SlideShare ist ein Scribd-Unternehmen logo

Meetup talk about the Red Hat OpenShift Service Mesh

ConSol Consulting & Solutions Software GmbH
ConSol Consulting & Solutions Software GmbH

Introduction of the Red Hat OpenShift Service Mesh. What are service meshes? What is the difference between the Red Hat OpenShift Service Mesh and Istio?

Software
1 von 43
Downloaden Sie, um offline zu lesen
Red Hat Service Mesh Olaf Meyer Senior Consultant 26.05.2020
Red Hat Service Mesh Page 2 of 43 Who am I and what do I do for living? I’m a consultant at ConSol. I support & advise customers how to use OpenShift and Kubernetes and how to run applications on these platforms. My interest is how to accelerate the development cycles for cloud native applications. E-Mail: olaf.meyer@consol.de Twitter: @ola_mey
Red Hat Service Mesh Page 3 of 43 Agenda • When or why to use service meshes? • What is Istio? • What are the differences between RedHat Service Mesh and Istio? • Demo • Summary
Red Hat Service Mesh Page 4 of 43 Typical application architecture (Official) Web-Frontend B2B Mobile-App Mobile-Gateway B2C Mobile-App Partner Web-page Rest-Gateway ESB CRM ERP GIS Logistics
Red Hat Service Mesh Page 5 of 43 Typical application architecture (Reality) Web-Frontend B2B Mobile-App Mobile-Gateway B2C Mobile-App Partner Web-page Rest-Gateway ESB CRM ERP GIS Logistics Management Reporting (U-Boot)
Red Hat Service Mesh Page 6 of 43 What does Ops and Security want from your apps? Resilience & Fault Tolerance Visibility & Reporting Policy Enforcement Identity & Security Routing & Traffic Control
Red Hat Service Mesh Page 7 of 43 How does this affect your application? Business Logic Service Discovery Circuit Breaker Monitoring Load Balancing Traffic Control Tracing Application Service Registry Monitoring API Management Traffic Control Tracing Smart Routing Netflix OSS Config Server Security Policy Infrastructure Resilience & Fault Tolerance Visibility & Reporting Policy Enforcement Identity & Security Routing & Traffic Control
Red Hat Service Mesh Page 8 of 43 Overview for two applications Business Logic Service Discovery Circuit Breaker Monitoring Load Balancing Traffic Control Tracing Application Service Registry Monitoring API Management Traffic Control Tracing Smart Routing Netflix OSS Config Server Security Policy Infrastructure Business Logic Service Discovery Circuit Breaker Monitoring Load Balancing Traffic Control Tracing Application Used frameworks are only available for a defined set of frameworks and or programming languages How does this work for off-the-shelf-apps? Good luck if you need to integrate your ERP
Red Hat Service Mesh Page 9 of 43 Reminder of your application architecture Web-Frontend B2B Mobile-App Mobile-Gateway B2C Mobile-App Partner Web-page Rest-Gateway ESB CRM ERP GIS Logistics Management Reporting (U-Boot)
Red Hat Service Mesh Page 10 of 43 How does a service mesh work? Business Logic Application Service Mesh Control Plan Proxy Business Logic Application Proxy Service Mesh Data Plan Popular service meshes are: ● Istio → Red Hat Service Mesh ● Linkerd ● Consul Connect ● ... ConfigConfig TelemetryTelemetry No code changes in application required!!!
Red Hat Service Mesh Page 11 of 43 Introduction to Istio Istio → Greek for "sail" Definition from Istio homepage: Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection.
Red Hat Service Mesh Page 12 of 43 High-level architecture of Istio Source: https://istio.io/docs/concepts/security/
Red Hat Service Mesh Page 13 of 43 High-level architecture of Istio (Data plane) Source: https://istio.io/docs/concepts/security/
Red Hat Service Mesh Page 14 of 43 High-level architecture of Istio (Control plane) Source: https://istio.io/docs/concepts/security/
Red Hat Service Mesh Page 15 of 43 High-level architecture of Istio (Ingress) Source: https://istio.io/docs/concepts/security/
Red Hat Service Mesh Page 16 of 43 High-level architecture of Istio (Engress) Source: https://istio.io/docs/concepts/security/
Red Hat Service Mesh Page 17 of 43 High-level architecture of Istio (Pods) Source: https://istio.io/docs/concepts/security/
Red Hat Service Mesh Page 18 of 43 High-level architecture of Istio (Pilot) Source: https://istio.io/docs/concepts/security/
Red Hat Service Mesh Page 19 of 43 High-level architecture of Istio (Citadel) Source: https://istio.io/docs/concepts/security/
Red Hat Service Mesh Page 20 of 43 High-level architecture of Istio (Mixer) Source: https://istio.io/docs/concepts/security/
Red Hat Service Mesh Page 21 of 43 Applications in Istio/Red Hat Service Mesh ecosystem Observe Observe Secure ControlConnect Jaeger Kiali Grafana Prometheus Istio
Red Hat Service Mesh Page 22 of 43 Functionality of Istio Resilience & Fault Tolerance Visibility & Reporting Policy Enforcement Identity & Security Routing & Traffic Control
Red Hat Service Mesh Page 23 of 43 Functionality of Istio Resilience & Fault Tolerance Visibility & Reporting Policy Enforcement Identity & Security Routing & Traffic Control • Collecting Metrics from proxies and application container • Data flows is visualized in Kiali • Use Grafana and Prometheus for reporting
Red Hat Service Mesh Page 24 of 43 Functionality of Istio Resilience & Fault Tolerance Visibility & Reporting Policy Enforcement Identity & Security Routing & Traffic Control • Retries • Circuit breaker /Request pool • Outlier detection (Endpoint pool Ejection) • Timeouts • Fault injection
