Bucharest Tech Week Conference - Monoliths in a Microservices World

Last week I was fortunate enough to have the opportunity to present at the Software Architecture Summit as part of the Bucharest Tech Week conference. My presentation, Monoliths in a Microservice World, was all new content that, by chance, worked well bringing together a number of points made by other speakers. The presentation aimed at the challenges of adopting Microservices and whether…

View On WordPress

Implementing Service Mesh with Linkerd and Kubernetes Resource Management

Implementing Service Mesh with Linkerd and Kubernetes Resource Management Introduction Implementing a service mesh with Linkerd and Kubernetes resource management is a crucial step in modernizing your microservices architecture. A service mesh is a configurable infrastructure layer for microservices that makes it easier to monitor, maintain, and secure them. In this tutorial, we will walk…

Price: [price_with_discount] (as of [price_update_date] - Details) [ad_1] Understand how to use service mesh architecture to efficiently manage and safeguard microservices-based applications with the help of examplesKey FeaturesManage your cloud-native applications easily using service mesh architectureLearn about Istio, Linkerd, and Consul – the three primary open source service mesh providersExplore tips, techniques, and best practices for building secure, high-performance microservicesBook DescriptionAlthough microservices-based applications support DevOps and continuous delivery, they can also add to the complexity of testing and observability. The implementation of a service mesh architecture, however, allows you to secure, manage, and scale your microservices more efficiently. With the help of practical examples, this book demonstrates how to install, configure, and deploy an efficient service mesh for microservices in a Kubernetes environment.You'll get started with a hands-on introduction to the concepts of cloud-native application management and service mesh architecture, before learning how to build your own Kubernetes environment. While exploring later chapters, you'll get to grips with the three major service mesh providers: Istio, Linkerd, and Consul. You'll be able to identify their specific functionalities, from traffic management, security, and certificate authority through to sidecar injections and observability.By the end of this book, you will have developed the skills you need to effectively manage modern microservices-based applications.What you will learnCompare the functionalities of Istio, Linkerd, and ConsulBecome well-versed with service mesh control and data plane conceptsUnderstand service mesh architecture with the help of hands-on examplesWork through hands-on exercises in traffic management, security, policy, and observabilitySet up secure communication for microservices using a service meshExplore service mesh features such as traffic management, service discovery, and resiliencyWho this book is forThis book is for solution architects and network administrators, as well as DevOps and site reliability engineers who are new to the cloud-native framework. You will also find this book useful if you’re looking to build a career in DevOps, particularly in operations. Working knowledge of Kubernetes and building microservices that are cloud-native is necessary to get the most out of this book. Publisher ‏ : ‎ Packt Publishing (27 March 2020) Language ‏ : ‎ English Paperback ‏ : ‎ 626 pages ISBN-10 ‏ : ‎ 1789615798 ISBN-13 ‏ : ‎ 978-1789615791 Item Weight ‏ : ‎ 1 kg 80 g Dimensions ‏ : ‎ 23.5 x 19.1 x 3.28 cm Country of Origin ‏ : ‎ India [ad_2]

SRE Technologies: Transforming the Future of Reliability Engineering

In the rapidly evolving digital landscape, the need for robust, scalable, and resilient infrastructure has never been more critical. Enter Site Reliability Engineering (SRE) technologies—a blend of software engineering and IT operations aimed at creating a bridge between development and operations, enhancing system reliability and efficiency. As organizations strive to deliver consistent and reliable services, SRE technologies are becoming indispensable. In this blog, we’ll explore the latest trends in SRE technologies that are shaping the future of reliability engineering.

1. Automation and AI in SRE

Automation is the cornerstone of SRE, reducing manual intervention and enabling teams to manage large-scale systems effectively. With advancements in AI and machine learning, SRE technologies are evolving to include intelligent automation tools that can predict, detect, and resolve issues autonomously. Predictive analytics powered by AI can foresee potential system failures, enabling proactive incident management and reducing downtime.

Key Tools:

PagerDuty: Integrates machine learning to optimize alert management and incident response.

Ansible & Terraform: Automate infrastructure as code, ensuring consistent and error-free deployments.

