SlideShare a Scribd company logo

Service Mesh Advanced Use Cases

Sven Bernhardt
Sven Bernhardt

Talk was delivered at DOAG 2022 with Fabian Hardt Abstract: A service mesh helps to make service communication in distributed system architectures more secure, reliable and traceable. In connection with the topic of service mesh, terms such as microservices, containers or Kubernetes often come to mind; terms from the sphere of modern design methods, architectural approaches or technologies. Of course, everything is cloud-based as a rule. In reality, however, the world is not quite so simple: IT system landscapes today are very heterogeneous and have grown over years, with a colourful mix of architecture patterns and runtime platforms. On-premises hosted monoliths that come from VM-based systems on the one hand and Kubernetes-based workloads, possibly distributed between on-premises and one or more public cloud providers, on the other. This brings with it a whole host of new questions, such as how to bring the cloud and on-premises world together securely or how applications that cannot be operated containerised can also benefit from the advantages of a mesh. This session will look at how service mesh can help address complex connectivity, security and observability challenges in today's heterogeneous world. In this context, real-world scenarios from projects will be presented.

Technology
1 of 26
Download to read offline
© OPITZ CONSULTING 2022 / Öffentlich Service mesh advanced Use Cases 1 Nuremberg, 2022-09-22 Sven Bernhardt , Fabian Hardt SERVICE MESH ADVANCED USE CASES
© OPITZ CONSULTING 2022 / Öffentlich Service mesh advanced Use Cases 2 SERVICE MESH BASICS 01
© OPITZ CONSULTING 2022 / Öffentlich MODERN SOFTWARE ARCHITECTURES ARE LOOSLEY COUPLED AND DISTRIBUTED Service mesh advanced Use Cases 3 ¢ Single Deployment unit ¢ Single execution process ¢ Shared database ¢ Local, app-internal communication only ¢ Multiple Deployment units ¢ Exclusive execution process per service ¢ Database per Service (usually) ¢ Remote, inter-service communication UI Business Logic Persistence Traditional software architecture Modern software architecture
© OPITZ CONSULTING 2022 / Öffentlich CONNECTIVITY IS THE BACKBONE OF DIGITAL ORGANIZATIONS Service mesh advanced Use Cases 4 Centralized STATIC ON-PREM MONOLITH VIRTUAL MACHINES MANUAL CHANGE PROCESS Decentralized DYNAMIC CLOUD / MULTI-CLOUD MICROSERVICES / SERVERLESS CONTAINERS, KUBERNETES AUTOMATED CI/CD TOOL CHAIN # Services & APIs CONTROL AND VISIBILITY
© OPITZ CONSULTING 2022 / Öffentlich WHAT’S END-TO-END SERVICE CONNECTIVITY? Service mesh advanced Use Cases 5 ¢ Between applications ¢ Within applications ¢ At the edge EDGE Monolithic back end service Microservices based app Microservices exposed at edge for external consumption
© OPITZ CONSULTING 2022 / Öffentlich RELIABLE CONNECTIVITY IS A MULTIDIMENSIONAL PROBLEM Service mesh advanced Use Cases 7 App App App App Edge Cross-App In-App Monolith Services Microservices Serverless …
© OPITZ CONSULTING 2022 / Öffentlich INCREASED COMPLEXITY AND CHALLENGES WITH RESPECT TO DEVELOPMENT CONSISTENCY Service mesh advanced Use Cases 8 Security Security Logging Logging Security Tracing Metrics Routing Metrics Tracing Application AuthN/Z Rate-Limiting Routing Caching Organization Application AuthN/Z Versioning Versioning Rate-Limiting
© OPITZ CONSULTING 2022 / Öffentlich WHAT’S A SERVICE MESH? Service mesh advanced Use Cases 9 ¢ Efficient implementation of cross-cutting concerns with respect to service integration challenges ¢ Everything is a service! ¢ Cloud-native apps deployed to Kubernetes ¢ Non Cloud-native workloads ¢ Should be independent of ¢ Architecture (e.g. Monolithic or µService) ¢ Platform (e.g. VMs, Containers, Kubernetes) Dedicated infrastructure layer that makes service-to-service communication more reliable, secure and observable
© OPITZ CONSULTING 2022 / Öffentlich WHAT CAN SERVICE MESH HELP YOU WITH? Service mesh advanced Use Cases 10 API Gateway
© OPITZ CONSULTING 2022 / Öffentlich CONSISTENCE FROM THE EDGE TO THE TARGET SERVICE Service mesh advanced Use Cases 11 ¢ External Clients access an organization’s services through the API Gateway (Single Point of entry) ¢ API Gateway is integrated in the Mesh ¢ Is just another service ¢ Gateway proxy just handles outbound traffic ¢ Internal traffic routing is handeled by the Mesh