Red Hat Service Mesh Page 25 of 43 Functionality of Istio Resilience & Fault Tolerance Visibility & Reporting Policy Enforcement Identity & Security Routing & Traffic Control • Different load balancing (Round robin, least request, random, ….) • Traffic shifting/distribution between services • Routing based on HTTP header • Mirroring
Red Hat Service Mesh Page 26 of 43 Functionality of Istio Resilience & Fault Tolerance Visibility & Reporting Policy Enforcement Identity & Security Routing & Traffic Control • Authorization with JWT • Authentication with mTLS • mTLS (Client-Server certificates) • White- and Black-Listing • RBAC • ...
Red Hat Service Mesh Page 27 of 43 Functionality of Istio Resilience & Fault Tolerance Visibility & Reporting Policy Enforcement Identity & Security Routing & Traffic Control • Policy enforcement Istio global or per namespace • Quota • RBAC
Red Hat Service Mesh Page 28 of 43 Red Hat Service Mesh <> Istio?
Red Hat Service Mesh Page 29 of 43 Red Hat Service Mesh <> Istio? Requirements: 1.OpenShift 4.2 Cluster 2.Works best with SDN Plugin Network Policies Hint: If SDN plugin multi-tenant is used, all accessed projects must be joined to the control plane project.
Red Hat Service Mesh Page 30 of 43 Red Hat Service Mesh <> Istio? Service Mesh installation can be done in two ways: 1.Control plane is responsible for the whole cluster (Kubernetes default behavior) 2.Control plane is installed in a define project and is only responsible for a defined set of projects. → Multiple control planes can run on the same OpenShift cluster
Red Hat Service Mesh Page 31 of 43 Red Hat Service Mesh <> Istio? Istio init container no longer needs elevated privileges In plain Istio the Init Container needs elevated privileges, because it modifies the network settings. The RH Service Mesh replaces the Init container with a CNI Plugin to eliminate need for elevated privileges for Service Accounts and for SCC.
Red Hat Service Mesh Page 32 of 43 Red Hat Service Mesh <> Istio? Istio sidecar injection In order to inject (Istio) sidecars into pods add the annotation „sidecar.istio.io/inject: "true"“ to the definition. An automatic injection via a namespace annotation is not supported. A manual inject via istioctl is still possible.
Red Hat Service Mesh Page 33 of 43 Red Hat Service Mesh <> Istio? Kiali and Jaeger are installed by default The Red Hat Service Mesh installs by default Kiali and Jaeger. This means that you have out of the box a graphical interface to visualize an Istio service mesh and to trace requests and responses. Furthermore a supported and working version of Kiali and Jaeger are installed. No manual steps are required.
Red Hat Service Mesh Page 34 of 43 Red Hat Service Mesh <> Istio? Automatically created OpenShift routes for Istio Gateway resources The entry point for requests in Istio is a defined via a Gateway resource. The RH Service mesh creates for Gateway resources a route that points to the desired Istio Gateway pod, so that request can received from the Istio Gateway pod via an OpenShift route and can be handle by Istio.
Red Hat Service Mesh Page 35 of 43 Red Hat Service Mesh <> Istio? Use OpenSSL instead of BoringSSL There are some discussions around that BoringSSL is/was not FIPS (Federal Information Processing Standard) compliance. Because of this Red Hat Service Mesh will use OpenSSL instead of BoringSSL.
Red Hat Service Mesh Page 36 of 43 Red Hat Service Mesh <> Istio? Updates of Istio are handled by an Istio Operator The operator takes care of update of the Istio control plane(s). With a redeploy Istio data plane(s) updates to the latest version. Only in exceptions manually steps are required i.e. for version 1.1 add an attribute „version: 1.1“ to resource „ServiceMeshControlPlane“
Red Hat Service Mesh Page 37 of 43 Red Hat Service Mesh <> Istio? Component Name Red Hat Service Mesh (Maistra 1.1.0) Plain Istio Istio 1.4.6 1.5 Kiali 1.12.7 1.17.0/1.18.0 Jaeger 1.17.1 1.17.1
Red Hat Service Mesh Page 38 of 43 Architecture of the example application Customer Istio- Ingress- Gateway Preference Recommendation V1 Recommendation V2 Recommendation V3
Red Hat Service Mesh Page 39 of 43 Demo
Red Hat Service Mesh Page 40 of 43 Hmm, so can I …. • Can‘t I just use Network Policies and be fine? → No missing mTLS and Routing etc. are missing in NetworkPolicies • How about using just an API Gateway like 3Scale? → Gateway allows incoming (North & South) traffic to controlled and secured, but not East to West traffic • Or maybe both? → Still not covering east to west traffic :-(
Red Hat Service Mesh Page 41 of 43 Summary • Summary for Red Hat Service Mesh – No need for higher privileges and control plane runs on dedicated projects. – Enables multiple control planes on the same cluster – Updates are handled by Istio operator – No additional subscription needed – Changes in configuration no changes in application code. • There is no such thing as a free lunch: With great power (of Istio) comes great responsibility increased complexity of the configuration! Source: Spiderman (The movie 2002)
Thank you!
Olaf Meyer E-Mail: olaf.meyer@consol.de Twitter: @ola_mey ConSol Consulting & Solutions Software GmbH St.-Cajetan-Str. 43 D-81669 München Tel.: +49-89-45841-100 info@consol.de www.consol.de Twitter: @consol_de