2. Observability Beyond Monitoring

Traditional monitoring focuses on collecting data from pre-defined points, but it often falls short in complex environments. Modern SRE technologies emphasize observability, providing a comprehensive view of the system’s health through metrics, logs, and traces. This approach allows SREs to understand the 'why' behind failures and bottlenecks, making troubleshooting more efficient.

Key Tools:

Grafana & Prometheus: For real-time metric visualization and alerting.

OpenTelemetry: Standardizes the collection of telemetry data across services.

3. Service Mesh for Microservices Management

With the rise of microservices architecture, managing inter-service communication has become a complex task. Service mesh technologies, like Istio and Linkerd, offer solutions by providing a dedicated infrastructure layer for service-to-service communication. These SRE technologies enable better control over traffic management, security, and observability, ensuring that microservices-based applications run smoothly.

Benefits:

Traffic Control: Advanced routing, retries, and timeouts.

Security: Mutual TLS authentication and authorization.

4. Chaos Engineering for Resilience Testing

Chaos engineering is gaining traction as an essential SRE technology for testing system resilience. By intentionally introducing failures into a system, teams can understand how services respond to disruptions and identify weak points. This proactive approach ensures that systems are resilient and capable of recovering from unexpected outages.

Key Tools:

Chaos Monkey: Simulates random instance failures to test resilience.

Gremlin: Offers a suite of tools to inject chaos at various levels of the infrastructure.

5. CI/CD Integration for Continuous Reliability

Continuous Integration and Continuous Deployment (CI/CD) pipelines are critical for maintaining system reliability in dynamic environments. Integrating SRE practices into CI/CD pipelines allows teams to automate testing and validation, ensuring that only stable and reliable code makes it to production. This integration also supports faster rollbacks and better incident management, enhancing overall system reliability.

Key Tools:

Jenkins & GitLab CI: Automate build, test, and deployment processes.

Spinnaker: Provides advanced deployment strategies, including canary releases and blue-green deployments.

6. Site Reliability as Code (SRaaC)

As SRE evolves, the concept of Site Reliability as Code (SRaaC) is emerging. SRaaC involves defining SRE practices and configurations in code, making it easier to version, review, and automate. This approach brings a new level of consistency and repeatability to SRE processes, enabling teams to scale their practices efficiently.

Key Tools:

Pulumi: Allows infrastructure and policies to be defined using familiar programming languages.

AWS CloudFormation: Automates infrastructure provisioning using templates.

7. Enhanced Security with DevSecOps

Security is a growing concern in SRE practices, leading to the integration of DevSecOps—embedding security into every stage of the development and operations lifecycle. SRE technologies are now incorporating automated security checks and compliance validation to ensure that systems are not only reliable but also secure.

Key Tools:

HashiCorp Vault: Manages secrets and encrypts sensitive data.

Aqua Security: Provides comprehensive security for cloud-native applications.

Conclusion

The landscape of SRE technologies is rapidly evolving, with new tools and methodologies emerging to meet the challenges of modern, distributed systems. From AI-driven automation to chaos engineering and beyond, these technologies are revolutionizing the way we approach system reliability. For organizations striving to deliver robust, scalable, and secure services, staying ahead of the curve with the latest SRE technologies is essential. As we move forward, we can expect even more innovation in this space, driving the future of reliability engineering.

Service Mesh Linkerd Moves Its Stable Releases Behind a Paywall

http://i.securitythinkingcap.com/T3CB2c

Linkerd 2.14 Improves Support on Flat Networks and Gateway API Conformance

#Technology #Tech #Infrastructure #DataArchitecture #DataDriven #DataEngineering https://www.infoq.com/news/2023/09/linkerd-214-released/?utm_campaign=infoq_content&utm_source=dlvr.it&utm_medium=tumblr&utm_term=Architecture%20%26%20Design

Email Answers to Recruiters

In the past year, I have had extensive experience with both self-managed Kubernetes on AWS and Amazon EKS. I was a hands-on manager for the architecture, feature development, daily operations and on-call support for EKS kubernetes clusters as well as the lifecycle maintenance, daily operations and on-call support of the Self Managed Kubernetes clusters. I lead a team of 7 software engineers and a manager performing in a principal, manager, director and individual contributor role helping design, develop, implement and operate a hybrid Kong Service Mesh (envoy as the proxy layer) into Kubernetes supporting both the legacy self managed clusters and the EKS clusters by delivering dynamic service mesh capabilities across the physical datacenter and AWS compute platforms running Nordstrom.