© OPITZ CONSULTING 2022 / Öffentlich Service mesh advanced Use Cases 12 KUMA MESH 02
© OPITZ CONSULTING 2022 / Öffentlich KUMA MESH Service mesh advanced Use Cases 13 ¢ Initally invented by Kong and donated to CNCF in 2020 ¢ Provides a modern distributed Control Plane ¢ Completely Envoy-based Data Plane proxies ¢ Platform agnostic open-source control plane for Service Mesh ¢ Hence Kuma is ¢ Universal ¢ Simple ¢ Scalable ¢ Flexible deployment options ¢ Standalone deployment ¢ Multi-Zone deployment Source: https://tinyurl.com/xb57bhx5
© OPITZ CONSULTING 2022 / Öffentlich KUMA STANDALONE ARCHITECTURE Service mesh advanced Use Cases 14
© OPITZ CONSULTING 2022 / Öffentlich KUMA MULTI-CLUSTER ARCHITECTURE Service mesh advanced Use Cases 15 ¢ One zone can be deployed over multiple clusters ¢ All traffic enters cluster over zone ingress ¢ One Remote (Zone) Control Plane in each cluster
© OPITZ CONSULTING 2022 / Öffentlich KUMA NETWORKING / CNI Service mesh advanced Use Cases 16 ¢ Installed as DaemonSet on all Nodes ¢ Injects label on Pods - k8s.v1.cni.cncf.io/networks: kuma-cni ¢ CNI enables Transparent Proxying – redirects all traffic through Data Plane
© OPITZ CONSULTING 2022 / Öffentlich KUMA NETWORKING / INIT-CONTAINER Service mesh advanced Use Cases 17 ¢ Injected to Pod and started individually before Data Plane ¢ Configures iptables / network routing
© OPITZ CONSULTING 2022 / Öffentlich SERVICE MESH DNS Service mesh advanced Use Cases 18 ¢ Local DNS resolution directly in Data Plane (Envoy) ¢ Names are not resolvable in complete cluster, just inside service mesh (Envoy) ¢ Resolves “.mesh“ address to pre-defined service mesh IP address ¢ IP in other zone / cluster is routed over Kuma Zone Ingress
© OPITZ CONSULTING 2022 / Öffentlich ZONE EGRESS Service mesh advanced Use Cases 19 ¢ Special Data Plane instance – like Zone Ingress ¢ All outgoing traffic is routed through this instance ¢ Usage of External Services just possible with deployed Zone Egress in the future
© OPITZ CONSULTING 2022 / Öffentlich Service mesh advanced Use Cases 20 DEMO 03
© OPITZ CONSULTING 2022 / Öffentlich DEMO: MULTI-CLOUD / MULTI-CLUSTER MESH Service mesh advanced Use Cases 21
© OPITZ CONSULTING 2022 / Öffentlich ORACLE CONTAINER ENGINE FOR KUBERNETES (OKE) Service mesh advanced Use Cases 22 Based on IaaS Oracle Compute Cloud Service Worker Nodes: VM Master Node: •Managed and maintained by Oracle •Not visible for the end user •Master nodes are free of charge Auto-scaling capabilities using Worker-Node Pools Can be provisioned using OCI Cloud Console OCI Cloud Shell OCI CLI Terraform (OCI Resource Manager)
© OPITZ CONSULTING 2022 / Öffentlich Service mesh advanced Use Cases 23 CONCLUSION 06
© OPITZ CONSULTING 2022 / Öffentlich SERVICE MESH BENEFITS Service mesh advanced Use Cases 24 ¢ Increased Developers productivity ¢ Self-service network management ¢ Reliable connectivity ¢ Zero-trust security ¢ Service Discovery ¢ Observability
© OPITZ CONSULTING 2022 / Öffentlich KEY TAKEAWAYS Service mesh advanced Use Cases 25 ¢ Service Mesh is essential for modern software architectures to tackle basic service integration challenges independent of: ¢ Level ¢ Architecture ¢ Platform ¢ Kuma as a mesh implementation provides ¢ Agnostic approach (indepent of architecture or platform) ¢ Modern, flexible architecture supporting hybrid, multi-cloud scenarios ¢ Standalone ¢ Multi-zone ¢ Multi-mesh ¢ Seamless CI / CD integration (GitOps)
© OPITZ CONSULTING 2022 / Öffentlich Service mesh advanced Use Cases 26 Q & A https://opitzcloud.canto.global/b/H0EMG
© OPITZ CONSULTING 2022 / Öffentlich Analytics meets Integration – Modern Development mit Data APIs 27 www.opitz-consulting.com KONTAKT Sven Bernhardt Senior Manager Corporate Development Sven.Bernhardt@opitz-consulting.com +49 172 2193529 https://www.xing.com/profile/Sven_Bernhardt/ https://www.linkedin.com/in/sven-bernhardt-0570b823/ Fabian Hardt Solution Architect Fabian.Hardt@opitz-consulting.com https://twitter.com/fabian_hardt https://www.xing.com/profile/Fabian_Hardt https://www.linkedin.com/in/fabian-hardt-0956b1b1