Empfohlen

The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service MeshAspen Mesh
 
Introduction to Istio Service Mesh
Introduction to Istio Service MeshIntroduction to Istio Service Mesh
Introduction to Istio Service MeshGeorgios Andrianakis
 
Service mesh
Service meshService mesh
Service meshArnab Mitra
 
Istio service mesh introduction
Istio service mesh introductionIstio service mesh introduction
Istio service mesh introductionKyohei Mizumoto
 
CNCF Meetup - OpenShift Overview
CNCF Meetup - OpenShift OverviewCNCF Meetup - OpenShift Overview
CNCF Meetup - OpenShift OverviewSumit Shatwara
 
Istio : Service Mesh
Istio : Service MeshIstio : Service Mesh
Istio : Service MeshKnoldus Inc.
 
Istio a service mesh
Istio a service meshIstio a service mesh
Istio a service meshChandresh Pancholi
 
OpenShift Meetup - Tokyo - Service Mesh and Serverless Overview
OpenShift Meetup - Tokyo - Service Mesh and Serverless OverviewOpenShift Meetup - Tokyo - Service Mesh and Serverless Overview
OpenShift Meetup - Tokyo - Service Mesh and Serverless OverviewMaría Angélica Bracho
 

Weitere ähnliche Inhalte

Was ist angesagt?

Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service MeshNatanael Fonseca
 
Becoming a hyperledger aries developer learn things.online
Becoming a hyperledger aries developer learn things.onlineBecoming a hyperledger aries developer learn things.online
Becoming a hyperledger aries developer learn things.onlinedjaber3
 
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdfContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdfRaphaël PINSON
 
Introduction to Red Hat OpenShift 4
Introduction to Red Hat OpenShift 4Introduction to Red Hat OpenShift 4
Introduction to Red Hat OpenShift 4HngNguyn748044
 
How to manage technology obsolescence with LeanIX Enterprise Architecture Man...
How to manage technology obsolescence with LeanIX Enterprise Architecture Man...How to manage technology obsolescence with LeanIX Enterprise Architecture Man...
How to manage technology obsolescence with LeanIX Enterprise Architecture Man...LeanIX GmbH
 
Replacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with CiliumReplacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with CiliumMichal Rostecki
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep diveWinton Winton
 
OpenShift Overview
OpenShift OverviewOpenShift Overview
OpenShift Overviewroundman
 
Devops - Microservice and Kubernetes
Devops - Microservice and KubernetesDevops - Microservice and Kubernetes
Devops - Microservice and KubernetesNodeXperts
 
Containers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatContainers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatAmazon Web Services
 
IBM MQ Clustering (2017 version)
IBM MQ Clustering (2017 version)IBM MQ Clustering (2017 version)
IBM MQ Clustering (2017 version)MarkTaylorIBM
 