I started working with service mesh technologies in 2014 at HomeAway, but my experience with load balancing and application routing at the network layer goes back to 2006. I have extensive experience with layer 7 application routing going back 17 years and I have remained consistently up to date through that entire evolution. The advent of memory resident virtual networking was an incredible evolution to the network industry and I began my work in that space with CloudStack and VMware early on, and quickly moved to Hashicorp Consul in 2014 when Hashicorp began releasing world-changing technologies. I was lucky to be at the ground floor of Consul launching  to be able to provide direct feedback to the founder and help shape what the product is today. I worked with a group of early platform engineers to begin testing linkerd and and istio, and my latest work has been with Kong Service

In 2014 at HomeAway, I was part of a peer team of principal engineers who came together to design, develop and deliver a service mesh to the organization. We worked with the wider organization in an ad-hoc format sharing high level design and possibility models of what services we could unlock using our proposed service mesh design and asked for feedback from the enterprise and product principals and "bright lights" across the company regarding our proposal. At the beginning we rolled out Consul as it was the only product that met our needs at the time. Eventually as we gained more feedback and learning we moved off consul and onto linkerd using existing operational change management processes and decided at that time to evaluate istio alongside linkerd for a year before being clearly informed directly by google that istio would not be mature enough to scale to our needs in the time frame we needed for our fully scaled operations requirements. 

I was fortunate HomeAway as a company was so forward looking in 2014 to understand the value of the service mesh. We were able to land quickly on a product and move to delivery, so much of my broader product and program outreach work there was not confrontational, rather curious and excited. The culture there allowed me to focus a lot of time on the post decision evangelizing work using lunch and learn presentations to principals and directors across home away to go over our solution and provide ample time for Q&A and feedback, led decisively so that we could bias for as much action as possible within an hour. 

As we moved through implementation and operational maturity, we provided weekly updates via the devOps meetings and I gave executive level presentations every week at the executive technology update meetings. We also set up weekly office hours meetings for hands-on demonstrations as well as provide extensive pairing across the dev organization held in a set of private conference rooms we reserved for the service mesh project where we could "talk shop" with teams for as long as needed to work through whatever obstacles came up. I spent considerable time working extensively with an application edge gateway team that I had proposed funding and organization support for in order to help the engineers understand the service and application edge architecture helping mentor and guide them. I also provided ongoing support to these engineers as they hired out and built their team over a 12 month period.

When I was at Nordstrom we used their design review process to deploy Kong Service Mesh. The design review process at Nordstrom was a very mature, highly publicized and well-attended process of meetings and demonstrations where principals across Nordstrom were able to provide feedback and questions into a formalized process of decision making. With precision I led the team through the design review process which culminated into a well-rehearsed final presentation that worked much like delivering a master's thesis. We followed and passed the design review process and moved to weekly meetings with the principals to show our implementation work and provide usable demonstrations in accordance with program and product timelines for deliverables. We socialized our service mesh program using Product and Program meeting schedules to showcase our technologies on a biweekly basis to the larger organization. If any conflicts emerged from those conversations, we were then able to go back to the design review board and follow a well-established change management process to resolve any design conflicts that had surfaced as part of the broader awareness campaigns. Another tactic we followed was identifying early adopter candidates and working with them in a tightly integrated series of agile sprints to test and learn with those organizations and then invite them along to our product and program meetings to directly talk to the wider organization about their positive and negative experiences with our service mesh product.

DevOps Tools to Watch in 2023

#pulumi #crossplane #iac #docker #kubernetes #externalsecrets #sops #tekton #kyverno #azure #trivy #linkerd #kaniko #githubactions #harness #thanos

We are almost at the end of the year, 2022, you may already start preparing your read list for 2023. If not, this post may help to plan for it. So far, we have seen tools like Kubernetes, Jenkins, GIT, terraform, Grafana, Prometheus, Gradle, maven, docker, etc. Hope you are getting familiar with those, if not please check those tools and familiar with those.   Near future, current toolset or way…

View On WordPress

Microsoft makes a push for service mesh interoperability

Services meshes. They are the hot brand-new thing in the cloud native computing world. At KubeCon, the bi-annual festival of all things cloud native, Microsoft today announced that it is teaming up with a number of companies in this space to create a generic service mesh interface. This will make it easier for developers to adopt the concept without locking them into an exact technology.

