Welcome. To service meshing with docker. Desktop and web assembly. Before. We get started I have an announcement to make I have, an acknowledgement, that. Networking. Equipment was, harmed, in the making of, this presentation. As. Such. Konnichi, RJ my co-presenter. Will, not be joining us today. Well. This incident, is relevant. To our topic at hand it's. Rather. Unfortunate. Well. It's it's a bit messed, up really. Well. Let's, press, forward and get, started, I'm. Lee Cal coat I'm coming. To you today from Austin. Texas I am. Also coming to you today over, a brand-new, cable modem. I'm, a docker, captain, I, focus. In the cloud native ecosystem. Much. Of my time having been spent on service meshes these past couple. Of years if, you. Enjoy, this talk want. To see the slides or other, talks that I've given. Visit. The URL in yellow, and you. Will have your fill. Can. Each car jaye my. Co-presenter, he's an open-source, maintainer in, the layer 5 a service, mesh community, he's, been focused on rust. Wasum. Web, assembly. On. Well. Management, projects, that help, people adopt. Service. Meshes and run them well so. He. Would love to have your feedback go, go join the slack that's listed here it's. A warm and welcoming community, I'd. Be sure to say hi to Kanishka when. You do. So. Service. Meshes what. Are they. These. Have been described, in a number of different ways I like. To describe them as. A services. First network as a layer. Of cloud native infrastructure. In, between, kind. Of a me but you know kind of laying down it at layer five if you will in between your Orchestrator. And your. Applications. They. Fulfill some unmet needs that applications. Have. Occasionally. Those needs are being met in, other, places but, service meshes bring, together administrative. Control, over. Some. Of the some, of these needs that are being disparately. Delivered. Today, we'll. Talk about those needs. Before. We do I'll say that if you're. New, to service, meshes there's a great, resource here there's, a free. Report. From O'Reilly, that. Gives you an introduction to the. Space, lets. You know what a service mesh is and in, context. Of other technologies, that you might be familiar with. And so. I recommend, giving it a read. It's. Good context, to. Acknowledge that, how. It is the people get to a service, mesh really. I consider, a service match to be the third significant.
Step That people will take in their cloud native journey a, lot. Of this started, about seven, years ago with an announcement from, Salomon, hikes at PyCon. That. Docker, is a project that it's here about five and a half years ago really like, six years ago now. Docker. Wondered, or became. Generally. Available ready, for production. Use, as, people. Picked up well like wildfire, docker. They. Found, the need for orchestration. Of all of their containers, all of that sprawl. So. About five and a half years ago. Orchestrators. Came onto the scene and they've, been production ready for some time and. Now. About. Four years ago the first service mesh project was announced and they. Too have become production. Ready kind. Of interesting, to see the, cadence. By which the, technologies, are. Adopted. Here the. Time of the mesh is upon us I suppose we. Are many of us have, adopted. Containers, and docker in significant. Ways the. Same goes for the, orchestration, that we're using to help run those systems and a. Number of you have picked up service meshes already many. More of you to come if. We. Look at service. Meshes and in terms of their the, functionality. And the features that they provide. There. Are first, a number of different service meshes out there some, of which provide, on all, of the, things that you see here on the slide. And. Some of them only, provide, one or two of these things. But. To speak to them briefly, these. Pillars of. Functionality. One, of them being about fine, grained traffic, control over. The packets, and the requests, that are coming to your services. To your workloads, the. Ability to open those up, introspect. Those packets, redirect, them deny, them, to. You, no enforce security, to enforce, encryption. To, do mutual. TLS, with. That level. Of control service, messages are able to. Increase. The resiliency, of your services, of your distributed, systems, thank. Being. Something of a network engineer myself I'd like to think that the network isn't fallible. Or that. It's. Never the network it's the application. But. That's, not true and so. The. More resilient, you can make your distributed. Systems the more resilient you can make your network the more resilient you can make your distributed, systems. Service. Messages can uplevel, your the. Total the. Your. Ability to monitor, your, services. The, amount of telemetry, that you're getting out of those services. Really. In the, presence of a service mesh I think, you can expect a lot more from. Your infrastructure, and maybe, be lesser concerned with building, all of that into your application. We're. Gonna put. My demo, where my mouth is, later. And. Show. You this service. Meshes are. Like. Every other technology, not. The end-all be-all there's. A much, value, that that are promised by them and much