Openshift Container Platform
Openshift Container PlatformOpenshift Container Platform
Openshift Container PlatformDLT Solutions
 
Kubernetes a comprehensive overview
Kubernetes a comprehensive overviewKubernetes a comprehensive overview
Kubernetes a comprehensive overviewGabriel Carro
 
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLANIndonesia Network Operators Group
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
 
Kubernetes and service mesh application
Kubernetes and service mesh applicationKubernetes and service mesh application
Kubernetes and service mesh applicationThao Huynh Quang
 
A Story of Cultural Change: PayPal's 2 Year Journey to 150,000 Containers wit...
A Story of Cultural Change: PayPal's 2 Year Journey to 150,000 Containers wit...A Story of Cultural Change: PayPal's 2 Year Journey to 150,000 Containers wit...
A Story of Cultural Change: PayPal's 2 Year Journey to 150,000 Containers wit...Docker, Inc.
 

Was ist angesagt? (20)

Microservices With Istio Service Mesh
Microservices With Istio Service MeshMicroservices With Istio Service Mesh
Microservices With Istio Service Mesh
 
Becoming a hyperledger aries developer learn things.online
Becoming a hyperledger aries developer learn things.onlineBecoming a hyperledger aries developer learn things.online
Becoming a hyperledger aries developer learn things.online
 
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdfContainerDays Hamburg 2023 — Cilium Workshop.pdf
ContainerDays Hamburg 2023 — Cilium Workshop.pdf
 
Introduction to Red Hat OpenShift 4
Introduction to Red Hat OpenShift 4Introduction to Red Hat OpenShift 4
Introduction to Red Hat OpenShift 4
 
How to manage technology obsolescence with LeanIX Enterprise Architecture Man...
How to manage technology obsolescence with LeanIX Enterprise Architecture Man...How to manage technology obsolescence with LeanIX Enterprise Architecture Man...
How to manage technology obsolescence with LeanIX Enterprise Architecture Man...
 
Replacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with CiliumReplacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with Cilium
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
 
OpenShift Overview
OpenShift OverviewOpenShift Overview
OpenShift Overview
 
Karpenter
KarpenterKarpenter
Karpenter
 
Devops - Microservice and Kubernetes
Devops - Microservice and KubernetesDevops - Microservice and Kubernetes
Devops - Microservice and Kubernetes
 
Containers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red HatContainers Anywhere with OpenShift by Red Hat
Containers Anywhere with OpenShift by Red Hat
 
IBM MQ Clustering (2017 version)
IBM MQ Clustering (2017 version)IBM MQ Clustering (2017 version)
IBM MQ Clustering (2017 version)
 
Openshift Container Platform
Openshift Container PlatformOpenshift Container Platform
Openshift Container Platform
 
Kubernetes a comprehensive overview
Kubernetes a comprehensive overviewKubernetes a comprehensive overview
Kubernetes a comprehensive overview
 
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
 
Checklist for setting up a subsidiary in the usa
Checklist for setting up a subsidiary in the usaChecklist for setting up a subsidiary in the usa
Checklist for setting up a subsidiary in the usa
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPN
 
Kubernetes and service mesh application
Kubernetes and service mesh applicationKubernetes and service mesh application
Kubernetes and service mesh application
 
A Story of Cultural Change: PayPal's 2 Year Journey to 150,000 Containers wit...
A Story of Cultural Change: PayPal's 2 Year Journey to 150,000 Containers wit...A Story of Cultural Change: PayPal's 2 Year Journey to 150,000 Containers wit...
A Story of Cultural Change: PayPal's 2 Year Journey to 150,000 Containers wit...
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 

Ähnlich wie Meetup talk about the Red Hat OpenShift Service Mesh

Rightsizing with Cloud Services
Rightsizing with Cloud ServicesRightsizing with Cloud Services
Rightsizing with Cloud ServicesJim Kaskade
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Ram Vennam
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service MeshRafik HARABI
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...WSO2
 
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...Weaveworks
 
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...apidays
 
Red hat forum istio & kiali - introduction and overview
Red hat forum istio & kiali - introduction and overviewRed hat forum istio & kiali - introduction and overview
Red hat forum istio & kiali - introduction and overviewLiran Cohen
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...NetworkCollaborators
 
Unmeshing the service mesh
Unmeshing the service meshUnmeshing the service mesh
Unmeshing the service meshCodeValue
 
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Hello Cloud
 
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18CodeOps Technologies LLP
 
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWAREFIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWAREFIWARE
 
The Future of Service Mesh
The Future of Service MeshThe Future of Service Mesh
The Future of Service MeshAll Things Open
 
