Microsoft Azure wer Lunch

Today’s Topic: AKS Open Service Mesh

Series website: http://azurepowerlunch.com/

On-Demand Session Information (Recordings) are available here: Azure Power Lunch YouTube Channel Date: 16th April 2021 Naveed Zaheer – Cloud Solution Architect

 Been with for more than 16 years and in software industry for more than 25 years  Spent 10+ years with Microsoft Consulting Services in areas such as AppDev, Distributed Applications, SOA and Cloud Applications  Working with Azure since its inception  Currently in a Cloud Solution Architect role Agenda

 Service Mesh: What, Why and How  Open-Source Service Mesh Add-On for AKS  Demo  Q&A About Service Mesh

 Decouples application from these operational capabilities and moves them out of the application layer, and down to the infrastructure layer.  Provides capabilities like:  Encrypt all traffic in cluster - Enable mutual TLS between specified services in the cluster. Canary and phased rollouts - Specify conditions for a subset of traffic to be routed to a set of new services in the cluster.  Traffic management and manipulation - Create a policy on a service that will rate limit all traffic to a version of a service from a specific origin.  Observability - Gain insight into how your services are connected the traffic that flows between them. Service Mesh Architecture

 Control Plane components support managing the service mesh  A management interface which could be a UI or an API.  Components that manage the rule and policy definitions that define how the service mesh should implement specific capabilities.  Components that manage aspects of security like strong identity and certificates for mTLS.  Service meshes will also typically have a metrics or observability component that collects and aggregates metrics and telemetry from the workloads.  Data Plane consists of a proxy that is transparently injected as a sidecar to the workloads.  Proxy is configured to control all network traffic in and out of the pod containing your workload.  Allows the proxy to be configured to secure traffic via mTLS, dynamically route traffic, apply policies to traffic and to collect metrics and tracing information. Architecture with Service Mesh (sidecar)

JVM JVM

Service A Service C

Sidecar Container Sidecar Container

JVM

Service B

Sidecar Container Limitations of Service Meshes

 The introduction of proxies, sidecars and other components adds complexity to the overall solution  Expertise is required in the service mesh solution in addition to  Performance of the overall solution can be impacted as service mesh adds another layer Open Service Mesh Service Mesh Interface

• A standard interface for service meshes on Kubernetes

• A basic feature set of the most common service mesh use cases

• Flexibility to support new service mesh capabilities over time

• Space for the ecosystem to innovate with service mesh technology smi-spec.io Open Service Mesh (OSM)

• Simple to understand and contribute to

• Effortless to install, maintain, and operate

• Painless to troubleshoot

• Easy to configure via Service Mesh Interface (SMI)

openservicemesh.io Demo Scenario (1)

Without Service Mesh With Service Mesh Block service to service access Demo Scenario (2)

Service Mesh Split traffic across Services Demo Resources

 Open Service Mesh AKS add-on (Preview)  Open Service Mesh  Service Mesh Interface © Copyright Microsoft Corporation. All rights reserved.