delivered part, of that value. Is to. Help with modernizing. Existing, applications. Existing, workloads that you might have. They. Can help uplift, your, existing. Apps you can you can bring those on to the mesh they aren't, service. Meshes aren't. Confined. To, the land of, micro. Services, and containers, some. Service meshes. Allow. You to on board your. Existing. Applications. So you call those legacy, or call those monoliths, or. Maybe. Just things are non. Containerized. And so they'll help modernize your infrastructure. Modernize, your applications, which. Is kind. Of reminiscent, of docker and part of the value that it provides so, another way of articulating this is to say that, you. Would. Deploy. A service, mash to avoid. Well. Bloating, your application, code with infrastructure. Concerns. If. Today, you're. Writing a retry logic into your, application, code, maybe. You shouldn't be maybe, that's something you don't need to bother with that you could maybe. You can trust your infrastructure, to take care of that for you trust your service mash to do it if, you were building in rate limiting logic or circuit breaking or. Path. Based routing, or any number of things you. Can. Look, to your mesh for this you. Don't need to put that into code you can define. That in yamo in, config, and have your mesh do those things so you can you. Know avoid, doing duplicative, work you. Can make. The behavior, of. Those. Network services, you. Know the, the retries that I was just talking about make that consistent, across, your services. Irrespective. Of, what. Language. Your services are written in maybe. Irrespective, of some disparate. Infrastructure.
That You're using bring. Some consistency. Here. The, another. Thing that you might, use a service mesh to do is to avoid, diffusing. The responsibility. Of. Managing. Your services, things. Like. Defining. The number of retries that a given service should make if it, fails to make a connection. Whose. Responsibility, is that so, that developers, the operators, the. Service, owner the, product. Manager. Of times you find some. Of these questions fall. Between the cracks that, that, responsibility, is, diffused. That's. Actually, a significant. Component of the value of, a service mesh that. Really. Developers. Operators. Product. Owners. All. Of, these. Roles. Are, empowered, by the, presence, of a service mesh, and. Because of this because. Developers, don't have to be burdened with as many infrastructure, concerns they. Can move a bit faster because, operators. Don't necessarily have to go back to the development teams to, ask for some additional telemetry, or to. Enforce, a rate, limit or. Or change the the, behavior of the circuit breaker, um they. Too are empowered, as. A matter of fact the product. Owner is empowered. And I, won't describe. How I will show you in the demo I'm. How they are they too are empowered, so, this phenomenon, of. Helping. Separate. And. Developers. And operators. And. Letting them iterate, a bit independently. Means that they can move more. Quickly and. Also. Means that the. Responsibility. Of who's. Defining. The. Behavior, of these network services, is no, longer diffused, between, the teams. So. On to, the architectures. Of service measures if you're a network engineer these, three components, to a service, mesh architecture are, probably, pretty. Familiar to you if you've, been dealing. With the container Orchestrator then. A few of these terms are probably familiar to you as well. Generically. Speaking. You'll. Find a couple of, networking. Planes. Prevalent. Within any service, mesh to its, core to the architecture, of any service mesh one. Of those is the data plane. This. Is really where, the. Heavy lifting is done this. Is the. Calm. The grouping, and combination, of a bunch of network proxies. Intelligent. Intelligent. Proxies, that are brought together to form, a data plane they, intercept, every request, that goes to your services, to your, workloads. And. They provide, any number of the, the, network, services, that I was just speaking. About. Another. Component. To. The architecture, of a service mesh is the control plane and, this. Is where, you. As an operator, may interface, with your particular. Service. Mesh and. I'm. Configure it and integrated, with your underlying. Platform integrated. With the container Orchestrator this. Is where you would configure the, behavior, of a particular type, of service mesh yeah. Early. On as service meshes as a, term, and as a concept we're coming into being. It. Was the case that that. There were some that were projects. That were announced as a service mash button but really didn't really, only had a data plane and we're kind of missing the control plane so. You need, the combination of those two to, kind, of fit into the category, of, a. Project being a service mesh there's. Also this a third, plane. Here, and that is of a management. Layer management, plane a management. Plane provides. Well. Any number of things advanced, policy, additional, governance really. Helps you interface. Integrate. Your business. Logic your. Back-end systems, with, your infrastructure. We'll. Give an example of this later in the talk. The.