FIWARE Tech Summit - FIWARE Overview and Description of GEs
FIWARE Tech Summit - FIWARE Overview and Description of GEsFIWARE Tech Summit - FIWARE Overview and Description of GEs
FIWARE Tech Summit - FIWARE Overview and Description of GEsFIWARE
 
Istio: Using nginMesh as the service proxy
Istio: Using nginMesh as the service proxyIstio: Using nginMesh as the service proxy
Istio: Using nginMesh as the service proxyLee Calcote
 
FIWARE Global Summit - FIWARE Today and Tomorrow
FIWARE Global Summit - FIWARE Today and TomorrowFIWARE Global Summit - FIWARE Today and Tomorrow
FIWARE Global Summit - FIWARE Today and TomorrowFIWARE
 
How to Make Istio Work with Your App
How to Make Istio Work with Your AppHow to Make Istio Work with Your App
How to Make Istio Work with Your AppKarenBruner
 
How to Make Istio Work with Your App
How to Make Istio Work with Your AppHow to Make Istio Work with Your App
How to Make Istio Work with Your AppStackRox
 

Ähnlich wie Meetup talk about the Red Hat OpenShift Service Mesh (20)

Meetup talk Red Hat OpenShift service mesh
Meetup talk Red Hat OpenShift service meshMeetup talk Red Hat OpenShift service mesh
Meetup talk Red Hat OpenShift service mesh
 
Rightsizing with Cloud Services
Rightsizing with Cloud ServicesRightsizing with Cloud Services
Rightsizing with Cloud Services
 
Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019Istio Triangle Kubernetes Meetup Aug 2019
Istio Triangle Kubernetes Meetup Aug 2019
 
Managing microservices with Istio Service Mesh
Managing microservices with Istio Service MeshManaging microservices with Istio Service Mesh
Managing microservices with Istio Service Mesh
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API ...
 
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
 
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
 
Red hat forum istio & kiali - introduction and overview
Red hat forum istio & kiali - introduction and overviewRed hat forum istio & kiali - introduction and overview
Red hat forum istio & kiali - introduction and overview
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
 
Unmeshing the service mesh
Unmeshing the service meshUnmeshing the service mesh
Unmeshing the service mesh
 
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Service Mesh @Lara Camp Myanmar - 02 Sep,2023
Service Mesh @Lara Camp Myanmar - 02 Sep,2023
 
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
 
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWAREFIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
FIWARE Global Summit - Building Production Grade IoT Platform Leveraging FIWARE
 
The Future of Service Mesh
The Future of Service MeshThe Future of Service Mesh
The Future of Service Mesh
 
FIWARE Tech Summit - FIWARE Overview and Description of GEs
FIWARE Tech Summit - FIWARE Overview and Description of GEsFIWARE Tech Summit - FIWARE Overview and Description of GEs
FIWARE Tech Summit - FIWARE Overview and Description of GEs
 
Istio: Using nginMesh as the service proxy
Istio: Using nginMesh as the service proxyIstio: Using nginMesh as the service proxy
Istio: Using nginMesh as the service proxy
 
FIWARE Global Summit - FIWARE Today and Tomorrow
FIWARE Global Summit - FIWARE Today and TomorrowFIWARE Global Summit - FIWARE Today and Tomorrow
FIWARE Global Summit - FIWARE Today and Tomorrow
 
How to Make Istio Work with Your App
How to Make Istio Work with Your AppHow to Make Istio Work with Your App
How to Make Istio Work with Your App
 
How to Make Istio Work with Your App
How to Make Istio Work with Your AppHow to Make Istio Work with Your App
How to Make Istio Work with Your App
 

Mehr von ConSol Consulting & Solutions Software GmbH

Mehr von ConSol Consulting & Solutions Software GmbH (7)

Operator development made easy with helm
Operator development made easy with helmOperator development made easy with helm
Operator development made easy with helm
 
OpenShift Meetup - Red Hat OpenShift Container Storage explained
OpenShift Meetup - Red Hat OpenShift Container Storage explainedOpenShift Meetup - Red Hat OpenShift Container Storage explained
OpenShift Meetup - Red Hat OpenShift Container Storage explained
 
OpenShift Meetup - Summit 2021 (Part 1)
OpenShift Meetup - Summit 2021 (Part 1)OpenShift Meetup - Summit 2021 (Part 1)
OpenShift Meetup - Summit 2021 (Part 1)
 
Remote debugging of Application in Kubernetes
Remote debugging of Application in KubernetesRemote debugging of Application in Kubernetes
Remote debugging of Application in Kubernetes
 
GitLab on OpenShift
GitLab on OpenShiftGitLab on OpenShift
GitLab on OpenShift
 
Monitoring Cockpit for OpenShift Clusters
Monitoring Cockpit for OpenShift ClustersMonitoring Cockpit for OpenShift Clusters
Monitoring Cockpit for OpenShift Clusters
 
