) (10%) Other (5%) One
Service Mesh Service Mesh Control Plane App A Proxy App B Proxy Service A Service B ObservabilitySecurityTraffic Management k8s apiserver Cluster
Service Mesh Service Mesh Control Plane App A Proxy App B Proxy Service A Service B k8s apiserver Cluster A Service Mesh Control Plane App A Proxy App B Proxy Service A Service B k8s apiserver Cluster B
Service Mesh App A Proxy App B Proxy Service A Service B k8s apiserver Cluster A App A Proxy App B Proxy Service A Service B k8s apiserver Cluster B Service Mesh Control Plane
Service Mesh App A Proxy App B Proxy Service A Service B k8s apiserver Cluster A App A Proxy App B Proxy Service A Service B k8s apiserver Cluster B Service Mesh Control Plane
Service Mesh Service Mesh Control Plane App A Proxy App B Proxy Service A Service B k8s apiserver Cluster A Service Mesh Control Plane App A Proxy App B Proxy Service A Service B k8s apiserver Cluster B Higher Level
There are many reasons to want to run multiple clusters… * Blast-radius (a problem in one cluster doesn't kill the whole system) * Environment isolation (dev, test, prod) * Reliability (a zone or region outage does not bring down the app) * Latency (run the app as close to customers as possible) * Scale (the app is too big to fit in a single cluster) * Provider diversity (for regulatory, geographic, data gravity, or other reasons) * Jurisdiction (keep user data in-country) * Upgrade scope (upgrade infra for some parts of your app but not all of it) * Avoid the need for in-place cluster upgrades * Performance isolation (teams don't want to feel each other) * Security isolation (sensitive data or untrusted code) * Organizational isolation (teams have different management domains) * Cost isolation (teams get different bills) Tim Hockin, Re: Proposing Submariner as a sig-multicluster
What does the Internet have to teach us?
NarrowPurpose Diversity …what itruns on …what runs on it ...how big it is Any system with an IP addresscan send packetsto any other system with anIP address Internet IEEE 802.3 IEEE 802.5 IEEE 802.11 RFC1577 RFC2549
~100GB/wk 1983 ~100GB/day 1992 ~100GB/hour 1997 ~100GB/second2002 ~100GB/ 50ms 2007 ~100GB/ms 2019
Scalable Evolutionary
Example
B D C A
B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - Routing InformationProtocol(RIP) Bellman-Ford
B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - To Hops Via Cat 2 D
B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - To Hops Via Cat 2 D To Hops Via Cat 3 C
B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - To Hops Via Cat 2 D To Hops Via Cat 3 C AJ 2 A
B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - To Hops Via Cat 2 D To Hops Via Cat 3 2 C D AJ 2 A
B D C A To Hops Via AJ 1 - Cat 3 B To Hops Via Cat 1 - To Hops Via Cat 2 D To Hops Via Cat 3 2 C D AJ 2 A
Scalable Evolutionary
B D C A E FG H I
B D C A E FG H I AS4037 AS717 AS2310 Border GatewayProtocol(BGP)
B D C A E FG H I AS4037 AS717 AS2310 RIP RIP RIP OSPF
OK, what does this have to do with k8s?
There are many reasons to want to run multiple clusters… * Blast-radius (a problem in one cluster doesn't kill the whole system) * Environment isolation (dev, test, prod) * Reliability (a zone or region outage does not bring down the app) * Latency (run the app as close to customers as possible) * Scale (the app is too big to fit in a single cluster) * Provider diversity (for regulatory, geographic, data gravity, or other reasons) * Jurisdiction (keep user data in-country) * Upgrade scope (upgrade infra for some parts of your app but not all of it) * Avoid the need for in-place cluster upgrades * Performance isolation (teams don't want to feel each other) * Security isolation (sensitive data or untrusted code) * Organizational isolation (teams have different management domains) * Cost isolation (teams get different bills) Tim Hockin, Re: Proposing Submariner as a sig-multicluster
Scalable Evolutionary
Unified Management – Configurethem all inoneplace Unified Trust – Crypto trusttraceable back to onecommonroot Heterogenous Network – Clusters can have overlappingor non-routableinternal IPs Independent Fault Domain – If Cluster A blows up,Cluster B is still OK Inter-Cluster Mesh Traffic –Inter-cluster traffic is still Service Mesh traffic To Multicluster, or Not to Multicluster: Inter-cluster Communication Using a Service Mesh
UnifiedManagement UnifiedTrust Heterogenous Network Independent Fault Domain Inter-clusterMesh Traffic Independent ✓ ✓ Common Management ✓ ✓ ✓ Flat Network ✓ ✓ ✓ Split Horizon ✓ ✓ ✓ ✓ Cluster-AwareService Routing ✓ ✓ ✓ ✓ To Multicluster, or Not to Multicluster: Inter-cluster Communication Using a Service Mesh
Istio: Multicluster Deployments Split Horizon ✓ Unified Mgmt ✓ Unified Trust ✓ Hetero Network ✘Fault Domain ✓ X-Cluster Mesh
Istio: Multicluster Deployments Cluster-Aware Service Routing ✘ Unified Mgmt ✓ Unified Trust ✓ Hetero Network ✓ Fault Domain ✓ X-Cluster Mesh
Recap
Aspen Mesh Survey at KubeCon 2019 Europe Multiple Independent Prod Dev/Test/Stage Multiple x-comm Prod Multiple (85%) (10%) Other (5%) One
There are many reasons to want to run multiple clusters… * Blast-radius (a problem in one cluster doesn't kill the whole system) * Environment isolation (dev, test, prod) * Reliability (a zone or region outage does not bring down the app) * Latency (run the app as close to customers as possible) * Scale (the app is too big to fit in a single cluster) * Provider diversity (for regulatory, geographic, data gravity, or other reasons) * Jurisdiction (keep user data in-country) * Upgrade scope (upgrade infra for some parts of your app but not all of it) * Avoid the need for in-place cluster upgrades * Performance isolation (teams don't want to feel each other) * Security isolation (sensitive data or untrusted code) * Organizational isolation (teams have different management domains) * Cost isolation (teams get different bills) Tim Hockin, Re: Proposing Submariner as a sig-multicluster
Unified Management – Configurethem all inoneplace Unified Trust – Crypto trusttraceable back to onecommonroot Heterogenous Network – Clusters can have overlappingor non-routableinternal IPs Independent Fault Domain – If Cluster A blows up,Cluster B is still OK Inter-Cluster Mesh Traffic –Inter-cluster traffic is still Service Mesh traffic To Multicluster, or Not to Multicluster: Inter-cluster Communication Using a Service Mesh
Thank You
Speaker Name Title
Section Title Goes Here
Unique, live, never-to-be repeated entertainment & experiences created by the magical interactions of many.
Slide Title Goes Here Observability Security Insights
Config data toEnvoys TLS certs toEnvoys Monitors K8s fornew pods toinject Envoys Mixer Sidecar InjectorPilot IstioControlPlane Ingress Gateway Egress GatewayEnvoy Container Flask Python Container SERVICEA SERVICEA Envoy Container Flask Python Container SERVICEA SERVICEA Envoy Container Flask Python Container SERVICEA SERVICEA Policy, quota &telemetry Citadel Managing Microservices with Istio