That. We're gonna focus on today is console. Console. Is from Hoshi, Corp, consoles. Well. Component. Architecture looks, a bit like this in the control plane there are there's, usually a quorum, of console. Servers. That. That get, together, gossip. And. Raft, among, each other they. Do any number of functions service, discovery and things they end up. Interacting. With, a console, agent that's typically. Deployed. One, agent per node I've been a kubernetes environment, sort of as a daemon, set if you will the. Data plane ends, up looking like this I'm specific. To, consoles. Architecture. Is the, use of envoy. As its. As. The data plane proxy, that it's using, the. Architecture. Of. Console. Is also, such that console. Will sidecar. Envoy. To your. Application. Containers will will insert. Envoy. As a sidecar, proxy, inside, of your kubernetes. Pods. As I. Was saying before there, are a number of other service, meshes not. All of them adhere to this style, of. Data. Plane design, but. We've. Seen this, style, be popular, as well, as more, of a one, node one. Agent per node style, because. Console. Has chosen. Envoy. As its data. Plane proxy. And. Because of some recent developments with an envoy, console. Is now able. To. Take. Advantage of web assembly and, run. Wasum. Modules, as network. Filters. We'll. Talk more about this and so web assembly web. Assembly, is an, open standard it. Defines a binary format for executable, programs, it's. Fast, portable. Secure. Kind. Of reminiscent, of docker in some respects. It. That, standard, defines, interfaces. For facilitating. Interaction. With. Host environments, that wasum. Programs. Are running within so. The initial focus of these host environments, was web browsers and large web applications, and speeding them up as. An open standard is maintained, by the w3c. Has. Been adopted by all, major browsers and. You. Know as such after. HTML. CSS JavaScript. It's the fourth language to run natively, in web browsers. It's. Exciting in general because of its performance characteristics, it's, been. Noted. To. Have. About 20% overhead. If, you're familiar with, Java, and the JVM, wasum. Has a virtual. Stack machine, that's. Becoming something, of a war ax write once run, anywhere. Again. We've kind of seen this before with. Docker. That, level of portability, rather. So. Wasum, executables. Are precompiled. There's, a variety of languages, that are supporting. Wasum as a, compilation target, about. 40. In total. And. So. As. Wasum. And. Envoy. Come together, the. Two of these are really the the workhorses, of the. Service. Mesh both. Sitting, in the data plane. Now. Google. And envoy maintainer z-- have worked to bring wasum, to envoy, and they've. Done this by embedding. The. V8 JavaScript. Engine into. Envoy the v8, JavaScript, engine that's used in chrome now. Through the Wasi. Or the web assembly, system interface envoy. Exposes. An, application. Binary. Interface an, ABI, to. Lost some modules, so. That they can operate as envoy filters.
