Lightning Demos: Open Service Mesh, Crossplane, Cloudstate, Open Policy Agent and Grafana
KubeCon+CloudNativeCon sponsored this podcast.
In this episode of The New Stack Makers podcast, five guests each offer a hands-on “lightning demo” of their respective open source cloud native projects, as a teaser for next week’s Cloud Native Computing Foundation’s KubeCon + CloudNativeCon North America.
The lightning demo guests feature Michelle Noorali, senior software engineer at Microsoft, on the Open Service Mesh (OSM) service mesh; Phil Prasek, principal product manager at Upbound, on the Crossplane control plane; James Roper, cloud architect at Lightbend, on the Cloudstate distributed state management framework; Torin Sandall, Styra vice president of open source and co-creator of the Open Policy Agent (OPA) policy engine; and Ryan McKinley, vice president of applications at Grafana Labs, on the Grafana monitoring software.
Open Service Mesh
A “service mesh helps you extract all of the application networking-related logic from your core business logic or core application,” Noorali said, showing how OSM-based control plane works with Kubernetes. “This control plane reads any configuration that you want to apply that’s related to networking for your application.”
Noorali described how OSM is built natively against the Service Mesh Interface (SMI). a specification for integrating multiple service meshes. “It defines this basic set of service mesh features that most people want from a service mesh.”
OSM was designed to be very simple and easy to understand and easy to install, ”yet serves as a powerful service mesh tool,” she said.
“We’re trying to be as opinionated as possible to give people who want service mesh features without too many knobs and new tuning knobs to turn,” Noorali said.
The race to speed development hinges on a number of factors, one being the infrastructure complexities. In his demo the Crossplane control plane, Prasek showed how to create cloud APIs for developers to easily deploy cloud services. He used Crossplane in an Upbound cloud environment with Amazon Web Services (AWS) to provision a PostgresSQL instance.
“What we’ve found is that people want a more integrated cloud native declarative-management approach, but for all of your infrastructure, all of your cloud services,” said Prasek.
Cloudstate is an open source serverless framework for attaching state to serverless workloads, to support applications that need to keep data in memory for an extended session. “What we did is we turned around the state management model on its head,” said Roper.
In his demo, Roper showed how Cloudstate provides an application with state with the framework “rather than the application having to go and fetch its own state from something else.”
“What you do is you deploy these entities, which hold the state, and because the framework understands what sort of entities they are, what your consistency concerns are, what your scalability concerns are. It can manage that state for you, and deploy those and scale those and ensure they’re resilient as necessary,” Roper said.
Open Policy Agent.
OPA is an open source, general-purpose policy engine that provides policy enforcement across a wide range of software. OPA provides a reusable building block to write and enforce important rules that govern who can do what in a system.
“We like to say that you can use it in any system, in any service, at any layer of the stack, regardless of whether you’re talking about enforcing rules during CI/CD, [putting] safeguards in guardrails down on your Kubernetes cluster, or [protecting] access to sensitive microservice APIs,” said Sandall.
In his demo, Sandall showed how OPA works for microservices API authorization. The demo application consisted of a service offering employee profiles for a company.
With the demo setup, he showed how it is possible to set different service graph policies to control which services can talk to each other. He showed how to set an application-level policy that shows which managers can see which performance reviews, while not giving co-workers access.
Sandall recommended for users wanting to get started to check out the OPA Playground, “an online environment where you can basically evaluate policies and test them out, and see what they do.”
Grafana visualizes data in a single interface, such as from a time-series database. A copy of Prometheus monitoring Kubernetes, for example, might store logs in Loki or other data from ServiceNow, McKinley said. McKinley demonstrated the new features on Grafana 7, and showed how his team is using Grafana to build new platforms.
“The big goal of Grafana is essentially to allow you to have your data wherever it lives,” said McKinley.