Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

VMware Tanzu Service Mesh from the Developer’s Perspective

341 Aufrufe

Veröffentlicht am

SpringOne 2020
VMware Tanzu Service Mesh from the Developer’s Perspective

Deepa Kalani, Staff Engineer 2 at VMware
Ramiro Salas, Staff Technologist II, R&D at VMware

Veröffentlicht in: Software
  • Als Erste(r) kommentieren

VMware Tanzu Service Mesh from the Developer’s Perspective

  1. 1. ©2020 VMware, Inc. VMware Tanzu Service Mesh From the Developer Standpoint Ramiro Salas | Staff Technologist II, R&D Deepa Kalani | Product Manager September 2020
  2. 2. ©2019 VMware, Inc. 2 We’ll discuss: ØA quick refresher on Service Mesh (the tech) ØTSM (the product) ØHow can developers use the new Global Namespace construct ØHow can you use TSM as a component of a larger platform ØA full demo
  3. 3. ©2019 VMware, Inc. 3 This presentation may contain products and product features or functionality that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new features/functionality/technology discussed or presented, have not been determined. Disclaimer
  4. 4. 4©2019 VMware, Inc. Let’s cover some basics first… Recommend to watch: Cloud Native Service Mesh Using Spring Cloud and Pivotal Cloud Foundry Technologies: A Case Study by Srini Penchikala, GM https://springone.io/2020/sessions/cloud-native-service-mesh-using-spring-cloud-and-pivotal-cloud- foundry-technologies-a-case-study Weaving Through the Mesh: Making Sense of Istio and Overlapping Technologies by Cora Iberkleid and Maria Gabriella Brodi https://springone.io/2020/sessions/weaving-through-the-mesh-making-sense-of-istio-and-overlapping- technologies
  5. 5. ©2019 VMware, Inc. 5 A Service Mesh is an Application Connectivity Pattern Image source: https://blog.sucuri.net/2014/01/website-mesh-networks-distributing-malware.html/meshnetwork
  6. 6. ©2019 VMware, Inc. 6 A Service Mesh Decouples the service from having to know about the network
  7. 7. ©2019 VMware, Inc. 7 A Service Mesh Adds software awareness to an otherwise agnostic stack
  8. 8. ©2019 VMware, Inc. 8 A Service Mesh can provide • mTLS, including cert rotations • Service Discovery • Advanced telemetry for in-depth observability • Fault injection and Retries • Weighted routing (for A/B deployments) • Circuit breakers
  9. 9. ©2019 VMware, Inc. 9 K8s Pod K8s Pod Libraries or Sidecars Client Libraries & App Frameworks Service Meshes & Sidecars App Container Observability Connectivity Control Sidecar App Container Discovery Security Observability Connectivity Control Discovery Security Focus on your business logic!
  10. 10. ©2019 VMware, Inc. 10 What “developers”? • Today, corporate developers, working on: • Cloud Native applications • Refactoring monoliths into microservices • Working across clouds and abstractions
  11. 11. ©2019 VMware, Inc. 11 Different concerns kubectl apply • Require complete control of the environment: • All interactions, protocols and ports • Declare policies • DevOps
  12. 12. ©2019 VMware, Inc. 12 Different concerns cf push • Maximum focus on business logic: • Tanzu Application Service (Cloud Foundry) or other forms of PaaS • Abstract further via frameworks (i.e. Spring)
  13. 13. ©2019 VMware, Inc. 13 Different concerns Cloud/Knative/FaaS • Hybrid model. • Awareness and some control of the environment: • Cloud-specific services • FaaS • Language-agnostic frameworks (i.e. Knative)
  14. 14. 14©2019 VMware, Inc. A Service Mesh must be able to support all these corporate developer use cases
  15. 15. 15©2019 VMware, Inc. OK, so what’s special about Tanzu Service Mesh?
  16. 16. ©2019 VMware, Inc. 16 VMsPublic CloudsKubernetes ServerlessSaaS Discovery SecurityVisibility Control Service Mesh Vision VMware’s Enterprise-Class Users Services Data
  17. 17. ©2019 VMware, Inc. 17 App silos—running in multiple platforms and clouds Many endpoints to monitor, scale, and make resilient Inconsistent operational and remediation policies Disjointed security, auditing, and compliance Consistently connect, control, monitor, and remediate across clouds and abstractions Eliminate Fragmentation Public CloudsKubernetes VMs / Monoliths
  18. 18. ©2019 VMware, Inc. 18 App silos—running in multiple platforms and clouds Many endpoints to monitor, scale, and make resilient Inconsistent operational and remediation policies Disjointed security, auditing, and compliance Multi-platform and multi-cloud federation Centralized visibility and remediation Global policies for users, services and data Centralized security, audit, and compliance No changes to application code Public Clouds VMs / Monoliths ServerlessSaaSKubernetes Consistently connect, control, monitor, and remediate across clouds and abstractions Eliminate Fragmentation
  19. 19. ©2019 VMware, Inc. 19 Multi-Cluster, Multi-Platform Google KE Visibility Control Security Third-Party Components Discovery PodPodPod Tanzu Service Mesh Local Controller Tanzu Service Mesh Data Plane Tanzu Service Mesh Local Controller Tanzu Service Mesh Data Plane Tanzu Service Mesh Local Controller Tanzu Service Mesh Data Plane Tanzu Service Mesh Global Controller How is TSM implemented?