Recommended

Service integration made easy with Open Source Kuma
Service integration made easy with Open Source KumaService integration made easy with Open Source Kuma
Service integration made easy with Open Source Kuma
Sven Bernhardt
 
Build and Manage Multi-Cloud Applications Using Kuma
Build and Manage Multi-Cloud Applications Using KumaBuild and Manage Multi-Cloud Applications Using Kuma
Build and Manage Multi-Cloud Applications Using Kuma
Sven Bernhardt
 
Architecture Room Stuttgart - "Cloud-native ist nur ein Teil des Spiels!"
Architecture Room Stuttgart - "Cloud-native ist nur ein Teil des Spiels!"Architecture Room Stuttgart - "Cloud-native ist nur ein Teil des Spiels!"
Architecture Room Stuttgart - "Cloud-native ist nur ein Teil des Spiels!"
OPITZ CONSULTING Deutschland
 
Build and Manage Multi-Cloud Applications Using Kuma
Build and Manage Multi-Cloud Applications Using KumaBuild and Manage Multi-Cloud Applications Using Kuma
Build and Manage Multi-Cloud Applications Using Kuma
Sven Bernhardt
 
Modern Integration based on OCI Cloud-native Services
Modern Integration based on OCI Cloud-native ServicesModern Integration based on OCI Cloud-native Services
Modern Integration based on OCI Cloud-native Services
Sven Bernhardt
 
Cloud-native is just part of the game
Cloud-native is just part of the gameCloud-native is just part of the game
Cloud-native is just part of the game
Sven Bernhardt
 
Declarative observability management for Microservice architectures
Declarative observability management for Microservice architecturesDeclarative observability management for Microservice architectures
Declarative observability management for Microservice architectures
Sven Bernhardt
 
API Gateway or Service mesh - Complementary or excluding concepts
API Gateway or Service mesh - Complementary or excluding conceptsAPI Gateway or Service mesh - Complementary or excluding concepts
API Gateway or Service mesh - Complementary or excluding concepts
Sven Bernhardt
 

Recommended

Service integration made easy with Open Source Kuma
Service integration made easy with Open Source KumaService integration made easy with Open Source Kuma
Service integration made easy with Open Source Kuma
Sven Bernhardt
 
Build and Manage Multi-Cloud Applications Using Kuma
Build and Manage Multi-Cloud Applications Using KumaBuild and Manage Multi-Cloud Applications Using Kuma
Build and Manage Multi-Cloud Applications Using Kuma
Sven Bernhardt
 
Architecture Room Stuttgart - "Cloud-native ist nur ein Teil des Spiels!"
Architecture Room Stuttgart - "Cloud-native ist nur ein Teil des Spiels!"Architecture Room Stuttgart - "Cloud-native ist nur ein Teil des Spiels!"
Architecture Room Stuttgart - "Cloud-native ist nur ein Teil des Spiels!"
OPITZ CONSULTING Deutschland
 
Build and Manage Multi-Cloud Applications Using Kuma
Build and Manage Multi-Cloud Applications Using KumaBuild and Manage Multi-Cloud Applications Using Kuma
Build and Manage Multi-Cloud Applications Using Kuma
Sven Bernhardt
 
Modern Integration based on OCI Cloud-native Services
Modern Integration based on OCI Cloud-native ServicesModern Integration based on OCI Cloud-native Services
Modern Integration based on OCI Cloud-native Services
Sven Bernhardt
 
Cloud-native is just part of the game
Cloud-native is just part of the gameCloud-native is just part of the game
Cloud-native is just part of the game
Sven Bernhardt
 
Declarative observability management for Microservice architectures
Declarative observability management for Microservice architecturesDeclarative observability management for Microservice architectures
Declarative observability management for Microservice architectures
Sven Bernhardt
 
API Gateway or Service mesh - Complementary or excluding concepts
API Gateway or Service mesh - Complementary or excluding conceptsAPI Gateway or Service mesh - Complementary or excluding concepts
API Gateway or Service mesh - Complementary or excluding concepts
Sven Bernhardt
 
Analytics meets Integration – Modern Development mit Data APIs
Analytics meets Integration – Modern Development mit Data APIsAnalytics meets Integration – Modern Development mit Data APIs
Analytics meets Integration – Modern Development mit Data APIs
Fabian Hardt
 