Empfohlen

Debugging Your Debugging Tools: What to do When Your Service Mesh Goes Down
Debugging Your Debugging Tools: What to do When Your Service Mesh Goes DownDebugging Your Debugging Tools: What to do When Your Service Mesh Goes Down
Debugging Your Debugging Tools: What to do When Your Service Mesh Goes DownAspen Mesh
 
I'm a developer; should I care about a service mesh?
I'm a developer; should I care about a service mesh?I'm a developer; should I care about a service mesh?
I'm a developer; should I care about a service mesh?Aspen Mesh
 
The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service MeshAspen Mesh
 
Standardizing Microservice Management With a Service Mesh
Standardizing Microservice Management With a Service MeshStandardizing Microservice Management With a Service Mesh
Standardizing Microservice Management With a Service MeshAspen Mesh
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 

Empfohlen

Debugging Your Debugging Tools: What to do When Your Service Mesh Goes Down
Debugging Your Debugging Tools: What to do When Your Service Mesh Goes DownDebugging Your Debugging Tools: What to do When Your Service Mesh Goes Down
Debugging Your Debugging Tools: What to do When Your Service Mesh Goes DownAspen Mesh
 
I'm a developer; should I care about a service mesh?
I'm a developer; should I care about a service mesh?I'm a developer; should I care about a service mesh?
I'm a developer; should I care about a service mesh?Aspen Mesh
 
The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service MeshAspen Mesh
 
Standardizing Microservice Management With a Service Mesh
Standardizing Microservice Management With a Service MeshStandardizing Microservice Management With a Service Mesh
Standardizing Microservice Management With a Service MeshAspen Mesh
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 

Weitere ähnliche Inhalte

Kürzlich hochgeladen

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Kürzlich hochgeladen (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Empfohlen

AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 

Empfohlen (20)

AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 

Multicluster Kubernetes: How a Service Mesh Can and Can’t Help

  • 1. Multiclusterk8s: How a Service MeshCan/Can’t Help Andrew Jenkins, CTO @notthatjenkins
  • 2. Aspen Mesh Survey at KubeCon 2019 Europe Multiple Independent Prod Dev/Test/Stage Multiple x-comm Prod Multiple (85%) (10%) Other (5%) One
  • 3. Service Mesh Service Mesh Control Plane App A Proxy App B Proxy Service A Service B ObservabilitySecurityTraffic Management k8s apiserver Cluster
  • 4. Service Mesh Service Mesh Control Plane App A Proxy App B Proxy Service A Service B k8s apiserver Cluster A Service Mesh Control Plane App A Proxy App B Proxy Service A Service B k8s apiserver Cluster B
  • 5. Service Mesh App A Proxy App B Proxy Service A Service B k8s apiserver Cluster A App A Proxy App B Proxy Service A Service B k8s apiserver Cluster B Service Mesh Control Plane
  • 6. Service Mesh App A Proxy App B Proxy Service A Service B k8s apiserver Cluster A App A Proxy App B Proxy Service A Service B k8s apiserver Cluster B Service Mesh Control Plane
  • 7. Service Mesh Service Mesh Control Plane App A Proxy App B Proxy Service A Service B k8s apiserver Cluster A Service Mesh Control Plane App A Proxy App B Proxy Service A Service B k8s apiserver Cluster B Higher Level
  • 8. There are many reasons to want to run multiple clusters… * Blast-radius (a problem in one cluster doesn't kill the whole system) * Environment isolation (dev, test, prod) * Reliability (a zone or region outage does not bring down the app) * Latency (run the app as close to customers as possible) * Scale (the app is too big to fit in a single cluster) * Provider diversity (for regulatory, geographic, data gravity, or other reasons) * Jurisdiction (keep user data in-country) * Upgrade scope (upgrade infra for some parts of your app but not all of it) * Avoid the need for in-place cluster upgrades * Performance isolation (teams don't want to feel each other) * Security isolation (sensitive data or untrusted code) * Organizational isolation (teams have different management domains) * Cost isolation (teams get different bills) Tim Hockin, Re: Proposing Submariner as a sig-multicluster
  • 9. What does the Internet have to teach us?
  • 10. NarrowPurpose Diversity …what itruns on …what runs on it ...how big it is Any system with an IP addresscan send packetsto any other system with anIP address Internet IEEE 802.3 IEEE 802.5 IEEE 802.11 RFC1577 RFC2549
  • 11. ~100GB/wk 1983 ~100GB/day 1992 ~100GB/hour 1997 ~100GB/second2002 ~100GB/ 50ms 2007 ~100GB/ms 2019
  • 15. B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - Routing InformationProtocol(RIP) Bellman-Ford
  • 16. B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - To Hops Via Cat 2 D
  • 17. B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - To Hops Via Cat 2 D To Hops Via Cat 3 C
  • 18. B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - To Hops Via Cat 2 D To Hops Via Cat 3 C AJ 2 A
  • 19. B D C A To Hops Via AJ 1 - To Hops Via Cat 1 - To Hops Via Cat 2 D To Hops Via Cat 3 2 C D AJ 2 A
  • 20. B D C A To Hops Via AJ 1 - Cat 3 B To Hops Via Cat 1 - To Hops Via Cat 2 D To Hops Via Cat 3 2 C D AJ 2 A
  • 25. OK, what does this have to do with k8s?
