Consul Connect: the Service Mesh by HashiCorp

Transcript

1. Consul Connect Service Mesh by HashiCorp Yves Brissaud  @_crev_

   1/39

2. Yves Brissaud  @_crev_  eunomie Tech Lead Build Infrastructures

   and Deploy Cloud Native Applications Seamlessly | Automatically | Instantly  @sqscale  squarescale.com 2/39

3. Service Mesh? 3/39

4. (Where is my service?) How to handle instance changes? failures

   updates scale up&down ... How to secure my communications? Authentication Authorization How to monitore communications? 4/39

5. Without Service Mesh inside services internal load balancers rewalls 5/39

6. https://www.consul.io/ 6/39

7. Service Con guration Service Discovery Service Segmentation 7/39

8. Easy to Use Single Binary Linux / Windows / Mac

   Containers... and more autopilot 8/39

9. Distributed KV Store Watches Distributed Locks Service Con guration 9/39

10. Location Status: Health Checks Discovery Service Discovery 10/39

11. API DNS (SRV records) Service Discovery 11/39

12. # dig srv web.service.consul ;; ANSWER SECTION: web.service.consul. 0 IN

    SRV 1 1 3000 2310.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2600.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2010.addr.dc1.consul. ;; ADDITIONAL SECTION: 2310.addr.dc1.consul. 0 IN A 10.2.49.9 ip-10-0-6-93.node.dc1.consul. 0 IN TXT "cluster=app" ip-10-0-6-93.node.dc1.consul. 0 IN TXT "group=worker" 2600.addr.dc1.consul. 0 IN A 10.2.96.3 ip-10-0-22-143.node.dc1.consul. 0 IN TXT "group=worker" ip-10-0-22-143.node.dc1.consul. 0 IN TXT "consul-network-seg 12/39

13. web.service.consul. 0 IN SRV 1 1 3000 2310.addr.dc1.consul. web.service.consul. 0

    IN SRV 1 1 3000 2600.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2010.addr.dc1.consul. # dig srv web.service.consul ;; ANSWER SECTION: ;; ADDITIONAL SECTION: 2310.addr.dc1.consul. 0 IN A 10.2.49.9 ip-10-0-6-93.node.dc1.consul. 0 IN TXT "cluster=app" ip-10-0-6-93.node.dc1.consul. 0 IN TXT "group=worker" 2600.addr.dc1.consul. 0 IN A 10.2.96.3 ip-10-0-22-143.node.dc1.consul. 0 IN TXT "group=worker" ip-10-0-22-143.node.dc1.consul. 0 IN TXT "consul-network-seg 12/39

14. 2310.addr.dc1.consul. 0 IN A 10.2.49.9 ip-10-0-6-93.node.dc1.consul. 0 IN TXT "cluster=app"

    ip-10-0-6-93.node.dc1.consul. 0 IN TXT "group=worker" ;; ANSWER SECTION: web.service.consul. 0 IN SRV 1 1 3000 2310.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2600.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2010.addr.dc1.consul. ;; ADDITIONAL SECTION: 2600.addr.dc1.consul. 0 IN A 10.2.96.3 ip-10-0-22-143.node.dc1.consul. 0 IN TXT "group=worker" ip-10-0-22-143.node.dc1.consul. 0 IN TXT "consul-network-seg 2010.addr.dc1.consul. 0 IN A 10.2.1.2 ip-10-0-33-233.node.dc1.consul. 0 IN TXT "group=worker" ip-10-0-33-233 node dc1 consul 0 IN TXT "cluster=app" 12/39

15. Trae k Fabio Envoy Load Balancers 13/39

16. Services already registered Health checks Consul as a Service Mesh

    14/39

17. Consul Connect 15/39

18. 16/39

19. Native Integration 17/39

20. Native Integration Or Proxy (incl. built-in) 18/39

21. 19/39

22. No modi cation needed Service only need to talk to

    the proxy 20/39

23. Network Namespaces Nomad 21/39

24.  Work is currently underway to support shared network namespaces

    between tasks. This is the foundation to support deeper Consul Connect integration coming in 0.10! - github.com/hashicorp/nomad/issues/4451 22/39

25. Security 23/39

26. AutoTLS Mutual TLS Built-in CA inside Consul Certi cate Rotation

    Vault 24/39

27. Intentions Secure Access Graph ACLs between services 25/39

28. 26/39

29. Observability Monitoring of Proxies 27/39

30. StatsD DogStatsD Prometheus 28/39

31. L4 Observability downstream (incoming) upstream (outgoing) http, tcp metrics (throughput,

    connections, etc) request time ... 29/39

32. 30/39

33. L7 Observability Consul 1.5+ (May 15, 2019) Envoy as sidecar

    31/39

34. Protocol: HTTP, gRPC Methods used HTTP Status Code by family

    2xx 3xx 4xx 5xx 32/39

35. 33/39

36. 34/39

37. What's next? 35/39

38. HTTP Path-Based Routing 36/39

39. Tra c Shifting 37/39

40. consul.io learn.hashicorp.com/consul instruqt.com/hashicorp 38/39

41. Consul Connect Service Mesh by HashiCorp Yves Brissaud  @_crev_

    39/39