Analytics meets Integration - Modern Development with Data APIs
Analytics meets Integration - Modern Development with Data APIsAnalytics meets Integration - Modern Development with Data APIs
Analytics meets Integration - Modern Development with Data APIs
Sven Bernhardt
 
Cloud-native Application Development - The new normal
Cloud-native Application Development - The new normalCloud-native Application Development - The new normal
Cloud-native Application Development - The new normal
Sven Bernhardt
 
Cloud-native Application Development on OCI
Cloud-native Application Development on OCICloud-native Application Development on OCI
Cloud-native Application Development on OCI
Sven Bernhardt
 
Advanced Observability & Security
Advanced Observability & SecurityAdvanced Observability & Security
Advanced Observability & Security
Fabian Hardt
 
Cloud-native Integration in the Oracle Cloud
Cloud-native Integration in the Oracle CloudCloud-native Integration in the Oracle Cloud
Cloud-native Integration in the Oracle Cloud
Sven Bernhardt
 
Kong 101 - Jumpstart into the world of APIs
Kong 101 - Jumpstart into the world of APIsKong 101 - Jumpstart into the world of APIs
Kong 101 - Jumpstart into the world of APIs
Sven Bernhardt
 
Integration architectures based on Microservices, APIs and events
Integration architectures based on Microservices, APIs and eventsIntegration architectures based on Microservices, APIs and events
Integration architectures based on Microservices, APIs and events
Sven Bernhardt
 
Cloud-native Integration in the Oracle Cloud
Cloud-native Integration in the Oracle CloudCloud-native Integration in the Oracle Cloud
Cloud-native Integration in the Oracle Cloud
Sven Bernhardt
 
Advanced Observability & Security
Advanced Observability & SecurityAdvanced Observability & Security
Advanced Observability & Security
Fabian Hardt
 
Flexible, hybrid API-led software architectures with Kong
Flexible, hybrid API-led software architectures with KongFlexible, hybrid API-led software architectures with Kong
Flexible, hybrid API-led software architectures with Kong
Sven Bernhardt
 
Enabling MEC as a New Telco Business Opportunity
Enabling MEC as a New Telco Business OpportunityEnabling MEC as a New Telco Business Opportunity
Enabling MEC as a New Telco Business Opportunity
Michelle Holley
 
API Gateway or Service Mesh - Complementary or excluding concepts
API Gateway or Service Mesh - Complementary or excluding conceptsAPI Gateway or Service Mesh - Complementary or excluding concepts
API Gateway or Service Mesh - Complementary or excluding concepts
Sven Bernhardt
 
Effective and simple - integration architectures with Apache Camel and Quarkus
Effective and simple - integration architectures with Apache Camel and QuarkusEffective and simple - integration architectures with Apache Camel and Quarkus
Effective and simple - integration architectures with Apache Camel and Quarkus
Sven Bernhardt
 
Connectivity Challenges for CAVs - Athonet Group
Connectivity Challenges for CAVs - Athonet GroupConnectivity Challenges for CAVs - Athonet Group
Connectivity Challenges for CAVs - Athonet Group
techUK
 
Implementing Cloud-native apps on OCI
Implementing Cloud-native apps on OCIImplementing Cloud-native apps on OCI
Implementing Cloud-native apps on OCI
Sven Bernhardt
 
Implementing API-led Cloud-native apps on OCI
Implementing API-led Cloud-native apps on OCIImplementing API-led Cloud-native apps on OCI
Implementing API-led Cloud-native apps on OCI
Sven Bernhardt
 
Modernization options for Oracle Forms applications
Modernization options for Oracle Forms applicationsModernization options for Oracle Forms applications
Modernization options for Oracle Forms applications
Sven Bernhardt
 
Deploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesDeploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native Kubernetes
Kangaroot
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
 
One Gateway to Rule them All: Building a Federated API Management Platform
One Gateway to Rule them All: Building a Federated API Management PlatformOne Gateway to Rule them All: Building a Federated API Management Platform
One Gateway to Rule them All: Building a Federated API Management Platform
Sven Bernhardt
 
Elevating Development: Embracing APIOps for Enhanced Developer Productivity
Elevating Development: Embracing APIOps for Enhanced Developer ProductivityElevating Development: Embracing APIOps for Enhanced Developer Productivity
Elevating Development: Embracing APIOps for Enhanced Developer Productivity
Sven Bernhardt
 

More Related Content

Similar to Service Mesh Advanced Use Cases

Cloud-native Application Development - The new normal
Cloud-native Application Development - The new normalCloud-native Application Development - The new normal
Cloud-native Application Development - The new normal
Sven Bernhardt
 
Advanced Observability & Security
Advanced Observability & SecurityAdvanced Observability & Security
Advanced Observability & Security
Fabian Hardt
 