K8s debugging talk
K8s debugging talkK8s debugging talk
K8s debugging talk
 

Kürzlich hochgeladen

Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfmaor17
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?Alexandre Beguel
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfRTS corp
 
Effort Estimation Techniques used in Software Projects
Effort Estimation Techniques used in Software ProjectsEffort Estimation Techniques used in Software Projects
Effort Estimation Techniques used in Software ProjectsDEEPRAJ PATHAK
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsJean Silva
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shardsChristopher Curtin
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingShane Coughlan
 
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...Bert Jan Schrijver
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slidesvaideheekore1
 
Effectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorEffectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorTier1 app
 
Mastering Project Planning with Microsoft Project 2016.pptx
Mastering Project Planning with Microsoft Project 2016.pptxMastering Project Planning with Microsoft Project 2016.pptx
Mastering Project Planning with Microsoft Project 2016.pptxAS Design & AST.
 
Understanding Plagiarism: Causes, Consequences and Prevention.pptx
Understanding Plagiarism: Causes, Consequences and Prevention.pptxUnderstanding Plagiarism: Causes, Consequences and Prevention.pptx
Understanding Plagiarism: Causes, Consequences and Prevention.pptxSasikiranMarri
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptxVinzoCenzo
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdfAndrey Devyatkin
 
The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...
The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...
The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...kalichargn70th171
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesVictoriaMetrics
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldRoberto Pérez Alcolea
 
[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf
[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf
[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdfSteve Caron
 

Kürzlich hochgeladen (20)

Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdf
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
 
Effort Estimation Techniques used in Software Projects
Effort Estimation Techniques used in Software ProjectsEffort Estimation Techniques used in Software Projects
Effort Estimation Techniques used in Software Projects
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero results
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slides
 
Effectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorEffectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryError
 
Mastering Project Planning with Microsoft Project 2016.pptx
Mastering Project Planning with Microsoft Project 2016.pptxMastering Project Planning with Microsoft Project 2016.pptx
Mastering Project Planning with Microsoft Project 2016.pptx
 
Understanding Plagiarism: Causes, Consequences and Prevention.pptx
Understanding Plagiarism: Causes, Consequences and Prevention.pptxUnderstanding Plagiarism: Causes, Consequences and Prevention.pptx
Understanding Plagiarism: Causes, Consequences and Prevention.pptx
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptx
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
 
The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...
The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...
The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 Updates
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository world
 
[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf
[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf
[ CNCF Q1 2024 ] Intro to Continuous Profiling and Grafana Pyroscope.pdf
 