  20. 20. 20©2019 VMware, Inc. New, more powerful abstractions
  21. 21. ©2019 VMware, Inc. 21 Global Namespace 2 Global Namespace 1 Decoupling Applications from Infrastructure Global Namespaces: Cross-Cloud & Strong Isolation prod.app1.acme.com staging.app1.acme.com API GW Identity Policies Traffic Routing Discovery
  22. 22. ©2019 VMware, Inc. 22 GNS 2 Global Namespace: Multi-Cluster support You can have any number of global namespaces GNS 2 prod.app1.acme.com GNS 1 staging.app1.acme.com API GW Identity Policies Traffic Routing Discovery / DNS Logical View Inventory View GNS 1 Ingress GW Egress GW Ingress GW Egress GW Egress GW Ingress GW Cluster 1 Cluster 2 Cluster 3
  23. 23. ©2019 VMware, Inc. 23 DC 1 - US-West Mobile App Web App Identity Policies Traffic Routing Discovery / DNS Global Namespace: Application Continuity GNS 1 prod.app1.acme.com Tanzu Service Mesh DC 2 - US-East Tanzu Service Mesh Active-Active w/ Failover Global Services Load Balancer IGW EGW IGW EGW
  24. 24. ©2019 VMware, Inc. 24 GNS 1 staging.app1.acme.com Mobile App Web App Identity Policies Traffic Routing Discovery / DNS API GW Mesh Expansion to VMs: Envoy as a VM or Per Hypervisor Tanzu Service Mesh Global Controller Pod Tanzu Service Mesh Local Controller Tanzu Service Mesh Data Plane API GW Pod Tanzu Service Mesh Local Controller vSphere Hypervisor OR Envoy Per Hypervisor Envoy as a Separate VM
  25. 25. ©2019 VMware, Inc. 25 GNS 1 staging.app1.acme.com Mobile App Web App Identity Policies Traffic Routing Discovery / DNS API GW Mesh Expansion to VMs with NSX-ALB (Avi Networks) Tanzu Service Mesh Global ControllerService Catalog Sync Pod Tanzu Service Mesh Local Controller Tanzu Service Mesh Data Plane API GW NSX-ALB Controller vSphere Hypervisor Service Engine Per Hypervisor OR Service Engine as a Separate VM
  26. 26. ©2019 VMware, Inc. 26 GNS 1 production.app.foobar.com Mobile App Web App Identity Policies Traffic Routing Discovery / DNS API GW Federation: Extended Service Mesh using Project Hamlet Pod Tanzu Service Mesh Local Controller Pod Third-Party Service Mesh Control Plane Ingress GW Egress GWIngress GW Egress GW Federation Agent Federation Agent mTLS mTLS foo bar Kubernetes Service Catalog Sync Interoperate with third-party containers, VMs, client libraries Tanzu Service Mesh Global Controller mTLS mTLS
  27. 27. │ ©2019 VMware, Inc. 27 Users Services Data Service Mesh Community Project Federation and Interoperability Interoperability via Federation APIs Identity, Service Discovery, mTLS Control and data plane neutral Service Mesh Tanzu Service Mesh Open Source Community Collaborations and Contributions
  28. 28. │ ©2019 VMware, Inc. 28 Continuous Security Model for Cloud-Native Applications Policy Framework Asset Contexts: Users, Data, Services Runtime Environment Application Lifecycle Extensible Data Integration Framework Continuous Risk Assessment End-Users DataServices/APIs Enforcement Identity Engine: Rich set of Attributes Flexible Resource Grouping Model E2E Policy Actions Understand Broad Set of Assets Actions Based on Risk Define Groups Based on Attributes and Behavior Policy Engine Kubernetes on-prem VMsKubernetes cloud User
  29. 29. ©2019 VMware, Inc. 29 Layering Abstractions • “kubectl deploy” • Automatic sidecar injection • “cf push” • A full Cloud Foundry “foundation” running on a GNS • mTLS for all CF components • Single app and routing tier
  30. 30. 30©2019 VMware, Inc. Demo
  31. 31. ©2019 VMware, Inc. 31 Starting with Tanzu Mission Control (TMC) Tight integration with the Tanzu portfolio Spring Tanzu Application Service Tanzu Build Service (beta) Tanzu Application Catalog VCF VMC Tanzu Kubernetes Grid VMwarePivotalLabsServices Other Frameworks (.NET, etc.) BUILD RUN MANAGE | 04/06/20 TanzuMissionControl TanzuObservability byWavefront TanzuServiceMesh Tanzu Data Services Public Cloud Edge
  32. 32. ©2019 VMware, Inc. 32 Alternatives What if you don’t use TSM? • Use another service mesh • Weave multi-cluster/multi-region constructs by hand if needed • Keep careful control of CAs and mTLS across boundaries. • Use individual service meshes per cluster • Build custom business logic on top of your CI/CD. • Build your own mesh using Envoy or similar tools. • Do not use a service mesh at all, and focus only on higher-level abstractions, such as CF or Knative.
  33. 33. ©2019 VMware, Inc. 33 Key Takeaways • Higher level abstractions give developers tools to focus on what matters to them. • TSM builds on the service mesh pattern to create new and useful constructs. • A good platform is invisible, but it provides you the support you need.
  34. 34. ©2019 VMware, Inc. 34 Resources • TSM information: https://tanzu.vmware.com/service-mesh • Project Hamlet: https://github.com/vmware/hamlet • Want to try TSM? Contact us your VMware SE
  35. 35. 35©2019 VMware, Inc. Thank You!

×