Kong 101 - Jumpstart into the world of APIs
Kong 101 - Jumpstart into the world of APIsKong 101 - Jumpstart into the world of APIs
Kong 101 - Jumpstart into the world of APIs
Sven Bernhardt
 
Cloud-native Integration in the Oracle Cloud
Cloud-native Integration in the Oracle CloudCloud-native Integration in the Oracle Cloud
Cloud-native Integration in the Oracle Cloud
Sven Bernhardt
 
Advanced Observability & Security
Advanced Observability & SecurityAdvanced Observability & Security
Advanced Observability & Security
Fabian Hardt
 
Flexible, hybrid API-led software architectures with Kong
Flexible, hybrid API-led software architectures with KongFlexible, hybrid API-led software architectures with Kong
Flexible, hybrid API-led software architectures with Kong
Sven Bernhardt
 
API Gateway or Service Mesh - Complementary or excluding concepts
API Gateway or Service Mesh - Complementary or excluding conceptsAPI Gateway or Service Mesh - Complementary or excluding concepts
API Gateway or Service Mesh - Complementary or excluding concepts
Sven Bernhardt
 
Effective and simple - integration architectures with Apache Camel and Quarkus
Effective and simple - integration architectures with Apache Camel and QuarkusEffective and simple - integration architectures with Apache Camel and Quarkus
Effective and simple - integration architectures with Apache Camel and Quarkus
Sven Bernhardt
 
Implementing API-led Cloud-native apps on OCI
Implementing API-led Cloud-native apps on OCIImplementing API-led Cloud-native apps on OCI
Implementing API-led Cloud-native apps on OCI
Sven Bernhardt
 
Modernization options for Oracle Forms applications
Modernization options for Oracle Forms applicationsModernization options for Oracle Forms applications
Modernization options for Oracle Forms applications
Sven Bernhardt
 
Deploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesDeploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native Kubernetes
Kangaroot
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
 

Similar to Service Mesh Advanced Use Cases (20)

Analytics meets Integration – Modern Development mit Data APIs
Analytics meets Integration – Modern Development mit Data APIsAnalytics meets Integration – Modern Development mit Data APIs
Analytics meets Integration – Modern Development mit Data APIs
 
Analytics meets Integration - Modern Development with Data APIs
Analytics meets Integration - Modern Development with Data APIsAnalytics meets Integration - Modern Development with Data APIs
Analytics meets Integration - Modern Development with Data APIs
 
Cloud-native Application Development - The new normal
Cloud-native Application Development - The new normalCloud-native Application Development - The new normal
Cloud-native Application Development - The new normal
 
Cloud-native Application Development on OCI
Cloud-native Application Development on OCICloud-native Application Development on OCI
Cloud-native Application Development on OCI
 
Advanced Observability & Security
Advanced Observability & SecurityAdvanced Observability & Security
Advanced Observability & Security
 
Cloud-native Integration in the Oracle Cloud
Cloud-native Integration in the Oracle CloudCloud-native Integration in the Oracle Cloud
Cloud-native Integration in the Oracle Cloud
 
Kong 101 - Jumpstart into the world of APIs
Kong 101 - Jumpstart into the world of APIsKong 101 - Jumpstart into the world of APIs
Kong 101 - Jumpstart into the world of APIs
 
Integration architectures based on Microservices, APIs and events
Integration architectures based on Microservices, APIs and eventsIntegration architectures based on Microservices, APIs and events
Integration architectures based on Microservices, APIs and events
 
Cloud-native Integration in the Oracle Cloud
Cloud-native Integration in the Oracle CloudCloud-native Integration in the Oracle Cloud
Cloud-native Integration in the Oracle Cloud
 
Advanced Observability & Security
Advanced Observability & SecurityAdvanced Observability & Security
Advanced Observability & Security
 
Flexible, hybrid API-led software architectures with Kong
Flexible, hybrid API-led software architectures with KongFlexible, hybrid API-led software architectures with Kong
Flexible, hybrid API-led software architectures with Kong
 
Enabling MEC as a New Telco Business Opportunity
Enabling MEC as a New Telco Business OpportunityEnabling MEC as a New Telco Business Opportunity
Enabling MEC as a New Telco Business Opportunity
 
API Gateway or Service Mesh - Complementary or excluding concepts
API Gateway or Service Mesh - Complementary or excluding conceptsAPI Gateway or Service Mesh - Complementary or excluding concepts
API Gateway or Service Mesh - Complementary or excluding concepts
 
Effective and simple - integration architectures with Apache Camel and Quarkus
Effective and simple - integration architectures with Apache Camel and QuarkusEffective and simple - integration architectures with Apache Camel and Quarkus
Effective and simple - integration architectures with Apache Camel and Quarkus
 