Which. Is pretty exciting. Now, the way that Wasi, works is, relatively. Straightforward. You. Write. Your application in. Rust. C C++ you know one of those languages. Then. You build, it and compile it into the, web assembly, binary, I'm, targeting. That particular Wasi, environment. And. Then the binary that's generated, requires, a special, runtime to execute, that, runtime. That that's, the virtual stack machine, it. Then provides, the. Interface, is necessary, to make those. System calls those calls into that host environment. And so. We. Talked earlier about. How. There are any, number of service. Meshes and, those that run on voi are. Bringing. Forth support, for awesome, and there. Are any number of others maybe about 20 in total there's, a landscape, that tracks these it's. Essentially. A multi, mesh world, it's. A, bit, messy out there actually, because. Of that there are service, mesh abstractions, that have come forth. About. Three in total, and. That are worth noting the first of them is SMI, its service mesh interface it's. To think of it as something of a horizontal API, and. It's a standard interface for. The. Standard, interface behind, which a service. Mesh can plug in and. It's. Part, of its goal is to provide this. Uniform. Surface. Area for, integrating. With and interacting, with service, meshes as such. It provides can lowest-common-denominator. Functionality. Across, them. There's another. Project called a hamlet it. Is. For. Helping. Exchange. Service, catalogs, between, service. Meshes whether those are the. Same service mesh or two. Different types of service meshes and so, it's for service mesh Federation. Lastly. There's the service, measure performance specification. Or SMPS, it's, a format for describing, and capturing, the. Performance. Of a service mesh in context. Of its environment, and in context, of the. Functionality. That it's performing, you, know in context. Of its configuration. Because of this and because though it is a multi mesh world, and. Because, some, service meshes are more difficult to adopt than others and really. Because. The. World needs a management. Plain of the open source project measure, II has been created, as a multi. Mesh manager. And. Is. SMI. Compatible. It's, also, compatible. With the, service. Mesh performance, specification, it's an implementation, of that as, an. Open source project it's been participating, in, google Summer of Code through, the CNC F, it's. Participating, in the community bridge and major league hacking, so lots. Of people, cutting, their teeth for the first time in. That project this. Multi mesh manager, does. A few things it does lifecycle, management of service meshes but it also offers. Configuration. Best practices, for. The. Operations, of any. Given mesh. It. Also does performance, management and like, I was saying it helps you understand, that the value vs., the overhead. Of a, mesh so. That it does, there. Is a cost associated with running a service mesh there's a lot of value, gleaned, for morning one and whether. Or not you're doing it well is. Something. To be managed ongoing it's something to help you choose your what, which mesh to deploy and then, ongoing which, mesh to or whether or not you're you're doing it well whether. Or not you're getting enough value out of it so. The architecture of this particular, management. Claim is. Looks. Like this so, we've got a generic is set up for a, data. Plane in a control plane and some of their common components. Measure. E as a management playing, lays. Down on top it. Has a built in load, generators, w, RK - 4 IO, it. Has a set of docker, compose or docker containers, that run as a either, docker compose application. Or kubernetes, application, is able. To interface with six. Different, service, meshes to date and so we'll. Show it in action it, is also capable of interfacing, with and. Well. With web assembly modules. To. Demonstrate that we'll use a sample, application called. Image hub it's. A lot like docker hub except, it's. Really simple and doesn't. Have much built into it it's. Just, two. Containers. The. Functionality, of which is really, small, um. As an, application it allows, users to sign up. Sign. In get. A token and choose, what subscription, plan they, want the. Purpose, of this application is, to help. You understand, that, service. Mesh is not only empower, the operator but also are very much so helpful, to developers. In terms, of all of the functionality that they need to build into their apps as. Well as to service owners or to product owners and really being empowering, of them in their, control over. Application. Behavior we're. Going to demonstrate that by way of subscription. Plans today something. That every SAS offering, has, so. This application very, simple a web-based, front-end, written.
