6/19/2023 0 Comments Controlplane app vsThe key pieces we need to think about as an application developer is our application's deployment, configuration, data, dependencies, and how it's exposed (load balancing, DNS, etc). Logical failures largely depend on our own application architecture, and tend to be much more complicated to reason about. So with availability zones and regions in hand as the physical failure domains to reason about, we're left to think about the logical failure domain. In practice it's not uncommon for multiple availability zones in the same region to fail, but it's incredibly rare for multiple regions to fail. Therefore cloud providers group sets of availability zones into a higher level failure domain called a region. However, demonstrating the cost-vs-availability trade-off, we know that availability zones are not always truly isolated from each other (cloud provider outages demonstrate this all too frequently). In modern cloud environments, the set of physical failure domains we need to worry about has been grouped into an easy handle to reason about, the availability zone. In practice there is always some interdependence, and minimizing it is always a trade off of cost against availability. The overall reliability of the resulting system depends on how independent we can make the replicas. The fundamental way we build reliable systems is to group the sets of failure domains the system straddles into a silo, then replicate that silo as multiple independent instances. Data failures: the database for your application has bad data, had a bad update (misconfiguration, botched binary update, etc), replication failed or lagged, backup failed (or wasn't persisted, or was persisted for too little time to be useful).Logical failures: you misconfigure the deployment of your application (wrong ports, fat finger a configuration, etc), the serving framework your application is written with has a security vulnerability, you misconfigure your application itself.Physical failures: the host running your application fails (overheats, loses power, top of rack switch failure, etc), the rack your host is on fails (data center network failure), the hard drive your application is writing to fails, there's not enough resources in one place to schedule your job.There are a ton of failure domains in any given deployment to name just a tiny sample: A failure domain is the section of your infrastructure that is affected when a critical system fails. The one tried-and-true technique we know of is to build around failure domains. TSB's architecture and how they work together to help you manage yourīuilding high availability systems is incredibly challenging and expensive. ✓ Envoy Extensions in Tetrate Service Bridgeīy the end, you should have a clear understanding of each of the elements of ✓ Understand why a management plane is needed ✓ Tetrate Service Bridge's Management Plane ✓ Tetrate Service Bridge's Global Control Plane ✓ The Local Control Planes - powered by Istio ✓ Our philosophy for reliable deployments, which motivates the TSB architecture This section is all about the architecture that makes up TSB. The previous section covered what a service mesh is, and introduced Istio - the service mesh that powers Tetrate Service Bridge.
0 Comments
Leave a Reply. |