Connectivity Challenges for CAVs - Athonet Group
Connectivity Challenges for CAVs - Athonet GroupConnectivity Challenges for CAVs - Athonet Group
Connectivity Challenges for CAVs - Athonet Group
 
Implementing Cloud-native apps on OCI
Implementing Cloud-native apps on OCIImplementing Cloud-native apps on OCI
Implementing Cloud-native apps on OCI
 
Implementing API-led Cloud-native apps on OCI
Implementing API-led Cloud-native apps on OCIImplementing API-led Cloud-native apps on OCI
Implementing API-led Cloud-native apps on OCI
 
Modernization options for Oracle Forms applications
Modernization options for Oracle Forms applicationsModernization options for Oracle Forms applications
Modernization options for Oracle Forms applications
 
Deploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesDeploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native Kubernetes
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 

More from Sven Bernhardt

One Gateway to Rule them All: Building a Federated API Management Platform
One Gateway to Rule them All: Building a Federated API Management PlatformOne Gateway to Rule them All: Building a Federated API Management Platform
One Gateway to Rule them All: Building a Federated API Management Platform
Sven Bernhardt
 
Elevating Development: Embracing APIOps for Enhanced Developer Productivity
Elevating Development: Embracing APIOps for Enhanced Developer ProductivityElevating Development: Embracing APIOps for Enhanced Developer Productivity
Elevating Development: Embracing APIOps for Enhanced Developer Productivity
Sven Bernhardt
 
Torch the light - Implementing Observability for Microservice Architectures
Torch the light - Implementing Observability for Microservice ArchitecturesTorch the light - Implementing Observability for Microservice Architectures
Torch the light - Implementing Observability for Microservice Architectures
Sven Bernhardt
 
Rumble in the Jungle - API Kickstart with Kong
Rumble in the Jungle - API Kickstart with KongRumble in the Jungle - API Kickstart with Kong
Rumble in the Jungle - API Kickstart with Kong
Sven Bernhardt
 
Implementing API-led Cloud-native apps on OCI
Implementing API-led Cloud-native apps on OCIImplementing API-led Cloud-native apps on OCI
Implementing API-led Cloud-native apps on OCI
Sven Bernhardt
 
Implementing API-led Cloud-native apps on OCI
Implementing API-led Cloud-native apps on OCIImplementing API-led Cloud-native apps on OCI
Implementing API-led Cloud-native apps on OCI
Sven Bernhardt
 
Next Gen Big Data Plattform mit Hadoop, APIs und Kubernetes
Next Gen Big Data Plattform mit Hadoop, APIs und KubernetesNext Gen Big Data Plattform mit Hadoop, APIs und Kubernetes
Next Gen Big Data Plattform mit Hadoop, APIs und Kubernetes
Sven Bernhardt
 
Cloud-Native Microservices using Helidon
Cloud-Native Microservices using HelidonCloud-Native Microservices using Helidon
Cloud-Native Microservices using Helidon
Sven Bernhardt
 

More from Sven Bernhardt (10)

One Gateway to Rule them All: Building a Federated API Management Platform
One Gateway to Rule them All: Building a Federated API Management PlatformOne Gateway to Rule them All: Building a Federated API Management Platform
One Gateway to Rule them All: Building a Federated API Management Platform
 
Elevating Development: Embracing APIOps for Enhanced Developer Productivity
Elevating Development: Embracing APIOps for Enhanced Developer ProductivityElevating Development: Embracing APIOps for Enhanced Developer Productivity
Elevating Development: Embracing APIOps for Enhanced Developer Productivity
 
Torch the light - Implementing Observability for Microservice Architectures
Torch the light - Implementing Observability for Microservice ArchitecturesTorch the light - Implementing Observability for Microservice Architectures
Torch the light - Implementing Observability for Microservice Architectures
 
Rumble in the Jungle - API Kickstart with Kong
Rumble in the Jungle - API Kickstart with KongRumble in the Jungle - API Kickstart with Kong
Rumble in the Jungle - API Kickstart with Kong
 
Efficient API delivery with APIOps
Efficient API delivery with APIOpsEfficient API delivery with APIOps
Efficient API delivery with APIOps
 
Efficient API delivery with APIOps
Efficient API delivery with APIOpsEfficient API delivery with APIOps
Efficient API delivery with APIOps
 
Implementing API-led Cloud-native apps on OCI
Implementing API-led Cloud-native apps on OCIImplementing API-led Cloud-native apps on OCI
Implementing API-led Cloud-native apps on OCI
 
Implementing API-led Cloud-native apps on OCI
Implementing API-led Cloud-native apps on OCIImplementing API-led Cloud-native apps on OCI
Implementing API-led Cloud-native apps on OCI
 