Meetup talk about the Red Hat OpenShift Service Mesh

  • 1. Red Hat Service Mesh Olaf Meyer Senior Consultant 26.05.2020
  • 2. Red Hat Service Mesh Page 2 of 43 Who am I and what do I do for living? I’m a consultant at ConSol. I support & advise customers how to use OpenShift and Kubernetes and how to run applications on these platforms. My interest is how to accelerate the development cycles for cloud native applications. E-Mail: olaf.meyer@consol.de Twitter: @ola_mey
  • 3. Red Hat Service Mesh Page 3 of 43 Agenda • When or why to use service meshes? • What is Istio? • What are the differences between RedHat Service Mesh and Istio? • Demo • Summary
  • 4. Red Hat Service Mesh Page 4 of 43 Typical application architecture (Official) Web-Frontend B2B Mobile-App Mobile-Gateway B2C Mobile-App Partner Web-page Rest-Gateway ESB CRM ERP GIS Logistics
  • 5. Red Hat Service Mesh Page 5 of 43 Typical application architecture (Reality) Web-Frontend B2B Mobile-App Mobile-Gateway B2C Mobile-App Partner Web-page Rest-Gateway ESB CRM ERP GIS Logistics Management Reporting (U-Boot)
  • 6. Red Hat Service Mesh Page 6 of 43 What does Ops and Security want from your apps? Resilience & Fault Tolerance Visibility & Reporting Policy Enforcement Identity & Security Routing & Traffic Control
  • 7. Red Hat Service Mesh Page 7 of 43 How does this affect your application? Business Logic Service Discovery Circuit Breaker Monitoring Load Balancing Traffic Control Tracing Application Service Registry Monitoring API Management Traffic Control Tracing Smart Routing Netflix OSS Config Server Security Policy Infrastructure Resilience & Fault Tolerance Visibility & Reporting Policy Enforcement Identity & Security Routing & Traffic Control
  • 8. Red Hat Service Mesh Page 8 of 43 Overview for two applications Business Logic Service Discovery Circuit Breaker Monitoring Load Balancing Traffic Control Tracing Application Service Registry Monitoring API Management Traffic Control Tracing Smart Routing Netflix OSS Config Server Security Policy Infrastructure Business Logic Service Discovery Circuit Breaker Monitoring Load Balancing Traffic Control Tracing Application Used frameworks are only available for a defined set of frameworks and or programming languages How does this work for off-the-shelf-apps? Good luck if you need to integrate your ERP
  • 9. Red Hat Service Mesh Page 9 of 43 Reminder of your application architecture Web-Frontend B2B Mobile-App Mobile-Gateway B2C Mobile-App Partner Web-page Rest-Gateway ESB CRM ERP GIS Logistics Management Reporting (U-Boot)
  • 10. Red Hat Service Mesh Page 10 of 43 How does a service mesh work? Business Logic Application Service Mesh Control Plan Proxy Business Logic Application Proxy Service Mesh Data Plan Popular service meshes are: ● Istio → Red Hat Service Mesh ● Linkerd ● Consul Connect ● ... ConfigConfig TelemetryTelemetry No code changes in application required!!!
  • 11. Red Hat Service Mesh Page 11 of 43 Introduction to Istio Istio → Greek for "sail" Definition from Istio homepage: Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection.
  • 12. Red Hat Service Mesh Page 12 of 43 High-level architecture of Istio Source: https://istio.io/docs/concepts/security/
  • 13. Red Hat Service Mesh Page 13 of 43 High-level architecture of Istio (Data plane) Source: https://istio.io/docs/concepts/security/
  • 14. Red Hat Service Mesh Page 14 of 43 High-level architecture of Istio (Control plane) Source: https://istio.io/docs/concepts/security/
  • 15. Red Hat Service Mesh Page 15 of 43 High-level architecture of Istio (Ingress) Source: https://istio.io/docs/concepts/security/
  • 16. Red Hat Service Mesh Page 16 of 43 High-level architecture of Istio (Engress) Source: https://istio.io/docs/concepts/security/
  • 17. Red Hat Service Mesh Page 17 of 43 High-level architecture of Istio (Pods) Source: https://istio.io/docs/concepts/security/
  • 18. Red Hat Service Mesh Page 18 of 43 High-level architecture of Istio (Pilot) Source: https://istio.io/docs/concepts/security/
  • 19. Red Hat Service Mesh Page 19 of 43 High-level architecture of Istio (Citadel) Source: https://istio.io/docs/concepts/security/
  • 20. Red Hat Service Mesh Page 20 of 43 High-level architecture of Istio (Mixer) Source: https://istio.io/docs/concepts/security/
  • 21. Red Hat Service Mesh Page 21 of 43 Applications in Istio/Red Hat Service Mesh ecosystem Observe Observe Secure ControlConnect Jaeger Kiali Grafana Prometheus Istio
  • 22. Red Hat Service Mesh Page 22 of 43 Functionality of Istio Resilience & Fault Tolerance Visibility & Reporting Policy Enforcement Identity & Security Routing & Traffic Control
  • 23. Red Hat Service Mesh Page 23 of 43 Functionality of Istio Resilience & Fault Tolerance Visibility & Reporting Policy Enforcement Identity & Security Routing & Traffic Control • Collecting Metrics from proxies and application container • Data flows is visualized in Kiali • Use Grafana and Prometheus for reporting
  • 24. Red Hat Service Mesh Page 24 of 43 Functionality of Istio Resilience & Fault Tolerance Visibility & Reporting Policy Enforcement Identity & Security Routing & Traffic Control • Retries • Circuit breaker /Request pool • Outlier detection (Endpoint pool Ejection) • Timeouts • Fault injection
