Secure, Reliable, and Observable Service Mesh on Microservices-based Architecture using Anthos Mesh

Transcript

1. Secure, Reliable, and Observable Service Mesh on Microservices-based Architecture using

   Anthos Mesh

2. Hello Manila! Ananda Dwi Rahmawati • Cloud Engineer @ Activate

   Interactive Pte Ltd | 2023 - present • 4+ years experiences • GDE Cloud Modernization Apps • Tech background: System, Networking, IaaS & PaaS Cloud, DevOps, a bit of Programming • https://linktr.ee/misskecupbung

3. Today’s Agenda Challenges in Microservices Service Mesh – What and

   Why? Anthos Service Mesh Demo

4. Challenges

5. Challenges • Interaction between services • Traffic Management at each

   service endpoint • Communication security • Timeout and Communication failures Service Service Service Service Service Service Services need to communicate with each other

6. “Gain greater observability and reliability, reduce complexity, and ensuring high

   availability and fault tolerance communication between containerized application with service mesh”

7. Service Mesh

8. Service Mesh – What? Agnostic programmable framework that has policies

   and controls to govern how microservices interact Control Plane App2 Proxy App1 Proxy

9. Service Mesh Behaviors • Traffic shaping with dynamic routing controls

   • Resiliency support for service communication • Observability of traffic • Tracing of communication flows • Secure communication

10. Istio Linkerd Consul Anthos Service Mesh Workloads Kubernetes + VMs

    + baremetal Kubernetes Kubernetes + VMs + baremetal Kubernetes, VMs, bare metal Supported Ingress Controller Istio Ingress No Yes (Envoy) Yes Traffic Management Feature Load balancing, routing, fault injection, circuit breaking, service discovery, telemetry Load balancing, routing, fault injection, circuit breaking, service discovery, telemetry Service discovery, service health checking, load balancing, routing Load balancing, routing, fault injection, circuit breaking, service discovery, telemetry Monitoring Grafana, Prometheus, Kiali, Jaeger Prometheus, Grafana, Jaeger Prometheus, Grafana, Datadog Grafana, Prometheus, Kiali, Jaeger Multicluster Yes No Yes Yes Deployment Helm and Operator Helm Helm GCloud Console, CLI, asmcli tool Complexity High Low Medium Medium complexity

11. Anthos Service Mesh

12. Antos Service Mesh Anthos Service Mesh (ASM) is a managed

    service mesh built on top of Istio that helps you manage, monitor, and secure microservices architectures. ASM is available in two deployment options: • Managed Anthos Service Mesh: This is the simplest and most recommended deployment option. ASM provisions and manages a dedicated control plane for your mesh. You only need to install the ASM agent on your workloads. • In-cluster Anthos Service Mesh: This deployment option allows you to run ASM on your own Kubernetes clusters. This gives you more control over the deployment and management of ASM, but it also requires more effort to set up and maintain.

13. ASM Features • Service discovery and load balancing: ASM automatically

    discovers all services in your mesh and load balances traffic between them. • Traffic management: ASM allows you to route traffic between your services in a variety of ways, including based on path, header, or load balancing policy. • Security: ASM provides a number of security features, including mutual TLS encryption, service identity, and traffic authorization. • Observability: ASM provides a rich set of observability features, including tracing, monitoring, and logging.

14. Managed Anthos Service Mesh

15. In-cluster Control Plane

16. None

17. Apply a default PeerAuthentication policy for the mesh Create an

    operator manifest for the egress gateway Enable the Anthos Service Mesh fleet feature

18. After cluster is registered to fleet ASM configuration will automatically

    injected Control Plan has been provisioned

19. Demo Link: https://s.id/anthosmeshguide01

20. References

21. References • https://cloud.google.com/anthos/service-mesh • https://cloud.google.com/service-mesh/docs/security/egress-gateway-gke-tutorial • https://cloud.google.com/service-mesh/docs/unified-install/install-anthos-service-mesh • https://cloud.google.com/service-mesh/docs/managed/enable-managed-anthos-service-mes h-optional-features#envoy_access_logs

    • https://cloud.google.com/service-mesh/docs/downloading-istioctl •

22. Thank you!