Next Gen Big Data Plattform mit Hadoop, APIs und Kubernetes
Next Gen Big Data Plattform mit Hadoop, APIs und KubernetesNext Gen Big Data Plattform mit Hadoop, APIs und Kubernetes
Next Gen Big Data Plattform mit Hadoop, APIs und Kubernetes
 
Cloud-Native Microservices using Helidon
Cloud-Native Microservices using HelidonCloud-Native Microservices using Helidon
Cloud-Native Microservices using Helidon
 

Recently uploaded

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Recently uploaded (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

Service Mesh Advanced Use Cases

  • 1. © OPITZ CONSULTING 2022 / Öffentlich Service mesh advanced Use Cases 1 Nuremberg, 2022-09-22 Sven Bernhardt , Fabian Hardt SERVICE MESH ADVANCED USE CASES
  • 2. © OPITZ CONSULTING 2022 / Öffentlich Service mesh advanced Use Cases 2 SERVICE MESH BASICS 01
  • 3. © OPITZ CONSULTING 2022 / Öffentlich MODERN SOFTWARE ARCHITECTURES ARE LOOSLEY COUPLED AND DISTRIBUTED Service mesh advanced Use Cases 3 ¢ Single Deployment unit ¢ Single execution process ¢ Shared database ¢ Local, app-internal communication only ¢ Multiple Deployment units ¢ Exclusive execution process per service ¢ Database per Service (usually) ¢ Remote, inter-service communication UI Business Logic Persistence Traditional software architecture Modern software architecture
  • 4. © OPITZ CONSULTING 2022 / Öffentlich CONNECTIVITY IS THE BACKBONE OF DIGITAL ORGANIZATIONS Service mesh advanced Use Cases 4 Centralized STATIC ON-PREM MONOLITH VIRTUAL MACHINES MANUAL CHANGE PROCESS Decentralized DYNAMIC CLOUD / MULTI-CLOUD MICROSERVICES / SERVERLESS CONTAINERS, KUBERNETES AUTOMATED CI/CD TOOL CHAIN # Services & APIs CONTROL AND VISIBILITY
  • 5. © OPITZ CONSULTING 2022 / Öffentlich WHAT’S END-TO-END SERVICE CONNECTIVITY? Service mesh advanced Use Cases 5 ¢ Between applications ¢ Within applications ¢ At the edge EDGE Monolithic back end service Microservices based app Microservices exposed at edge for external consumption
  • 6. © OPITZ CONSULTING 2022 / Öffentlich RELIABLE CONNECTIVITY IS A MULTIDIMENSIONAL PROBLEM Service mesh advanced Use Cases 7 App App App App Edge Cross-App In-App Monolith Services Microservices Serverless …
  • 7. © OPITZ CONSULTING 2022 / Öffentlich INCREASED COMPLEXITY AND CHALLENGES WITH RESPECT TO DEVELOPMENT CONSISTENCY Service mesh advanced Use Cases 8 Security Security Logging Logging Security Tracing Metrics Routing Metrics Tracing Application AuthN/Z Rate-Limiting Routing Caching Organization Application AuthN/Z Versioning Versioning Rate-Limiting
  • 8. © OPITZ CONSULTING 2022 / Öffentlich WHAT’S A SERVICE MESH? Service mesh advanced Use Cases 9 ¢ Efficient implementation of cross-cutting concerns with respect to service integration challenges ¢ Everything is a service! ¢ Cloud-native apps deployed to Kubernetes ¢ Non Cloud-native workloads ¢ Should be independent of ¢ Architecture (e.g. Monolithic or µService) ¢ Platform (e.g. VMs, Containers, Kubernetes) Dedicated infrastructure layer that makes service-to-service communication more reliable, secure and observable
  • 9. © OPITZ CONSULTING 2022 / Öffentlich WHAT CAN SERVICE MESH HELP YOU WITH? Service mesh advanced Use Cases 10 API Gateway
  • 10. © OPITZ CONSULTING 2022 / Öffentlich CONSISTENCE FROM THE EDGE TO THE TARGET SERVICE Service mesh advanced Use Cases 11 ¢ External Clients access an organization’s services through the API Gateway (Single Point of entry) ¢ API Gateway is integrated in the Mesh ¢ Is just another service ¢ Gateway proxy just handles outbound traffic ¢ Internal traffic routing is handeled by the Mesh
  • 11. © OPITZ CONSULTING 2022 / Öffentlich Service mesh advanced Use Cases 12 KUMA MESH 02
