Are you already using service mesh? Did you try out Linkerd? IMPORTANT: For reasons I do not comprehend (and Google support could not figure out), RU-vid tends to delete comments that contain links. Please do not use them in your comments.
Been enjoying the simplicity of linkerd for mTLS. One thing we ran into in production recently is that the default certificate authority is one year. We weren't using buoyant cloud so we didn't know what we didn't know about this certificate expiring. It was a sucky day but we learned our failover works and performance is different in another data center. But heads up might bite you if you aren't aware.
@@scottamolinariBuoyant Cloud is a good option. Otherwise the Automatically Rotating Control Plane can be run. It sucked but it was fixed in a couple of hours.
For me Linkerd is the go-to service mesh, when I have the choice. Much easier to get started with than Istio. Right now, most clusters I'm taking care of, are using Linkerd, but for one of them, we're still using Istio, because that cluster is running Kubeflow, which has a hard dependency on Istio and it will probably stay that way. Also the possibility to choose your own ingress controller with Linkerd can be quite a huge advantage, as compared to Istio locking you in with their own Istio Ingress Gateway. On the other hand, I feel like Linkerd is still at the point where it is going mainstream, but it's not there yet, which means, if you run into problems, there aren't that many tutorials or Stack Overflow threads.
Good start; when you go deep dive sessions there are operational cost (ex latency overhead, lcm of sidecar image etc) as well as business impact (how much it takes to use it with sla?) to consider.
I'm looking forward to this series! I just noticed the use of Dapr in Azure Container Apps. Either or both of which might be interesting topics for you to cover. Dapr and service meshes overlap in a few areas, which is why I mention it here.
That's the main reason I published this video. I wanted to explore service mesh combined with Dapt, progressive delivery, DDOS attacks, etc. So, before I dive into those, I thought it would be useful to have a short intro to service mesh, in this case through Linkerd. More is coming...
That's the plan. I have the comparison on my TODO list for a while but I did not want to do it before I show specific features in action. So yes, the comparison will come at the end. It'll be the culmination of the story.
The analogy you explained from 1:49 - 3:41 where you represent the concept of a service mesh as a hotel is illustrative gold. I'm memorizing that going forward whenever I need to explain the concept of a service mesh to management or product. Honestly, that analogy should totally be materialized into something like a SPA that teaches the concept of a service mesh. I am curious if I have anecdotal bias on my part. I feel like most people I've encountered have defaulted to using Istio instead of Linkerd for a service mesh. Thoughts?
That's great to hear. It came out of nowhere while I was recording and I was afraid that it might not be very good since I did not really think it through.
This is very informative. However, Istio service mesh also provides very similar capabilities. Can you do a lecture comparing the two service mesh architectures and their application to distributed systems?
All service meshes have similar capabilities since they are all implementations of the same objectives. The differences are more in details than general features. I will definitely compare Istio and Linkerd. It is likely going to take a while though since I want to do separate videos on most of the important features first and after that a comparison.
@@1879heikkisorsa It is still planned. The only issue is that my TODO list for upcoming videos is huge and I have a hard time saying which ones are coming next. The list currently has around 150 subjects as ideas for weekly videos. That's around 4 years worth of content, and it keeps growing. In other words, I will do the comparison, I just cannot yet say when it'll be done.
There is one important thing to do with linkerd is to create your own trust anchor and the other needed certificates because they have a one year validity and it's a pain to update it. I think it cannot be done without downtime. There is a very intersting link in the linkerd documentation, loog for "Going to production" (cannot set the link here) which is a must-read before going to production with linkerd.
Thanks! Interesting. I am really interested in multicluster communication and how to scope it to just a namespace or namespaces, without using a cloud loadbalancer or metallb.
@@DevOpsToolkit That would be great, if multicluster with a scope on a namespace is working in an on-premise cluster with an external loadbalancer (haproxy) we are going to implement it. I have just also asked this as well in the linkerd slack, but no answer yet.
Ingress controller not included. So canary deployment is implemented by Linkerd itself? Any possible api gateway related functions are supposed to be delivered by ingress or external gateway? Looking forward for next episode Viktor :)
3rd try, hopefully youtube doesn't remove my comment this time! Thanks for the video! Did you ever try "garden"? I just stumbled upon it a few days ago, but have not tried it yet. Maybe an idea for a video? (It's easier to find, if you add "io" and the usual separator for domain names) Btw, is that really how English speakers pronounce "Jaeger"? Jäger is a German word and means "hunter" ("ae" is just a substitution for "ä"). It's the same as in Jägermeister.
This time it worked. YT did not delete this one. I did try and use Garden for a while. It's already on my TODO list for videos. Let me bump it up so that it's closer to the top. As for the pronunciation... English is not my native language so I tend to mispronounce things a lot. When it comes to "exotic" ones like Jaeger, it gets even worse.
@@DevOpsToolkit No worries. English is not my native language either, but German is. I'm part of a OpenTelemtry SIG, but for some reason, I have not heard any of the native English speakers say Jaeger. (The "J" is pronounced like the English "Y")
@DevOps Toolkit Last SIG meeting I remembered to ask the native English speakers, how they pronounce the "trace collector starting with J". I was a bit disappinted, that they did not pronounce it like you ( They all knew the drink "Jägermeister", that's why ), but at least nobody knew what "Jaeger" means. ;)
Unfortunately, not yet. I moved to a different set of subjects. Service meshes, including LinkerD, will be covered in a couple of choices in "You Choose!" series we started a month ago. You can see those we have so far from ru-vid.com/group/PLyicRj904Z9-FzCPvGpVHgRQVYJpVmx3Z. Service meshes will be covered in the third chapter which will be about security (we're close to finishing the first) and, in a few others later on.
can you make a video on virtualization, i am not sure if its the right platform to ask but i am trying to install macos on virtualization (kvm), is it a really possible ? many people are already using macos using this method :)
Hello sir , I watch a lot of your videos , but im not gonna lie , im kinda lost , i see a lot of tools for kubernetes and i almost don't even know if i need them or not for example for dev i can find my stack easily for a project , but for deployment it is hard with all of those new tools can you please do a video for differentCD/CI stacks for toolsthat work well together eg : rancher desktop ( k3s , nerdctl) , argocd
There is indeed a lot, much more that I can cover, and you do not need them all. You need to pick ones that work for you. "The best DevOps tools 2021" is probably the video you need. Go through that one and I will make a similar video for 2022 in January.
@@mehdiyahiacherif2326 Keep in mind that video does not include everything everyone needs. It would be impossible to create something like. Instead, it's a list of tools and services I valued the most in 2021.
i had a better understanding after watching the video , we just need to stay up to date and change a tool when there is a lot to gain from the new one , good continuation , you are a gem to the CI /CD team