  • 25. Red Hat Service Mesh Page 25 of 43 Functionality of Istio Resilience & Fault Tolerance Visibility & Reporting Policy Enforcement Identity & Security Routing & Traffic Control • Different load balancing (Round robin, least request, random, ….) • Traffic shifting/distribution between services • Routing based on HTTP header • Mirroring
  • 26. Red Hat Service Mesh Page 26 of 43 Functionality of Istio Resilience & Fault Tolerance Visibility & Reporting Policy Enforcement Identity & Security Routing & Traffic Control • Authorization with JWT • Authentication with mTLS • mTLS (Client-Server certificates) • White- and Black-Listing • RBAC • ...
  • 27. Red Hat Service Mesh Page 27 of 43 Functionality of Istio Resilience & Fault Tolerance Visibility & Reporting Policy Enforcement Identity & Security Routing & Traffic Control • Policy enforcement Istio global or per namespace • Quota • RBAC
  • 28. Red Hat Service Mesh Page 28 of 43 Red Hat Service Mesh <> Istio?
  • 29. Red Hat Service Mesh Page 29 of 43 Red Hat Service Mesh <> Istio? Requirements: 1.OpenShift 4.2 Cluster 2.Works best with SDN Plugin Network Policies Hint: If SDN plugin multi-tenant is used, all accessed projects must be joined to the control plane project.
  • 30. Red Hat Service Mesh Page 30 of 43 Red Hat Service Mesh <> Istio? Service Mesh installation can be done in two ways: 1.Control plane is responsible for the whole cluster (Kubernetes default behavior) 2.Control plane is installed in a define project and is only responsible for a defined set of projects. → Multiple control planes can run on the same OpenShift cluster
  • 31. Red Hat Service Mesh Page 31 of 43 Red Hat Service Mesh <> Istio? Istio init container no longer needs elevated privileges In plain Istio the Init Container needs elevated privileges, because it modifies the network settings. The RH Service Mesh replaces the Init container with a CNI Plugin to eliminate need for elevated privileges for Service Accounts and for SCC.
  • 32. Red Hat Service Mesh Page 32 of 43 Red Hat Service Mesh <> Istio? Istio sidecar injection In order to inject (Istio) sidecars into pods add the annotation „sidecar.istio.io/inject: "true"“ to the definition. An automatic injection via a namespace annotation is not supported. A manual inject via istioctl is still possible.
  • 33. Red Hat Service Mesh Page 33 of 43 Red Hat Service Mesh <> Istio? Kiali and Jaeger are installed by default The Red Hat Service Mesh installs by default Kiali and Jaeger. This means that you have out of the box a graphical interface to visualize an Istio service mesh and to trace requests and responses. Furthermore a supported and working version of Kiali and Jaeger are installed. No manual steps are required.
  • 34. Red Hat Service Mesh Page 34 of 43 Red Hat Service Mesh <> Istio? Automatically created OpenShift routes for Istio Gateway resources The entry point for requests in Istio is a defined via a Gateway resource. The RH Service mesh creates for Gateway resources a route that points to the desired Istio Gateway pod, so that request can received from the Istio Gateway pod via an OpenShift route and can be handle by Istio.
  • 35. Red Hat Service Mesh Page 35 of 43 Red Hat Service Mesh <> Istio? Use OpenSSL instead of BoringSSL There are some discussions around that BoringSSL is/was not FIPS (Federal Information Processing Standard) compliance. Because of this Red Hat Service Mesh will use OpenSSL instead of BoringSSL.
  • 36. Red Hat Service Mesh Page 36 of 43 Red Hat Service Mesh <> Istio? Updates of Istio are handled by an Istio Operator The operator takes care of update of the Istio control plane(s). With a redeploy Istio data plane(s) updates to the latest version. Only in exceptions manually steps are required i.e. for version 1.1 add an attribute „version: 1.1“ to resource „ServiceMeshControlPlane“
  • 37. Red Hat Service Mesh Page 37 of 43 Red Hat Service Mesh <> Istio? Component Name Red Hat Service Mesh (Maistra 1.1.0) Plain Istio Istio 1.4.6 1.5 Kiali 1.12.7 1.17.0/1.18.0 Jaeger 1.17.1 1.17.1
  • 38. Red Hat Service Mesh Page 38 of 43 Architecture of the example application Customer Istio- Ingress- Gateway Preference Recommendation V1 Recommendation V2 Recommendation V3
  • 39. Red Hat Service Mesh Page 39 of 43 Demo
  • 40. Red Hat Service Mesh Page 40 of 43 Hmm, so can I …. • Can‘t I just use Network Policies and be fine? → No missing mTLS and Routing etc. are missing in NetworkPolicies • How about using just an API Gateway like 3Scale? → Gateway allows incoming (North & South) traffic to controlled and secured, but not East to West traffic • Or maybe both? → Still not covering east to west traffic :-(
  • 41. Red Hat Service Mesh Page 41 of 43 Summary • Summary for Red Hat Service Mesh – No need for higher privileges and control plane runs on dedicated projects. – Enables multiple control planes on the same cluster – Updates are handled by Istio operator – No additional subscription needed – Changes in configuration no changes in application code. • There is no such thing as a free lunch: With great power (of Istio) comes great responsibility increased complexity of the configuration! Source: Spiderman (The movie 2002)
  • 43. Olaf Meyer E-Mail: olaf.meyer@consol.de Twitter: @ola_mey ConSol Consulting & Solutions Software GmbH St.-Cajetan-Str. 43 D-81669 München Tel.: +49-89-45841-100 info@consol.de www.consol.de Twitter: @consol_de