  • 12. © OPITZ CONSULTING 2022 / Öffentlich KUMA MESH Service mesh advanced Use Cases 13 ¢ Initally invented by Kong and donated to CNCF in 2020 ¢ Provides a modern distributed Control Plane ¢ Completely Envoy-based Data Plane proxies ¢ Platform agnostic open-source control plane for Service Mesh ¢ Hence Kuma is ¢ Universal ¢ Simple ¢ Scalable ¢ Flexible deployment options ¢ Standalone deployment ¢ Multi-Zone deployment Source: https://tinyurl.com/xb57bhx5
  • 13. © OPITZ CONSULTING 2022 / Öffentlich KUMA STANDALONE ARCHITECTURE Service mesh advanced Use Cases 14
  • 14. © OPITZ CONSULTING 2022 / Öffentlich KUMA MULTI-CLUSTER ARCHITECTURE Service mesh advanced Use Cases 15 ¢ One zone can be deployed over multiple clusters ¢ All traffic enters cluster over zone ingress ¢ One Remote (Zone) Control Plane in each cluster
  • 15. © OPITZ CONSULTING 2022 / Öffentlich KUMA NETWORKING / CNI Service mesh advanced Use Cases 16 ¢ Installed as DaemonSet on all Nodes ¢ Injects label on Pods - k8s.v1.cni.cncf.io/networks: kuma-cni ¢ CNI enables Transparent Proxying – redirects all traffic through Data Plane
  • 16. © OPITZ CONSULTING 2022 / Öffentlich KUMA NETWORKING / INIT-CONTAINER Service mesh advanced Use Cases 17 ¢ Injected to Pod and started individually before Data Plane ¢ Configures iptables / network routing
  • 17. © OPITZ CONSULTING 2022 / Öffentlich SERVICE MESH DNS Service mesh advanced Use Cases 18 ¢ Local DNS resolution directly in Data Plane (Envoy) ¢ Names are not resolvable in complete cluster, just inside service mesh (Envoy) ¢ Resolves “.mesh“ address to pre-defined service mesh IP address ¢ IP in other zone / cluster is routed over Kuma Zone Ingress
  • 18. © OPITZ CONSULTING 2022 / Öffentlich ZONE EGRESS Service mesh advanced Use Cases 19 ¢ Special Data Plane instance – like Zone Ingress ¢ All outgoing traffic is routed through this instance ¢ Usage of External Services just possible with deployed Zone Egress in the future
  • 19. © OPITZ CONSULTING 2022 / Öffentlich Service mesh advanced Use Cases 20 DEMO 03
  • 20. © OPITZ CONSULTING 2022 / Öffentlich DEMO: MULTI-CLOUD / MULTI-CLUSTER MESH Service mesh advanced Use Cases 21
  • 21. © OPITZ CONSULTING 2022 / Öffentlich ORACLE CONTAINER ENGINE FOR KUBERNETES (OKE) Service mesh advanced Use Cases 22 Based on IaaS Oracle Compute Cloud Service Worker Nodes: VM Master Node: •Managed and maintained by Oracle •Not visible for the end user •Master nodes are free of charge Auto-scaling capabilities using Worker-Node Pools Can be provisioned using OCI Cloud Console OCI Cloud Shell OCI CLI Terraform (OCI Resource Manager)
  • 22. © OPITZ CONSULTING 2022 / Öffentlich Service mesh advanced Use Cases 23 CONCLUSION 06
  • 23. © OPITZ CONSULTING 2022 / Öffentlich SERVICE MESH BENEFITS Service mesh advanced Use Cases 24 ¢ Increased Developers productivity ¢ Self-service network management ¢ Reliable connectivity ¢ Zero-trust security ¢ Service Discovery ¢ Observability
  • 24. © OPITZ CONSULTING 2022 / Öffentlich KEY TAKEAWAYS Service mesh advanced Use Cases 25 ¢ Service Mesh is essential for modern software architectures to tackle basic service integration challenges independent of: ¢ Level ¢ Architecture ¢ Platform ¢ Kuma as a mesh implementation provides ¢ Agnostic approach (indepent of architecture or platform) ¢ Modern, flexible architecture supporting hybrid, multi-cloud scenarios ¢ Standalone ¢ Multi-zone ¢ Multi-mesh ¢ Seamless CI / CD integration (GitOps)
  • 25. © OPITZ CONSULTING 2022 / Öffentlich Service mesh advanced Use Cases 26 Q & A https://opitzcloud.canto.global/b/H0EMG
  • 26. © OPITZ CONSULTING 2022 / Öffentlich Analytics meets Integration – Modern Development mit Data APIs 27 www.opitz-consulting.com KONTAKT Sven Bernhardt Senior Manager Corporate Development Sven.Bernhardt@opitz-consulting.com +49 172 2193529 https://www.xing.com/profile/Sven_Bernhardt/ https://www.linkedin.com/in/sven-bernhardt-0570b823/ Fabian Hardt Solution Architect Fabian.Hardt@opitz-consulting.com https://twitter.com/fabian_hardt https://www.xing.com/profile/Fabian_Hardt https://www.linkedin.com/in/fabian-hardt-0956b1b1