cloud native communication - the conference for java ... · tl;dr moving to cloud and containers...
TRANSCRIPT
![Page 1: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/1.jpg)
Cloud Native Communication:
Using API Gateway and Service Mesh with Java Apps
Daniel BryantProduct Architect, Datawire
![Page 2: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/2.jpg)
tl;dr
▪ Moving to cloud and containers (cloud native) brings benefits and challenges
– Ingress and service-to-service communications change
▪ API gateway handles ingress traffic: you don’t control the client
▪ Service mesh handles service-to-service comms: you influence the client
▪ You can implement new comms via two patterns
– Outside-in, using an API gateway
– Balkanization, using a service mesh on a segment of services
![Page 3: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/3.jpg)
Product Architect at Datawire, Freelance Tech Consultant and Writer
Java Champion, avid reader, conference tourist
@danielbryantuk
![Page 4: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/4.jpg)
Motivations: Acceleration
▪ Lead time
▪ Deployment frequency
▪ Mean time to restore (MTTR)
▪ Change fail percentage
CIOs: “We want to go faster, and not fall over
(and if it breaks we want to detect and fix it fast)”
![Page 5: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/5.jpg)
App Modernisation
▪ Refactoring, repurposing, or consolidation of heritage software to align it
more closely with current business needs
▪ Decoupling applications from infrastructure
– Moving workloads to take advantage of cloud-based (AI) services
– Retiring old systems (saving infra/hosting costs)
– Reducing operational burden (e.g. toil and security patching)
![Page 6: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/6.jpg)
App Modernisation
▪ Microservices!
▪ Cloud!
▪ Containers!
▪ Kubernetes!
![Page 7: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/7.jpg)
App modernisation: Not an overnight thing
![Page 8: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/8.jpg)
End-to-end communication
![Page 9: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/9.jpg)
End-to-end communication
![Page 10: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/10.jpg)
API Gateway
![Page 11: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/11.jpg)
API Gateway: Edge proxy, ingress, ADC...
▪ Exposes internal services to end-users (often via multiple domains)
▪ Encapsulates backends: k8s, VMs, bare metal etc
▪ Focused on managing ingress (“north-south”) traffic
▪ You don’t control the client
![Page 12: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/12.jpg)
API Gateway: Self-Serve Routing & Security
▪ Self-serve routing
– Traffic routing, splitting, and shaping (to dynamic backends)
– Release functionality (A/B, canary, dark launch etc)
▪ Security
– End-user authentication/authorization
– TLS termination, rate limiting, WAF, DDoS protection, etc
![Page 13: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/13.jpg)
API Gateway Options
![Page 14: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/14.jpg)
API Gateway: Decisions Points
Java-based Traditional Cloud Native
Configuration language Java Scripts Kubernetes CRDs, YAML
Typical owners Developers Ops or API team Developers & Platform
Learning curve Low-Medium Medium-High Medium-High
Performance (anecdotal)
Low (e.g. DIY)High (e.g. Netty)
High High (especially in volatile envs)
Adding functionality DIY Plugins, modules Plugins, modules
Biggest pain point MaintenanceCoupling/cohesion
Configuration New workflow (DevOps?)
![Page 15: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/15.jpg)
Ambassador config
![Page 16: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/16.jpg)
Service Mesh
![Page 17: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/17.jpg)
“Service mesh”, you say?
https://twitter.com/cesarTronLozai/status/1175327326218915840
https://twitter.com/wm/status/1173350339946274816
![Page 18: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/18.jpg)
Service Mesh: Proxy mesh, Fabric model...
▪ Exposes internal services to internal consumers
▪ Encapsulates service infra: across k8s, VMs, bare metal etc
▪ Dynamic routing for service-to-service (“east-west”) traffic
▪ You generally control the client (or at least can influence this...)
![Page 19: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/19.jpg)
Exploring end-to-end communication
![Page 20: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/20.jpg)
![Page 21: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/21.jpg)
Service Mesh: Three Pillars
▪ Observability
– “Golden signals”: latency, errors, traffic, saturation (USE, RED)
– Both global and service-to-service
▪ Reliability
– Abstracting health checks, retries, circuit breakers etc.
– Providing sane default to protect system
▪ Security
– Authn/z propagation, mTLS, ACLs, network segmentation
![Page 22: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/22.jpg)
Service Mesh: Three Pillars
▪ Observability
– “Golden signals”: latency, errors, traffic, saturation (USE, RED)
– Both global and service-to-service
▪ Reliability
– Abstracting health checks, retries, circuit breakers etc.