  • 26. There are many reasons to want to run multiple clusters… * Blast-radius (a problem in one cluster doesn't kill the whole system) * Environment isolation (dev, test, prod) * Reliability (a zone or region outage does not bring down the app) * Latency (run the app as close to customers as possible) * Scale (the app is too big to fit in a single cluster) * Provider diversity (for regulatory, geographic, data gravity, or other reasons) * Jurisdiction (keep user data in-country) * Upgrade scope (upgrade infra for some parts of your app but not all of it) * Avoid the need for in-place cluster upgrades * Performance isolation (teams don't want to feel each other) * Security isolation (sensitive data or untrusted code) * Organizational isolation (teams have different management domains) * Cost isolation (teams get different bills) Tim Hockin, Re: Proposing Submariner as a sig-multicluster
  • 28. Unified Management – Configurethem all inoneplace Unified Trust – Crypto trusttraceable back to onecommonroot Heterogenous Network – Clusters can have overlappingor non-routableinternal IPs Independent Fault Domain – If Cluster A blows up,Cluster B is still OK Inter-Cluster Mesh Traffic –Inter-cluster traffic is still Service Mesh traffic To Multicluster, or Not to Multicluster: Inter-cluster Communication Using a Service Mesh
  • 29. UnifiedManagement UnifiedTrust Heterogenous Network Independent Fault Domain Inter-clusterMesh Traffic Independent ✓ ✓ Common Management ✓ ✓ ✓ Flat Network ✓ ✓ ✓ Split Horizon ✓ ✓ ✓ ✓ Cluster-AwareService Routing ✓ ✓ ✓ ✓ To Multicluster, or Not to Multicluster: Inter-cluster Communication Using a Service Mesh
  • 30. Istio: Multicluster Deployments Split Horizon ✓ Unified Mgmt ✓ Unified Trust ✓ Hetero Network ✘Fault Domain ✓ X-Cluster Mesh
  • 31. Istio: Multicluster Deployments Cluster-Aware Service Routing ✘ Unified Mgmt ✓ Unified Trust ✓ Hetero Network ✓ Fault Domain ✓ X-Cluster Mesh
  • 32. Recap
  • 33. Aspen Mesh Survey at KubeCon 2019 Europe Multiple Independent Prod Dev/Test/Stage Multiple x-comm Prod Multiple (85%) (10%) Other (5%) One
  • 34. There are many reasons to want to run multiple clusters… * Blast-radius (a problem in one cluster doesn't kill the whole system) * Environment isolation (dev, test, prod) * Reliability (a zone or region outage does not bring down the app) * Latency (run the app as close to customers as possible) * Scale (the app is too big to fit in a single cluster) * Provider diversity (for regulatory, geographic, data gravity, or other reasons) * Jurisdiction (keep user data in-country) * Upgrade scope (upgrade infra for some parts of your app but not all of it) * Avoid the need for in-place cluster upgrades * Performance isolation (teams don't want to feel each other) * Security isolation (sensitive data or untrusted code) * Organizational isolation (teams have different management domains) * Cost isolation (teams get different bills) Tim Hockin, Re: Proposing Submariner as a sig-multicluster
  • 35. Unified Management – Configurethem all inoneplace Unified Trust – Crypto trusttraceable back to onecommonroot Heterogenous Network – Clusters can have overlappingor non-routableinternal IPs Independent Fault Domain – If Cluster A blows up,Cluster B is still OK Inter-Cluster Mesh Traffic –Inter-cluster traffic is still Service Mesh traffic To Multicluster, or Not to Multicluster: Inter-cluster Communication Using a Service Mesh
  • 38.
  • 40.
  • 41.
  • 42.
  • 43. Unique, live, never-to-be repeated entertainment & experiences created by the magical interactions of many.
  • 45. Config data toEnvoys TLS certs toEnvoys Monitors K8s fornew pods toinject Envoys Mixer Sidecar InjectorPilot IstioControlPlane Ingress Gateway Egress GatewayEnvoy Container Flask Python Container SERVICEA SERVICEA Envoy Container Flask Python Container SERVICEA SERVICEA Envoy Container Flask Python Container SERVICEA SERVICEA Policy, quota &telemetry Citadel Managing Microservices with Istio