With Using view GS and back-end written, and go and. We're gonna take that application and deploy it on console. And. Slightly. In advance of where console. Is today, we. Will. Benefit. From the fact that console, uses envoy as its. Data plane proxy, and we, will. Insert. In. Wasum. Module. To. Function, as an envoy. Filter, and thanks. To some advanced, work that Nick Jackson of, hashey. Corp has done will. Demonstrate. This to you now we'll. Go ahead and head on into the demo ok here we are in our demo environment we. Are running docker desktop, which, we're going to heavily leveraged for, running, kubernetes, as well, as docker compose applications. We, can see here that we don't have any. Workloads. Running other, than just the default let's go ahead and get a docker compose app, measure. II the service mesh management, plane up, and running so, do a measure e CTL system, start that, will load up our, devices. Default, web, browser. To connect Auto connect, us to the kubernetes. Environment, so to docker desktop in this case which is great measure, you manages. Currently. Six different service, meshes, and. Does. A variety of actions on them the, surface, mesh we're going to use today is console. So measure, e is connected to its console adapter we, can go over to console. And. Go. Ahead and get it deployed as, we, do let's. Come back here and. Begin. To watch what's. Going on in our system and so, what. We'll want to do is get. Go. Ahead and deploy console, this console though is not, it. Is the latest version of console, but it's a little bit in advance of, the latest release of console remember. This console, has. The. Wasum, runtime, available. To it so that we can begin to deploy, our. Sample. App the image hub both, with that wasum module that, that, runs as an envoy filter and without. And we'll just want to make sure that our. Console. Is fully up before we go ahead and deploy. These. Image. Hubs the first one will deploy will be without, the, wasum, filter it looks like it's, up now so we'll go ahead and get. That. Deployed, we. Will notice that as the, image. Hub without the. Wasum filter gets deployed. It, begins, to receive, envoy sidecars, and. We. Can go ahead and visit that, application. Very. Simple app a reminiscent, of docker hub you, go to it and by. Default you can't download any can't make any polls of docker, images, that's. Because you need to sign up and you need to sign, up under a plan, now. There are very, very simple app again but the. Plans that it has our personal, a team and an enterprise the personal has ten pulls per minute and the, enterprise, has. An unlimited number of polls so, let's get a user signed up sign, up Bob, under.
The Personal, plan, so. Sign them up. Get. It logged in and. What. We're gonna want to do is. Well. One confirmed that Bob can pull images great, he can he can pull down images now, let's go ahead and see if. Whether. Or not that, personal, plan that he signed up for is, being. Imposed. And, we'll use mesh Ritu generate, a bunch of pull requests, or polls. Rather like, I've been using github too much this week and. So will generate, a bunch of those requests, against the pull API maybe just for about five. Seconds, here. Like. I've seen about 500, or so requests, get generated in that time and. What. I need to do here is I forgot to, include our the. Port that that app is running on, so. We'll come back and run that test. Because, a hundred. Percent of the requests failed because we had the wrong port, so, what we'll run it again and. See. That, there. Are no errors that we were able to pull. Quite. A few. Images. Down pull make, quite a few requests. Now. What. We'll want to do now is, get. The diversion. Of so, getting and remove. Probably. Did that version of the image hub that doesn't have the filter and at. The same time we'll go ahead and probably get up the version that does, have, the. Filters so that we can see, really without code, change. The service the power of the service mash for the product owner to, be able to. Well. Enforce, a subscription, plan and let people change subscription, plans so that we've got the width the. Width the filter version coming up and without the filter going down, great. Now. That that new version. Our. New instance, rather with the filter is at this. On, this port. Go. Ahead and go, to this version so again and. We're not able to, make. Any pulls let's. Go ahead and sign up Bob again under the personal plan. And, last. Time we saw that even though bob was signed up under the personal plan, there was no filter, rate limiting him. So. Now he's signed, up again this, time again. Under the personal plan. But. With the filter running so let's go back to my Cherie oh.
Let's. Go back to my show let's grab our new port number. And, run. Performance, test. This, load test against, the same pull, interface. This. Time with, the, wasum filter running its intercepting. The. Each. Of these packets, as they go through and it did let a few, through. And. That's because the personal plan is limited, to ten pulls per minute. So. Very. Good there you have it no, code change and the product, owner, benefits. Significantly from, the. Power of the mesh. Hopefully. This demonstrates, to all of you that you can expect more from your infrastructure, that. Service. Meshes are empowering of developers, operators, well, and product managers now. With. That we thank you for your time please, join us in the service mesh community, at, slack. Layer five dot IO.
2020-08-21