In a…

View On WordPress

60 seconds to a Linkerd service mesh on AKS | Azure Friday

60 seconds to a Linkerd service mesh on AKS | Azure Friday

60 seconds to a Linkerd service mesh on AKS | Azure Friday

See just how easy it is to deploy a service mesh to your AKS cluster. William Morgan, maintainer of the open source service mesh Linkerd, joins Scott Hanselman to demonstrate just how easy it is to deploy Linkerd. Together they explore how to debug a live microservices application using the service mesh, without changing any code.

Linkerd

View On WordPress

Service Management in Cloud  Environment

https://www.linkedin.com/post/edit/6351339103073734656

http://tech.rithanya.com/tech/publication-calendar

Monzo account payment failures root cause:

“At this point, while we’d brought our systems back online, we did not yet understand the root cause of the problem. The network is very dynamic in our backend because of deployment frequency and automated reaction to node and application failure, so being able to trust our deployment and request routing subsystems is extremely important.

We’ve since found a bug in Kubernetes and the etcd client that can cause requests to timeout after cluster reconfiguration of the kind we performed the week prior. Because of these timeouts, when the service was deployed linkerd failed to receive updates from Kubernetes about where it could be found on the network. While well-intentioned, restarting all of the linkerd instances was an unfortunate and poor decision that worsened the impact of the outage because it exposed a different incompatibility between versions of software we had deployed.”

Microservices are an evolution of software development strategies that has gained converts over the last several years. Developers used to build “monolithic” applications with one huge code base and three main components: the user-facing experience, a server-side application server that does all the heavy lifting, and a database. This is a fairly simple approach, but there are a few big problems with monolithic applications: they scale poorly and are difficult to maintain over time because every time you change one thing, you have to update everything. So microservices evolved inside of webscale companies like Google, Facebook, and Twitter as an alternative. When you break down a monolithic application into many smaller parts called services, which are wrapped up in containers like Docker, you only have to throw extra resources at the services that need help and you can make changes to part of the application without having to monkey with the entire code base. The price for this flexibility, however, is complexity. “That’s the biggest lesson we learned at Twitter,” said Morgan, the startup’s CEO. “It’s not enough to deploy stuff and package it up and run it in an orchestrator (like Kubernetes) … you’ve introduced something new, which is this significant amount of service-to-service communication” that needs to be tracked and understood to make sure the app works as designed, he said. Buoyant’s solution is what the company calls a “service mesh,” or a networked way for developers to monitor and control the traffic flowing between services as a program executes. Linkerd is the manifestation of its approach, and Buoyant plans to use the new funding round to hire engineers and continue to develop Linkerd: “we’re only going to be successful as a company if we get Linkerd adoption,” Morgan said.

Linkerd(linker-DEE) is an open source, scalable service mesh for cloud-native applications.

Linkerd was built to solve the problems we found operating large production systems at companies like Twitter, Yahoo, Google and Microsoft. In our experience, the source of the most complex, surprising, and emergent behavior was usually not the services themselves, but the communication between services. Linkerd address these problems not just by controlling the mechanics of this communication but by providing a layer of abstraction on top of it.

By providing a consistent, uniform layer of instrumentation and control across services, linkerd frees service owners to choose whichever language is most appropriate for their service. And by decoupling communication mechanics from application code, linkerd allows you visibility and control over these mechanics without changing the application itself.

Today, companies around the world use linkerd in production to power the heart of their software infrastructure. Linkerd takes care of the difficult, error-prone parts of cross-service communication—including latency-aware load balancing, connection pooling, TLS, instrumentation, and request-level routing—making application code scalable, performant, and resilient.

Istio vs. Linkerd: The Best Service Mesh for 2023

http://i.securitythinkingcap.com/SqWTDf

Linkerd 2.14 Improves Support on Flat Networks and Gateway API Conformance

#Technology #Tech #Infrastructure #DataArchitecture #DataDriven #DataEngineering https://www.infoq.com/news/2023/09/linkerd-214-released/?utm_campaign=infoq_content&utm_source=dlvr.it&utm_medium=tumblr&utm_term=Architecture%20%26%20Design