– Providing sane default to protect system
▪ Security
– Authn/z propagation, mTLS, ACLs, network segmentation
https://www.infoq.com/podcasts/
![Page 23: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/23.jpg)
Service Mesh Options
![Page 24: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/24.jpg)
Service Mesh: Decisions PointsNone:
Simple Service Discovery
Java “Service Mesh”(in-process)
Sidecar Service Mesh(out-of-process)
Configuration Scripts Java Kubernetes CRDs, YAML
Typical owners Dev / ops Developers Platform
Learning curve Low Medium-High Medium-High
Performance (anecdotal)
Highest High High
Comms-based NFR support
DIY Circuit-breaking, retries, bulkheads, timeouts
Circuit-breaking, reties, bulkheads, timeouts
Cross-language Yes No (or not really) Yes
Biggest pain point
Running support services,Configuration
Running support services, maintaining config (coupling)
Installation and maintainence
![Page 25: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/25.jpg)
Consul config
![Page 26: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/26.jpg)
Lessons learned...
![Page 27: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/27.jpg)
Typical Problems
▪ No clear use case
▪ Not working with the ops team…
▪ Turtles all the way down
▪ NFR-handling implemented
multiple places in stack
![Page 28: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/28.jpg)
Migration tactics
▪ Outside in
– Start with a gateway
– Identify a endpoint/service
▪ Balkanization
– Start with a service mesh
– Identify a service segment
▪ Easy install
▪ Conceptually easy to understand
▪ Less intrusive for all platforms
▪ (Potentially) higher blast radius
▪ Less new functionality
▪ Potentially high value functionality
▪ “Easy” to deploy in Kubernetes
▪ Can support multi-cluster (beta)
▪ Operationally complex
▪ (Potentially) challenging to unwind
▪ Expectation management… :-)
![Page 30: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/30.jpg)
Explore in browser
https://instruqt.com/hashicorp/tracks/sock-shop-tutorial
Hat tip to:Todd Radel, Nic Jackson & Eric Veld!
![Page 31: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/31.jpg)
Conclusion
▪ Moving to cloud and containers (cloud native) brings benefits and challenges
– Ingress and service-to-service communications change
▪ API gateway handles ingress traffic: you don’t control the client
▪ Service mesh handles service-to-service comms: you influence the client
▪ You can implement new comms via two patterns
– Outside-in, using an API gateway
– Balkanization, using a service mesh on a segment of services
![Page 32: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/32.jpg)
References
▪ Context:
– https://www.infoq.com/articles/api-gateway-service-mesh-app-modernisation/
▪ Reference:
– https://www.getambassador.io/user-guide/consul-connect-ambassador/
– https://www.getambassador.io/user-guide/consul/
– https://www.consul.io/docs/platform/k8s/ambassador.html
– https://www.hashicorp.com/blog/hashicorp-consul-supports-microsoft-s-new-service-mesh-framework
Experiment in an Instruqt sandbox: https://instruqt.com/hashicorp/tracks/sock-shop-tutorial
Code examples: https://github.com/emojify-app
![Page 33: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/33.jpg)
Copyright © 2019 HashiCorp
Thanks!
@danielbryantuk
![Page 34: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/34.jpg)
Copyright © 2019 HashiCorp
Bonus
![Page 35: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/35.jpg)
App Modernisation: It’s a balancing act
Bare Metal / DIY VMs Hybrid Cloud Only
Private Cloud Only Public Cloud OnlyHybrid
![Page 36: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/36.jpg)
https://blog.christianposta.com/microservices/api-gateways-are-going-through-an-identity-crisis/
![Page 37: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/37.jpg)
https://blog.envoyproxy.io/service-mesh-data-plane-vs-control-plane-2774e720f7fc
Control planes and data planes
Data plane
Control plane
![Page 38: Cloud Native Communication - The Conference for Java ... · tl;dr Moving to cloud and containers (cloud native) brings benefits and challenges –Ingress and service-to-service communications](https://reader034.vdocuments.us/reader034/viewer/2022042222/5ec95e80918cbb6baa0724df/html5/thumbnails/38.jpg)
Control planes: Differing use cases
▪ North-south
– Unknown / untrusted clients
– Limited exposure of services (Mapping)
– Centralised ops ingress defaults + decentralised product team cfg
▪ East-west
– Dynamic service information update required (multiple sources)
– Identity required for all services (mTLS + ACLs)
– “Sane” internal defaults + decentralised dev cfg